Title: ITIL Essentials (Foundation) Course Aroonrat Chinwonno Sakul Tunboonek
1ITIL Essentials (Foundation) CourseAroonrat
ChinwonnoSakul Tunboonek
2What is ITIL ?
- ITIL (Information Technology Infrastructure
Library) is - Documentation for IT Server Management Best
Practice - Framework for any IT organization to develop its
support model - ITIL is NOT a technology specific
- ITIL has been well established in UK and Europe,
and was used as a groundwork in developing
BS15000/ISO20000 - BS15000/ISO20000 is (the first) worldwide
standard for IT service management - ITIL recommends ADOPT AND ADAPT approach
3What companies ADOPT and ADAPT ITIL ?
- Microsoft ADOPT and ADAPT ITIL into its
Microsofts Operations Framework (MOF) - HP ADOPT and ADAPT ITIL into its HPs IT
Service Management Reference Model - In US, implementing of ITIL provides an
acceptable structure to meet many of
Sarbanes-Oxley Act audit requirements - Many companies are now regularly requesting ITIL
compliance in bids and requests for service
improvement - Forrester Research reports that 13 of
corporations with revenue exceeding 1 billion
had adopted ITIL by the end of 2005. By late
2006, that will have expanded to 40, then to as
high as 80 by 2008.
4What ITIL can mean to us ?
- Understand what ITIL is
- What are the (ITM Objectives) we want to
implement ITIL
To reduce unexpected system downtime - Implement Change Mgnt to ensure that system changes are properly plan - Implement Incident Mgnt to ensure minimum business impact - Implement Problem Mgnt to develop known error database
To increase user satisfaction level - Implement Service Desk SPOC with SLA , and metric
To find more time to do IT planning (80/20), Difficult to get control Implement ITIL as a whole Each module is able to be measured You cannot control what you cannot measure.
- However the ultimate is to serve the Corporate
Business goals (CEO) to - Increase efficiency and create value to Business
- Reduce cost
5ITIL Elements
- Service Support concentrates on day to day
operation and support - Service Delivery looks at planning and
improvement of IT service
Service Support Service Delivery
Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt
Release Mgnt Security Mgnt
6Standard Definitions
- Customer recipient of a service usually
Customer management has responsibility for the
funding of the service - Provider the unit responsibility for the
provision of IT services - Supplier a 3rd party responsible for supplying
or supporting of underpinning elements of the IT
services - User the person using the service on a daily
basis
7- What questions do you have?
8ITIL Essentials (Foundations) Course
- First Part Service Support
9Service Delivery Agenda
Service Support Service Delivery
Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt
Release Mgnt Security Mgnt
10Service Desk
11Service Desk - Roles
- ITIL views Service Desk as a Vital function
rather than as a process - Service Desk is the Central Point of Contact
between users and the IT service model - A first positive or negative impression is
perceived upon Service Desk performance and
attitude - Service Desk in ITIL is more than just a
Helpdesk. Service Desk has broader role of the
front line support with more organizations
looking to radically increase the percentage of
calls closed at first point of contact FIXED ON
FIRST -
12Service Desk - Responsibilities
- Receive and Record all calls from Users (a ticket
created) deal directly with simple requests and
complaints - Incident calls - Service
requests - IT service information, FAQ such as
how to order equipment, how to request a
software installation - Provide initial assessment of all incidents make
first attempt at Incident resolution and/or
escalate to 2nd level support, based on agreed
SLA - Once escalated, monitor the tickets according to
SLAand Keep users informed on the status and
progress
13Service Desk - Responsibilities
- Produce Service Desk Management reports
- Highlighting user requirements such as training
to assist with service improvement - Perform basic operational functions such as
password resets, backup and restore - Perform Infrastructure monitoring such as Data
Center environmental check, System backup status,
Server-LAN-WAN status (receiving alerts from
automated tools)
14Service Desk - Tools
- Remedy (BMC), Tivoli (IBM), Openview (HP)
- Knowledge base
- ACD (Automated Call Distribution)
- IVR (Interactive Voice Response)
15Service Desk - Types
- Local Service Desk- Distributed Service Desk on
each site - Central Service Desk- Centralized, or Regional
Helpdesk - Virtual Service Desk- Global, Follow the Sun
concept
16- What questions do you have?
17Incident Management
18Incident Management
- Purpose
- To restore normal service operation as quickly as
possible with minimal disruption to the business - Definition
- Incident is an event which is not part of
standard operation service and cause interruption
or reduction in quality of service - Incident Management process is usually owned by
Service Desk ,and later can transferred to
Incident Manager (IM)
19Incident Management
- Incident Priorities ITIL defines
- Priority Urgency Impact
- Urgency How soon the problem needs resolution
- Impact How many or how large business service
is effected - Priority in many practical term is called
Severity
20Incident Management Severity Level
- ltltCompany NamegtgtIncident Severity Definition
Incident Manager (IM) should be identified and
on board to take over the Sev1 and/or Sev2
incidents
21Incident Management Incident Manager
- IMs roles
- Arrange a formal meeting of Support Group which
are usually Problem Management, and Service Desk
teams - Make common understanding of this incident
management objectives - To restore the service ASAP (also communicate
SLA) - To minimize the business disruption (consider
workaround) - Arrange any additional resources if required
- Be a communicator between Support Group and the
Customer, so that the Support Group do not
receive mixed directions
22Incident Management - Escalation
- There are 2 types of escalation
- Functional escalation involving more specialist
to help - Hierarchical escalation means a vertical move
is made through the organization because the
authority are required
23- What questions do you have?
24Problem Management
25Problem Management
- Purpose
- To minimize the adverse effect on the business of
Incidents and problems cause by error in the
infrastructure - To proactively prevent the occurrence of
incidents and problems - Role
- - To diagnose the root cause of the incidents and
to identify a permanent solution - Definition
- Incident is an abnormal event which cause
interrupt or impact - Problem is an Unknown underlying cause of the
incident - Known Error is an problem which root cause has
been determined
26Problem Management - Definition
Error in Infrastructure Incident is an abnormal
event which cause interrupt or impact Problem A
problem describes an undesirable situation,
indicating the unknown root cause of the
Incident Known Error A known error is a problem
whose root cause has been determined Request
for Change (RFC) An RFC proposes a change. Eg. To
eliminate the known error
27Problem Management Responsibilities
- Identify problems
- Investigate problems to resolution or error
identification - Raise RFC to clear error
- Advise IM of workaround for incidents for known
errors - Assist in Major incident to identify root cause
- Prevent the replication of problems across
multiple system
28Problem Management
- Problem Control Focus on transforming Problems
into Known Error - Error Control Focus on resolving Known errors
via the Change Management process
IncidentManagement
ConfigurationManagement
Service LevelManagement
AvailabilityManagement
Information
Problem Management Problem Control -gt Error
Control
Workaround
RFC
Change Management
29- What questions do you have?
30Configuration Management
31Configuration Management
- Asset Management
- Assurance the recorded CIs (Configuration Item)
from receipt to disposal - Not only Asset Management but also provide
relationship among CIs - CMDB (Configuration Management Database) is a
single repository of information will be accessed
across the Service Management process, and is a
major driver of consistency between processes
32Configuration Management
- Remedy ITSM 6.0
- Remedy Helpdesk 5.6
- Remedy Asset Management 5.6
- Remedy Change Management 5.6
- Remedy SLA 5.6
- BMC Atrium 6.3 CDMB
33Configuration Management
- Configuration Baseline
- is a configuration of a system established at a
specific point in time, and capturing both
structure and details - Created first time as a baseline
- Updated of CIs affected as changed by RFC
- Use as a point to fall back to if things go wrong
34Configuration Management Relationship with
others
ERROR
INCIDENT
PROBLEM
KNOWN ERROR
CDMB
RFC
CHANGE AUTHORIZED
CHANGE IMPLEMENTED
35- What questions do you have?
36Change Management
37Change Management
- Purpose
- To ensure that standardize method and procedure
are used to handle all changes in order to
minimize the impact of change-related incidents,
and the improve the day-to-day operation of the
organizations - Input of RFC
- Required resolution of an incident or problem
- A proposed to add/change/remove a CI
- A proposed to upgrade the infrastructure
- Changes in business requirement or Policy
- Product or service changes from vendors/suppliers
38Change Management - Roles
- Change Manager Roles
- Receive, Log, Assign priority to RFCs
- Reject RFCs which are impractical
- Consolidate, issue agenda of RFCs to CAB
- Chair CAB meeting
- Update authorized change status (post
implementation) - Produce Change Management report
- CAB (Change Advisory Board) Roles
- Review RFCs, ensure to evaluate of RFCs impact,
implementation plan, resource plan, UAT, and
Rollback plan - Provide approval or not approval for the RFCs
39Change Management - Types
- Standard pre-approved Changes
- An accepted solution to an identifiable and
relatively common set of requirements, where
authority is effectively in advance of
implementation. E.g. setting up access profiles
for a new employee - Urgent Changes
- A change that requires immediate action in the
managed IT environment and cannot be executed
through the normal change/authorization process - Most of urgent changes are reactive changes E.g.
Urgent RFCs from Problem Management to fix error
(during the incidents)IT organization should
also identify process to handle such urgent
change such as who can be CAB to approve the
urgent changes, a minimum steps qualifying to
approve such urgent changes
40Change Management Abuse of Urgent change
- Do NOT request Urgent Change for
- Would be nice to have completed early
- Was accidentally submitted too late for the CAB
- Attempting to avoid all of the planning processes
- To compensate for poor planning
- Note An Urgent Change should be avoided if
possible and used only when required. Urgent
Changes skip the normal planning and
communication process, many urgent changes
request for approval over the telephone. Approval
of the RFCs in such situation can cause
instability in the production environment.
41- What questions do you have?
42Release Management
43Release Management - Purpose
- To take a holistic view of a change to an IT
service and ensure that all aspects of a release,
both technical and non-technical, are considered
together. - PROTECTS THE PRODUCTION ENVIRONMENT
44Release Management
- Usually Release Management will be used for
- Large or critical hardware / software roll out
- Bundle relates set of changes
- Release Management
- is concerned with implementation, unlike Change
Management, which is concerned with verification - particularly useful in distributed multi-tier
environments, where an implementation may consist
of a number of different components supported by
different technology domains, which need to be
coordinated
45Release Management
- Responsibilities
- Plan the rollout of software and related
hardware. - Create procedures for the distribution and
installation of changes to IT systems - Communicate and manage customer expectations
during the planning and rollout of releases - Implementing new releases into the operational
environment using the controlling processes of
Configuration and Change Management. - Ensuring that master copies of all software are
secured in the Definitive Software Library (DSL)
and that the Configuration Management Database
(CMDB) is updated
46Release Management Functions and Roles
- Release Management staff
- In most of companies the Release Management
function may well be combined with several other
Service Management disciplines, in particular
Change Management and Configuration Management. - In a larger organization there may be dedicated
Release Management staff for particular systems.
47Release Management - Activities
A Release is a collection of authorized changes
into an IT environment
48Release Management Process Relationships
Problem Management
Incident Management
RFC
Change Management
Approved RFC New projects HW and SW
Incidents
Release schedules
Release Management
Service Desk
Release schedules
Configuration Management
- Configuration
- assets
- relationships
Release schedules
Service Level Management
- Monitoring
- software
- availability
Service Delivery
CpM AvM SCM
49Release, Change and Configuration Management
Change mgnt ensuresthat new/modified CIs are
implemented to Production environment properly
Change Management
Change Mgnt ensuresthat Configuration Itemsare
accurate due to changes
Release Management
Configuration Mgnt ensuresthat Release Mgnt use
thecorrect CIs version
Configuration Management
50- What questions do you have?
51ITIL Essentials (Foundations) Course
- Second Part Service Delivery
52Service Delivery Agenda
Service Support Service Delivery
Service Desk SLM
Incident Mgnt Financial Mgnt
Problem Mgnt Capacity Mgnt
Configuration Mgnt IT Service Cont Mgnt
Change Mgnt Availability Mgnt
Release Mgnt Security Mgnt
53Service Delivery - Overview
BUSINESS / USERS
SERVICEDELIVERY
Service Level Management
IT Service Continuity Management
Financial Management
COSTS
RISK
Security Management
Availability Management
Capacity Management
TECHNOLOGY
54Service Delivery
- Service Delivery looks at the long term planning
and improvement of IT service provision, which
will also improve efficiency and the achievement
of business goals. - There are five processes within the Service
Delivery umbrella and they are - Service Level Management
- Financial Management for IT Services
- Capacity Management
- IT Service Continuity Management
- Availability Management.
- Security Management sits under the Information
Security umbrella but will be addressed today due
to the criticality of information security in
todays IT environment.
55Service Level Management - Purpose
- To maintain and improve IT service quality
through a constant cycle of agreeing, monitoring
and reporting upon IT Service achievements and
the instigation of actions to eradicate poor
service, in line with business or cost
justification. - SERVICE DEFINITION AND STANDARDS
56Service Level Management - Role
- Service Level Management
- is essential in any organization so that the
level of IT service needed to support the
business can be determined, and monitoring can be
initiated to identify whether the required
service levels are being met. - is a client facing role, where regular lines of
communication are maintained between the IT
service provider and the IT customer - process is responsible for ensuring Service Level
Agreements (SLAs) and Operational Level
Agreements (OLAs) or underpinning contracts (UCs)
are met
57Types of Agreements and Contracts
Internal/External Customers
IT Service Level Management
Internal Suppliers and Maintenance Personnel
External Suppliers and Maintenance Personnel
58Service Level Management - Activities
59Service Catalogue
- A list of all services
- The characteristics of each service
- Information on the use of the service
-
60Contents of a Service Level Agreement
- Scope of the agreement
- Service description
- Signatories
- Date of next review
- Service hours
- Service availability
- Support levels
- Performance
- Security
- Functionality
- Charges
- Change procedure
- Contingency
- Anticipated growth
- Restrictions
- Training
- Change procedure for the Service Level Agreement
61Service Level Management - Benefits
- IT services are designed to meet expectations
outlined in SLRs - Service performance can be measuredReporting is
Critical to the success of Service Level
Agreements - If charged, customers can draw a balance between
service costs and required quality - The IT organization can control resource
management and reduce costs in the long term as
the organization can specify the required
services and components - Improved customer relationships and satisfaction
62Service Level Management Process Relationships
Service Desk
Service Support
Incident Management
Problem Release
Incidents RFC
Change Management
Configuration Management
Service definitions
SLAs OLAs
Third Party Suppliers
Service Level Management
SLAs
Customer
SLRs
UCs
SLAs OLAs
Service Delivery
Capacity Availability Continuity
Finance
Planning
63Service Level Management
SLR - Service Level Requirement
COMPANY
FIN
SCM
METRICS
SLA - Service Level Agreement
CEO
SERVICE MGMT
AVM
SLR
CAP
UC
SLA
Suppliers
SLM
Suppliers
Suppliers
Suppliers
SLR
OLA
End User
IM
PM
SERVICE DESK
CHG
OLA - Operational Level Agreement
CFG
REL
UC - Underpinning Contract
IT ORGANISATION
64- What questions do you have?
65Financial Management for IT Services
66Financial Management for IT Services - Purpose
- To provide cost effective stewardship of the IT
assets and the financial resources used in the IT
services provided. - CONTROL AND RECOVER IT COSTS
67Financial Management for IT Services Role
- Financial Management is responsible for
- Accounting for the costs (costing) and return on
IT service investments (IT portfolio management),
and - Budgeting defining and implementing IT
budgetary process - Charging - for any aspects of recovering costs
from the customers (charging).
68Financial Management for IT Services Functions
and Roles
- Finance Manager
- Responsibility for
- Managing the IT budget
- Gathering suitable cost data to develop a cost
model - Preparing regular bills for the customer
- Note
- The Finance Manager for IT Services may not
necessarily be a dedicated resource. - The process may have an owner within the IT
department who liaises with the Finance
department of the organization and senior IT
managers, particularly those responsible for
service level management.
69The Costing, Charging and Budgeting Cycle
Business ITrequirements
IT operational plan(inc. Budgets)
Cost analysis(Accounting)
Charges
Financial targets
Costing models
Feedback of proposedcharges to business
Charging policies
70Cost Model
- A framework in which all known costs can be
recorded and allocated to specific Customers,
activities or other categories - Several types
- Cost-by-service, activity (Activity Based
Costing), Customer or location - Define the Cost Unit for services or activities
(transaction, minute, CPU-seconds, storage,
incident, change, etc.)
71Pricing Policy
- Market price the price charged by external
suppliers - Going rate comparable to other internal
organizations - Cost plus input cost plus uplift
- Cost total cost of ownership
- Fixed price negotiated price for a fixed period
72Financial Management Process Relationships
- Purpose
-
- Activities
- Benefits
- Relationships Between Processes
- Potential Challenges/Problems
- KPIs
Customer
Services
Service Level Management
Service Support
Performance Usage
Cost model Charging
Budget Spend
Configuration Management
Business Relationship Management
Financial Management
Changes with cost affects
Cost model Charges
Service Delivery
Capacity Management
Performance Usage
73- What questions do you have?
74Capacity Management
75Capacity Management - Purpose
- To ensure that cost justifiable IT capacity
always exists and that it is matched to the
current and future identified needs of the
business.
76Capacity Management Functions and Roles
- Capacity Manager
- Reporting on current usage of resources, trending
and forecasts for future usage - Identifying needs for increases or reductions in
hardware based on SLR and cost - Performance testing of new systems
- Sizing all proposed new systems to determine
resources required. - Assessing new technology or products which may
improve efficiency of the capacity process.
77Input and Output Data Requirements
78Sub-Processes
- Resource Capacity Management
- Monitor, analyze, run and report on the
utilization of components, establish baselines
and profiles of use of components - Service Capacity Management
- Monitor, analyze, tune, and report on service
performance, establish baselines and profiles of
use for services, manage demand for services - Business Capacity Management
- Trend, forecast, model, prototype, size and
document future business requirements
79Capacity Management Process Relationships
Service Level Management
Monitoring Reporting
Incident Management
Requirements
Service Support
Problem Management
SLR
Plans
Requirements
Capacity Management
Customer
Change Management
Plans
Plans
Availability Continuity
Service Delivery
Planning
80- What questions do you have?
81IT Service Continuity Management
82IT Service Continuity Management Purpose
- To support the overall Business Continuity
Management process by ensuring that the required
IT technical and services facilities can be
recovered within required and agreed business
timescales. - KEEP THE BUSINESS IN BUSINESS
83IT Service Continuity Management Functions and
Roles
- The primary goal of ITSCM Manager is to implement
and maintain the ITSCM process in accordance with
the overall requirements of the organization's
Business Continuity Management (BCM), and to
represent the IT services within the BCM
function.
84Thoughts that should avoid
- Too expensive
- Disaster unlikely to happen
- More important things to do
- We will muddle through
- Unaware of the business risks
- Thought that should have.
- MURPHY LAWAnything can go wrong , will go wrong
- You cannot control what you cannot measure,
- You cannot recover what you have not planned.
85IT Service Continuity Management Functions and
Roles
Role Roles in Normal Operation Roles in Crisis Situation
Board Level Initiate IT Service Continuity, set policy, allocate responsibilities, direct and authorize Crisis Management, corporate decisions, external affairs
Senior Management Manage IT Service Continuity, accept deliverables, communicate and maintain awareness, integrate across organization Co- ordination, direction and arbitration, resource authorization
Junior Management Undertake IT Service Continuity analysis, define deliverables, contract for services, manage testing and assurance Invocation, team leadership, site management, liaison and reporting
Supervisors and Staff Develop deliverables, negotiate services, perform testing, develop and operate processes and procedures Task execution, team membership liaison
86IT Service Continuity Management Activities
Stage 1 - Initiation
87IT Service Continuity Management Risk
Reduction and Recovery Options
- It is rare that an organization will choose only
risk reduction (prevention measures) or recovery
options. Generally a combination of reducing
risks to assets with greatest vulnerability or
with higher business impact with a recovery plan
will be implemented. - Recovery Options
- Do nothing
- Return to manual systems
- Gradual recovery (cold stand-by) (72 hrs)
- Intermediate recovery (warm stand-by) (24-72 hrs)
- Immediate recovery (hot start, hot stand-by) (lt24
hrs) - Combinations
88Gradual Recovery Facilities (cold standby 72
hours)
- Accommodations
- Power
- Environmental controls
- Network cabling infrastructure
- Telecommunications
Does not include ANY computing equipment
89Intermediate Recovery Facilities(warm standby
24-72 hours)
- Accommodations
- Power
- Environmental controls
- Network cabling infrastructure
- Telecommunications
- Operations, system management and technical
support - Processors, peripherals, communications equipment
and / or operating systems
90Immediate Recovery Facilities (hot standby lt24
hours)
- Accommodations
- Power
- Environmental controls
- Network cabling infrastructure
- Telecommunications
- Operations, system management and technical
support - Processors, peripherals and communications
equipment - Operating systems, applications and data mirrored
from the operational servers
91IT Service Continuity Management Process
Relationships
Exercise / Service Recovery
Service Level Management
Incident Management
Problem Management
Service Support
SLR
Requirements
Plans
Change Management
Requirements
Service Continuity Management
Customer
Plans
Configuration Management
Planning
Incidents
Service Desk
Capacity Availability
Event Monitoring
Service Delivery
Planning
92- What questions do you have?
93Availability Management
94Availability Management - Purpose
- To optimize the capability of the IT
infrastructure and supporting organization to
deliver a cost effective and sustained level of
availability that enables the business to satisfy
its business objectives. - ENSURE RESOURCES ARE AVAILABLE AND EFFECTIVE
95The Availability Management Process
INPUTS
OUTPUTS
Business availabilityrequirements
Availability recovery designcriteria
Business impact assessment
IT infrastructure resilience assessment
Availability, reliability maintainability
requirements
Agreed targets for availabilityand
maintainability
Incident and problem data
Reports of availability, reliability
maintainability achieved
Configuration monitoring data
Availability monitoring
Service level achievements
Availability Plan
96Availability Management Terminology
- Availability - is the ability for an IT Service
or component to perform its required function at
a stated instant or over a stated period - Reliability the tendency of an IT Service or
component not to fail (i.e. how long can it
perform) - Resilience the ability of the component to
continue providing the service even though some
piece is no longer functioning (i.e. fault
tolerance) - Maintainability - is the ability to retain or
restore an IT Service or component to an
operational state (internal) - Serviceability - as Maintainability but for
external suppliers - Security - Confidentiality, Integrity and
Availability of the services and associated data
an aspect of overall availability - Confidentiality, Integrity and Availability (CIA)
the basis of security
97Availability Management Terminology Basic
Availability Calculation
(2 of 2)
- (Agreed service time downtime)
- Availability ____________________________ x
100 - Agreed service time
Remember the definition of a "Service
98Availability Management Activities
- Designing for availability (Proactive
perspective) - The technical design of the IT infrastructure and
the alignment of the internal and external
suppliers required to meet the availability
requirements of the service - Designing for recovery (Reactive perspective)
- The design points required to ensure that in the
event of an IT service failure, the service can
be reinstated to resume normal business
operations as quickly as possible
99The Monetary Impact of Unavailability
100Calculating Availability
101Availability Management Process Relationships
Downtime Monitoring
Service Level Management
SLA Monitoring
Incident Management
Cause
Problem Management
Service Support
SLR
Plans
Change Management
Requirements
Availability Management
Customer
Change
Plans
Configuration Management
Planning
Incidents
Service Desk
Event Monitoring of Downtime
Service Delivery
Capacity Continuity
Planning
102- What questions do you have?
103Security Management
104Security Management - Purpose
- Security Management is the process of managing a
defined level of security on information and IT
services. It has links with all processes - It also includes managing the reaction to
security incidents. - Security Management has two objectives
- To meet the security requirements of SLAs and
other external requirements further to contracts,
legislation and externally imposed policies. - To provide a basic level of security,
independence and external requirements. - PROTECT DATA
105The Cost of Security Incidents
Incident Type 1999 2004
Proprietary Information 1,847,652 11,460,000
Fraud 1,470,592 7,670,500
Denial of Service 116,250 26,064,050
Virus 45,465 55,053,900
Insider Access 142,680 4,278,205
Laptop Theft 86,920 6,734,500
Total losses reported in the 2004 report was
141,496,560
Source CSI/FBI Computer Crime and Security Survey
106Security Management - Role
- Confidentiality
- protecting the business information from failure
and attack - is more than locking server rooms or insisting on
password discipline. - Integrity
- timeliness or correctness require careful
consideration of information flows and - safeguards against incorrect values
- Availability
- maintaining the uninterrupted operation of the IT
organization - also helps to simplify Information Security
Service Level Management, as it is much more
difficult to manage a large number of different
SLAs than a limited one.
107Security Management Activities
- Plan
- Establish the structure of the Security section
of the Service Level Agreements, Operational
Level Agreements and Underpinning Contracts - Establish the security baseline (or minimum
security standards) - Implement
- Establish and maintain security awareness
- Establish the procedures to identify and classify
security incidents - Establish the procedures to handle security
incidents - Evaluate
- Conducting security audits
- Using Internal resources
- Using External resources
- Self assessment (using Security Management
resources) - Ongoing review and analysis of security incidents
- Control
- Establish the structure and controls for security
functions - Defines the roles responsibilities (including
the line of command) - Maintain
- Ensure the continuity of security measures
- Update to the security handbooks
108Security Management Process Relationships
Incidents
Service Level Management
SLA Monitoring
Incident Management
Virus
Problem Management
Service Support
SLR
Plans
Change Management
Requirements
Security Management
Customer
Change
Plans
Configuration Management
Planning
Incidents
Release Management
Service Desk
Attacks
Capacity Continuity Availability
Service Delivery
Planning
109Quick Review
110ITIL Process Linkages
111Attitude Change
112Roles that could be combined
- Configuration Management and Release Management
- Configuration Management and Change Management
- Service Level Management and Financial Management
for IT Services
?
113Roles that should not be combined
- Problem Management and Incident Management
- Problem Management and Change Management
- Capacity Management and Availability Management
114Some Useful Websites
http//www.ogc.gov.uk The OGC the organization that publishes the ITIL books
http//www.itil.co.uk ITIL UK Official Web Site
http//www.itilexams.com/ Loyalist College Belleville, Ontario ITIL Certification Agent
http//www.itsmf.com The global IT Service Management Forum site
http//www.itsmfusa.org/mc/page.do The ITSMF US site
http//www.itsmf.ca/ ItSMF Canada Site IT Service Management Forum - check out Event/Presentation for local context and players.
http//www.pultorak.com/pcbit/itsm.htm General ITSM information and white-papers
http//www.staytech.com/ Ottawa based ITIL Services/Training provider Links contains a good selection of ITIL Information/Solution providers
http//www.nextslm.org/ Tools, newsletters, and white-papers on ITSM
115- What questions do you have?
116