Informative Articles

The leading blog having awesome and valuable article for you in all major ITSM category..

  • Collection of imformative articles.
  • New article on everyday for you.
  • Publishing the collection of articles.
  • We have hundreads of royal readers.
  • Articles in every category of your need.
  • Customized articles by Authors.
  • Daily Pick from Quality Content.
  • Growing social media fans.
  • Easy understandable language.
  • Hot topic as required in the era.

Subscribe Us

Do You Like Our Site? So Get Our Next Hot And Awesome Article Directly Into Your Inbox...!!!

OR
Subscribe Our RSS Feed

Wednesday, August 27, 2014

An Introduction to ISO/IEC 20000-1:2011

ISO/IEC 20000 is the first international standard for IT service management. It was developed in 2005, by ISO/IEC JTC1/SC7 and revised in 2011. It is based on and intended to supersede the earlier BS 15000 that was developed by BSI Group.

ISO/IEC 20000, like its BS 15000 predecessor, was originally developed to reflect best practice guidance contained within the ITIL (Information Technology Infrastructure Library) framework, although it equally supports other IT service management frameworks and approaches including Microsoft Operations Framework and components of ISACA's COBIT framework. The differentiation between ISO/IEC 20000 and BS 15000 has been addressed by Jenny Dugmore.

The standard was first published in December 2005. In June 2011, the ISO/IEC 20000-1:2005 was updated to ISO/IEC 20000-1:2011. In February 2012, ISO/IEC 20000-2:2005 was updated to ISO/IEC 20000-2:2012.

ISO/IEC 20000 helps organizations benchmark how they deliver managed services, measure service levels, and assess their performance. It is broadly aligned with, and draws strongly on, ITIL.

ISO20000 can assist your organization in benchmarking its IT service management, improving its services, demonstrating an ability to meet customer requirements and create a framework for an independent assessment.

Some of the most common benefits of ISO20000 certification for service providers are that it:
1. offers competitive differentiation by demonstrating reliability and high quality of service;
2. gives access to key markets, as many organizations in the public sector mandate that their IT service 3. providers demonstrate compliance with ISO/IEC 20000;
3. provides assurance to clients that their service requirements will be fulfilled;
4. enforces a measurable level of effectiveness and enforces a culture of continual improvement by enabling service providers to monitor, measure and review their service management processes and services;
5. drives down the costs of conformance to a multitude of regulations including PCI DSS and Sarbanes-Oxley;
6. helps leverage ITIL practices to optimize resources and processes.
Read More...

An Introduction to COBIT 5

Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.

The Information Systems Audit and Control Association first released COBIT in 1996; ISACA published the current version, COBIT 5, in 2012.

The framework supports governance of IT by defining and aligning business goals with IT goals and IT processes.

COBIT provides a set of recommended best practices for governance and control process of information systems and technology with the essence of aligning IT with business. COBIT 5 consolidates COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL.

The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.

COBIT 5 was released in April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and draws from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS). It aligns with frameworks and standards such as Information Technology Infrastructure Library (ITIL), International Organization for Standardization (ISO), Project Management Body of Knowledge (PMBOK), PRINCE2 and The Open Group Architecture Framework (TOGAF).
Read More...

Tuesday, August 26, 2014

An Introduction to CSA

Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing”.

The CSA has over 48,000 individual members worldwide. CSA gained significant reputability in 2011 when the White House selected the CSA Summit as the venue for announcing the federal government’s cloud computing strategy.

The CSA was formed in December 2008 as a coalition by individuals who saw a need to provide objective enterprise user guidance on the adoption and use of cloud computing. Its initial work product “Security Guidance for Critical Areas of Focus in Cloud Computing,” was put together Wiki-style, by dozens of volunteers.

The Cloud Security Alliance has 25+ active working groups. Key areas of research include cloud standards, certification, education and training, guidance and tools, global reach, and driving innovation.
  • Security Guidance for Critical Areas of Focus in Cloud Computing - Foundational best practices for securing cloud computing.
  • Top Threats to Cloud Computing - Helps organizations make educated risk management decisions regarding their cloud adoption strategies.
  • GRC (Governance, Risk and Compliance) Stack - A toolkit for key stakeholders to instrument and assess clouds against industry established best practices, standards and critical compliance requirements.
  • Cloud Controls Matrix (CCM) - Security controls framework for cloud provider and cloud consumers.
  • CloudTrust Protocol - The mechanism by which cloud service consumers ask for and receive information about the elements of transparency as applied to cloud service providers.
  • Consensus Assessments Initiative Research - Tools and processes to perform consistent measurements of cloud providers.
  • "Software Defined Perimeter" - A proposed security framework that can be deployed to protect application infrastructure from network-based attacks. It will incorporate standards from organizations such as OASIS and NIST and security concepts from organizations like the U.S. DoD into an integrated framework.
Read More...

An Introduction to DMTF

Distributed Management Task Force (DMTF) standards enable effective management of IT environments. The organization is composed of companies that collaborate on the development, validation and promotion of infrastructure management standards. DMTF management standards are critical to enabling interoperability among multi-vendor systems, tools and solutions within the enterprise.

DMTF standards enable effective management of IT environments. The organization is composed of industry-leading member companies that collaborate on the development, validation and promotion of infrastructure management standards. These standards specify well-defined interfaces that collectively deliver complete management capabilities. DMTF standard interfaces are critical to enabling interoperability among multi-vendor IT infrastructures, and systems and network management including cloud, virtualization, desktop, network, servers and storage.

DMTF spans the globe with member companies and organizations representing varied industry sectors. Several standards have evolved as a result of the activities of the DTMF. These include:

Web-Based Enterprise Management ( WBEM ), a set of industry standards that an enterprise can use to manage its information operations in the distributed computing environment of the Internet.

Common Information Model ( CIM ), a component of WBEM devoted to the definition of hardware and application characteristics, allowing system administrators and management programs to control devices and applications from multiple manufacturers or sources in the same way.

Alert Standard Format (ASF), a specification that defines the ways in which remote-control and alerting systems and interfaces can most effectively operate.

Systems Management Architecture for Server Hardware (SMASH), a set of specifications for architectural protocols that facilitates the unification and management of data centers.

Systems Management BIOS (SMBIOS), a specification that defines the ways in which system vendors can deliver management information by extending the BIOS interface.

Members of the DMTF obtain access to extensive documentation concerning DMTF standards, initiatives and technologies, as well as the opportunity to become actively involved in their conception and development.
Read More...

An Introduction to MOF V 4.0


Microsoft Operations Framework (MOF) 4.0 is a series of guides aimed at helping information technology (IT) professionals establish and implement reliable, cost-effective services.

MOF 4.0 was created to provide guidance across the entire IT life cycle. Completed in early 2008, MOF 4.0 integrates community-generated processes; governance, risk, and compliance activities; management reviews, and Microsoft Solutions Framework (MSF) best practices.

The guidance in the Microsoft Operations Framework encompasses all of the activities and processes involved in managing an IT service: its conception, development, operation, maintenance, and—ultimately—its retirement.

MOF 4.0 describes the IT service lifecycle in terms of three phases and a foundational layer:

The Plan Phase focuses on ensuring that, from its inception, a requested IT service is reliable, policy-compliant, cost-effective, and adaptable to changing business needs.

The Deliver Phase concerns the envisioning, planning, building, stabilization, and deployment of requested services.

The Operate Phase deals with the efficient operation, monitoring, and support of deployed services in line with agreed-to service level agreement (SLA) targets.

The Manage Layer helps users establish an integrated approach to IT service management activities through the use of risk management, change management, and controls. It also provides guidance relating to accountabilities and role types.
Read More...

An Introduction to SDLC

The systems development life cycle (SDLC), also referred to as the application development life-cycle, is a term used in systems engineering, information systems and software engineering to describe a process for planning, creating, testing, and deploying an information system. The systems development life-cycle concept applies to a range of hardware and software configurations, as a system can be composed of hardware only, software only, or a combination of both.

A systems development life cycle is composed of a number of clearly defined and distinct work phases which are used by systems engineers and systems developers to plan for, design, build, test, and deliver information systems. Like anything that is manufactured on an assembly line, an SDLC aims to produce high quality systems that meet or exceed customer expectations, based on customer requirements, by delivering systems which move through each clearly defined phase, within scheduled time-frames and cost estimates. Computer systems are complex and often (especially with the recent rise of service-oriented architecture) link multiple traditional systems potentially supplied by different software vendors. To manage this level of complexity, a number of SDLC models or methodologies have been created, such as "waterfall"; "spiral"; "Agile software development"; "rapid prototyping"; "incremental"; and "synchronize and stabilize".

SDLC can be described along a spectrum of agile to iterative to sequential. Agile methodologies, such as XP and Scrum, focus on lightweight processes which allow for rapid changes (without necessarily following the pattern of SDLC approach) along the development cycle. Iterative methodologies, such as Rational Unified Process and dynamic systems development method, focus on limited project scope and expanding or improving products by multiple iterations. Sequential or big-design-up-front (BDUF) models, such as waterfall, focus on complete and correct planning to guide large projects and risks to successful and predictable results[citation needed]. Other models, such as anamorphic development, tend to focus on a form of development that is guided by project scope and adaptive iterations of feature development.

In project management a project can be defined both with a project life cycle (PLC) and an SDLC, during which slightly different activities occur. According to Taylor (2004) "the project life cycle encompasses all the activities of the project, while the systems development life cycle focuses on realizing the product requirements".

SDLC is used during the development of an IT project, it describes the different stages involved in the project from the drawing board, through the completion of the project.
Read More...

An Introduction to FitSM V1.2

FitSM is a lightweight standards family aimed at facilitating service management in IT service provision, including federated scenarios.

The main goals of the FitSM family are:
1. Create a clear, pragmatic, lightweight and achievable standard that allows for effective IT service management (ITSM).
2. Offer a version of ITSM that can cope with federated environments, which often lack the hierarchy and level of control seen in other situations.
3. Provide a baseline level of ITSM than can act to support ‘management interoperability’ in federated environments where disparate or competing organisations must cooperate to manage services.

The FitSM family is made up of several documents, providing guidance and input on different aspects of service management in Federated ICT infrastructures.

The FitSM family is produced by the FedSM project, an initiative co-funded by the European Commission Seventh Framework Programme to improve service management in a select set of federated ICT infrastructures and bring experience from this improvement to a broad community of (federated) communities.

FitSM is designed to be compatible with the International Standard ISO/IEC 20000-1 (requirements for a service management system) and the IT Infrastructure Library® (ITIL). Although the FitSM process model, requirements, recommended activities and role model target a lightweight implementation, it can act as a first step to introducing full ITSM, i.e. applying ITIL good practices and / or achieving compliance against ISO/IEC 20000-1. The FitSM family is made up of several documents, providing guidance and input on different aspects of ITSM in federated ICT infrastructures.
Read More...