IT INFRASTRUCTURE LIBRARY A Presentation By Venu Gopal K for BITS UC 412 (Practice School II) 

Contents  Introduction – What is ITIL?  Overview of ITIL  Implementing ITIL  ITIL Service Management  ITIL Incident Management  ITIL Information Security 

Information Technology Infrastructure Library http://www.securityfocus.com/infocus/1815 “ITIL is a set of best practices and guidelines that define an integrated, process-based approach for managing information technology services.” 

Overview Of ITIL  Began as an effort to develop efficient and cost- effective use of IT resources.  ITIL outlines what processes to be implemented; but not how to implement it http://www.tso.co.uk/pism/app/content/pism_7.htm 

The ITIL Framework 

Overview Of ITIL  Service Delivery Management  Service Level Management  SLA – Service Level Agreement  OLA – Operational Level Agreement  Financial Management  Capacity Management  Infrastructure resources  Availability Management  Application resources  Service Continuity Management  Disaster recovery 

Overview Of ITIL  Service Support Management  Configuration Management  Managing hardware, documentation, personnel etc.  Change Management  Managing changes to Configuration items  Release Management  Software and Hardware license control  Problem/Incident Management  Service Desk 

Process Categorization In ITIL  In ITIL,IT processes are divided into 3 levels:  Strategic: Objectives and methods to achieve them are defined.  Tactical: Converting strategies into plans and setting target outcomes.  Operational: Executing tactical plans and achieving targets within specified time. Statergic (Policy) Tactical (Procedure) Operational (Execution) 

Implementing ITIL  Some considerations for successful ITIL implementation include:  ITIL implementations need to be managed as a formal project.  It takes resources including time and money.  A strong Communication Plan will need to be executed.  It takes Management commitment and participation.  Certifications 

BENEFITS OF ITIL  IT services become more customer- focused  The quality and cost of IT services are better managed  The IT organization develops a clearer structure and becomes more efficient  There is a uniform frame of reference for internal communication about IT 

ITIL SERVICE MANAGEMENT 

INTRODUCTION  Linking Businesses to IT solutions  Provide comprehensive and available application codes  Planning, realization and IT support services  Business practices  IT –support to business links  In-House  External Customers  Supplier-Relations  Automated business procedure  Specify service life cycle to provide clear references to business demands. 

No content

Service Delivery Management  Service Strategy  Service Design  Service Transition  Service Operation  Continual Service Improvement 

Service Strategy  Service life cycle  General strategy  Service provider types  Organizational design and development  Competition and Market space  Service management  Finance management 

Service Design  Design of processes, architecture, policies, documentation  Service Design Package (DSP)  Service Catalog Management  Service Level Management  Capacity management  IT service continuity  Information security  Key roles  Supplier management  Responsibilities of staff in service design. 

Service Transition  Delivery of services to the businesses for operational use  Changing the BAU environment.  Change management  Service asset  Configuration management.  Release and deployment management  Knowledge management  Transition planning and support.  Staffs engaged in transition of service. 

Service Operation  Practice of achieving delivery of agreed levels of services  Beneficial to both end users and customers  Customers – who negotiate on SLAs  Direct delivery of both services and values to the customers  Balancing of service reliability and costs  Event management, incident management, service desk and application management, event fulfillment, asset management. 

Continual service improvement (CSI)  Align and realign IT services for the changing business needs  Improvement of businesses  Business perspective of service quality  Effectiveness, efficiency, cost importance of services.  Deciding on the total services being provided  Managing ITSM (Service Management) for enabling the services  Organizational methods for measuring, reporting and using the data to improve the processes and services being provided.  Adopting CSI with well defined goals, document procedures, input, output, identified roles and responsibilities 

Service Support Management  Services for better execution of businesses  Customers and users are the major sources to plan the processes  Incident management  Service request management  Change management  Configuration management 

Problem management  Goal- to identify the root cause for all incidents  Optimize the recurrence of incidents by resolving incidents with back up.  Provide strong support for IT infrastructure, availability of servers, application environment.  Virus protection server maintenance, Anti-Virus protection measures. 

Change management  Ensure the standards and specifications on procedures and methods implemented to handle incidents  To minimize the change-related problems  Improve day -to- day activities  Definition- event that results in new statuses that contains one or more new configuration items. (CIs)  Minimal disruption of service  Reduce the back out of IT activities  Economizing the resources involved in changes. 

Release Management  For automated distribution of software and hardware.  Access control for the entire IT infrastructure  The design and implementation of procedures for the distribution and installation of changes in the IT systems.  Ensuring safety and security of the live IT environment being conscious of customer expectations through formal procedure and checks. 

Configuration Management  Ensures the standards and specifications of all configurations installed in the entire IT infrastructure.  Checking the CIs.  Adopt quality control measures to correct and rectify the items to the required standards for better operations.  Efficient business practice management through better configuration, equipment features. 

ITIL INCIDENT MANAGEMENT 

ITIL Incident Management Need  Clear definition of services  Single point of contact  Cost Reduction 

ITIL Incident Management Role of Service Desk  Provide a single contact point  Restoration of services with minimal business impact 

ITIL INCIDENT MANAGEMENT PROCESS FLOW 

ITIL Incident Management Results  Service objectives and goals are defined  Business needs are understood  Customer requirements are understood 

ITIL Incident Management Benefits  Increased accessibility through single contact point  Quicker resolution of customer requests  Improved usage of IT support services  Increased productivity of service desk personnel 

ITIL Incident Management Benefits  Reduced negative business impact  Assist decision making by providing important management information  Staff resource usage  Service deficiencies  Service performance and target achievement 

ITIL INFORMATION SECURITY 

ITIL SECURITY MANAGEMENT  Security Management ITIL is a relatively new process  Key concept of Availability Management  The ITIL Security Management process describes the structured fitting of security in the management organization.  Based on the Code of practice for information security management also known as ISO/IEC 17799.  A basic concept of Security Management is the information security. Primary goal of information security is to guarantee safety of information. 

ITIL INFORMATION SECURITY  Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.  Information security, computer security and information assurance are frequently used interchangeably.  Information security is concerned with the confidentiality, integrity and availability of data 

INFORMATION SECURITY BASIC PRINCIPLES  Confidentiality  Integrity  Availability  Authenticity  Non-repudiation  Risk management 

INFORMATION SECURITY ITIL breaks Information security into:  Policies - overall objectives an organization is attempting to achieve  Processes - what has to happen to achieve the objectives  Procedures - who does what and when to achieve the objectives  Work instructions - instructions for taking specific actions 

INFORMATION SECURITY Information Security Process is a seven step process: 1. Using risk analysis, IT customers identify their security requirements. 2. The IT department determines the feasibility of the requirements, compares them to the organization's baseline. 3. The customer and IT organization negotiate and define a service level agreement (SLA). 4. Operational level agreements (OLAs), which provide descriptions of services provided. 5. The SLA and OLAs are implemented and monitored. 6. Customers receive reports about the effectiveness and status of security services. 7. The SLA and OLAs are modified as necessary. 

No content

INFORMATION SECURITY o ITIL seeks to ensure that effective information security measures are taken at  strategic levels  tactical levels  operational levels o A complete cyclical process with continuous review and improvement 

CONCLUSION  Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution.  Process of Information security involves  Ongoing training  Assessment  Protection  Monitoring  Detection  Incident response  Repair  Documentation  Review 

No content