Search

What Is Ethical Hacking?

The internet brought with it the third revolution; a revolution that has interconnected the world like never before. There are currently 5 billion internet users in the world. And this number only increases day on day. From education to healthcare to communications to transport, the internet has permeated every industry to make our lives easier and more convenient. But is the internet a manna from the heavens? Sadly not. While it has brought with it immense opportunities and innovations, it has also brought with it, threat; threat of breach, fraud and attacks. And foremost among these threats is the threat from hackers.  Hackers are sophisticated criminals who can breach cyber security systems and cause loss of money, credibility and trust. In 2017 alone, hacking cost people $172 billion, while it is predicted that by the end of 2020, the average cost of data breaches will be about 150 million. Apart from the money that is lost, a company that is vulnerable to cyber-attacks also loses face with its customers, making it unreliable. Which is why, to counter these attacks, more and more organizations today are investing in sophisticated cyber security, to protect their data and reputation from hackers.  But how does one know if the security they have in place is fool proof and not susceptible to cyber-attacks? This is where ethical hackers come in. An ethical hacker is a security professional who assesses a system for vulnerabilities that can be exploited for a malicious attack.  Ethical hackers break and build the security for an organization.  They have become an indispensable resource in the security market. Right from ecommerce websites to banks, all organizations are investing in ethical hackers who can assess and put a security system in place.    So, how does one become an ethical/white hat hacker? And what’s the career path in this role? Understanding Ethical HackingEthical Hacking is a legitimate and structured way of hacking, performed to expose the vulnerabilities in the software, web application, or in the network, that can be accessed and exploited by an unauthorized person. Ethical hacking helps secure both your personal as well as an organization’s IT assets.  There are many threat vectors which attackers use to get the access to a website, software or network. Ethical hackers are trained to identify these and fix them before they are discovered by malicious hackers. In organizations, they are often given the role of a security analyst, security consultant security architect etc.  Some of the tasks of an ethical hacker include: Detecting loopholes in a database that can be exploited by any unauthorized person  Finding vulnerabilities in networks that can be exploited by any attacker Educating the employees on how to identify phishing mails and tackle them  Establishing proper security controls on all the devices. Securing your Web applications and websites Securing your organization's network  Regular patching of Infrastructure devices like routers, switches, firewall and servers. Establishing perimeter security to protect the organizational network. Ensuring User and Access based controls are setup and implemented.  Input validation on Websites. Security analyst, security consultant or security architect...these are some of the names given to ethical hackers in the corporate world.What Ethical Hackers Do In essence an ethical hacker uses the same tools and techniques that would be used by a malicious or black hat hacker to breach a system. The only difference is that what an ethical hacker does is legitimate, ethical and with the consent of the organization quite contrary to a malicious hacker who hacks a system’s security without user consent.An ethical hacker’s job involves identifying loopholes and developing and discussing their assessment methods and findings with various IT team and  the higher management.  Ethical hackers perform vulnerability assessment on the network, software, and servers. Later they fix those incompetencies so that no unauthorized user can compromise the system’s integrity. What qualifications does one need to become an Ethical Hacker?A Computer Science or Information Technology degree is not required to become an ethical hacker. There are many professionals who come from non-technical background and go on to become excellent ethical hackers. What you need is expertise on the latest hacking tools and techniques that you can use to test the system and identify its loopholes.   Some of the defensive approaches ethical hackers use to protect organizations include:  Regular patching of Infrastructure devices like routers, switches, firewall and servers. Establishing perimeter security to protect the organizational network. Ensuring User and Access based controls are setup and implemented.  Input validation on Websites.  And many more.History of Ethical Hacking:- The term ‘hacker’ was coined in 1960 at Massachusetts Institute of Technology where some great minds were trying to redevelop mainframe systems using FORTRAN programming. With the dawn of the digital age, hacking became one of the top methods of conducting cyber-attacks. Nation sponsored attacks are a new form of cyber terrorism that can bring countries to their knees.   One of the biggest examples is Stuxnet; a virus attack on the Nuclear program of Iran, which according to Wikipedia was carried out jointly by USA and Israel. Some of the other victims of hacking are organizations such as: Adobe hack: 2013 Yahoo Hack: 2013 eBay hack: 2014 Sony hack: 2014 Mariott hack: 2018 Dubsmash hack: 2019 Evolution of the Ethical Hacking role:Ethical hackers play an important role in securing us in this era, and can be said to be the unsung heroes of the IT industry.  Organizations have greatly expanded the investments made on cyber security after realizing that a breach could cost them more than their turnover. The digital demand in today’s world has ensured that the responsibilities of and the need for ethical hackers is on the rise.  How does Hacking become Ethical? Hacking can be legal or illegal depending on the intention of the act. If hackers use their knowledge for providing security and protection to any organization, it becomes legal or ethical. When a hacker has the user’s consent to check the security of their system by breaching the system, it is ethical hacking. However, if the security of a system is breached without the user’s consent to perform a malicious act such as stealing passwords, sending spam, damaging/stealing data, making unlawful transactions etc, then that makes it a cybercrime.   Recent Hacking Attacks:- What do hackers do? Perform a data breach Get details of the Server Get sensitive details from a database Crash a website Some of the more prominent attacks of data breach in recent years include In 2015, Barack Obama, Joe Biden, Jeff Bezos, Waren Buffet, Bill Gates, Mike Bloomberg, Elon Musk, Kanye West, and others were victims of hacking.  Myerscough College, in Billsborrow, Lancashire was attacked by an attacker on their result day. This compelled the staff to email each student about their grades, individually, Even their online enrolment system was affected by the attack.  A ransomware Wannacry, was used to derail thousands of computer systems including those of Government organizations and private organizations.  Ashley Madison is a website with the slogan 'Life Is Short, Have an Affair.' This website was attacked by attackers in July 2015, which resulted in the personal data of 37 million users being leaked on public websites. The results were catastrophic and it ruined the reputations and marriages of many. In June 2015, the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and security-clearance-related information, were stolen from the United States Office of Personnel Management (OPM). Most of the victims are employees of the United States government. This attack was also considered to be serious due to the leak of private information of the officials. The attackers used asymmetric cryptography, in which they encrypted the complete system using a public key and stored the private key on their own server. The owner of the system was blackmailed into giving money in exchange for the private key to decrypt that system.  According to McAfee "Rise in Cyber Attacks Amid Covid-19 Resulted in 375 Threats Per Minute in Q1 2020" What is Vulnerability: - Vulnerability is a loophole in the system which allows any unauthorized user to get access into the system.  Vulnerability is often a result of misconfiguration of the logic which is implemented for operation or security of the system. Any weakness in a system that can be used to exploit the organization's property is called vulnerability. A flaw in the system makes it vulnerable to attacks. A small configuration error can become a high-level vulnerability.  Generally, vulnerabilities are categorized according to the severity and frequency of occurrence. These are:  Critical  High Medium Low Below are some of the different types of vulnerability: If Database default credentials are used If Server is not properly patched  If Session time out is not properly configured If Server is executing data entered in input field as a command If handling of data is not properly implemented.What types of Systems do Hackers target?Hackers often want to hack those computers or networks from which they know that they will surely get some valuable/sensitive information. Government and Private organizations that store large amounts of sensitive data are especially vulnerable to hacking. Individual hacking is also on the rise were hackers attack individuals to steal money or passwords. In the times we live, knowledge of hacking and security is a must for every individual and organization to protect themselves.  Ethical hackers are the modern-day vigilantes who protect and serve organizations and individuals by fixing security issues of systems and keeping them safe from attacks. 
What Is Ethical Hacking?
KnowledgeHut

What Is Ethical Hacking?

The internet brought with it the third revolution; a revolution that has interconnected the world like never before. There are currently 5 billion internet users in the world. And this number only increases day on day. From education to healthcare to communications to transport, the internet has permeated every industry to make our lives easier and more convenient. But is the internet a manna from the heavens? Sadly not. While it has brought with it immense opportunities and innovations, it has also brought with it, threat; threat of breach, fraud and attacks. And foremost among these threats is the threat from hackers.  Hackers are sophisticated criminals who can breach cyber security systems and cause loss of money, credibility and trust. In 2017 alone, hacking cost people $172 billion, while it is predicted that by the end of 2020, the average cost of data breaches will be about 150 million. Apart from the money that is lost, a company that is vulnerable to cyber-attacks also loses face with its customers, making it unreliable. Which is why, to counter these attacks, more and more organizations today are investing in sophisticated cyber security, to protect their data and reputation from hackers.  But how does one know if the security they have in place is fool proof and not susceptible to cyber-attacks? This is where ethical hackers come in. An ethical hacker is a security professional who assesses a system for vulnerabilities that can be exploited for a malicious attack.  Ethical hackers break and build the security for an organization.  They have become an indispensable resource in the security market. Right from ecommerce websites to banks, all organizations are investing in ethical hackers who can assess and put a security system in place.    So, how does one become an ethical/white hat hacker? And what’s the career path in this role? Understanding Ethical HackingEthical Hacking is a legitimate and structured way of hacking, performed to expose the vulnerabilities in the software, web application, or in the network, that can be accessed and exploited by an unauthorized person. Ethical hacking helps secure both your personal as well as an organization’s IT assets.  There are many threat vectors which attackers use to get the access to a website, software or network. Ethical hackers are trained to identify these and fix them before they are discovered by malicious hackers. In organizations, they are often given the role of a security analyst, security consultant security architect etc.  Some of the tasks of an ethical hacker include: Detecting loopholes in a database that can be exploited by any unauthorized person  Finding vulnerabilities in networks that can be exploited by any attacker Educating the employees on how to identify phishing mails and tackle them  Establishing proper security controls on all the devices. Securing your Web applications and websites Securing your organization's network  Regular patching of Infrastructure devices like routers, switches, firewall and servers. Establishing perimeter security to protect the organizational network. Ensuring User and Access based controls are setup and implemented.  Input validation on Websites. Security analyst, security consultant or security architect...these are some of the names given to ethical hackers in the corporate world.What Ethical Hackers Do In essence an ethical hacker uses the same tools and techniques that would be used by a malicious or black hat hacker to breach a system. The only difference is that what an ethical hacker does is legitimate, ethical and with the consent of the organization quite contrary to a malicious hacker who hacks a system’s security without user consent.An ethical hacker’s job involves identifying loopholes and developing and discussing their assessment methods and findings with various IT team and  the higher management.  Ethical hackers perform vulnerability assessment on the network, software, and servers. Later they fix those incompetencies so that no unauthorized user can compromise the system’s integrity. What qualifications does one need to become an Ethical Hacker?A Computer Science or Information Technology degree is not required to become an ethical hacker. There are many professionals who come from non-technical background and go on to become excellent ethical hackers. What you need is expertise on the latest hacking tools and techniques that you can use to test the system and identify its loopholes.   Some of the defensive approaches ethical hackers use to protect organizations include:  Regular patching of Infrastructure devices like routers, switches, firewall and servers. Establishing perimeter security to protect the organizational network. Ensuring User and Access based controls are setup and implemented.  Input validation on Websites.  And many more.History of Ethical Hacking:- The term ‘hacker’ was coined in 1960 at Massachusetts Institute of Technology where some great minds were trying to redevelop mainframe systems using FORTRAN programming. With the dawn of the digital age, hacking became one of the top methods of conducting cyber-attacks. Nation sponsored attacks are a new form of cyber terrorism that can bring countries to their knees.   One of the biggest examples is Stuxnet; a virus attack on the Nuclear program of Iran, which according to Wikipedia was carried out jointly by USA and Israel. Some of the other victims of hacking are organizations such as: Adobe hack: 2013 Yahoo Hack: 2013 eBay hack: 2014 Sony hack: 2014 Mariott hack: 2018 Dubsmash hack: 2019 Evolution of the Ethical Hacking role:Ethical hackers play an important role in securing us in this era, and can be said to be the unsung heroes of the IT industry.  Organizations have greatly expanded the investments made on cyber security after realizing that a breach could cost them more than their turnover. The digital demand in today’s world has ensured that the responsibilities of and the need for ethical hackers is on the rise.  How does Hacking become Ethical? Hacking can be legal or illegal depending on the intention of the act. If hackers use their knowledge for providing security and protection to any organization, it becomes legal or ethical. When a hacker has the user’s consent to check the security of their system by breaching the system, it is ethical hacking. However, if the security of a system is breached without the user’s consent to perform a malicious act such as stealing passwords, sending spam, damaging/stealing data, making unlawful transactions etc, then that makes it a cybercrime.   Recent Hacking Attacks:- What do hackers do? Perform a data breach Get details of the Server Get sensitive details from a database Crash a website Some of the more prominent attacks of data breach in recent years include In 2015, Barack Obama, Joe Biden, Jeff Bezos, Waren Buffet, Bill Gates, Mike Bloomberg, Elon Musk, Kanye West, and others were victims of hacking.  Myerscough College, in Billsborrow, Lancashire was attacked by an attacker on their result day. This compelled the staff to email each student about their grades, individually, Even their online enrolment system was affected by the attack.  A ransomware Wannacry, was used to derail thousands of computer systems including those of Government organizations and private organizations.  Ashley Madison is a website with the slogan 'Life Is Short, Have an Affair.' This website was attacked by attackers in July 2015, which resulted in the personal data of 37 million users being leaked on public websites. The results were catastrophic and it ruined the reputations and marriages of many. In June 2015, the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and security-clearance-related information, were stolen from the United States Office of Personnel Management (OPM). Most of the victims are employees of the United States government. This attack was also considered to be serious due to the leak of private information of the officials. The attackers used asymmetric cryptography, in which they encrypted the complete system using a public key and stored the private key on their own server. The owner of the system was blackmailed into giving money in exchange for the private key to decrypt that system.  According to McAfee "Rise in Cyber Attacks Amid Covid-19 Resulted in 375 Threats Per Minute in Q1 2020" What is Vulnerability: - Vulnerability is a loophole in the system which allows any unauthorized user to get access into the system.  Vulnerability is often a result of misconfiguration of the logic which is implemented for operation or security of the system. Any weakness in a system that can be used to exploit the organization's property is called vulnerability. A flaw in the system makes it vulnerable to attacks. A small configuration error can become a high-level vulnerability.  Generally, vulnerabilities are categorized according to the severity and frequency of occurrence. These are:  Critical  High Medium Low Below are some of the different types of vulnerability: If Database default credentials are used If Server is not properly patched  If Session time out is not properly configured If Server is executing data entered in input field as a command If handling of data is not properly implemented.What types of Systems do Hackers target?Hackers often want to hack those computers or networks from which they know that they will surely get some valuable/sensitive information. Government and Private organizations that store large amounts of sensitive data are especially vulnerable to hacking. Individual hacking is also on the rise were hackers attack individuals to steal money or passwords. In the times we live, knowledge of hacking and security is a must for every individual and organization to protect themselves.  Ethical hackers are the modern-day vigilantes who protect and serve organizations and individuals by fixing security issues of systems and keeping them safe from attacks. 
7326
What Is Ethical Hacking?

The internet brought with it the third revolutio... Read More

The ITIL Framework and It’s Processes

You’ve got ITIL® questions. We’ve got ITIL answers. Recently, a group of learners, due to complete their engineering degrees in computer science caught up with John Dell, one of our expert ITSM trainers and authors, seeking advice on careers in ITSM. This blog is an account of the conversation which will serve ITIL aspirants well. The learners opined that they were not very keen on programming and would like to explore what other options exist in the IT sector. They were about to graduate and were not sure there is much opportunity outside programming in IT. John clarified that firstly, the IT sector does not revolve only around software development. The IT industry is vast and presents plenty of opportunity. He suggested they start by carrying out a quick SWOT analysis for themselves.  Majority of the learners cited that communication, good analytical and testing skills and leadership skills were their strengths;incidentally, coding and design were not particularly strengths for this group. The group recognized that IT support and the IT service industry would open up several opportunities, while programming and core software development were not areas that appealed to them. Based on this basic SWOT analysis, John suggested that the students considerjobs related to Service management. Jumping into whatITIL is all about and how it couldpropeltheir career.  IT Management mainly involves Software Development & Management, IT Infrastructure Management, and IT Service Management. The ITILFramework refers to set of best practices, guidelines, methodologies designed by industry experts to align their IT Services with customer and business strategic goals. So, this framework provides uniform and consistent guidelines to all IT industries to define their IT Service Management processes.  Why is there a need for a consistent framework? When asked whether each IT companycan come up with their own framework and design for IT service management, John answered that they actually can. He further elaborated with an illustration -  Company A provides support to Company X and Company B provides support to Company Y. Here, A and B are Service providers and X and Y are service consumers. They have not adhered to any service management framework.  Both service providers, A and B, have unknowingly made many mistakes and faced lots of challenges in providing support to their consumers, X and Y.  After a couple of years, once the project is completed, A and B have not exchanged notes, nor learnt from each other’s mistakes. Six months down the line, B commits the samemistakes that A earlier had and vice versa. In such a scenario, would service consumers X and Y ever come back to A and B again? Not likely. When mistakes repeat,service consumersor customers will not be happy and may not return to with the project again. To avoid such a scenario, what such companies could do is to connect with each other and sharelessons. Such an initiative would avoid many bottlenecks and arrest many recurring challenges. John explained that companies, understanding the importance of consistent process, have embraced lessons from the industry and continually improvise their processes for better customer experience. While it may not be feasible to connect with every other company and collect their lessons and best practices in real time, not with standing that companies may or may not share that information, there is a need for a common forum or entityto collect best practices and lessons across the IT industry and formulate aframework. Such a framework formulated for the IT Service industry is called the ITIL framework. Why is this framework called ITIL? ITIL stands for Information Technology Infrastructure Library. When asked why it was referred to as a ‘Library’, John explained that it is a set of practices for Information Technology Service Management (ITSM) that focuses on aligning IT services with the needs of the business.  As it is a set of practices best practices and lessons from the service industry, it is referred to as a “library”.  Significance ofITILin theService Industry Johnwent on to explain that there were plenty of reasons for the ITIL framework: ITIL framework helps to align the IT solutions with business strategic goals  It helps to set the realistic, achievable and predictable service goals  It ensures efficient service delivery and improves customer satisfaction  It reduces costs through improved utilization of resources  It defines consistent IT roles and improves communication through standardized terminology It improves planning and continual improvement due to regular measurement and monitoring What is meant by continual improvement? John addressed the question with a use case: Company A is the Service Provider and Company X is the Service consumer.  Company A and Company X are in legal contractual agreement. Company A agrees to provide N services to Company X for the next 2 years. One of the agreed services is to resolve all High priority incidents within 4 hours. After a year of experience, Company A (Service Provider) becomes very good knowledge in resolving incidents within 2 hours and this has been verified as well.  Now, Company A (Service Provider) submits a proposal to Company X (Service Consumer) to improvise the High priority incident resolution time by 2 hours instead 4 hours. The contractual document is amended. Company X (Service consumer) agrees to pay an additional amount for the improvisation of service to Company A (Service Provider). This is a good example of continual improvement.  Continual improvement results in improvising service will always increase the customer satisfaction index, says John. History of ITIL In the year 1989, the UK Government’s Central Computer and Telecommunications Agency (CCTA) developed the first version of ITIL to unite IT systems in an efficient and cost-effective way.  Collecting best practices from all government agencies and private sector companies across Europe, the CCTA came up with an initial standard framework. History of ITILITIL soon grew to a 30-volume catalogue, providing a collection of all IT best practices that focused on and catered for client and business needs. In the year 2000, CCTA change into OGC (Office of Government Commerce, UK). The same year, Microsoft also adopted ITIL as the foundation for developing their Microsoft operations and framework (MOF). This version was focused on making ITIL more accessible and arranged the 30-volume framework into nine related categories.  In the year 2007, ITIL was expanded and reorganized as an IT service management lifecycle, known as ITIL Version 3 (ITIL V3).  Thisversion covers the initial conception, development, transition, operations, and improvement of a service.  ITIL V3 views the activity of managing service as a lifecycle, which is a shift in focus from the individualized process/function view of the previous version.The service lifecycle concept has further evolved since.  In the year 2011, AXELOS released a revision of ITIL that resolved errors and inconsistencies with V3. This is the updated version of the 2007, referred to as ITILv3 updated. In this version,the ITIL service lifecycle contains 5 stages:  ITIL Service Strategy,  ITIL Service Design,  ITIL Service Transition,  ITIL Service Operation and  ITIL Continual Service Improvement.  This forms the basis for all ITIL best practices across the globe. Since 2013, ITIL has been owned by AXELOS Ltd – a joint venture between Capita Plc and the British Government’s Cabinet Office. In the year 2019, due to the Industry 4.0 revolution, the current version of ITIL was launched. V4 has more practical guidance on how to use ITIL in an organization which embraces digital journey. This makes it easier for organizations to align ITIL with DevOps, Agile, and Lean work methods. With V4, ITIL adopted more of a holistic philosophy towards service management, making it broader and more inclusive for the modern IT environment. Having developed a good understanding of the evolution of ITIL, the students learnt about how the best practices which originated from a few European companieswere continuously improvised and revised tonow become a global acceptable Service management framework across the globe. How ITIL works The students now wanted to go deeper and asked how ITIL could help the organization to achieve its strategic goals. John explained that following ITIL practices helps organization achieve their strategic goals by: Ensuring quality of IT services meetsService consumer’s expectations and needs EnsuringService consumer can use IT services whenever and wherever they are needed Ensuring organizations can improve Customer satisfaction by building and maintaining positive business relationships Ensuring that organizations maximize value for money from their service providers Allowing organizations to benchmark their IT services and maximize ROI Allowing organizations to demonstrate and quantify the actual value of the services they provide Allowing organizations to forecast, influence, and respond to demand IT services in a cost-effective manner depending on fluctuating demand situations Allowing organizations to minimize IT service disruption Stages of ITIL and the purpose of each stage By now, the students were very keen and eager to know about the different lifecycle stages defined in ITIL V3 and its purpose. John went on to explain that ITIL has five stages. The following table helps explain each stage and its purpose:S.NoITIL StagesPurpose1Service StrategyThe Service Strategy stage provides guidance on how to design, develop, and implement IT Service Management. This is the core of the Service Lifecycle. This phase mainly focuses on understanding and defining the market. Also defines the needs of the customers2Service DesignIn the Service Design stage, strategies generated in Service Strategy stage are turned into action. Services and processes are designed, and plans are implemented to have a better service management.3Service TransitionThe Service Transition stage ensures that the new changes and modifications are efficiently incorporated in the service lifecycle without disrupting the other existing services or processes. It is carried out in a well-coordinated manner using cost-effective measures and resources. Through service transition, the design built is tested and implemented in the lifecycle in a productive manner4Service OperationThe Service Operation stage provides guidance on day-to-day business operations. The goal is for the IT department to keep things running smoothly, reliably, efficiently, and cost-effectively. The activities and processes in this phase ensure that services are delivered to customers at the agreed Service level agreement with minimal interruptions and disruptions. Service Operation focuses on providing value to both service consumer and the service provider.5Continual Service ImprovementThe Continual Service Improvement stage focus on improving the current service to the Service consumers. Continual Service improvement focus on progressive monitoring and controlling of services. Key performance indicators must be in place to determine whether the service is running optimally, and the service owner must ensure that the service complies with the strategic targets linked to the IT serviceJohn went on to explain that the outcomes of the Continual Service Improvement become the inputs for Service Strategy. Identified improvements will help to revise the strategic goals and targets.  Explaining what was meant by Key Performance Indicator, John defined it as a quantifiable measurement for measuring any strategic goal. This is generally agreed between Service consumer and Service Customer in the legal contract, he added. The difference between ITIL®V3 and ITIL®4  Digging deeper into the difference between ITILv3 and ITIL4, John explained that ITIL4 was the latest version. The two may need to be prioritized depending on the case, he pointed out.  S.NoITILv3ITIL41IT defines life cycle approachIt defines Service Value system-based approach2This version does not talk about 4-dimension model.This version emphasises the importance of 4-dimensions for a holistic service management.3ITIL V3, with its 26 service lifecycle processes, functions and other guidance arguably also describes how the components and activities in the organization work together.ITIL 4 and the Service value system take a more holistic approach, providing organizations with a flexible operating model that supports different work approaches. ITIL 4 presents 34 practices as "sets of organizational resources designed for performing work or accomplishing an objective".4There are no guiding principles under ITILv3The ITIL 4 guiding principles are universal recommendations that can guide organizations in many situations, such as "work holistically" and "keep it simple and practical".5ITIL V3 covers governance under service strategyThe governance component of the ITIL 4 service value system is about directing and controlling the organizationWhat are the different certifications available in ITIL? Explaining the available certifications in ITIL, John elaborated using the following table to help the students to understand the different certifications under ITIL.  (Source: Axelos). S.NoLevelsPurpose1ITIL 4 Foundation LevelThe ITIL 4 Foundation certification is designed as an introduction to ITIL 4 and enables candidates to look at IT service management through an end-to-end operating model for the creation, delivery and continual improvement of tech-enabled products and services.2ITIL 4 Managing ProfessionalThe Managing Professional (MP) stream provides practical and technical knowledge about how to run successful IT enabled services, teams and workflows.3ITIL 4 Strategic LeaderITIL 4 Strategic Leader demonstrates that the you have a clear understanding of how IT influences and directs business strategy.4Master LevelTo achieve the ITIL Master certification, you must be able to explain and justify how you have personally selected and applied a range of knowledge, principles, methods and techniques from the ITIL Framework and supporting management techniques, to achieve desired business outcomes in one or more practical assignments.Getting started Concluding, John summarized that to get started all one needs to do is to talk to professionals to understand how the work they do contributes to creating value for customers. If everybody thinks about what they do in these terms, then the next step will be much easier. The IT world we live in is becoming more and more service based by the day and there is great opportunity. Industry leaders have seen ITIL in action and have bought into it. Most major global corporations run their services on ITIL®, and such IT professionals are in great demand. 
7084
The ITIL Framework and It’s Processes

You’ve got ITIL® questions. We’ve got ITIL an... Read More

The Business Benefits of Following ITIL Best Practices

Information Technology Infrastructure Library® or ITIL® as it is widely known is the accepted best practice framework in IT Service Management (ITSM).Around the world, organizations have adopted it as an effective tool to transform management of IT services and for achieving business growth. IT Service Management is leveraged extensively to create competitive advantages. IT is no more a cost center, but it has come to be regarded as an important business driver which offers tremendous opportunities for value creation. Today, it is hard to come across any service not enabled by IT and with businesses faced with tremendous disruptions, IT services comprise the most significant and perhaps the largest component. With Digital transformation rapidly changing the global business and economic landscapes, corporations are striving to remain competitive and relevant. How a service is delivered and managed can determine who will survive and who will not. Creating value through services for customers and for themselves is what organizations are striving for. Many enterprises are embracing opportunities offered by digital transformation. Theseorganizations realize that such transformations must be in sync with the need for stability, predictability, operational agility, and organization velocity. Therefore, improving and expanding capabilities in IT Service management is the name of the game! Overview of the ITIL4 framework ITIL4 is a major upgrade from the previous version, ITIL V3. In keeping with the changing business environment, ITSM is also evolving as organizations adopt newer ways of working.Cross function teams are becoming commonplace and there is an increased integration of IT with other organizational capabilities. ITIL4 provides a new operating model – a model that is flexible as well as practical, one that can help organizations on their digital transformation journey. In the new framework, ITIL best practices are integrated with new ways of working such as Agile and DevOps. The key elements of ITIL4 are the four dimensions, the guiding principles, the move from processes to practices, and the ITIL service value system. In this article, we will discuss each of this in detail. Benefits of ITIL4 Adoption of ITIL4 can bring a lot of benefits to the organizations and practitioners alike. In the new version, the framework accords strategic importance to ITSM by placing it in the wider context of customer experience and value co-creation. The main benefits of ITIL4 are: Holistic Approachto Service Management Understanding how all the parts of the organization – ITSM,development, operations,business relationship and governance – work together in an integrated way is key to a holistic approach to value creation. This provides end-to-end visibility and appropriate controls which is essential to the achievement of organizational agility, faster time to market, quality, optimized costs, and reduced risk through continual improvement and innovation. Focus on co-creating business value: While the focus of ITIL V3 was on IT services lifecycles(development, deployment, improving and retiring), ITIL4 has a focus across the entire organization. Thefour dimensions that are essential to creating value for all stakeholders, including customers are as follows: Organization and People This dimension is essentially about the people aspect of ITSM. The organizational culture needs to support its objectives andthe right level of staff capacity, competencies and skill sets are required for value co-creation to take place. Organizational structure (horizontalor vertical),roles and responsibilities, adequate Governance and effective communication aresome other key considerations to focus under this dimension.ITIL4 shows how every dimension is affected by multiple factorsInformation and technology: This aspect applies to both service management and to the services being managed. This dimension includes information created, managed, and used in the course of service provision and consumption. The technology part considers components like storage, network, databases etc. that make up the service as well as technology that support service management at the enterprise level. Partners and suppliers Value is increasingly achieved through co-creation.Partners and suppliers play a vital role in the design, development, delivery, and continual improvement of services.The breadth and depth to which organizations integrate suppliers into their value chains depends on many factors like in-house capabilities, sourcing strategy, relationship, cost etc. Value streams and processes It is critical that the different parts of the organization work in an integrated and coordinated way to create value.ITIL4 introduces the service value chain which is an operating model which helps map how a value stream (the delivery process of a service) flows across various activities from demand to supply. Organizations should map a value stream for every product or service to provide a complete, end-to-end picture of how value is created. Improved Business and IT alignment Witha flexible operating model in the form of Service Value System (SVS),the framework offers opportunities for better alignment of Business and IT whereby IT contributes works in tandem to realize organizational goals. This not only improves quality of service but also leads to higher customer satisfaction by reducing risks and cutting down time to market. Key concepts of ITIL V4 Value Co-creation  ITIL4 defines Services as: “A means of enabling value co-creation by facilitating outcomes that customers want to achieve, without the customer having to manage specific costs and risks” This definition marks a shift from the old definition as it outlines ‘value co-creation’. What this means is that the Service provider and Service Consumers must work together to create value. In ITILV3, value was described as something the Service Provider created for customers. The Service provider collaborates with customers to understand what constitutes value for customers rather than creating products and services in a vacuum. There are also two types of key stakeholders defined within ITIL4: Service Provider When provisioning services, an organization takes on the role of the service provider. The provider can be external to the consumer’s organization, or they can both be part of the same organization. Service Consumer When receiving services, an organization takes on the role of the service consumer. Service consumer is a generic role that is used to simplify the definition and description of the structure of service relationships. Just as there can be different provider roles, consumers are also divided into different roles or categories, namely: Customer a person who defines the requirements for a service and takes responsibility for the outcomes of service consumption User a person who uses the service Sponsor a person who authorizes budget for the service In some instances, the same person may serve in several roles. In other cases, different people may assume the various roles. As a Service Provider organization, it is important to understand who fills each of these roles and what expectation each of them wants and expects from the service provider. Products A configuration of an organization’s resources designed to offer value for a consumer A service provider may a product or portfolio of products that have the potential to co-create value for multiple customer segments. Service Provider can thus create one or more service offerings.Products are a configuration of an organization’s resources Source: AXELOSService Value System and Management Practices The ITIL4Service Value System (SVS) describes how all the components and activities of the organization work together as a system to enablevalue creation. A system can be defined as an interconnected network or as a set of things working together as parts of a mechanism. An organization is a system. The Service provideras a system, receives demand from multiple sources and converts them into value by creating/offering services for customers.ITIL Foundation: ITIL4 Edition (2019). Source: AXELOSThe Service Value System (SVS) is a different way of looking at the organization. The SVS is interconnected. It has individual parts; but they are all part of the same mechanism, working together. This includes how  organizations get things done (Service Value Chain), how decisions are made (Guiding Principles), how do they improve (Continual Improvement), how do they ensure they are doing what they profess to be doing (Governance), and how do they process work (Practices). Successful organizations exploit opportunities and respond to demand by delivering high-quality products and services in a fast and efficient way. They stand out for their agility and they do it by breaking down silos.  Now, let us break down those components and discuss how each contributes to making the Service Value System successful. Guiding Principles Guiding principles guide an organization in all circumstances. These should form the basis for decision making in the organization. The guiding principles provide a comprehensive and holistic vision of how a service or service management organization should manage and execute its work. The seven guiding principles include: Focus on value Start where you are Progress iteratively with feedback Collaborate and promote visibility Think and work holistically Keep it simple and practical Optimize and automateGovernance Governance is the means by whichan organization is directed and controlled by defining policies and rules. Service value chain It is an operating model which outlines the key activities required to respond to demand and facilitate value realization through the creation and management of products and services. Service Value Chain in ITIL4. Source: AxelosThe service value chain outlines six value chain activities –  Plan Engage Design and transition  Obtain or build  Deliver and support, and  ImproveTypically, a service provider will engage with external stakeholders, plan work, deliver and support live products and services. Practice ITIL4 moved away from processes towards more expanded ‘practices’ and defines them as ‘a set of organizational resources designed for performing work or accomplishing an objective.’They are both practical and flexible and each practice supports multiple SVC activities and aids the flexibility of the entire service value chain. These practices are leveragedin order to cater to the various aspects like time to market, responding to demand and resource allocation and scaling. ITIL4 has 34 practices as follows: General Management Practices 14 general management practices have been identified. These are generally practiced across the organization and are adopted for use in ITSM as well. Service Management Practices 17 service management practices have been developed for specific area of ITservice management and ITSM industries as a whole. Technical Management Practices There are three technical management practices which come from technology management domains for service management. They have been adopted in such a way that expand their applicability in IT services domain as well.Namely, these are: (1) deployment management, (2) infrastructure and platform management, and (3) software development and management. The 34 practices of ITIL4 have been summarized in the following table: General Management practices(14)Service Management Practices(17)Technical Management Practices(3)Architecture management Availability managementDeployment managementContinual improvement Business analysisInfrastructure and platform managementInformation Security managementCapacity and performance managementSoftware development and ManagementKnowledge managementChange ControlMeasurement and reportingIncident managementOrganizational change managementIT asset managementPortfolio managementMonitoring and event managementProject managementProject managementRelationship managementRelease managementRisk managementService catalogue managementService financial managementService configuration managementStrategy managementService continuity managementSupplier managementService designWorkforce and talent managementService deskService level managementService request managementService validation and testing34 practices of ITIL. Source: Axelos.Implementing ITIL4 in your organization – Best Practices Implementing ITIL4 in your organization, is all about the ABC of an organization - attitude,behavior, and culture.It is these three ABCs that will determine the success or otherwise of ITIL implementation.  A culture that accords highest importance to holistic service delivery and value co-creation, naturally evokes right attitude and behavior from all sections of the organization. With that said, the following are some of the key factors to be considered: Start where you are Anobjective evaluation of the current situation needs to be carried out before initiating a transformation. This gives us a perspective of our current capabilities, things that are working well and things that are not, what we can do and what we can’t, the processes that are currently being used, the prevailing organizational culture etc. So, the current baseline is the best starting point. Organizational Vision For organization wide adoption, it is important that there is a common big picture, an organizational vision which everyone, understands, aligns, and is committed to. Everyone should be able to know what the organizational goals are they are working for, how do their role fit into the larger scheme of things and what role does IT play in the achievement of the business strategy. Therefore, the following factors, among others, need to be looked at: The People The Practices  The product and technology The culture, service, and attitude The organization, communication, and relationships  Build capability and evaluate progress: Having a clear vision helps in building what matters the most to the organization. It helps draw a roadmap. Capability building in ITSM should include having defined practices, effective tools for ITSM and as also for collaboration, competency building for the staff, putting the right governance structures in place etc. Measuring and evaluating progress at key milestones is important to know if we are headed in the right direction and, if the changes that are being introduced bring value or not. Concluding thoughts ITSM has evolved well with times and ITIL has kept pace. The new version is both practical and flexible and takes ITSM to the next level of maturity by embracing a holistic view of service management and aligning itself with newer ways of working like Agile,DevOps and lean. The new version, which has received a lot of contribution from members of the ITSM community and industry practitioners, has made ITIL more relevant than ever before.
6298
The Business Benefits of Following ITIL Best Pract...

Information Technology Infrastructure Library® or... Read More

ITSM Gets Agile With ITIL® V4

The influx of new technologies has initiated a steep growth in the demand for a more modern, structured IT service management (ITSM) framework. Emerging technologies like blockchain, artificial intelligence, the internet of things (IoT), and many more are shaping the Fourth Industrial Revolution. A report by CompTIA projects the global information technology industry will grow at a rate of 3.7% in 2020, and that IT jobs are at risk as companies move toward automation. However, with multi-faceted certifications like ITIL®, the IT teams will be better equipped to handle more responsibilities overarching the IT industry.What is ITIL®?ITIL® (Information Technology Infrastructure Library) is a common framework that standardized global best practices in IT. It is used globally by millions of practitioners and is relied upon by 90% of the Financial Times Stock Exchange 500 to optimize their IT operations. Its framework equips a service provider with a clear capability model, aligning them to the business strategy and customer needs. Yet, with shifting work practices, the silo-model of ITIL® has been challenging its practitioners to evolve. With its new version, the ITIL® V4, some of these problem areas are addressed.Carefully curated with the help of 12 lead architects, 61 authors, and hundreds of IT practitioners, the latest additions incorporate a range of approaches from DevOps, Agile to SRE(Site Reliability Engineering). So what exactly sets apart ITIL® 4? Defining ITIL® V4 with agilityTraditionally, ITSM focused on continual service improvement (CSI) by collecting feedback and coming up with improvements in a project plan that spans anywhere between 6-12 months. However, with the advent of digital transformation, this approach has become obsolete. With its delayed turn-around-time or improvement model, customer-retention becomes difficult, and the overall pace is hampered as well.  The introduction of agility to this model ensures shorter cycles of projects and constant iterations to meet the customers’ or end-users’ expectations. Running 4-week sprints becomes a regular process, with mini-projects being stacked alongside – then passed to the Scrum Masters. Not only does this streamline the feedback mechanism to ensure continuous improvement, but it also helps in tracking the success and optimal usage of resources.  It is as simple as this: instead of doing something for 6 months, finding where it failed and then reworking on those aspects; using agile methodology one can continuously rework on what is wrong, while also progressing with the project and enhancing what is right. A perfect example of this is user testing and MVP (minimum viable product) in the case of IT services.  Agile also allows the setting of short-term goals aligned to the current business needs. With the entire team aligned to the end-result ploughing improvements on-the-go, overall productivity is also increased.  Breaking down silosITIL® 4 focuses on creating a shift in the ITSM mindset, both culturally and in the working methodologies, by breaking down barriers and silo-working. It helps in fostering a collaborative work environment right from the top and nurtures a holistic approach to work. By documenting processes formally and keeping track of consistency and progress, the dependencies involved in each process are transparent. Each team works to its strengths and supports the other in its shortcomings, creating a collaborative environment. When such structures are implemented at the top level, it is bound to trickle down to the remaining parts of the organization.  Benefits of ITIL® V 4ITIL® V4 has been primarily built on four dimensions of service management – people, products, partners, and processes. While the processes were largely overlooked by the previous versions, the ITIL® V4 embraces the core values of other frameworks like Lean, Agile and DevOps, making it more flexible and beneficial to the niche IT services.  With the support of ITIL® V4, ITSM is more structured around development processes and its adoption of agile methodologies creates space and autonomy in work within a consistent framework. Change is imperative for the growth of any organization, and ITIL® 4 helps them navigate it. Shifting gears from process-led delivery to value-driven delivery, ITIL® 4 ensures faster quality and quick growth for people and organizations.
3526
ITSM Gets Agile With ITIL® V4

The influx of new technologies has initiated a ste... Read More

5 ITIL® Skills That Set You Apart

The IT Infrastructure Library or ITIL® is a collection of vast data describing a framework of best practices for delivering IT services. Since its inception in the 1980s, the process has gone through many changes, keeping up with the latest technologies in the IT space. The latest addition was ITIL® V4 certification, along with the ITIL 4 Managing Professional Transition Module and ITIL 4 Managing Professional Modules. Its systematic approach helps businesses manage risk, strengthen customer relations, and build cost-effective strategies for a sustainable IT environment.  Demand for ITIL®As new opportunities continue to emerge for IT professionals at the organizational level, companies are leaning towards recruiting or training individuals with higher skillsets or IT certifications. Certifications like the ITIL® not only prepare IT professionals for such organizational-level processes but also project a wider landscape of opportunities. Globally, techies or project experts have received over a 15% hike in their salaries after boosting their resumes with an ITIL® certification. ITIL® ranks 7th among all the top-paying IT certifications, with an average salary of $120,556, according to the Global Knowledge 2019 IT Skills and Salary Report. So, what is it about ITIL® that makes it one of the most in-demand certification courses? 5 ITIL® skills that set you apart 1. Worldwide Recognition The ITIL® framework is professionally recognized and provides a common language of practical, proven guidance for establishing ITSM, with continual growth as well as consistency. It is used globally by millions of practitioners and giant conglomerates. Axelos reports that 90% of the Financial Times Stock Exchange 500 companies rely on ITIL® to run their operations. This opens a window of opportunities for individuals to explore. 2. Skills for high-quality delivery As the ITIL® framework contains tools that power collaboration within IT teams and delivering value across a business, these skills can be used in different projects, teams, and organizations.  3. Alignment to disruptive technologiesThe fourth version of ITIL® bridges the best practices of ITIL® with the Fourth Industrial Revolution or Industry 4.0. The new framework enables organizations to smoothly transition into digital technologies and provides practical and flexible support for this adaption. The framework focuses on collaboration, transparency, automating where possible, and working holistically.Emerging technologies like robotics, artificial intelligence, the Internet of Things (IoT), and more are crucial for businesses to grow but come with their limitations. ITIL4® also encompasses ways to deal with their iterative nature.4. Inculcates a proactive culture The ITIL4® framework trains individuals to focus on customers’ expectations and user experience. It helps them plan for contingencies and to take appropriate measures to prevent them from recurring. It also improves the overall service delivery quality, developing a new proactive culture.  5. Goal-oriented strategies One of the chief areas that ITIL4® trains an individual/team for, is the focus on driving business. With the emphasis on getting better return-on-investment (ROI) by improving business competence, productivity, and customer-relationships, individuals tend to look for cost-efficient strategies. This not only helps in optimizing resources but also generates a holistic approach towards work. The importance of always learningITIL4® enhances continuous growth through its practices. The framework aligns with the future of IT by merging business and technology – how it is working today and how it will work going forward with other methodologies like Agile, DevOps, and digital transformation as well. For individuals, the ITIL4® skills don’t just set them apart with a distinct resume but also let them implement successful growth-oriented practices in real-time.Build skills required for the future of  IT Service Management with our industry experts. Explore live online workshops here.
4635
5 ITIL® Skills That Set You Apart

The IT Infrastructure Library or ITIL® is a colle... Read More

How ITIL® 4 Helps in the Breakdown of Siloed Working

Silo mentality is a mindset adopted by certain employees/teams/departments within the same organization. Silo working hampers efficiency, the scope for improvement, cross-functional knowledge transfer as well as trust-building with in a workforce. The existence of a silo mentality drastically affects the health of the company culture in the long run.  However, silo working has been a management term that has been doing the rounds for quite some time now. A silo mindset can be eradicated with the right vision and training by the executive leaders of organizations and by making a cultural shift. ITIL® plays a vital role in creating this shift and helps in preventing such destructive organizational practices. 2 ways ITIL® 4 eliminates a siloed approach to work ITIL® 4 was introduced with the intention to streamline the service value chain by eliminating traditional way of carrying out activities. It enables teams to develop a holistic approach instead of a siloed approach. Below are the 2 ways enterprises can use ITIL® 4 to avoid a siloed approach to work: 1. Foster a collaborative work environment right from the top 77% of organizations say that ITIL® has helped them implement effective organizational changes.In majority of these organizations, ITIL® was adopted right from the senior management to beginner-level employees. When professionals in the top levels of an organization display teamwork with a growth mindset, it’s inevitable that the rest of the workforce would adopt it. This level of collaboration right from the top reinforces the idea that employees/teams must work together to achieve business goals. ITIL® 4 helps organizations frame new process architectures that revolve around the value-creation principle. Processes are formally documented to keep track of consistency and progress, and dependencies involved in each process are clearly laid out. This way, teams tend to work holistically and a siloed approach to work is reduced. 2. Enlighten the employees about a holistic work approach A rigid work culture leaves the employee uninspired to collaborate. ITIL® 4 advocates building a customer-centric culture. However, for happy customers to be born, employees must be satisfied first. Enterprises must consider the aspirations of their employees and why they prefer siloed work over teamwork. If the employees raise concerns regarding the company culture and the lack of enough support is compelling them to work in silo, those need to be addressed.  Employees who feel that they lack the right skills to collaborate should also be supported to uplift their productivity They can also be rewarded for their efforts for teamwork through periodic performance reviews and rewards/recognition. Nipping siloed approach at the bud In the past, ITSM had received a lot of flak for promoting siloed working, However, the latest version of ITIL, ITIL® 4, rectified this flaw of ITSM. Amidst this highly competitive market, it’s imperative for organizations to generate value quickly. The Siloed approach impedes enterprises from a value-generation point of view. Industry experts are of the view that on-the-job training is the best way to upskill the entire workforce in ITIL® 4. Adoption of ITIL® 4 will greatly help in curbing a siloed approach to work and encourage a holistic and collaborative work methodology. 
1369
How ITIL® 4 Helps in the Breakdown of Siloed W...

Silo mentality is a mindset adopted by certain emp... Read More