information technology infrastructure library...
TRANSCRIPT
Information Technology Infrastructure
Library -ITIL
IT Governance
CEN 667
1
2
Week Topic
Week 1 Introduction to IT governance
Week 2
Overwiev of Information Security standards - ISO 27000 series of standards (27001,
27002, 27003, 27004, 27005)
Week 3 Information Technology Service management ISO 20000-1 and ISO 20000-2
Week 4 ITIL
Week 5 Business Continuity and BS 25999-1 and BS 25999-2
Week 6 Disaster Recovery
Week 7 COBIT
Week 8 Project implementation (ISO 10006 and ISO 27003)
Week 9 Midterm
Week 10 Risk Managament (ISO 27005)
Week 11 Application and Network Security and security testing
Week 12 Specific Requirements and Controls Implementation (ISO 27002)
Week 13 Operational and Security Incident managament
Week 14 Perforamnce Measurement and Metrics (ISO 27004)
Week 15 Audit (ISO 19011) and Plan- Do-Check-Act impovement cyclus
Lectures Schedule
Project proposal • Goal of the projects are to find applicable measurement and metric methods to improve processes:
– For 27000 series of standards 27001 and 27004 – – For ITIL – For Business Continuity and BS 25999 – For Disaster Recovery – – For Penetration testing – – For Operational and Security Incident management – For Risk Management – Secure method for visual authentication – – Mobile securty access with speach recognition – – Other agreed with lecturer
• Literature review on selected topic - between 500 and 1000 words • Proposal / for improvements of choosen method, approach, techniqe, - up to
2000 words • List of references • Document prepared in two columns as it should Be prepared for the conference paper • Week report on updates
3
Project proposal (week 4)
• Literature review on selected topic - between 500 and 1000 words • Proposal / for improvements of choosen method, approach, techniqe, - up to 2000
words • List of references • Document prepared in two columns as it should Be prepared for the conference paper • Week report on updates
4
Candidate Topic Literature review draft
Azizah Ibrahim Mobile IPv6 handover packet loss avoidance
NO
Emina Aaličković NO
NO
Jasmin Kevrić Algorithm improvement for the network anomaly detection using improved KDD 2009
NO
Adnan Miljković NO
NO
Fatih Ozturk NO
NO
Information Technology Infrastructure
Library -ITIL
IT Governance
CEN 667
5
6
Week Topic
Week 1 Introduction to IT governance
Week 2
Overwiev of Information Security standards - ISO 27000 series of standards (27001,
27002, 27003, 27004, 27005)
Week 3 Information Technology Service management ISO 20000-1 and ISO 20000-2
Week 4 ITIL
Week 5 Business Continuity and BS 25999-1 and BS 25999-2
Week 6 Disaster Recovery
Week 7 COBIT
Week 8 Project implementation (ISO 10006 and ISO 27003)
Week 9 Midterm
Week 10 Risk Managament (ISO 27005)
Week 11 Application and Network Security and security testing
Week 12 Specific Requirements and Controls Implementation (ISO 27002)
Week 13 Operational and Security Incident managament
Week 14 Perforamnce Measurement and Metrics (ISO 27004)
Week 15 Audit (ISO 19011) and Plan- Do-Check-Act impovement cyclus
Lectures Schedule
7
ITIL v3 Five volumes comprise
1. ITIL Service Strategy
2. ITIL Service Design
3. ITIL Service Transition
4. ITIL Service Operation
5. ITIL Continual Service Improvement
8
I ITIL Service Strategy
1. Strategy management for IT services
2. Service Portfolio Management
3. Financial Management of IT Services
4. Demand Management
5. Business relationship management
II ITIL Service Design 6. Design coordination (introduced in ITIL 2011 edition) 7. Service catalogue management 8. Service level management 9. Availability management 10. Capacity management 11. IT service continuity management (ITSCM) 12. Information security management system 13. Supplier management
III ITIL Service Transition 14. Transition planning and support 15. Change management 16. Service asset and configuration management 17. Release and deployment management 18. Service validation and testing 19. Change evaluation 20. Knowledge management
IV ITIL Service Operation 21. Event management 22. Incident management 23. Request fulfilment 24. Problem management 25. Access management
V ITIL Continual Service Improvement 26. The seven-step improvement process:
1. Identify the strategy for improvement 2. Define what you will measure 3. Gather the data 4. Process the data 5. Analyze the information and data 6. Present and use the information 7. Implement improvement 9
3.Financial Management Owner: Financial Manager
Goal:To provide cost effective stewardship of IT assets and the financial resources used providing IT services
Inputs: Business and IS Plans, Financial Targets, Cost Model, historical information, (Availability, Capacity), monitoring,
Actions: Which methods to use. Budget , accounting , chargeback's
Outputs: adj budget, var reports, recommendations, BUDGET Roles: customer, Fin mgr Responsibilities: show value. Responsible for accounting for the
costs and returns on IT Service Investments (IT Portfolio management), and for any aspects of recovering costs from the customer (charging)
Budgeting, IT Accounting, & Charging
I ITIL Service Strategy
1. Strategy management for IT services
2. Service Portfolio Management
3. Financial Management of IT Services
4. Demand Management
5. Business relationship management
10
8. Service Level Management Outputs: Service Catalog, acceptance, business
transformation, better understanding of Customer’s business processes and drivers, accountability of provider
Roles: Customer, Provider (internal or external service department), SLM manager
Responsibilities: negotiate and review SLA’s and ensure internal and external support contracts are adequate with the customer.
A means to an end. A mechanism for management of a relationship between the Customer and Provider for mutual benefits.
II ITIL Service Design 6. Design coordination (introduced in ITIL 2011 edition) 7. Service catalogue management 8. Service level management 9. Availability management 10. Capacity management 11. IT service continuity management (ITSCM) 12. Information security management system 13. Supplier management
11
9. Availability Management Owner: Availability Manager
Goal: To meet the availability requirements of the business and to reduce the number of and total downtime caused by availability incidents.
Inputs: business availability requirements, business impact assessment , incident and problem records, configuration and monitoring data, service achievements against agreed SLA.
Actions: Determine availability requirements from business. Monitor availability and reliability. Availability targets. Review changes for potential impact on current service availability levels. Acquire additional hardware for hot-spares if cost justified.
Designed, implemented, measured and managed
II ITIL Service Design 6. Design coordination (introduced in ITIL 2011 edition) 7. Service catalogue management 8. Service level management 9. Availability management 10. Capacity management 11. IT service continuity management (ITSCM) 12. Information security management system 13. Supplier management
12
9. Availability Management
Outputs: AMDB (Availability Management Database). Availability Plan. Improve availability by putting in place cost effective measures which reduce the interruptions and amount of time loss to services cased by availability incidents. New SLA targets.
Roles: Availability Manager
Responsibilities: Design in Security Requirements as defined in overall IT Security plan (tactically and operationally)
Designed, implemented, measured and managed
13
9. Availability Management Designed, implemented, measured and managed
Output of Availability
Management
That inputs to… Which also has an
output to Availability
Management
Assessment of Availability that can be delivered for a new IT
Service to enable the SLA to be negotiated and agreed upon
Service Level
Management
Details of the agreed SLA
Availability and Design criteria to maintain “business as usual”
ITSCM Business impact assessment detailing
Cost of non-availability IT Financial
Management
Costs of proposed upgrades
Completed CFIA for a new IT Service
Capacity Management Capacity plan
Details of planned maintenance regime e.g.
frequency, duration, and impact
Change Management Schedule of planned maintenance activities for IT
components detailing times and services impacted
Examples of bidirectional interfaces with other Service Management Disciplines
14
10. Capacity Management Owner: Capacity Manager Goal: Need to understand business requirements, organizations operations, and
the IT infrastructure and ensure that all current and future Capacity and performance aspects of the business requirements are provided cost effectively
Inputs: Business Requirements, Technology SLA, Financial Plans, Budgets, IT Plans/Strategy, Incidents/Problems
Actions: Monitoring, Analysis, Tuning, Implementation Outputs: Capacity Plan, baselines, thresholds/alarms, SLA recommendations,
costing/charging recommendations Roles: Capacity Manager, technology specialists. Responsibilities: Ensuring that there is adequate IT Capacity to meet required
levels of Service and for ensuring that IT management is correctly advised on how to match Capacity on Demand, and to ensure that use of Capacity is optimized
Advise the SLM process about appropriate service level or service level options II ITIL Service Design 6. Design coordination (introduced in ITIL 2011 edition) 7. Service catalogue management 8. Service level management 9. Availability management 10. Capacity management 11. IT service continuity management (ITSCM) 12. Information security management system 13. Supplier management
15
10. Capacity Management Sub Processes • Business Capacity Management: Ensure future Business Requirements are
considered, planned and implemented
• Service Capacity Management: Responsible for ensuring the performance of all services, as detailed in the SLAs, is monitored and measured, and that the collected data is recorded, analyzed and reported. Manage demand for services.
• Resource Capacity Management: Responsible for ensuring that all of the components (hardware and software) within the IT infrastructure that have finite capacity are monitored and measured and that the collected data is recorded, analyzed and reported.
16
11. IT Service Continuity Management Goal: To ensure that the required IT technical and services facilities (including
computer systems, networks, applications, telecommunications, technical support and Service Desk) can be recovered within required and agreed business timescales
Inputs: Business priorities, Business Impact Analysis, IT dependencies, threats & vulnerabilities
Actions: Risk assessment, testing, Risk reduction measures, implement stand-by arrangements, initial testing
Outputs: Contingencies, plans, testing Roles: BCM sponsor and steering committee, Business Recovery Team and
Leaders, Responsibilities: recovery options must be understood, choose appropriate
solution, Identify roles and responsibilities, get endorsement from upper mgt, align plans with BCM and review regularly
II ITIL Service Design 6. Design coordination (introduced in ITIL 2011 edition) 7. Service catalogue management 8. Service level management 9. Availability management 10. Capacity management 11. IT service continuity management (ITSCM) 12. Information security management system 13. Supplier management
17
11.IT Service Continuity Management The Business Continuity Lifecycle
Stage 1 Initiation
Stage 2 Requirements
and Strategy
Stage 3 Implementation
Stage 4 Operational
Management
Initiate BCM
Business Impact Analysis
Risk Assessment
Business Continuity Strategy
Initial Testing Develop Procedures
Develop Recovery Plans
Implement Stand-by Arrangements
Implement Risk Reduction Measures
Assurance
Education & Awareness
Review & Audit
Testing Change
Management
Training
18
11. IT Service Continuity Management
Real world examples of why you need to do this
– London Stock Exchange 2000
– New Zealand Power Crisis
– DDOS Considerations
– Other Natural Disaster Costs
19
15. Change Management Goal: to ensure that standardized methods and procedures are
used for efficient and prompt handling of all changes, in order to minimize the impact of change related incidents upon service quality, and consequently to improve the day-to-day operations of the organization
Activities: filter changes, manage changes, management reporting
Outputs: Change and Configuration Management Plan, minutes and actions, reports
Responsibilities: Ensures changes are assessed, developed, tested, implemented and reviewed
III ITIL Service Transition 14. Transition planning and support 15. Change management 16. Service asset and configuration management 17. Release and deployment management 18. Service validation and testing 19. Change evaluation 20. Knowledge management
20
15. Change Management Relationship with Capacity, Configuration and Release Management
Change Management
Assesses Impact
Change
Management
Authorizes Change
Release Management
Controls release
of new version of software or hardware if required to implement
change Capacity
Management
Assesses impact on Business & IT
Performance
Configuration Management
Identifies areas
impacted
Configuration Management
Updates Records
21
16. Configuration Management • Goal: provide a logical model of the infrastructure or a service by
identifying, controlling, maintaining and verifying the versions of Configuration Items (CI) in existence.
• Account for all of the IT Assets • Provide accurate information on configurations and their documentation to support
all the other Service Management Processes • Provide a Sound basis for Incident, Problem, Change, and Release Management • Verify configuration records against the infrastructure and correct and exceptions
• Inputs: Business Requirements, incidents, • Activities: Planning, Identification, Control, Status Accounting, Verification
and Audit • Outputs: Reports, updates, kpi’s • Roles: Configuration Manager, Configuration Management Team, Asset
manager, Librarian (sw and documentation),
III ITIL Service Transition 14. Transition planning and support 15. Change management 16. Service asset and configuration management 17. Release and deployment management 18. Service validation and testing 19. Change evaluation 20. Knowledge management
22
17. Release Management Owner: Release Manager
Goal: Plan and Oversee rollout of Hardware and Software
Inputs: Business needs,
Actions: Plan, Design, Build, Communicate, configuration, Testing, Scheduling
Outputs: updates to CMDB, documentation
Roles: Release manager
Responsibilities: Plan, design, build, test, implement roll out
Consider both technical and non-technical aspects of release..
III ITIL Service Transition 14. Transition planning and support 15. Change management 16. Service asset and configuration management 17. Release and deployment management 18. Service validation and testing 19. Change evaluation 20. Knowledge management
23
22. Incident Management Own: Incident Manager
Goal: Restore Service, minimize impact
Inputs: Symptoms, SLA
Actions: Record, classify, investigate, diagnose, escalate
Outputs: resolution, updates, reports, incident becomes a problem, metrics
Roles: Service Desk
Responsibilities: to make sure every incident logged, resolve as soon as possible
IV ITIL Service Operation 21. Event management 22. Incident management 23. Request fulfilment 24. Problem management 25. Access management
24
24. Problem Management Owner: Problem Manager Goal: to minimize the adverse impact of Incidents and Problems on the Business
that are caused by errors within the IT Infrastructure. And to prevent the recurrence of incidents related to those errors. Seeks the “Root Cause” of Incidents.
Inputs: …incident details from Incident Management, configuration details from the CMDB, any defined workarounds (from incident management)
Actions: Improve or correct “root cause” of problems, identify trends, error/problem control, advice on work-arounds, targeting preventative actions
Outputs: updated problem record, closed problem record, response from incident matching Problem
Roles: Problem Manager, Problem Support Responsibilities: Identify Problems, investigate problems, Develop/maintain
problem control process, monitor progress, review efficiency/effectiveness of process, identify trends, prevent replication of problems to multiple systems
IV ITIL Service Operation 21. Event management 22. Incident management 23. Request fulfilment 24. Problem management 25. Access management
25
24. Problem Management • Problem Investigation and Diagnosis Techniques
– Ishikawa
– Kepner and Tregoe
• Kepner Trogoe Consulting
– Brainstorm
– Flowchart
26
I ITIL Service Strategy
1. Strategy management for IT services
2. Service Portfolio Management
3. Financial Management of IT Services
4. Demand Management
5. Business relationship management
II ITIL Service Design 6. Design coordination (introduced in ITIL 2011 edition) 7. Service catalogue management 8. Service level management 9. Availability management 10. Capacity management 11. IT service continuity management (ITSCM) 12. Information security management system 13. Supplier management
III ITIL Service Transition 14. Transition planning and support 15. Change management 16. Service asset and configuration management 17. Release and deployment management 18. Service validation and testing 19. Change evaluation 20. Knowledge management
IV ITIL Service Operation 21. Event management 22. Incident management 23. Request fulfilment 24. Problem management 25. Access management
V ITIL Continual Service Improvement 26. The seven-step improvement process:
1. Identify the strategy for improvement 2. Define what you will measure 3. Gather the data 4. Process the data 5. Analyze the information and data 6. Present and use the information 7. Implement improvement 27
Responsibilities Review
Take a look at each Responsibility and link it to the correct process from the left hand side of the slide!
28
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for ensuring security requirements are defined and incorporated within the overall Availability design
29
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Security Management
IT Service Continuity Management
This is responsible measuring and reporting, and coordinating other service management functions
30
Financial Mgt
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Security Management
IT Service Continuity Management
This is responsible for providing initial assessments of all incidents, producing management reports and escalation based on SLA’s
31
Financial Mgt
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Security Management
IT Service Continuity Management
This is responsible for sizing resource needs for new and changed applications considering the future business requirements for IT
32
Financial Mgt
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Security Management
IT Service Continuity Management
This is responsible for identification and control of configuration items
33
Financial Mgt
Incident Management
Problem Management
Change Management
Release Management
Security Management
IT Service Continuity Management
This is responsible for ensuring roles and responsibilities, plans and appropriate solutions are in place to be aligned with Business Continuity plans
34
Financial Mgt
Incident Management
Problem Management
Change Management
Release Management
Security Management
This is responsible for monitoring for SLA compliance and checking the accuracy of configuration details
35
Financial Mgt
Problem Management
Change Management
Release Management
Security Management
This is responsible for assisting in management decisions on IT investments and for assessing business cases related to changes to IT Services
36
Problem Management
Change Management
Release Management
Security Management
This is responsible for planning and implementing the release of changes and that they are traceable by the CMDB
37
Problem Management
Change Management
Security Management
This is responsible for providing circumvention details to facilitate the Service Desk in providing first time fixes
38
Change Management
Security Management
This is responsible for Post Implementation Review and Close
39
Security Management
This is accountable for ensuring compliance to IT Security policy for the implementation of new IT services
40
Responsibilities Review
Round 2
No Elimination and Random order
41
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is accountable for ensuring compliance to IT Security policy for the implementation of new IT services
42
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for assisting in management decisions on IT investments and for assessing business cases related to changes to IT Services
43
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for sizing resource needs for new and changed applications considering the future business requirements for IT
44
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for identification and control of configuration items
45
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for ensuring roles and responsibilities, plans and appropriate solutions are in place to be aligned with Business Continuity plans
46
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for monitoring for SLA compliance and checking the accuracy of configuration details
47
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for planning and implementing the release of changes and that they are traceable by the CMDB
48
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for providing circumvention details to facilitate the Service Desk in providing first time fixes
49
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for providing initial assessments of all incidents, producing management reports and escalation based on SLA’s
50
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible measuring and reporting, and coordinating other service management functions
51
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for Post Implementation Review and Close
52
Financial Mgt
Service Level Management
Service Desk
Incident Management
Problem Management
Configuration Management
Change Management
Release Management
Capacity Management
Availability Management
Security Management
IT Service Continuity Management
This is responsible for ensuring security requirements are defined and incorporated within the overall Availability design
53
Responsibilities Review
That’s all
Unless you want to do it again!
54