08. IT Service Management (367)

Question 1

IT Service Management (ITSM)

Activities to ensure delivery of IT services
The activities are defined in the IT Infrastructure Library (ITIL) process framework

368

Answer 1

Service Desk
Incident Management
Problem Management
Change Management
Configuration Management
Release Management
Service-Level Management
Financial Management
Capacity Management
Service Continuity Management
Availability Management

Question 2

Change Management

Waterfall process, in place to vet changes for consistency and risk.

370

Answer 2

Proposal or Request
Review
Approval
Implementation
Verification
Post-change review

Question 3

Change Management - Emergency Change

Emergency change includes same steps for non emergency change but performed in a different order

371

Answer 3

Emergency Approval
Implementation
Verification
Review

Question 4

Configuration Management

Configuration Management (CM) - Recording/Maintaining configuration of IT systems
Configuration Item (CI) - Each configuration setting of an IT system
Configuration Management Database (CMDB) - Database of system configurations
Configuration Drift - Configuration changes (approved or unintended), move away from desired configuration

372

Question 5

Release Management

The process in SDLC where changes in applications are put into production

373

Answer 5

Release management used in the following types of changes;

Incident and problem resolution
Enhancements
Subsystem patches and changes

Question 6

Typical SDLC process

1. Feasibility study
2. Requirements definition
3. Design
4. Development
5. Testing
6. Implementation
7. Post Implementation

Question 7

Gate Process

Release management process - each step of process formally reviewed and approved before next step is allowed

375

Question 8

Service Level Management

Service Level Management - Activity of continuous monitoring to confirm IT department is providing adequate service to customers

374

Question 9

Capacity Management

Capacity Management - Sufficient capacity in IT systems to meet service needs
Must be concerned both with current and future needs

376

Answer 9

Considering future needs;

Periodic Measurements
Considering planned changes
Understanding long term strategies
Change in Technology

Question 10

Capacity Management

Linkage to Financial Management
Projection for the acquisition of addition IT hardware/software to meet needs
Linkage to Service-Level Management
Over burdened systems/teams result in SLA violations
Linkage to Incident and Problem Management
Slow to respond services or over capacity systems result in increased incident and problem logging

376

Question 11

Avaialbility Management

Availability of systems supporting IT services. Governed by;

Effective Change Management
Vetted changes likely result in less unanticipate downtime
Effective Application Testing
Adequate application testing to esure changes do not result in loss of service
Resilient Architecture
Failure of single network hardware or servers etc. are HA or quickly recoverable, minimising impact
Serviceable Components
Individual components are serviceable and less likely to fail

377

Question 12

Continuous Improvement

Requirement of ISO/IEC 27001 certification - management promote continual improvement of ISMS
ISMS must identify opportunities for continuous improvement

377

Question 13

Continuous Improvement

NIST SP 800-53 - Mandates orginisation required to implement explicit processes to continously improve the development process (of risk management)

378

Question 14

Continuous Improvement

NIST CSF - Defines that continuous improvement to cyber security be conducted through repeating process steps as neccessary in the lifecycle

378