##Information systems operations
#IS Operations
- Routing activities required to keep systems and networks up and running.
● Resource provisioning
● Applying patches and hotfixes
● Backups and recovery
● Media management
● Configuration management
--------------
#Assest Identification and Management
- Easily understood as " knowing what the company owns "
Includes the following:
• Hardware
• Firmware
• OS
• Language runtime environments
• Applications
• Individual libraries
- An automated system is required to fully accomplish this
- Are All Patches Applied?
• Applying patches and updates is critical
• Make sure that it is done for all
components on the system
------------------
#Patching Considerations
1. Infrastructure
- Patch team needs to be identified to follow patching procedures
- Asset identification is carried out to know what patches will be needed
2. Research
- Identify new patches needed for all enterprise components
- Validate the patches are from a trustworthy source
3. Test
- Test environment should mirror production environment
- Follow change management process
- Test and roll out
4. Mitigation
- Rollback process if patch causes production problems
5. Deployment
- Rollout should happen to less sensitive systems first
- Rollout should be automated and be scheduled
6. Validate and Log
- Log activities and rescan systems for vulnerabilities
------------------
#Patching Issues
�- Can open new vulnerabilities
- Production interruptions(for example, system failures
and downtime)
- No proper testing and/or providing a rollback process
- Asset management is not up to date
• How do you know what patches you need?
- Admin workload vs. patches' time sensitivity
-----------------
#Configuration Management
*So configuration management is a term that many people use synonymously,
unfortunately, with change control or change management.
*There is a difference and it's an older school term
for what configuration management means.
*Configuration management you can think of as
management of the logical description of the IT
environment.
- Management of the logical description of the IT environment
• Diagrams and documentation and config files of hardware, software,
configuration settings, source code, etc.
• Some organizations include policies, procedures, standards, and
other documentation
• Should ideally be maintained in a Configuration Management
Database (CMDB)
• In a well-run IT environment, there shouldn't be anything in the
environment that isn't recorded in the CMDB
-----------------
#Change Management
• Establish baselines of configuration management
documentation, system hardware, software, and settings
• Formally control changes to the baselines
• Changes can only be made with prior approval
• Usually implemented with configuration control boards or groups
-------------
#Release Management
• Change control of production software
• A process to ensure only authorized software versions are
released into production
- Similar term that's very similar to the term change control or change
management .
-------------
#Enterprise Monitoring is another IT operations responsibility
- Network/security operations centers - NOC/SOC
• Event logging
• Traffic monitoring
• Security monitoring
---------------
�#Problem Management
• Lowering impact of problems on service .
• Reducing the number of failures to an acceptable baseline level
• Preventing the same problem from occurring again
- Types of problems:-
• Software
• Hardware
• Availability
• Network
• Environmental
• Security and safety
-------------------
#Root Cause Analysis (RCA)
- Knowing that a device failure occurred is rarely enough-we
need to know the underlying cause of that failure, to better
predict future issues and to try to prevent recurrence
- "Don't just fix the symptom , fix the actual cause of the problem,
and prevent it from happening again"
- Also known as the Band-Aid vs. the fix
- Causal factors vs. root cause
--------------------
#Incident Handling
• Incident handling policy and procedures
• Documented steps to follow once an incident is discovered
• Escalation process
• Focused on getting back to normal operations and minimizing
business impact
• Incident Handling Process
------------------
#Help Desk/Sepport
- Resolves end-user and system technical or operational problems
- Usually implemented in tiers (tier1, tier2, tier3)
---------------------
#IT Service Management
- Approach to managing IS operations with a focus on efficient
and effective service delivery as well as continuous improvement
and reporting
- From the ITSM perspective, the other departments in the
organization are the customers to the IT service provider
(the IT department)
- ITSM provides:
• IT service delivery, such as the email system
• IT service support, such as the help desk
�- IT Service Management Frameworks:
1. Information Technology Infrastructure Library (ITIL)
• Service delivery best practices
• Broken into five volumes: service strategy, design, transition,
operations, and continuous improvement
2. ISO/IEC 20000-1:2011
• Compliance framework for service delivery best practices
• Plan-do-check-act(PDCA) methodology
