ITIL

ITIL® is the Information Technology Infrastructure Library. It is a globally recognized framework and set of best practices developed for IT service management professionals. ITIL focuses on effective and efficient delivery of services within an organization to align with the business’ needs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi guys

I got the ITIL foundation 2011 a while ago. I'd like to do the practitioner exam now. However, I can't find anything here that says whether I can now take the latest ITIL practitioner based on the 2011 foundation I have?

Does anybody here know whether I would have to take the foundation again?

Cheers
Yash
0
Acronis Global Cyber Summit 2019 in Miami
 Acronis Global Cyber Summit 2019 in Miami

The Acronis Global Cyber Summit 2019 will be held at the Fontainebleau Miami Beach Resort on October 13–16, 2019, and it promises to be the must-attend event for IT infrastructure managers, CIOs, service providers, value-added resellers, ISVs, and developers.

Ticketing system change

Anyone have first hand experience of implementing a complete change in ticketing system

Best way to plan\implement etc
0
Our local CyberSecurity Agency has come out with a directive:
•      Review internal structure to ensure C-Suite has oversight of cybersecurity risks as part of enterprise risk management
•      Ensure security team has direct line to C-Suite

EE expert has provided the CISO handbook below but I'll need more "Terms of Ref" that will cover a
CISO's  "Scope of Work (& what is out of scope)", "Authority", need for "impartiality/independence":
currently all risks-related roles come under CFO but CFO's kpi is on cost control and one
link says this is inappropriate as CISO may need to spend on compliances, manpower,
tools, services etc

Extract from EE:
"In most cases, the agency’s internal policies delegate management of the agency’s information to the Chief Information Officer (CIO). Under FISMA, the CIO may then delegate  tasks related to information security to the senior agency information security officer (often referred to as CISO).
There are more information on reporting requirements specific to agency responsibility and how these key stakeholders are involved.
https://www.cio.gov/assets/files/CISO_Handbook.pdf


https://www.securityroundtable.org/whats-the-best-reporting-structure-for-the-ciso/
Above link gives various suggestions but will need something authoritative like
ISO standard or to further support what CyberSecurity Agency has provided above.


Deloitte & one ErnstY papers statistics show most sites still adopt the model of
CISO going under CIO:
0
I'm listing out IT Infra changes that require CR / change control ie subject to CAB.
1. OS, network device OS patching/update/upgrade
2. Installing or configuring a software/feature
3. Adding/deleting/amending an ACL or firewall rule for Production purpose
4. Configuring DB changes : to list out ...
5. Hardenings & OS changes (permission changes etc)
6. OS/device tunings (including migrating services behind WAF, ...)
7. changing account/object privileges

However, I think the following just require an SR/email:
a. blocking of IOCs (from threat Intels)
b. unlocking accounts/password resets
c. login to check/extract information (Cisco 'show run')
d. restarting / rebooting a service or OS due to fix a problem
0
I'm responding to Audit.

What are the criteria of IT projects that generally require
a Steering Committee (members are usually the board
members like CIO, COO, CFO & snr mgmt) to be formed?

I'm thinking for apps projects that exceed US$200,000
but that's for apps projects that involve users but for
Infra projects (say a costly SIEM of $250,000), it's not
appropriate to involve COO, CFO as they would find it
irrelevant.

Any supporting white papers or authoritative that can
be shared will be useful here.

Currently, it's the Financial, Shipping, Procurement
application systems that come under Audit's radar.
0
I read in one site that IT documents can be classified as
1. Policies    (I think this one requires very senior mgmt approval & non-adherences have to recorded into deviation list for regular review )
2. Standards (this one needs deviation list too if non-compliant)
3. Procedure (sort of instructional doc)
4. Guidelines (don't need to be adhered to strictly, just for guidance & allows for non-adherences without maintaining deviations)
5. Framework
(guess there are more, say "Checklists" but I'm excluding manuals & handbooks)

There's some debates as to whether to classify the following into one of the above categories:

1. Cloud Computing Implmentation :
    A list of how to assess a CSP & requirements for onboarding a system to a cloud
    I think it's "Guidelines" as googling around for “Cloud Onboarding”, shows mostly it’s a guide.
    Depending on the criticality of the system that is onboarded to Cloud, the requirements may differ

2.      Risk Assessment for Cloud Solution Sample :
        Classify as  Checklist (or if there’s no such category, then a Procedure)

3.       End User Computing Handbook  v1.5 :
         I think it's a Guideline or Guide

What about Framework?  Does ISO27001 has any mention of how to classify them?
1
Dear Experts

please let me know if remote users access the hosted applications which is on site through the internet of connection types: DSL/broad band connection or data cards/dongle with the security layer of VPN client access and with YubiKey enabling if this two are taken care will it be within the compliance of ISO27001 standards please suggest,  I want to understand without the MPLS VPN and leased line (site to site vpn)  will it be still possible to meet the iso27001 standards  please suggest.
0
My team is experimenting with a service desk solution called Service Now Express for managing incidents, problems, change requests, service requests, knowledge bases, assets, etc.....
One thing we do not seem to understand, or at least agree on, is whether deploying a new Virtual Server in the environment is a change request, or a service request, etc.
Does it vary? Is this something the ITIL gods have already deliberated over and decided on?
0
Please share your experience on the help Desk  or support desk application to use in our IT department  . It is good to have some thing with ITIL enable one
0
Dear experts,

What is the difference between ITSM and ITIL? Maybe I'm just trying to compare incomparable, but worth trying.
Both consider ServiceDesk (HelpDesk + CMDB) and processes. I assume, that ServiceDesk should respect ITIL.

I'm thinking about it, because we are an IT company (MPS) and we do IT outsourcing for SMB customers. SMB means up to 250 computers here in Czech republic. Our focus is on even smaller customers, 5 to 50 computers / users.

We have ITIL compatible ServiceDesk and defined processes. Those processes are based on ITIL, but simplified. For example we don't care about "capacity management" or some processes are merged to one like "change management" and "release and deployment management".

We want to do the best for our customers, so I need to understand the context of ITIL and ITSM.

Kind regards,
Jarda
0

ITIL

ITIL® is the Information Technology Infrastructure Library. It is a globally recognized framework and set of best practices developed for IT service management professionals. ITIL focuses on effective and efficient delivery of services within an organization to align with the business’ needs.

Top Experts In
ITIL
<
Monthly
>