Technology Trends & Management Consulting

December 9, 2008

Safe choices drive security policies

Filed under: Blogroll, Management Consultant, Security Management — Tags: , , — Daniel Ruggles @ 3:13 pm

Working in many companies as an IT consultant allows me to see a broader spectrum of policies, business justifications and processes than many of the clients I work with, especially if they have been with their company for many years.  One of the more vexing notions that continue to surface in different forms is making decisions based on the logic of the herd concept.  Or put another way, let’s pretend we are lemmings!  Many years ago it was “No one got fired for buying from IBM” and after that “No one got fired for hiring Andersen Consulting” and there are more permutations of this phrase than time allows to list.

A recent iteration is “No one got fired for banning IM”.  There was an article in www.networkworld.com December 1, 2008 issue that covered this topic with a touch of humor and angst, written by Andreas Antonopoulos.  

Conducting business entails risk.  Does not matter what type business you participate in.  Instant Messaging (IM) and various chat capabilities available to companies internally and externally are nothing more than extensions of using a phone or sending e-mail (really fast!!).  Those forms of communications are not banned and are seen as integral communication methods.  IM is just a variation of those methods.  It is often easier for security groups within companies to just say “NO” than to develop creative methods to support the business. 

Most companies I have worked in allow users Administrative privileges for their Widows laptops.  Even though that is a really bad idea and allows everyone to load software they bring in from home, they do not trust them to conduct business over IM.   

March 15, 2007

What is ITIL?

Filed under: Availability Management, Capacity Management, Change Management, Configuration Management, Financial Management, ISO 20000, IT Service Continuity Management, ITIL, Incident Management, Problem Management, Release Management, Security Management, Service Delivery, Service Desk, Service Level Management, Service Support — Tags: — Daniel Ruggles @ 3:13 pm

The IT Infrastructure Library (ITIL) is a series of eight books and is referred to as the only consistent and comprehensive best practice for IT service management to deliver high-quality IT services. Although produced and published by a single governmental body, ITIL is not a standard and is generally referred to as a framework.  There is a lot of work involved in tailoring an implementation to any organization. The published books (subject to change my mid-2007) are:

  • Software Asset Management
  • Service Support
  • Service Delivery
  • Planning to Implement Service Management
  • ICT Infrastructure Management
  • Application Management
  • Security Management
  • Business Perspective, Volume II

There are two main operational components or logical groupings within ITIL, with Security Management completing the underpinning for both groups are:

  • Service Support (activities that are more or less performed daily)
  • Service Delivery (activities that tend to take place monthly or quarterly, but at a minimum annually)

ITIL Process Overview

 ITIL Process Overview

BUSINESS DRIVERS FOR IMPLEMENTING

ITIL is usually implemented subject to one or more of the following business cases:

  • Defining of service processes within the IT organization
  • Defining and improving the quality of services
  • Need to focus on the customer of the IT
  • Implementation of a central help desk function

There are several methods in approaching an implementation of ITIL and having done several operations assessments, I can attest that the two main building blocks that have to be solid are Configuration Management and Change Management.  Both gear their activities off a Configuration Management Data Base (CMDB).  If the CMDB does not exist or if Change Management is a haphazard process, then the other processes within ITIL tend to fail on a regular basis.  Recently more and more vendors are creating products geared specifically towards CMDB (e.g., HP, CA, BMC, etc.) that address a method to collect all of the configuration specifics of your environment.  If you don’t know what you have, it will be problematic when implementing any change, but you can never been certain of the effect of the change.Two principal concepts characterize the basic thinking of ITIL:

  • Service management—IT service managers:
    • Assure the consideration of requirements for operations and maintenance
    • Develop test plans
    • Identify the effects on existing infrastructure caused by new or modified systems
    • Define future requirements
  • Customer orientation—IT services are to be provided at a level of quality that allows permanent reliance on them. To assure this quality, responsibility is assigned to individuals who:
    • Consult the users and help them use the services in an optimal approach
    • Collect and forward opinions and recommendations of users
    • Track complaints
    • Monitor the users’ appraisals of the services delivered
    • Support internal user groups

      • Technorati
      ”RSS”

Blog at WordPress.com.