CHAPTER 6

Service Management: optimizing the ability of IT to provide services that are cost-
effective and meet the needs of the business.

Benefits:

o Reduce total cost and operation

o Improve service quality and reduce errors
o Meet user's needs
o Improve regulation compliance
o Business/IT alignment

Information Technology Infrastructure Library (ITIL): Best practice framework that

Facilitate the management and delivery of quality IT services.

Benefits:

o Flexible
o Scalable
o Vendor neutral
o Focus on best practices
o Improve compliance

ITIL consist of best practices lifecycle phases and key processes to manage IT services.

Advantages of ITIL

Customer and Business IT organization

o Deliver better service quality to o Improve organization structure.

customers. o Facilitate control of IT scalability
o Better description of services o Facilitate process of selecting
o Effective service management service for outsourcing
o Improve communication with IT org. o Facilitate compliance with
o Better visibility of cost to the customer organization
Five Phases of ITILv3

Service Strategy: This phase includes the design, development, and implementation
planning of Service Management.
Service Design: This phase includes the design phase for IT service, including architect,
processes, suggested metrics, and others.
Service Transition: This phase involves the transition of the service process, moving from
current to future strategy.
Service Operation: This phase involves achieving effectiveness and efficiency in providing
services to ensure value for customers.
Continual Service Improvement: The phase of maintaining the value for the customer
by making improvements and service introduction.

Process: a set of activities to accomplish a specific goal.

Function: is a team or group specialized who are responsible for specific outcomes.

ITIL Process Examples:

1) Service desk: a communication center that provides a single point of contact between
a company, customers, and the IT team to manage incidents.

Key Benefit:

o Report incident!
o Cost reduction through efficient use of resources
o Provide service support.

KIPs:

o Number of incident reported by Type

o Number of calls handled
2) Incident Management: Define process for recording and resolving incidents to
provide better level of service quality and availability.

Key Benefit:

o Ensure the best use of resources

o Ensure the incident are detected

KPIs:

o Total number of incident reported

o Average cost per incident

3) Problem Management: supports incident Management by providing workarounds

and quick fixes but does not have the responsibility for resolving the incidents.

Key Benefit:

o Focus of root cause analysis

o Support fault management and service desk
o Better utilization of technical aspects

KPIs:

o Number of problem reported

o Number of closed problem

4) Release management: The process of planning, designing, scheduling, deploying,

and controlling technical and non-technical aspects of releases.

Key Benefit:

o Provide a consistent and customer-focused approach

o Better control on installed hardware and software

KPIs:

o Number of major emergencies released.

5) Service Level Management: Maintains IT service quality and performance.

Key Benefits:

o Ensure IT is focused on most important areas

o Ensure customer requirements are known

KPIs:

o SLAs
o Customer satisfaction survey

6) Capacity Management: deals with service capacity management and ensure it is

scalable and cost effective.

Key benefits:

o Ensure that the existing infrastructure is optimized in terms of capacity

o Understand the way infrastructure is used

KPIs:

o Capacity
o Speed Metrix - Volume

7) Availability Management: Optimizes the capability of the IT infrastructure, services to

deliver a cost effective and sustained level of availability that enables the business to
achieve its business objectives.

Key Benefits:
o Service can be designed to meet target service levels
o Provides A formal way to measure availability of IT services

KPIs:

o Rate of availability
o Overall uptime and downtime
8) IT Service Continuity Management (ITSCM): Supports the business continuity
management process by planning for incident prevention, prediction, and management.

Key Benefits:

o Improve IT/ Business relationship

o Decreases the cost and impact to the business when a crisis occurs

KPIs:

o Impact and cost

o Lower insurance premium

9) Information Security Management: Ensures a high level of security, so that the IT

infrastructure and services.

Key Benefit:

o Provides secure policies and procedures to protect infrastructure

o Create awareness to protect and secure IT resources

KPIs:

o Number of security breaches

o Cost of security

10) Configuration Management: maintain, document, and verify the configurations

services of infrastructure.

Key benefit:

o Record the information required to manage IT services

o Effective delivery of IT services

KPIs:

o Number of planned and unplanned changes

o Average cost and time to make changes
11) Change Management: The process of controlling changes to improve infrastructure
and service with minimum disruption.

Key Benefit:

o Minimize number of unauthorized changes

o Minimize risks caused by failed change

KPIs:

o Number of requested changes

o Number of successful changes

12) IT Financial Management: Provides cost-effective of the IT assets and resources used
in providing IT services including accounting and charging of services.

Key benefit:

o Provide accurate cost information

o Allow for recovery of cost

KPIs:

o Cost Tracking

Best Practice: is a method or technique known to produce superior outcomes if followed

and used as a benchmark.

o Lean: a production philosophy that focuses on creating and managing the flow of
value. (the value flow is defined by lean)

o Agile: a collection of software development methodologies that helps teams to

deliver value faster. (things flow much faster)(adapts with the situation as we
proceed)

o DevOps: a professional movement that ensures communication and collaboration

between software developers and IT professionals. (used for software developers)

o ITSM: a set of specialized organizational capabilities for providing value to

customers in terms of IT services.
Business/IT Challenges:

o IoT rapidly increasing

o Customers value outcomes, not products
o Time-to-value is replacing time-to-market
o Customer delight is more important than customer satisfaction

How to address these challenges:

o Avoid local optimization

o Adopt more than a single best practice framework
o Address culture by guiding principles
o Continual improvement

ITIL 4 Guiding Principles:

1. Focus on value.
2. Start where you are
3. Progress iteratively with feedback
4. Collaborate and promote visibility.
5. Think and work holistically
6. Keep it simple and practical.
7. Optimize and automate
 CHAPTER 7

TOGAF is Used for Developing Architectural to meet specific business needs.

TOGAF Components:

o ADM (Architect Development Method): Guidelines of how architecture

could be implemented and what processes can be used.

o Foundation Architect: Associated with a detailed taxonomy of services.

o Resource Base: Helps determine the requirements.

Outsourcing is a critical component of IT governance which create business

relationships with third party service providers to facilitate businesses goals.

Strategic outsourcing Tactical outsourcing

Strategic outsourcing is a long-term and Tactical outsourcing is a short-term and
result-oriented approach where an transactional-focused approach that works
organization obtains services from an best for small and medium-sized companies.
external source. Assets and processes are can include staff supplementation and easily
transferred to service providers. scalable IT services where there are no asset
transfers.

Onshore outsourcing – obtaining services from an external source in your home country.

Rural outsourcing – where an organization obtains the services of an external source in

a rural area of the home country, where the service is usually less expensive.

Near - shore outsourcing – refers to a service provider located in a country which is near
to your home country.

Offshore outsourcing – refers to contracting with a company that is geographically

distant, like India, Ireland, and China, where an ocean separates the countries.

Best - shore outsourcing – offer the best ‘deal’ for the customer.
What do organizations outsource:

Any IT function can be outsourced such as:

o IT architecture
o IT infrastructure
o system and software development
o web development and hosting.
o Training, education, and certification

Benefit of outsourcing from organization perspective:

o Enable business to focus on strategic function.

o Lower annual operating costs.
o Increase speed to market.
o More politically acceptable.

Benefits from a service provider perspective:

o Substantial revenue stream potential and growing global market.

o long-term customer relationships
o Increasingly, customers are going with a limited number of strategic sourcing
specialists to develop longer term relationships and negotiate better deals.

Barriers and Risks of Outsourcing:

o Loss of control
o Function or process is too critical to outsource
o Poor outsourcing process management
o Loss of flexibility due to inflexible contract
o Different In culture and time zone relating to offshore deals
o Lack of security and data protection.
 CHAPTER 8

Risk Management: The process of assessing the risks to an organization's information

and determining how to control or mitigate those Risks.

The Process of Risk Management Include: Identification, assessing, prioritizing, and

controlling risks.

Knowing Yourself Knowing Your Enemy

Identify, examining and understand the Identify, examining and understand the
information and how it is processed, stored threats facing the organization's information
and transmitted. assets.

Risk Management Cycle:

Assessing Risk: Identify and prioritize risks to the organization.

Conducting Decision Support: Identify and select control solutions

based on a defined cost-benefit analysis process.

Implementing Controls: Deploy control solutions to reduce risk.

Measure Program Effectiveness: Report on the effectiveness of

deployed controls to manage risk.

Accountability for Risk Management:

Information security: Leading role in addressing risk.

Information technology: building and maintaining secure systems.

Management: resource allocation and prioritization of security concerns.

Users: Early detection and proper response to threats.

Steps in Risk Management

I. Evaluate the risk controls.

II. Determine which control options are cost-effective.
III. Installing appropriate controls.
IV. Ensure controls remain effective.
V. Identify risks.
VI. Assess risks.
VII. Summarize the findings.

Information Asset Inventor Creation: Asset Information relate to IT system components

including:

o People
o Procedure
o Data
o Software and Hardware
o Networking

Vulnerability: weakness in an asset that can be exploited to breach security.

Risk Assessment Formulas:

R = PV (Risk = Probability of Risk Event * Value Lost or Vulnerability)

R = Pa Ps V (Risk = Probability of Attack * Probability of successful Attack * Value)

R = (P * V) - CC + UK (Risk = Probability of Attack or Likelihood * Value of Asset –

Current Control + Uncertainty Knowledge of Risk)

The Goal is,

o To identify information assets and their vulnerabilities.

o To rank them according to the need for protection.