Documente Academic
Documente Profesional
Documente Cultură
IT as a Financial Responsibility
How should IT investments be designed and
managed to ensure alignment with corporate
strategy
What other components are required to realize
the full potential of IT?
What are the risk implications of these
investments?
How can the value of IT investments be
managed over time?
Are we doing
them the right way?
Integration
Benefits
Are we getting
the benefits?
Are we getting
them done well?
Capability/Efficiency
The Information Paradox: John Thorp
Purpose of IT Management
Reduce duplication of effort
Ensure adherence to standards
Enhance the flow of information throughout an
information system
Promote adaptability necessary for a changeable
environment
Ensure interoperability among organizational and
external entities
Maintain effective change management policies
and practices
Managing IT
Components of IT
Management
Application Software
Understanding Requirements
Evaluating Solutions & Options
Identifying the gap
Deploying the solutions
ICT Infrastructure
Hardware
System Software
Network
Data Management
IT Systems Management
Technology: software, hardware, storage and
networks
Policies and Procedures: setting methods
and strategies for maintaining stability,
reliability and maximum utilization
Creating an Organisational Structure:
putting together the resources and skills
needed to achieve systems management goals.
To be managed as a PROJECT
Business Perspective
Collection of best practices suggested to address some of the
issues often encountered in understanding and improving IT
service provision.
Manage
Development
Deployment
Infrastructure Management
Processes
Design and Planning
Deployment
Change Management
Operations
Technical Support
Maintenance Of Information
Systems
Systems maintenance is the on-going maintenance of a
system after it has been placed into operation.
Systems maintenance can be categorized into four groups.
Each of these four categories can affect an organization's
information
strategy plan in different ways:
Corrective Maintenance
Customized Maintenance
Enhancement Maintenance
Preventive Maintenance
Change
No matter where you are in the system life
cycle, the system will change, and the desire
to change it will persist throughout the life
cycle.
Bersoff, et al, 1980
What is a Change?
Change in the configuration of Hardware /
software on the desktop
Change in the functionality of the system
Change in the configuration of Hardware /
software on the server
Change in the Network configuration
Change in the storage requirements
Change in the location
Change in the Profile
Change in the Business Process
Dr. Gita A Kumta, NMIMS
Change Management
Plan or Manage the Change so that users
and System are ready at the same time and
expectations on both sides are matched
Theres no change, no matter how awful, that
wont benefit some people, and no change, no
matter how good, that wont hurt some.
( Verblens Principle (Weinberg and Gause 1989)
Components of Change
Management
Strategies for awareness, acceptance &
incorporation of change into the organizations
environment
Systems Administration of hardware and
software components
Version and Change Request Control
Conducting business differently (Business
Process Reengineering).
Changes in Roles: requires knowledge transfer
and skill development.
Development
Project
Team
Prepare Users
Prepare System
Convergence
End- user
Application developer
System Administrator
Database Administrator
Project Manager
AMC Vendor
Change Management
A Process to control & Coordinate all changes to
an IT production environment
Control involves:
Requisition
Prioritization
Approval
Coordination involves:
Collaborating
Scheduling
Communicating
Implementing changes
Storage Management
Optimizing involves ensuring :
Maximum amount of usable data is written &
read at acceptable rate of response
Availability of adequate amount of storage
space
Backup window
Restore times
Expiration dates
Retention periods
Recycle period
Generation data groups
Offsite retrieval times
Tape density, format, packaging
Shelf life
Automation techniques
What is a Disaster?
Any unplanned event that requires immediate redeployment of limited
resources
Natural Forces
Fire
Environmental
Hazards
Flood / Water
Damage
Extreme
Weather
Technical Failure
Power Outage
Equipment Failure
Network Failure
Software Failure
Human
Interference
Criminal Act
Human Error
Loss of Users
PRODUCTIVITY
Loss Of Productivity
Employees Impacted @ X
Burdened Hourly Rate
REVENUE
FINANCIAL
PERFORMANCE
REPUTATION
Direct Loss
Lost Future Revenue
Billing Losses
Investment Losses
Customers
Suppliers
Financial Markets
Banks
Business Partners
Etc.
OTHER EXPENSES
Temporary employees,
Equipment Rental,
Overtime,
Extra Shipping Costs,
Travel Expenses,
Etc.
Creating BCP/DRP
Identify the scope and boundaries of business
continuity plan. It provides an idea for limitations
and boundaries of plan.
Conduct a Business Impact Analysis (BIA).
In case of disaster, each department has to be
prepared for the action.
The BCP project team must implement the plan.
National Institute of standards and Technologies has
published tools which can help in creating BCP.
Disaster Recovery
DRS Strategies
Prior to selecting a disaster recovery strategy, a
disaster recovery planner should refer to their
organization's business continuity plan.
organization's business continuity plan should
indicate the key metrics of
Recovery Point Objective (RPO) and
Recovery Time Objective (RTO)
Disaster Recovery
Disaster Recovery Plan - a detailed process
for recovering information or an IT system in
the event of a catastrophic disaster such as a
fire or flood
Disaster Recovery Cost Curve
Cost of the unavailability of information and
technology
Cost of recovering from a disaster over time.
Capacity Planning
A process to predict the types, quantities, and timing
of critical resource capacities that are needed within
an infrastructure to meet accurately, forecasted
workloads and ensure adequate capacity.
Ensuring adequate capacity involves:
Types of resource capacities required such as servers, disk
space, or bandwidth
Size or quantity of resource in question
Exact timing of when the capacity is needed
Thorough forecasts of anticipated workload demands
Resources to be Considered
Network bandwidth
Centralized disk space
Centralized processors in servers
Channels
Tape drives, cartridges, etc.
Centralized memory in servers
Centralized printers
Desktop processors
Desktop disk space
Desktop memory
Total users
Concurrent users
Current
Forecast
Status 6
1
2
months year
years
Incidence Handling
Response by a person or organization to an attack.
An organized and careful reaction to an incident
Examples
Response
Time
Critical
database
corrupted
Immediate 30 minutes
Serious (impacts a
Major system or
system or functionality) application failure
Billing
centre
down
1 hour
Daily
Individual
desktop
problems
4 hours
Daily
Report
format
problems
As able
Weekly
Critical (impacts
business & systems)
Description
Total system or
application failure or
loss of availability
Escalation
Time
Problem Management
Opening of problems: registering problems.
Properly opened tickets can lead to quick closing
of problems or escalation
Closing of problems: customers confirmation that
the problem resolution activity was satisfactory &
that there is no recurrence
Closing a problem is distinct from resolving a
problem
A problem is closed only when the customer is
satisfied
Attackers
Automated
Attacks
Restricted Data
Accidental
Breaches
In Security
Viruses,
Trojan Horses,
and Worms
DoS
Connection Fails
Denial of
Service (DoS)
Layers of Security
Physical Security
Personal Security
Operational Security
Communications Security
Network Security
Information Security
Security Model
Protection = Prevention + (Detection + Response)
Detection
Prevention
Access
controls
Firewall
Encryption
Anti
Viruses
Audit Logs
Intrusion
Detection
System
Anti
Viruses
Response
Backups
Incident
Response
teams
Computer
Forensics
Authentication:
Authorization:
Confidentiality & reliability:
Monitoring & tracking:
Backup & recovery:
Physical security:
Change Management:
Legal Requirements:
Training & awareness:
Contingency planning:
Who r u?
What can you do?
Privacy & dependability
What did you do?
Rebuilding the system
Locking the others out
Protecting the business process
What the law expects
What you need to know?
What if?
Security Management
Data & programs are critical corporate assets to
be protected through policies that are
developed, approved, implemented & enforced.
A process designed to safeguard the
availability, integrity, & confidentiality of
designated data & programs against
unauthorized access ,modification, or
destruction.
Develop
Corporate
Information
Security Policy
Develop
Controlling
Framework
Develop Support
system
Framework
Monitoring
Monitor &
Review
Information
Security Policy
Awareness
Monitor &
Review
Information
Security Level for
the Servers &
Desktops (PC,
Notebook, and
else)
Measurement
Measurement of
compliance to ISO
27001 & COBIT
Analysis of
system
vulnerabilities
Analysis on
Information
Security incidents
Review of
existing policies
Improvement
Maximize the use
of all application
of information
security
management
Sharing good
practice in
information
security
management across
business units
Improvement of
existing policies
54
Policy Placement
Implementation
Efficiency
Customer Service
Elements of good customer service
- Identifying your key customers
- Identifying key services of key customers
- Identifying key processes that support key services
- Identifying key suppliers that support key processes.
Realistic Customer
unreasonable
expectation,
rigidly
demanded
by
an
uncompromising customer and
naively agreed to by a wellintentioned supplier, is one of the
major causes of poor customer
service.
People Management
No matter how well you design and
implement the IT management
function and processes, they are likely
to fail if adequate attention is not given
to the 'people issues'.
Software enhancement
Software maintenance
Hardware upgrades
Hardware maintenance
Scheduled outages
Recruiting
Training
Office space
Systems
development
Operations
Technical
support
Analysis and
Design
Production
support
Systems
administration
Programming
Data entry
Database
administration
Documentation
Computer
operations
Data
Communications
User training
Basic Characteristics
Attitude, Aptitude, Applicability, Experience
Process of selection of staff
Retention of staff
Implementing IT System
Management
Every IT organization wants to be known
for its proactive monitoring and automated
Service Level Management.
Cost to Manage
Supporting Systems
Asset Management: If you know what
resources you have used in the past, you can
better plan for the future.
Difficulties
Queries
Enquiries
Communications
Updates
Work-arounds
Incidents
Incidents
Customer
Service
Desk
Survey reports
Incident
Management
Customer
Survey
reports
Problem
Management
Service reports
Incident statistics
Audit reports
Problem statistics
Problem reports
Problem reviews
Diagnostic aids
Audit reports
Incidents
Changes
Releases
Change
Management
Change schedule
CAB minutes
Change statistics
Change reviews
Audit reports
Problems
Known Errors
Release
Management
Release schedule
Release statistics
Release reviews
Secure library
Testing standards
Audit reports
Changes
CMDB
Configuration
Management
CMDB reports
CMDB statistics
Policy standards
Audit reports
Releases
Cls
Relationships
Queries
Enquiries
Availability
Management
Availability plan
AMDB
Design criteria
Targets/Thresholds
Reports
Audit reports
Service Level
Management
Capacity
Management
Capacity plan
Targets/thresholds
Capacity reports
Schedules
Audit reports
Requirements
Targets
Achievements
Financial
Management
For IT Services
Financial plan
Types and models
Costs and charges
Reports
Budgets and forecasts
Audit reports
Management
Tools
Alerts and
Exceptions
Changes
IT Service
Continuity
Management
IT continuity plans
Risk analysis
Requirements defn
Control centers
DR contracts
Reports
Audit reports
Today
CEO
Do we have service
level agreements with
our users?
CIO
Are we building
operational excellence into
our IT service?
IT
Manager
Do we really need a
disaster recovery plan?
Strategic alignment
Value delivery
Resource management
Risk management
Performance measures
What is Val IT
Primarily targeted at IT-enabled business
investments in sustaining, growing or
transforming the business with a critical IT
component.
Provides a comprehensive, structured and
proven-practice based source, including the
overall governance framework and supporting
processes to maximize the return on ITenabled investments.