ppt
DESCRIPTION
TRANSCRIPT
http://www.microsoft.com/china/technet
从管理和运营的角度看从管理和运营的角度看 IT IT 6. MOF 6. MOF 风险管理原则风险管理原则
Yu YongYu [email protected]讲义下载:讲义下载: www.yuyong.net www.yuyong.net
http://www.microsoft.com/china/technet
从管理和运营的角度看从管理和运营的角度看 ITIT 系列讲座介系列讲座介绍绍 1. MOF1. MOF 简介简介 2. MOF2. MOF 理论基础理论基础 -- 上上 3. MOF3. MOF 理论基础理论基础 -- 下下 4. MOF 4. MOF 过程模型过程模型 5. MOF5. MOF 团队模型团队模型 6. MOF 6. MOF 风险管理原则风险管理原则
http://www.microsoft.com/china/technet
今日议程今日议程 Why MOF Embeds Risk ManagementWhy MOF Embeds Risk Management MOF Risk Management ProcessMOF Risk Management Process
http://www.microsoft.com/china/technet
概念定义概念定义 Risk – Possibility of suffering a lossRisk – Possibility of suffering a loss
May or may not happen: if guaranteed, it is not a riskMay or may not happen: if guaranteed, it is not a risk ““Loss” is relative: failure to maximize gain is a type of lossLoss” is relative: failure to maximize gain is a type of loss
Risk management – Actions to mitigate riskRisk management – Actions to mitigate risk Assess continuously what can go wrongAssess continuously what can go wrong Determine what risks are important to deal withDetermine what risks are important to deal with Implement strategies to deal with top risksImplement strategies to deal with top risks
http://www.microsoft.com/china/technet
Operations Needs Risk Management More Operations Needs Risk Management More TodayToday
Business transactions are increasingly dependent on ITBusiness transactions are increasingly dependent on IT IT performs tasks formerly done by people IT performs tasks formerly done by people New forms of business use IT New forms of business use IT
Greater risk of IT failure todayGreater risk of IT failure today The IT environment is increasingly complexThe IT environment is increasingly complex Traditional IT directly controls less of the infrastructureTraditional IT directly controls less of the infrastructure
Greater impact on business of IT failure Greater impact on business of IT failure Failures impact businesses more quicklyFailures impact businesses more quickly Failures are more visibleFailures are more visible
For every new way that IT has of enabling business,IT operations has a new way of disabling business!
http://www.microsoft.com/china/technet
ITIT 运营的风险来源运营的风险来源 Four main sources of risk in IT operations:
People Process Technology External factors
http://www.microsoft.com/china/technet
ITIT 风险的种类和对业务的影响风险的种类和对业务的影响 The MOF risk model has defined four main modes of
failure: Performance Security Agility Cost
The business needs IT services to perform well and to be delivered in a secure, agile, and cost-effective manner
http://www.microsoft.com/china/technet
传统风险管理方式不再适用传统风险管理方式不再适用
Typically, risk management has been primarily the Typically, risk management has been primarily the concern of change managers and security managersconcern of change managers and security managers Pro:Pro:
Addresses business needs in areas of performance and Addresses business needs in areas of performance and securitysecurity
Con:Con: Does not address business needs in areas of agility and Does not address business needs in areas of agility and
costcost
Traditionally, risk management was delegated to change management and security management
—this is no longer sufficient.
http://www.microsoft.com/china/technet
MOFMOF 的五个风险管理原则的五个风险管理原则 Assess risks continuouslyAssess risks continuously Integrate risk management into every role and Integrate risk management into every role and
every functionevery function Treat risk identification positivelyTreat risk identification positively Use risk-based schedulingUse risk-based scheduling Establish an acceptable level of formalityEstablish an acceptable level of formality
http://www.microsoft.com/china/technet
Why MOF Embeds Risk Management in All Why MOF Embeds Risk Management in All SMFs, Role Clusters, and ReviewsSMFs, Role Clusters, and Reviews
MOF embeds risk management in all SMFs, role MOF embeds risk management in all SMFs, role clusters, and reviews because:clusters, and reviews because: Failure can originate within any SMFFailure can originate within any SMF Failure can originate with any team role cluster if risk Failure can originate with any team role cluster if risk
management is not applied to an SMFmanagement is not applied to an SMF Reviews represent an opportunity to identify potential Reviews represent an opportunity to identify potential
failures originating within SMFs or with team role failures originating within SMFs or with team role clusters, and bring them to management’s attentionclusters, and bring them to management’s attention
http://www.microsoft.com/china/technet
How MOF Embeds Risk Management in All How MOF Embeds Risk Management in All SMFs, Role Clusters, and ReviewsSMFs, Role Clusters, and Reviews
MOF embeds risk management in the following ways:MOF embeds risk management in the following ways: In SMFs by building risk management practices into In SMFs by building risk management practices into
all SMF processes all SMF processes In role clusters by training team members in – and In role clusters by training team members in – and
making them accountable for – risk managementmaking them accountable for – risk management In reviews by formally incorporating risk In reviews by formally incorporating risk
management into each reviewmanagement into each review
http://www.microsoft.com/china/technet
Origin of the MOF Risk ModelOrigin of the MOF Risk Model
The MOF risk modelThe MOF risk model Is based on industry-standard risk management principlesIs based on industry-standard risk management principles Applies the traditional Microsoft Solutions Framework (MSF) Applies the traditional Microsoft Solutions Framework (MSF)
risk model to operationsrisk model to operations Incorporates additional input from industry best practice, Incorporates additional input from industry best practice,
including Information Technology Infrastructure Library (ITIL)including Information Technology Infrastructure Library (ITIL)
http://www.microsoft.com/china/technet
The 5-Step Risk Management ProcessThe 5-Step Risk Management Process
http://www.microsoft.com/china/technet
Risk ListsRisk Lists
Risk assessment documentRisk assessment document Serves as master repository for all active risksServes as master repository for all active risks Is constructed during the risk management process as Is constructed during the risk management process as
each step in the process adds information about a each step in the process adds information about a particular riskparticular risk
Top Top nn risk list risk list Helps team focus on most important risksHelps team focus on most important risks Is a subset of master list of risks in risk assessment Is a subset of master list of risks in risk assessment
documentdocument Retired risk listRetired risk list
Is used as knowledge management toolIs used as knowledge management tool
http://www.microsoft.com/china/technet
Step 1: Risk IdentificationStep 1: Risk Identification
Add to the risk assessment document:Add to the risk assessment document: Source of riskSource of risk Mode of failureMode of failure ConditionCondition Operational consequenceOperational consequence Business consequenceBusiness consequence
These five elements make up the risk statementThese five elements make up the risk statement
http://www.microsoft.com/china/technet
Developing a Risk StatementDeveloping a Risk StatementSituation:
A new phone system allows customers to contact support technicians A new phone system allows customers to contact support technicians directly, bypassing the official, approved help desk process. This would directly, bypassing the official, approved help desk process. This would be counterproductive because although the customer might get prompt be counterproductive because although the customer might get prompt support, the symptoms would not be logged and the root problem would support, the symptoms would not be logged and the root problem would not be tracked and resolved.not be tracked and resolved.
http://www.microsoft.com/china/technet
Step 2: Risk AnalysisStep 2: Risk Analysis
Add to the risk assessment document:Add to the risk assessment document: Probability of the condition occurringProbability of the condition occurring Impact of the consequencesImpact of the consequences Exposure = probability x impactExposure = probability x impact
http://www.microsoft.com/china/technet
Determining Risk Probability, Impact, and Determining Risk Probability, Impact, and ExposureExposure Situation:Situation:
Incident management estimates that 20% of each day’s contacts may bypass Incident management estimates that 20% of each day’s contacts may bypass the official process if end users are able to dial technicians directly. The impact the official process if end users are able to dial technicians directly. The impact of losing 20% of the incident reports is considered a “4” on a scale of 1 to 5.of losing 20% of the incident reports is considered a “4” on a scale of 1 to 5.
http://www.microsoft.com/china/technet
Step 3: Risk Action PlanningStep 3: Risk Action Planning
Add to the risk assessment document:Add to the risk assessment document: MitigationsMitigations TriggersTriggers ContingenciesContingencies
http://www.microsoft.com/china/technet
Determining Mitigations, Triggers, and Determining Mitigations, Triggers, and ContingenciesContingencies
Situation:Situation:Technicians can’t prevent customers from calling, but they (and IT Technicians can’t prevent customers from calling, but they (and IT management) can ask customers not to call directly. Technicians can management) can ask customers not to call directly. Technicians can identify direct-dial calls by noticing their phones’ LCD displays. When a identify direct-dial calls by noticing their phones’ LCD displays. When a direct-dial call is detected, the technician can explain the situation to the direct-dial call is detected, the technician can explain the situation to the customer and transfer the call to the official phone number. customer and transfer the call to the official phone number.
http://www.microsoft.com/china/technet
Step 4: Risk TrackingStep 4: Risk Tracking
Use the completed risk assessment document Use the completed risk assessment document to begin monitoring the current situation:to begin monitoring the current situation: Trigger valuesTrigger values Risk’s condition, consequence, probability, or Risk’s condition, consequence, probability, or
impactimpact Progress of a mitigation planProgress of a mitigation plan
http://www.microsoft.com/china/technet
Situation:Situation:A month after the phone system is implemented, 80% of all phone calls to A month after the phone system is implemented, 80% of all phone calls to support technicians are direct-dial; only 20% use the official process.support technicians are direct-dial; only 20% use the official process.
Has the condition changed? Has the condition changed? NoNo Have the consequences changed? Have the consequences changed? NoNo Has the probability changed?Has the probability changed? YesYes Has the impact changed?Has the impact changed? NoNo Is the mitigation plan still appropriate? Is the mitigation plan still appropriate? NoNo Is the trigger still appropriate?Is the trigger still appropriate? YesYes Is the contingency plan still appropriate?Is the contingency plan still appropriate? YesYes
Monitoring ChangesMonitoring Changes
http://www.microsoft.com/china/technet
Step 5: Risk ControlStep 5: Risk Control
React to the changes noticed in Step 4:React to the changes noticed in Step 4: Execute mitigation plans and assess their progressExecute mitigation plans and assess their progress Execute contingency plans if triggers are trueExecute contingency plans if triggers are true Update the “top risks” listUpdate the “top risks” list Retire risks that are no longer a concernRetire risks that are no longer a concern
http://www.microsoft.com/china/technet
Controlling by Acting on the ChangesControlling by Acting on the Changes
Situation:Situation: Management investigates why the mitigation plan isn’t working. End Management investigates why the mitigation plan isn’t working. End
users report that the new phone system’s automated routing feature users report that the new phone system’s automated routing feature is so complex that they hate using it, and instead dial technicians is so complex that they hate using it, and instead dial technicians directly.directly.
Management takes an action item to update the mitigation plan: Management takes an action item to update the mitigation plan: instead of simply asking customers not to call, they’ll simplify the instead of simply asking customers not to call, they’ll simplify the phone routing system and tell customers about these improvements.phone routing system and tell customers about these improvements.
http://www.microsoft.com/china/technet
MOF Process Model MOF Process Model
http://www.microsoft.com/china/technet
MOF Team Model Role Clusters MOF Team Model Role Clusters
Communication
http://www.microsoft.com/china/technet
The 5-step Risk Management ProcessThe 5-step Risk Management Process
http://www.microsoft.com/china/technet
ReferenceReference ITIL
Essentials Practitioner Service Manager
MOF Essentials (available) MOF Changing & Operating Quadrants Microsoft Official Curriculum (MOC) Link:
http://www.microsoft.com/technet/itsolutions/mof/moftool/default.asp http://www.microsoft.com/mof
http://www.microsoft.com/china/technet
ReferenceReference LinkLink
Microsoft 运行框架( MOF ) Essentials 课程 http://www.microsoft.com/china/enterprise/solutions/msm/evaluation/
overview/mofessentials.asp Microsoft 操作框架 (MOF) 执行概述 ( 早期版本 ) http://www.microsoft.com/china/technet/MAINTAIN/mofovrv.asp 针对操作的 MOF 组队模型 http://www.microsoft.com/china/technet/itsolutions/techguide/mof/mof
tml.mspx Microsoft 运行框架( MOF ) Changing Quadrant 课程 http://www.microsoft.com/china/enterprise/solutions/msm/evaluation/
overview/chgquadcourse.asp MOF 自我评估工具 http://www.microsoft.com/china/technet/itsolutions/techguide/mof/
moftool.mspx
http://www.microsoft.com/china/technet
ReferenceReferenceActive Directory Operations Guidehttp://www.microsoft.com/windows2000/techinfo/administration/activedirectory/adops.asp
Security Operations Guide for Exchange 2000 Server http://www.microsoft.com/technet/security/prodtech/mailexch/opsguide/default.asp
Security Operations Guide for Windows 2000 Server http://www.microsoft.com/technet/security/prodtech/windows/windows2000/staysecure/default.asp
Microsoft Operations Manager 2000 Operations Guidehttp://www.microsoft.com/technet/prodtechnol/mom/maintain/operate/opsguide/default.asp
Microsoft Systems Management Server 2.0 Product Operation Guidehttp://www.microsoft.com/technet/prodtechnol/sms/maintain/operate/smspog.asp
MOF Self-Assessment toolhttp://www.microsoft.com/technet/itsolutions/mof/moftool.asp
The Windows 2000 Operations Guide Serieshttp://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/opsguide/opsguide.asp
Patterns and practices books:http://shop.microsoft.com/practices/
http://www.microsoft.com/china/technet
TechNetTechNet 是什么是什么 ?? 只需轻轻点击,答案就在您的指尖只需轻轻点击,答案就在您的指尖
对于对于 IT IT 专业人员来说,专业人员来说, TechNet TechNet 是一个知识的宝库,你是一个知识的宝库,你可以找到关于如何规划,部署和管理微软产品的的技术资源可以找到关于如何规划,部署和管理微软产品的的技术资源
每月发放包含最新信息的每月发放包含最新信息的 DVDDVD 或者或者 CDCD 这是最权威的资源,可以帮助你评估、配置和维护微软产品。这是最权威的资源,可以帮助你评估、配置和维护微软产品。
订阅 TechNet
可以访问该站点 可以访问该站点 www.microsoft.com/china/technet 在线资源和社区在线资源和社区 订户订户 ---- 仅仅提供在线服务仅仅提供在线服务
TechNet 网站
两周发放一次的中文电子快报两周发放一次的中文电子快报 安全更新安全更新 , , 新的资源等等新的资源等等
TechNet 中文电子快报
有关最新微软产品介绍和技术的简报有关最新微软产品介绍和技术的简报 上机试验上机试验 , “, “ 如何操作”等信息如何操作”等信息
TechNet 活动和网站消息
用户群用户群 可管理的新闻组可管理的新闻组
中文社区
http://www.microsoft.com/china/technet
我们从哪里可以了解到 我们从哪里可以了解到 TechNet?TechNet?
访问访问 TechNetTechNet 的官方网站的官方网站www.microsoft.com/China/technetwww.microsoft.com/China/technet
注册注册 TechNetTechNet 快报 快报 www.microsoft.com/china/technet/abouttn/subscriptions/flash.mspxwww.microsoft.com/china/technet/abouttn/subscriptions/flash.mspx
加入到中文在线论坛加入到中文在线论坛 http://www.microsoft.com/china/community/http://www.microsoft.com/china/community/
成为 成为 TechNetTechNet 的订户 的订户 www.microsoft.com/china/technetwww.microsoft.com/china/technet
参与到更多的参与到更多的 TechNetTechNet 活动中或者在线了解活动中或者在线了解www.microsoft.com/china/technetwww.microsoft.com/china/technet
http://www.microsoft.com/china/technet
您的潜力,我们的动力!您的潜力,我们的动力!