ITIL

ITIL® is the Information Technology Infrastructure Library. It is a globally recognized framework and set of best practices developed for IT service management professionals. ITIL focuses on effective and efficient delivery of services within an organization to align with the business’ needs.

Share tech news, updates, or what's on your mind.

Sign up to Post

hi, for the ITIL expert, question regarding CI creation:
at what point should a CI be added to cmdb following ITIL standards? assuming it's a physical device (ie. network switch), does it get added:
1. as soon as it is unpacked, add CI in not installed state. then Change ticket is created to configure/stack it, then possibly another ticket to put in production (if not done in first ticket)
2. gets added only when it goes into production. how does the configure/stack change get captured prior to becoming prod?

thanks
0
Ensure you’re charging the right price for your IT
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

hi experts,

Slightly complex situation here. I'm leading an infrastructure team. At the same time, we've got a service delivery manager who handles all of the change management, incidents etc and is running a rather strict ITIL methodology. We've also got the web team who have now been told that any changes, requests must be put through the service delivery team and that they have to adhere to the ITIL customs.

Now, the web team work with an Agile methodology. So they're pushing back and saying this does not work for them. Trying to see if there is a way to come up with something to get these guys to work together. I've just learned that Agile is not a set of processes but instead a set of values and principles. Which is completely the opposite to what ITIL is.

Have you ever dealt with such a scenario? Do you have any practical advice as to how to best tackle this?

Thanks for helping
Yash
0
Hi guys

I got the ITIL foundation 2011 a while ago. I'd like to do the practitioner exam now. However, I can't find anything here that says whether I can now take the latest ITIL practitioner based on the 2011 foundation I have?

Does anybody here know whether I would have to take the foundation again?

Cheers
Yash
0
Ticketing system change

Anyone have first hand experience of implementing a complete change in ticketing system

Best way to plan\implement etc
0
Our local CyberSecurity Agency has come out with a directive:
•      Review internal structure to ensure C-Suite has oversight of cybersecurity risks as part of enterprise risk management
•      Ensure security team has direct line to C-Suite

EE expert has provided the CISO handbook below but I'll need more "Terms of Ref" that will cover a
CISO's  "Scope of Work (& what is out of scope)", "Authority", need for "impartiality/independence":
currently all risks-related roles come under CFO but CFO's kpi is on cost control and one
link says this is inappropriate as CISO may need to spend on compliances, manpower,
tools, services etc

Extract from EE:
"In most cases, the agency’s internal policies delegate management of the agency’s information to the Chief Information Officer (CIO). Under FISMA, the CIO may then delegate  tasks related to information security to the senior agency information security officer (often referred to as CISO).
There are more information on reporting requirements specific to agency responsibility and how these key stakeholders are involved.
https://www.cio.gov/assets/files/CISO_Handbook.pdf


https://www.securityroundtable.org/whats-the-best-reporting-structure-for-the-ciso/
Above link gives various suggestions but will need something authoritative like
ISO standard or to further support what CyberSecurity Agency has provided above.


Deloitte & one ErnstY papers statistics show most sites still adopt the model of
CISO going under CIO:
0
I'm listing out IT Infra changes that require CR / change control ie subject to CAB.
1. OS, network device OS patching/update/upgrade
2. Installing or configuring a software/feature
3. Adding/deleting/amending an ACL or firewall rule for Production purpose
4. Configuring DB changes : to list out ...
5. Hardenings & OS changes (permission changes etc)
6. OS/device tunings (including migrating services behind WAF, ...)
7. changing account/object privileges

However, I think the following just require an SR/email:
a. blocking of IOCs (from threat Intels)
b. unlocking accounts/password resets
c. login to check/extract information (Cisco 'show run')
d. restarting / rebooting a service or OS due to fix a problem
0
I'm responding to Audit.

What are the criteria of IT projects that generally require
a Steering Committee (members are usually the board
members like CIO, COO, CFO & snr mgmt) to be formed?

I'm thinking for apps projects that exceed US$200,000
but that's for apps projects that involve users but for
Infra projects (say a costly SIEM of $250,000), it's not
appropriate to involve COO, CFO as they would find it
irrelevant.

Any supporting white papers or authoritative that can
be shared will be useful here.

Currently, it's the Financial, Shipping, Procurement
application systems that come under Audit's radar.
0
I read in one site that IT documents can be classified as
1. Policies    (I think this one requires very senior mgmt approval & non-adherences have to recorded into deviation list for regular review )
2. Standards (this one needs deviation list too if non-compliant)
3. Procedure (sort of instructional doc)
4. Guidelines (don't need to be adhered to strictly, just for guidance & allows for non-adherences without maintaining deviations)
5. Framework
(guess there are more, say "Checklists" but I'm excluding manuals & handbooks)

There's some debates as to whether to classify the following into one of the above categories:

1. Cloud Computing Implmentation :
    A list of how to assess a CSP & requirements for onboarding a system to a cloud
    I think it's "Guidelines" as googling around for “Cloud Onboarding”, shows mostly it’s a guide.
    Depending on the criticality of the system that is onboarded to Cloud, the requirements may differ

2.      Risk Assessment for Cloud Solution Sample :
        Classify as  Checklist (or if there’s no such category, then a Procedure)

3.       End User Computing Handbook  v1.5 :
         I think it's a Guideline or Guide

What about Framework?  Does ISO27001 has any mention of how to classify them?
1
Dear Experts

please let me know if remote users access the hosted applications which is on site through the internet of connection types: DSL/broad band connection or data cards/dongle with the security layer of VPN client access and with YubiKey enabling if this two are taken care will it be within the compliance of ISO27001 standards please suggest,  I want to understand without the MPLS VPN and leased line (site to site vpn)  will it be still possible to meet the iso27001 standards  please suggest.
0
My team is experimenting with a service desk solution called Service Now Express for managing incidents, problems, change requests, service requests, knowledge bases, assets, etc.....
One thing we do not seem to understand, or at least agree on, is whether deploying a new Virtual Server in the environment is a change request, or a service request, etc.
Does it vary? Is this something the ITIL gods have already deliberated over and decided on?
0
Build an E-Commerce Site with Angular 5
LVL 13
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Please share your experience on the help Desk  or support desk application to use in our IT department  . It is good to have some thing with ITIL enable one
0
Dear experts,

What is the difference between ITSM and ITIL? Maybe I'm just trying to compare incomparable, but worth trying.
Both consider ServiceDesk (HelpDesk + CMDB) and processes. I assume, that ServiceDesk should respect ITIL.

I'm thinking about it, because we are an IT company (MPS) and we do IT outsourcing for SMB customers. SMB means up to 250 computers here in Czech republic. Our focus is on even smaller customers, 5 to 50 computers / users.

We have ITIL compatible ServiceDesk and defined processes. Those processes are based on ITIL, but simplified. For example we don't care about "capacity management" or some processes are merged to one like "change management" and "release and deployment management".

We want to do the best for our customers, so I need to understand the context of ITIL and ITSM.

Kind regards,
Jarda
0

ITIL

ITIL® is the Information Technology Infrastructure Library. It is a globally recognized framework and set of best practices developed for IT service management professionals. ITIL focuses on effective and efficient delivery of services within an organization to align with the business’ needs.

Top Experts In
ITIL
<
Monthly
>