Search

Everything You Need To Know About ITIL®

What is ITIL®?Today, the worlds of business and technology have overlapped each other and are linked inextricably. To thrive and to remain competitive, companies need to bring IT services in considerable focus. The transition of a company’s objectives and capabilities to IT can be an overwhelming process. To ease this transition and to select, plan, deliver and maintain a certain standard in IT services within the organisation, a standardised framework called the Information Technology Infrastructure Library (ITIL®) is designed.The ITIL® ensures that the implementation of IT services for any business has efficiency and predictable service deliverability at its core. The framework makes sure that the IT services department in any organisation is an active business partner and not just a backend service provider.  The reason why ITIL® is gaining such importance and focus in the business world is that without it, the resources spent on designing and developing an IT service management (ITSM) process would be futile, which would, in turn, make the business less competitive, susceptible to losses in money and customers and less efficient.ITIL® HistoryThe growing discrepancies in processes, deployments and inconsistent IT services on account of the geographical decentralisation of data centers in the 1980s led to the need for ITIL®.Released as a series of books in 1989 by The United Kingdom's Central Computer and Telecommunications Agency (CCTA), ITIL® Version one, i.e., ITIL® V1 was their response to a need to recognise IT as an essential service and the need to apply it consistently across the organisation.ITIL® consists of various levels and modules. It aims to cover comprehensively everything from service strategies to continuous improvement which would ultimately help practitioners to adopt the IT services for their organisation and be prepared for changes down the line.ITIL® UpdatesPost-1989, the ITIL® has been upgraded to reflect the changes in the business world and is now a highly renowned and recommended practice with multiple thousands of practitioners getting certified and implementing it.Post launch, the first major change in ITIL® came in 2000-2001 with the release of ITIL® V2. This version focused on making the entire framework more accessible and less formidable for the candidates. It compiled the entire framework into nine sets of related elements. This version was followed by the ITIL® V3 in 2007 which was a compact and well-designed framework of 26 functions that were combined into five volumes.  This version was built to inculcate the concept of service lifecycle structure. Few changes were introduced to V3 which was launched in 2011 as ITIL® V3 2011. In 2019, the latest version, ITIL® V4, is all set for launch with a focus on the ITIL® service value system and upgrading the credit system.ITIL® PublicationsThe framework of ITIL® V3 encompasses five core publications which aim to cover the entire lifecycle of ITSM. They are reviewed and updated regularly to reflect the advancements made in IT technology. The five core publications are:ITIL® Service Strategy: This publication aims to identify and describe the goals of the business and the objectives of the IT services and align them to customer requirements.ITIL® Service Design: Based on the strategy defined in the previous publication, this publication aims at outlining the IT architecture, policies, and procedure as well as documentation.ITIL® Service Transition: This is an important publication which focuses on the change management and practices to be followed for releasing each policy/service change. It mainly aims to guide the transition and anticipated interruptions.ITIL® Service Operation: This is the actual working, functioning and operating manual in the ITIL® framework. The operation help in managing IT services regularly.ITIL® Continual Service Improvement: This publication is futurist in its outlook as it aims to guide the organisation through improvements and updates within the ITIL® framework.  As is evident, the modules cover everything from the beginning, i.e., identifying the customer’s needs to designing and implementation and in the end, monitoring and improving the ITSM process.ITIL® Modules The entire ITIL® process is a module based framework. The certification, for example, under ITIL® v4 has been broken down into ITIL® Foundation and the ITIL® Master exams. Post the ITIL® Foundation, the course is further split into two modules: ITIL® Managing Professional (MP) and ITIL® Strategic Leader (SL), which the candidate need to complete in order to progress further.  ITIL® MP has the following modules:ITIL® Specialist – Create, Deliver and SupportITIL® Specialist – Drive Stakeholder ValueITIL® Specialist – High Velocity ITITIL® Strategist – Direct, Plan & ImproveITIL® SL, on the other hand, has the following modules:ITIL® Strategist – Direct, Plan & ImproveITIL® Leader – Digital & IT StrategyNine ITIL® Principles & ITIL® ModulesReleased in 2019, ITIL® V4 has the same focus as its predecessors. Although, it does have an updated framework which also represents and accommodates modern technologies and software. The program has illustrated nine guiding principles with an aim to provide for change management within an organisation, organisation communication, measurement, and metrics. These nine principles include:Focus on valueHere, ITIL® encourages the professional to define the service output in a manner that captures the needs of the customer.Design for experienceThe paramount thing here, as per ITIL®, is to understand the context within which the service offered will be consumed by the customers.Start where you areThis principle pushes the candidate to collect information and understand the customer’s current pattern of consumption and how the services offered under ITIL® will support it.Work holisticallyBy understanding the entire value chain of the customer, ITIL® ensures that the services offered do not disrupt that value chain but make an active contribution to it.Progress iterativelyITIL®, while being implemented, must start with the minimally viable option and then progress from there based on an understanding of the priorities of the customer’s needs and expectations.Observe directlyITIL® requires that the customers including users and sponsors are heard out and observed regularly. Candidates must observe how the service is delivered, executed and consumed.Be transparentIn the realm of ITIL®, sharing is encouraged: of ideas, thoughts, failures, concerns as well as improvements made.CollaborateITIL® requires the active involvement of all stakeholders from customers, users to suppliers.Keep it simpleIt is imperative that any implementation of ITIL® uses simple words which are easy to understand to ensure clear communication.ITIL® principles and modules when systematically followed can help an organisation manage as well as mitigate risks better, save on IT support costs, create a thriving ecosystem which ensures growth, scale, change and strengthens the organisation’s relationship with their end users i.e the customers.What are ITIL® processes & frameworks?The framework of ITIL® V3 is made up of five parts: service strategy, service design, service transition, service operation, and continual service improvement. These sections comprise of:Strategy GenerationFinancial managementDemand managementService Portfolio managementITIL® Service DesignThe design of an IT service which has architectures, processes, policies and documentation is laid out in this section to address the requirements of the business requirement. Seven processes are included in Service Design:Service Catalog ManagementService Level ManagementAvailability ManagementCapacity ManagementIT Service Continuity ManagementInformation Security ManagementSupplier ManagementITIL® Service TransitionThis stage is to make sure that that the current state of service is not ignored when an organization is going through change. ITIL® Service Transition includes seven processes which are:Transition Planning and SupportChange ManagementService Asset and Configuration ManagementRelease and Deployment ManagementService Validation and TestingEvaluationKnowledge ManagementITIL® Service OperationITIL® Service Operation is essential to make sure the organisation meets the requirements of the customer. It comprises of various functions to ensure a smooth flow of everyday tasks related to planning, operations, monitoring, and related services. Service Operation includes five processes:Event ManagementIncident ManagementRequest FulfillmentProblem ManagementAccess ManagementITIL® Continual Service ImprovementIn this stage of ITIL®, stringent quality checks are required to ensure the service process is improved consistently. There are three processes in this stage of Continual Service Improvement:The 7 improvement processService MeasurementService ReportingBest practicesITIL® guidelines and best practices' primary aim is to align IT department actions as well as expenses to the needs of the business and change them as the company grows and shifts direction.ITIL® ensures support to the organisations and individuals as they endeavour to achieve optimal value from their investment in IT and digital technologies and services. It creates a sense of direction for the service provider to create a clear capability model and adjust its business strategy with customer needs.As a professionally recognised international certification scheme, ITIL® ensures comprehensive and pragmatic guidance which helps in establishing a service management system. Its best practices start from the basics such as defining a glossary of common terms which business can use as they adopt IT-enabled services into their practices.ITIL® ObjectivesITIL®, in its objective, contributes immense value to the organisation which adopts its framework. It not only assures quality, increased availability, reduction in costs and better cost-benefit relationship but also a tremendous improvement in effectiveness in meeting requirements of a class, growth in flexibility and making the principle of adopting and adapting possible.ITIL® helps organisations in achieving the following objectives:Reduction in IT costsImprovement in qualityReduction in riskImprovement in decision makingIncrement in productivityOrganisation-wide transparency and effective communication.Implementing a culture of adopting a practical approach to service managementAdoption of a common framework of practicesITIL® FundamentalsWhether it is the private or public sector, internal or external services providers, small, medium or large organisations, ITIL® continues to remain useful, relevant and evolving in every technical environment. There are some ITIL® fundamentals which are a primary reason why organisations must adopt it to ensure that their needs of IT and their customers are met.These fundamentals include:Best Practices: ITIL® is a representation of the best practices, experiences, learning, and thoughts of the world’s best-in-class service providers.Continuous Evolvement: The success of ITIL® can easily be credited to its fundamental principle of developing continually. This ensures that organisations are enabled to derive and deliver benefits, get assured returns on investment and sustainable success.Adapt and Adopt:  ITIL® is adapted to enable organisations in:Ensuring early adoption of a standard approach towards service management throughout the organisation and its processes.Changing the culture of the organisation to support the sustainable and prosperous achievements of goals, enabled by IT.Optimising and reducing costs.Improving customer interaction as well as the relationship.Coordinating across the value chain of the delivery of goods and services.What is ITIL® Certification?Here is a brief overview of the ITIL® Certification Program.ITIL® serves as the primary ITSM framework for any organisation. As a person in IT, getting these certificates is essential, as they add to their skillset. Many IT professionals in the industry consider the ITIL® certifications as the Holy Bible to IT support. ITIL® V3 utilises a credit system for all its levels from the Foundation through Master levels. Each certification level earns a certain number of credits. After obtaining the requisite number of credits, the individual will take the ITIL® Master certification. In ITIL® V3, a total of 22 credits are required by a professional, if they are to earn the ITIL® Expert certification. The benefits of the ITIL® certification program include:Better preparedness with an in-depth knowledge of ITIL® frameworks which enables you to work betterEnsures professional advancement and better payHelps you speak the language of IT professionalsExpanded horizons and a vision for the bigger pictureITIL® certification is a modular programme, directed towards learning the ITIL® framework and comprises of a series of qualifications which are focused on different aspects of the ITIL® framework and its implementation.The certification enfolds in a tiered structure which ensures that candidates have flexibility and progress through the depths of ITIL® in a sequential manner.Recently, on the 18th of February, 2019, ITIL® 4 certifications starting with a foundation course have been released. The remaining certifications are due for release in the second half of 2019.Under the ITIL® V3, the certifications had five levels which included:FoundationPractitionerIntermediateExpertITIL® training MasterThis system has evolved to the following under V4:FoundationManaging ProfessionalStrategic LeaderMasterIt is important to note that the ITIL® system uses a credit system right from the Foundation level through the Expert levels with each certification amounting to a certain number of credits. The following chart illustrates the current ITIL® V3® credit system:Sr. NoLevel of ITIL® certificationNo. of credits awarded1ITIL® Foundation22ITIL® Practitioner33ITIL® IntermediateLifecycle ModuleService Strategy3Service Design3Service Transition3Service Operation3Continual Service Improvement3Capability ModuleOperational Support and Analysis4Planning, Protection, and Optimization4Release, Control, and Validation4Service Offerings and Agreements44Managing across the lifecycle55ITIL® ExpertITIL® Certification LevelsUnder the ITIL® V3 certification, levels are under:1. FoundationThis is the first level in the ITIL® certifications. It focuses on ensuring that the candidate is well versed with standard terminology and methodology. They will get the knowledge required to not only support but also deliver ITIL® related services.2. PractitionerThe Practitioner level is the second level of the ITIL® certification. In this level, the candidates are encouraged to improve their ability to adopt and adapt ITIL® for an organization.3. Intermediate This is the third level of the ITIL® certification. It consists of two categories or modules of certification: Service Lifecycle and Service Capability.The Service Lifecycle modules are:Service Strategy (SS)Service Design (SD)Service Transition (ST)Service Operation (SO)Continual Service Improvement (CSI)The Service Capability modules are:Operational Support and Analysis (OSA)Planning, Protection, and Optimization (PPO)Release, Control, and Validation (RCV)Service Offerings and Agreements (SOA)In the Service Lifecycle module, a lot of focus is given to management across several ITIL® processes. On the other hand, the module of Service Capability focuses on specialized as well as process-level knowledge within ITIL® processes.4. ExpertITIL® Expert certification is the fourth level of the ITIL® certification, and it is also delivered in modular form. This certification can be taken only by those candidates who have cleared the previous levels to ensure that they the requisite detailed knowledge and skills to clearly understand the entire system of ITIL®.5. MasterThe fifth level of the ITIL® certification is the ITIL® Master Level certification. This level focuses on strengthening and widening the mastery of the practical application of ITIL® in a variety of settings. The professionals working on ITIL® directly are usually involved in planning, operations, and management of ITSM. Through this certification, they obtain the skills to demonstrate their knowledge.Here are some details on the levels of certifications under ITIL® V4 :1. ITIL® Foundation Certification -  IT Service ManagementThe ITIL® 4 Foundation certification is designed as an introduction to ITIL® 4, and it enables candidates to look at ITSM as an end-to-end operating model for creating, delivering and continuously improving tech-enabled products and services. It helps those individuals who require a basic knowledge of the ITIL® framework. It also helps those who wish to understand how ITIL® as a framework can be used to enhance ITSM and those IT professionals working within an organisation that has adopted ITIL®.2. ITIL® Managing Professional - ITIL® MPITIL® MP has four modules within itself, adding value of ITIL® Foundation, which are:ITIL® Specialist Create, Deliver and SupportITIL® Specialist Drive Stakeholder ValueITIL® Specialist High Velocity ITITIL® Strategist Direct Plan and ImproveITIL® MP targets those IT practitioners who work within technology and digital teams across organisations.  3. ITIL® Strategic Leader - ITIL® SLWithin ITIL® SL, two modules embody the next stage of ITIL® evolution. The two modules are:ITIL® Strategist Direct Plan and ImproveITIL® Leader Digital and IT StrategyThis set is perfect for those who understand how IT services influence business strategy.4. ITIL® Master Certificate - ITSMITIL® Master Certificate helps the person justify and explain a range of knowledge, principles, methods, and techniques of ITIL® Framework. It requires one to have extensive practical experience with ITIL® and demonstrative knowledge of the prospect.To be eligible for the ITIL® Master certification, you must:Be  ITIL® Expert certifiedHave experience in IT services management for five years at least in leadership, management or higher management position.How much does ITIL® certification cost?Currently, ITIL® certifications are under Axelos. An individual can start the course by either using a hardcopy, PDF, ePublication or via an online subscription which can be availed directly from Axelos. While this is the primary cost, the second is the training cost. For each level of the course, there is a different cost associated. The curriculum leading to the initial certificate usually runs for two days and the courses commencing to higher certifications can run for a week or more.There is an additional cost of re-engineering a few of the processes to enable ITIL® frameworks and enable them to comply with ITIL® guidelines. An additional cost would be the investment in the ITIL® study guide and ITIL® practice exam which is set to be between $30 to $50 respectively. Therefore, there is no fixed cost for gaining the ITIL® certification. Axelos has tied up with an institution called  Accredited Training Organisation (ATO) where one can take ITIL® training.What are ITIL® complementary certifications?Axelos, apart from the five levels of ITIL® certifications, also offers complementary courses under the ITIL® credit system which are known as ITIL® complementary certifications. A total of 6 credits can be earned through these additional courses. It is critical to ensure that there is no overlap between the modules at different levels, as the percentage of overlap that Axelos segregates can be divided into three categories: low, moderate and high. The candidate should focus on staying in the ‘low overlap’ zone to ensure that they earn the right credits. Axelos details the course on its website and gives a hawk-eye view of its benefit.Who should do ITIL® certification?ITIL® certification is acquired via classroom study and virtual IT coaching which can be supplemented with self-study. An ITIL® certification represents that the person who has it has the requisite knowledge and skills related to ITIL® structure and terminology. It also describes that he has a working knowledge of the core principles and subject areas relating to IT, which is the primary use of ITIL® technology in the management of business services. The certification is helpful for:People who have the basic knowledge of ITIL® and wish to utilise it towards ensuring better control of service operation in a business situation.IT professionals who want positive changes in the efficiency of a business organisation such as cost reduction.Following professionals are recommended to take the ITIL® course:IT ManagersIT DirectorsQuality AnalystsIT Service ManagersSupport Professionals and EngineersService Support EngineersDatabase AdministratorsOperations ManagersOwners of Business ProcessesWhat is ITIL® Foundation?The foundation course will act as an introduction to ITIL® 4, and it will introduce candidates to ITSM as an end-to-end operating model with a focus on creating, delivering, and improving IT-enabled products and services.The certification aims to help:People who require a fundamental understanding of the ITIL® framework.Those who wish to learn how ITIL® can be useful in enhancing the IT service management.IT professionals or others who are working within an organisation that has adopted ITIL®.However, the ITIL® V4 foundation certification is helpful to anyone who has an interest in IT service management. ITIL® V4 Foundation candidates, at the end of the certificate course, will have an understanding of the following:A thorough grasp of how to facilitate the co-creation of value for customers as well as other stakeholders via products and services.Exposure to the guiding principles of ITIL® V4.A holistic approach towards the four dimensions of Service Management.Basic terminologies such as Agile, Lean, DevOps and their importance.The significance of ITIL® practices and their value to your business.Are there any Versions in ITIL® Foundation?ITIL® has seen 4 versions till date. Each of the versions has had the same motive of helping the candidate achieve alignment between the IT systems with the business strategies.Version 1 was launched with more than 30 volumes each covering a specific practice within ITSM. It aimed at establishing a model of controlling and managing business operations using IT.In the year 2000-2001, in order to make ITIL® more accessible as well as affordable, a new version, ITIL® V2 endeavoured to consolidate the publications into nine sets which focus on logic and were grouped in a manner that matched different aspects of IT management and services.Under ITIL® V3, the foundation level was introduced to candidates with the aim of exposing them to the basic concepts, key elements and common terminologies under ITIL®.The primary purpose has not changed under the ITIL® V4, and their essential features remain the same. The updated version of ITIL® V4 merely includes advanced material on the additional best practices.  ITIL® V4 aims to address the two major complains of the ITIL® :Its relationship with the ITSM community.Its failure to update itself with the latest trends in IT operations and software development.How ITIL® certification helps business?ITIL® certification has now become essential for any business which uses digital services daily and aspires to have a flawless ITSM. An ITIL® certification helps with installing good ITSM practices within the organisation. This certification covers the whole development lifecycle of IT, all the way from recognising requirements of IT and business to maintaining and delivering the levels of service in a state of focused review and improvement. This holistic approach enhances the overall customer experience and integration of work.To help understand the nuances better, let us explore ITIL® V3 Foundation Vs. ITIL® V4 Foundation.ITIL® V3, which is also popularly referred to as ITIL® 2011, was the latest version before the upgrade to ITIL® V4. The new version introduced the process of the Business Relationship Management (BRM) process but other than that, most of the other elements remain the same.  An important change was that it was easier to read and many of the inconsistencies were edited out. ITIL® V4 uses newer techniques to align IT with a more evolved level of efficiency and effectiveness. It is now possible to align ITIL® with other existing methods such as IT4IT, Agile, DevOps, and Lean.Even with ITIL® V4, the essential elements of ITIL® V3 remain the same. ITIL® V4 just ensures the inclusion of additional best practices and easier integration.ITIL® V4 encourages lesser siloes, more collaboration and encourages communication across the whole organization with the integration of Agile, Lean and DevOps into ITSM strategies. It is made to be more flexible and customizable than ITIL® V3 i.e. more holistic.By investing in a training course and implementing ITIL®, you can expect the following things:Enhanced understanding of the customers which aid in delivering better services, long term relationships, and a sound reputation.A developer guide on predicting and reacting to customer service engagement, complaints, and experience.Increased productivity and better management of resources by focusing on the cost-benefit analysis.Risk mitigation and management.Stabilized environment for better alignment of IT and other divisions of your business.Reduced incidences of service failures.A growth in opportunities to network and collaborate with similar business models.Enhanced value of the organisation’s service portfolio.Agile adaptation to new technologies and comply faster to changing needs of the digital worldDirect rise in chances of an improved bottom line in your revenue statements.Thus, through this, it is clear that ITIL® is almost inevitable for business and must be implemented within organisations who wish to keep evolving with the times and achieve their ever-changing goals with the help of IT.To wrap it up, ITIL® is not just a straightforward skills course in IT. It equips the candidate with the requisite resources to apply the knowledge gained to the larger scope of their organization and align with business practices. This means that the candidate would have a practical hold over the best practices, especially when addressing all facets of IT management.

Everything You Need To Know About ITIL®

10157
Everything You Need To Know About  ITIL®

What is ITIL®?

Today, the worlds of business and technology have overlapped each other and are linked inextricably. To thrive and to remain competitive, companies need to bring IT services in considerable focus. The transition of a company’s objectives and capabilities to IT can be an overwhelming process. To ease this transition and to select, plan, deliver and maintain a certain standard in IT services within the organisation, a standardised framework called the Information Technology Infrastructure Library (ITIL®) is designed.

The ITIL® ensures that the implementation of IT services for any business has efficiency and predictable service deliverability at its core. The framework makes sure that the IT services department in any organisation is an active business partner and not just a backend service provider.  

The reason why ITIL® is gaining such importance and focus in the business world is that without it, the resources spent on designing and developing an IT service management (ITSM) process would be futile, which would, in turn, make the business less competitive, susceptible to losses in money and customers and less efficient.

ITIL® History

The growing discrepancies in processes, deployments and inconsistent IT services on account of the geographical decentralisation of data centers in the 1980s led to the need for ITIL®.

Released as a series of books in 1989 by The United Kingdom's Central Computer and Telecommunications Agency (CCTA), ITIL® Version one, i.e., ITIL® V1 was their response to a need to recognise IT as an essential service and the need to apply it consistently across the organisation.

ITIL® consists of various levels and modules. It aims to cover comprehensively everything from service strategies to continuous improvement which would ultimately help practitioners to adopt the IT services for their organisation and be prepared for changes down the line.

ITIL® Updates

Post-1989, the ITIL® has been upgraded to reflect the changes in the business world and is now a highly renowned and recommended practice with multiple thousands of practitioners getting certified and implementing it.

Post launch, the first major change in ITIL® came in 2000-2001 with the release of ITIL® V2. This version focused on making the entire framework more accessible and less formidable for the candidates. It compiled the entire framework into nine sets of related elements. This version was followed by the ITIL® V3 in 2007 which was a compact and well-designed framework of 26 functions that were combined into five volumes.  This version was built to inculcate the concept of service lifecycle structure. Few changes were introduced to V3 which was launched in 2011 as ITIL® V3 2011. In 2019, the latest version, ITIL® V4, is all set for launch with a focus on the ITIL® service value system and upgrading the credit system.

ITIL® Publications

The framework of ITIL® V3 encompasses five core publications which aim to cover the entire lifecycle of ITSM. They are reviewed and updated regularly to reflect the advancements made in IT technology. The five core publications are:

  1. ITIL® Service Strategy: This publication aims to identify and describe the goals of the business and the objectives of the IT services and align them to customer requirements.
  2. ITIL® Service Design: Based on the strategy defined in the previous publication, this publication aims at outlining the IT architecture, policies, and procedure as well as documentation.
  3. ITIL® Service Transition: This is an important publication which focuses on the change management and practices to be followed for releasing each policy/service change. It mainly aims to guide the transition and anticipated interruptions.
  4. ITIL® Service Operation: This is the actual working, functioning and operating manual in the ITIL® framework. The operation help in managing IT services regularly.
  5. ITIL® Continual Service Improvement: This publication is futurist in its outlook as it aims to guide the organisation through improvements and updates within the ITIL® framework.  

As is evident, the modules cover everything from the beginning, i.e., identifying the customer’s needs to designing and implementation and in the end, monitoring and improving the ITSM process.

ITIL® Modules 

The entire ITIL® process is a module based framework. The certification, for example, under ITIL® v4 has been broken down into ITIL® Foundation and the ITIL® Master exams. Post the ITIL® Foundation, the course is further split into two modules: ITIL® Managing Professional (MP) and ITIL® Strategic Leader (SL), which the candidate need to complete in order to progress further.  

ITIL® MP has the following modules:

  • ITIL® Specialist – Create, Deliver and Support
  • ITIL® Specialist – Drive Stakeholder Value
  • ITIL® Specialist – High Velocity IT
  • ITIL® Strategist – Direct, Plan & Improve

ITIL® SL, on the other hand, has the following modules:

  • ITIL® Strategist – Direct, Plan & Improve
  • ITIL® Leader – Digital & IT Strategy

Nine ITIL® Principles & ITIL® Modules

Nine ITIL® Principles & ITIL® Modules

Released in 2019, ITIL® V4 has the same focus as its predecessors. Although, it does have an updated framework which also represents and accommodates modern technologies and software. The program has illustrated nine guiding principles with an aim to provide for change management within an organisation, organisation communication, measurement, and metrics. These nine principles include:

  • Focus on value

Here, ITIL® encourages the professional to define the service output in a manner that captures the needs of the customer.

  • Design for experience

The paramount thing here, as per ITIL®, is to understand the context within which the service offered will be consumed by the customers.

  • Start where you are

This principle pushes the candidate to collect information and understand the customer’s current pattern of consumption and how the services offered under ITIL® will support it.

  • Work holistically

By understanding the entire value chain of the customer, ITIL® ensures that the services offered do not disrupt that value chain but make an active contribution to it.

  • Progress iteratively

ITIL®, while being implemented, must start with the minimally viable option and then progress from there based on an understanding of the priorities of the customer’s needs and expectations.

  • Observe directly

ITIL® requires that the customers including users and sponsors are heard out and observed regularly. Candidates must observe how the service is delivered, executed and consumed.

  • Be transparent

In the realm of ITIL®, sharing is encouraged: of ideas, thoughts, failures, concerns as well as improvements made.

  • Collaborate

ITIL® requires the active involvement of all stakeholders from customers, users to suppliers.

  • Keep it simple

It is imperative that any implementation of ITIL® uses simple words which are easy to understand to ensure clear communication.

ITIL® principles and modules when systematically followed can help an organisation manage as well as mitigate risks better, save on IT support costs, create a thriving ecosystem which ensures growth, scale, change and strengthens the organisation’s relationship with their end users i.e the customers.

What are ITIL® processes & frameworks?

The framework of ITIL® V3 is made up of five parts: service strategy, service design, service transition, service operation, and continual service improvement. These sections comprise of:

  • Strategy Generation
  • Financial management
  • Demand management
  • Service Portfolio management

ITIL® processes & frameworks

ITIL® Service Design

The design of an IT service which has architectures, processes, policies and documentation is laid out in this section to address the requirements of the business requirement. Seven processes are included in Service Design:

  1. Service Catalog Management
  2. Service Level Management
  3. Availability Management
  4. Capacity Management
  5. IT Service Continuity Management
  6. Information Security Management
  7. Supplier Management

ITIL® Service Transition

This stage is to make sure that that the current state of service is not ignored when an organization is going through change. ITIL® Service Transition includes seven processes which are:

  1. Transition Planning and Support
  2. Change Management
  3. Service Asset and Configuration Management
  4. Release and Deployment Management
  5. Service Validation and Testing
  6. Evaluation
  7. Knowledge Management

ITIL® Service Operation

ITIL® Service Operation is essential to make sure the organisation meets the requirements of the customer. It comprises of various functions to ensure a smooth flow of everyday tasks related to planning, operations, monitoring, and related services. Service Operation includes five processes:

  1. Event Management
  2. Incident Management
  3. Request Fulfillment
  4. Problem Management
  5. Access Management

ITIL® Continual Service Improvement

In this stage of ITIL®, stringent quality checks are required to ensure the service process is improved consistently. There are three processes in this stage of Continual Service Improvement:

  1. The 7 improvement process
  2. Service Measurement
  3. Service Reporting

Best practices

ITIL® guidelines and best practices' primary aim is to align IT department actions as well as expenses to the needs of the business and change them as the company grows and shifts direction.

ITIL® ensures support to the organisations and individuals as they endeavour to achieve optimal value from their investment in IT and digital technologies and services. It creates a sense of direction for the service provider to create a clear capability model and adjust its business strategy with customer needs.

As a professionally recognised international certification scheme, ITIL® ensures comprehensive and pragmatic guidance which helps in establishing a service management system. Its best practices start from the basics such as defining a glossary of common terms which business can use as they adopt IT-enabled services into their practices.

ITIL® Objectives

ITIL®, in its objective, contributes immense value to the organisation which adopts its framework. It not only assures quality, increased availability, reduction in costs and better cost-benefit relationship but also a tremendous improvement in effectiveness in meeting requirements of a class, growth in flexibility and making the principle of adopting and adapting possible.

ITIL® helps organisations in achieving the following objectives:

  • Reduction in IT costs
  • Improvement in quality
  • Reduction in risk
  • Improvement in decision making
  • Increment in productivity
  • Organisation-wide transparency and effective communication.
  • Implementing a culture of adopting a practical approach to service management
  • Adoption of a common framework of practices

ITIL® Fundamentals

Whether it is the private or public sector, internal or external services providers, small, medium or large organisations, ITIL® continues to remain useful, relevant and evolving in every technical environment. There are some ITIL® fundamentals which are a primary reason why organisations must adopt it to ensure that their needs of IT and their customers are met.

These fundamentals include:

  1. Best Practices: ITIL® is a representation of the best practices, experiences, learning, and thoughts of the world’s best-in-class service providers.
  2. Continuous Evolvement: The success of ITIL® can easily be credited to its fundamental principle of developing continually. This ensures that organisations are enabled to derive and deliver benefits, get assured returns on investment and sustainable success.
  3. Adapt and Adopt:  ITIL® is adapted to enable organisations in:
  • Ensuring early adoption of a standard approach towards service management throughout the organisation and its processes.
  • Changing the culture of the organisation to support the sustainable and prosperous achievements of goals, enabled by IT.
  • Optimising and reducing costs.
  • Improving customer interaction as well as the relationship.
  • Coordinating across the value chain of the delivery of goods and services.

What is ITIL® Certification?

Here is a brief overview of the ITIL® Certification Program.

ITIL® serves as the primary ITSM framework for any organisation. As a person in IT, getting these certificates is essential, as they add to their skillset. Many IT professionals in the industry consider the ITIL® certifications as the Holy Bible to IT support. ITIL® V3 utilises a credit system for all its levels from the Foundation through Master levels. Each certification level earns a certain number of credits. After obtaining the requisite number of credits, the individual will take the ITIL® Master certification. In ITIL® V3, a total of 22 credits are required by a professional, if they are to earn the ITIL® Expert certification. The benefits of the ITIL® certification program include:

  • Better preparedness with an in-depth knowledge of ITIL® frameworks which enables you to work better
  • Ensures professional advancement and better pay
  • Helps you speak the language of IT professionals
  • Expanded horizons and a vision for the bigger picture

ITIL® certification is a modular programme, directed towards learning the ITIL® framework and comprises of a series of qualifications which are focused on different aspects of the ITIL® framework and its implementation.

The certification enfolds in a tiered structure which ensures that candidates have flexibility and progress through the depths of ITIL® in a sequential manner.

Recently, on the 18th of February, 2019, ITIL® 4 certifications starting with a foundation course have been released. The remaining certifications are due for release in the second half of 2019.

Under the ITIL® V3, the certifications had five levels which included:

  • Foundation
  • Practitioner
  • Intermediate
  • ExpertITIL® training 
  • Master

This system has evolved to the following under V4:

  • Foundation
  • Managing Professional
  • Strategic Leader
  • Master

It is important to note that the ITIL® system uses a credit system right from the Foundation level through the Expert levels with each certification amounting to a certain number of credits. The following chart illustrates the current ITIL® V3® credit system:

Sr. NoLevel of ITIL® certification
No. of credits awarded
1ITIL® Foundation
2
2ITIL® Practitioner
3
3

ITIL® Intermediate

Lifecycle ModuleService Strategy3
Service Design3
Service Transition3
Service Operation3
Continual Service Improvement3
Capability ModuleOperational Support and Analysis4
Planning, Protection, and Optimization4
Release, Control, and Validation4
Service Offerings and Agreements4
4Managing across the lifecycle
5
5ITIL® Expert

ITIL® Certification Levels

ITIL® Certification LevelsUnder the ITIL® V3 certification, levels are under:

1. Foundation

This is the first level in the ITIL® certifications. It focuses on ensuring that the candidate is well versed with standard terminology and methodology. They will get the knowledge required to not only support but also deliver ITIL® related services.

2. Practitioner

The Practitioner level is the second level of the ITIL® certification. In this level, the candidates are encouraged to improve their ability to adopt and adapt ITIL® for an organization.

3. Intermediate 

This is the third level of the ITIL® certification. It consists of two categories or modules of certification: Service Lifecycle and Service Capability.

The Service Lifecycle modules are:

  1. Service Strategy (SS)
  2. Service Design (SD)
  3. Service Transition (ST)
  4. Service Operation (SO)
  5. Continual Service Improvement (CSI)

The Service Capability modules are:

  1. Operational Support and Analysis (OSA)
  2. Planning, Protection, and Optimization (PPO)
  3. Release, Control, and Validation (RCV)
  4. Service Offerings and Agreements (SOA)

In the Service Lifecycle module, a lot of focus is given to management across several ITIL® processes. On the other hand, the module of Service Capability focuses on specialized as well as process-level knowledge within ITIL® processes.

4. Expert

ITIL® Expert certification is the fourth level of the ITIL® certification, and it is also delivered in modular form. This certification can be taken only by those candidates who have cleared the previous levels to ensure that they the requisite detailed knowledge and skills to clearly understand the entire system of ITIL®.

5. Master

The fifth level of the ITIL® certification is the ITIL® Master Level certification. This level focuses on strengthening and widening the mastery of the practical application of ITIL® in a variety of settings. The professionals working on ITIL® directly are usually involved in planning, operations, and management of ITSM. Through this certification, they obtain the skills to demonstrate their knowledge.

Here are some details on the levels of certifications under ITIL® V4 :

1. ITIL® Foundation Certification -  IT Service Management

The ITIL® 4 Foundation certification is designed as an introduction to ITIL® 4, and it enables candidates to look at ITSM as an end-to-end operating model for creating, delivering and continuously improving tech-enabled products and services. It helps those individuals who require a basic knowledge of the ITIL® framework. It also helps those who wish to understand how ITIL® as a framework can be used to enhance ITSM and those IT professionals working within an organisation that has adopted ITIL®.

2. ITIL® Managing Professional - ITIL® MP

ITIL® MP has four modules within itself, adding value of ITIL® Foundation, which are:

  • ITIL® Specialist Create, Deliver and Support
  • ITIL® Specialist Drive Stakeholder Value
  • ITIL® Specialist High Velocity IT
  • ITIL® Strategist Direct Plan and Improve

ITIL® MP targets those IT practitioners who work within technology and digital teams across organisations.  

3. ITIL® Strategic Leader - ITIL® SL

Within ITIL® SL, two modules embody the next stage of ITIL® evolution. The two modules are:

  • ITIL® Strategist Direct Plan and Improve
  • ITIL® Leader Digital and IT Strategy

This set is perfect for those who understand how IT services influence business strategy.

4. ITIL® Master Certificate - ITSM

ITIL® Master Certificate helps the person justify and explain a range of knowledge, principles, methods, and techniques of ITIL® Framework. It requires one to have extensive practical experience with ITIL® and demonstrative knowledge of the prospect.

To be eligible for the ITIL® Master certification, you must:

  • Be  ITIL® Expert certified
  • Have experience in IT services management for five years at least in leadership, management or higher management position.

How much does ITIL® certification cost?

Currently, ITIL® certifications are under Axelos. An individual can start the course by either using a hardcopy, PDF, ePublication or via an online subscription which can be availed directly from Axelos. While this is the primary cost, the second is the training cost. For each level of the course, there is a different cost associated. The curriculum leading to the initial certificate usually runs for two days and the courses commencing to higher certifications can run for a week or more.

There is an additional cost of re-engineering a few of the processes to enable ITIL® frameworks and enable them to comply with ITIL® guidelines. An additional cost would be the investment in the ITIL® study guide and ITIL® practice exam which is set to be between $30 to $50 respectively. Therefore, there is no fixed cost for gaining the ITIL® certification. Axelos has tied up with an institution called  Accredited Training Organisation (ATO) where one can take ITIL® training.

What are ITIL® complementary certifications?

Axelos, apart from the five levels of ITIL® certifications, also offers complementary courses under the ITIL® credit system which are known as ITIL® complementary certifications. A total of 6 credits can be earned through these additional courses. It is critical to ensure that there is no overlap between the modules at different levels, as the percentage of overlap that Axelos segregates can be divided into three categories: low, moderate and high. The candidate should focus on staying in the ‘low overlap’ zone to ensure that they earn the right credits. Axelos details the course on its website and gives a hawk-eye view of its benefit.

Who should do ITIL® certification?

ITIL® certification is acquired via classroom study and virtual IT coaching which can be supplemented with self-study. An ITIL® certification represents that the person who has it has the requisite knowledge and skills related to ITIL® structure and terminology. It also describes that he has a working knowledge of the core principles and subject areas relating to IT, which is the primary use of ITIL® technology in the management of business services. The certification is helpful for:

  • People who have the basic knowledge of ITIL® and wish to utilise it towards ensuring better control of service operation in a business situation.
  • IT professionals who want positive changes in the efficiency of a business organisation such as cost reduction.

Following professionals are recommended to take the ITIL® course:

  • IT Managers
  • IT Directors
  • Quality Analysts
  • IT Service Managers
  • Support Professionals and Engineers
  • Service Support Engineers
  • Database Administrators
  • Operations Managers
  • Owners of Business Processes

What is ITIL® Foundation?

The foundation course will act as an introduction to ITIL® 4, and it will introduce candidates to ITSM as an end-to-end operating model with a focus on creating, delivering, and improving IT-enabled products and services.

The certification aims to help:

  • People who require a fundamental understanding of the ITIL® framework.
  • Those who wish to learn how ITIL® can be useful in enhancing the IT service management.
  • IT professionals or others who are working within an organisation that has adopted ITIL®.

However, the ITIL® V4 foundation certification is helpful to anyone who has an interest in IT service management. ITIL® V4 Foundation candidates, at the end of the certificate course, will have an understanding of the following:

  • A thorough grasp of how to facilitate the co-creation of value for customers as well as other stakeholders via products and services.
  • Exposure to the guiding principles of ITIL® V4.
  • A holistic approach towards the four dimensions of Service Management.
  • Basic terminologies such as Agile, Lean, DevOps and their importance.
  • The significance of ITIL® practices and their value to your business.

Are there any Versions in ITIL® Foundation?

ITIL® has seen 4 versions till date. Each of the versions has had the same motive of helping the candidate achieve alignment between the IT systems with the business strategies.

Version 1 was launched with more than 30 volumes each covering a specific practice within ITSM. It aimed at establishing a model of controlling and managing business operations using IT.

In the year 2000-2001, in order to make ITIL® more accessible as well as affordable, a new version, ITIL® V2 endeavoured to consolidate the publications into nine sets which focus on logic and were grouped in a manner that matched different aspects of IT management and services.

Under ITIL® V3, the foundation level was introduced to candidates with the aim of exposing them to the basic concepts, key elements and common terminologies under ITIL®.

The primary purpose has not changed under the ITIL® V4, and their essential features remain the same. The updated version of ITIL® V4 merely includes advanced material on the additional best practices.  ITIL® V4 aims to address the two major complains of the ITIL® :

  • Its relationship with the ITSM community.
  • Its failure to update itself with the latest trends in IT operations and software development.

How ITIL® certification helps business?

ITIL® certification has now become essential for any business which uses digital services daily and aspires to have a flawless ITSM. An ITIL® certification helps with installing good ITSM practices within the organisation. This certification covers the whole development lifecycle of IT, all the way from recognising requirements of IT and business to maintaining and delivering the levels of service in a state of focused review and improvement. This holistic approach enhances the overall customer experience and integration of work.

To help understand the nuances better, let us explore ITIL® V3 Foundation Vs. ITIL® V4 Foundation.

ITIL® V3, which is also popularly referred to as ITIL® 2011, was the latest version before the upgrade to ITIL® V4. The new version introduced the process of the Business Relationship Management (BRM) process but other than that, most of the other elements remain the same.  An important change was that it was easier to read and many of the inconsistencies were edited out. ITIL® V4 uses newer techniques to align IT with a more evolved level of efficiency and effectiveness. It is now possible to align ITIL® with other existing methods such as IT4IT, Agile, DevOps, and Lean.

Even with ITIL® V4, the essential elements of ITIL® V3 remain the same. ITIL® V4 just ensures the inclusion of additional best practices and easier integration.

ITIL® V4 encourages lesser siloes, more collaboration and encourages communication across the whole organization with the integration of Agile, Lean and DevOps into ITSM strategies. It is made to be more flexible and customizable than ITIL® V3 i.e. more holistic.

By investing in a training course and implementing ITIL®, you can expect the following things:

  • Enhanced understanding of the customers which aid in delivering better services, long term relationships, and a sound reputation.
  • A developer guide on predicting and reacting to customer service engagement, complaints, and experience.
  • Increased productivity and better management of resources by focusing on the cost-benefit analysis.
  • Risk mitigation and management.
  • Stabilized environment for better alignment of IT and other divisions of your business.
  • Reduced incidences of service failures.
  • A growth in opportunities to network and collaborate with similar business models.
  • Enhanced value of the organisation’s service portfolio.
  • Agile adaptation to new technologies and comply faster to changing needs of the digital world
  • Direct rise in chances of an improved bottom line in your revenue statements.

Thus, through this, it is clear that ITIL® is almost inevitable for business and must be implemented within organisations who wish to keep evolving with the times and achieve their ever-changing goals with the help of IT.

To wrap it up, ITIL® is not just a straightforward skills course in IT. It equips the candidate with the requisite resources to apply the knowledge gained to the larger scope of their organization and align with business practices. This means that the candidate would have a practical hold over the best practices, especially when addressing all facets of IT management.

KnowledgeHut

KnowledgeHut

Author

KnowledgeHut is an outcome-focused global ed-tech company. We help organizations and professionals unlock excellence through skills development. We offer training solutions under the people and process, data science, full-stack development, cybersecurity, future technologies and digital transformation verticals.
Website : https://www.knowledgehut.com

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

Evolution Of Technology, It’s Important To Life

Our conflicting views on whether technology is a boon or bane can be best described by inventor and best selling author Daniel H Wilson, when he says, “We humans have a love-hate relationship with our technology. We love each new advance and we hate how fast our world is changing”. The use of technology is what distinguishes us from other animals and this has been evident throughout history. For our evolution has been deeply linked with the evolution of technology. From discovering the technological potential of fire more than 250,000 years ago to developing watermills as a source of power in the medieval ages, technology today is so futuristic as would have been unimaginable just a few decades back. The industrial age’s greatest aspect was technology. New innovations and devices made life easier. Machines that seem mundane today like the levers, pulleys, wheel and axles, screws and wedges helped usher in an age of productivity. The industrial revolution was to an extent a worldwide phenomenon and this saw technology bringing in progress to the world as a whole. Steam engines, electricity, petroleum and other technological advancements had repercussions throughout society. Coal industry, textile industry, locomotive industry, chemical industry etc brought the world closer. Another important technological advancement was in the field of medicine. Advances in areas of anatomy and physiology enhanced life expectancy and reduced illnesses. By the end of 19th century, the importance of technology had been firmly established and it was clear that dependence on it would only grow. The 20th century saw a range of technologies that evoked both awe and fear in humankind. The airplane, rockets, electronics, antibiotics, and nuclear power managed to create a social situation that offered security but always had danger looming in the fringes. The use and abuse of natural resources brought about rapid growth and prosperity to countries but with such terrible side effects as pollution and depletion of resources. And as we go into the 21st century, technology has reached a whole different level. Communication as we knew it, has changed and has turned passive and more indirect. Pagers, desktop computers and telephones have now been replaced with laptops, tablets and smartphones. People would rather message each other on various platforms rather than talk face to face. In fact, there are almost as many cell phone subscriptions (6.8 billion) as there are people living on this planet (7 billion). By 2014 there were more than 3.8 billion email accounts and this number only keeps growing. Technology today has increased our independence. Need to know where you get the best cakes in town? Just search on the internet. Don’t know how to get to the new mall? Let your GPS take you. Even when it comes to medical care, we have become more self-reliant. The need for doctors to assess our primary health conditions has reduced dramatically with the availability of blood pressure and diabetes monitors. The greatest advantage is the creation of a boundary-less communication channel. Irrespective of your nationality, sex, race or religion, you can communicate with like-minded people from across the world. But as the old adage goes, too much of anything is not good. And this holds true for technology too. Increased use of cell phones and microwave ovens have been linked to diseases caused due to radiations. An over exposure to the virtual world has created a warped sense of reality for many. We have become so attuned to communicating via social media that any face to face communication seems awkward. Technology today does not require us to leave our house. One can work from home, shop from home and receive medical care at home. This has led to isolation, a lack of social skills and an inability to conduct ourselves in public. Technology can also be credited to the creation of a great number of couch potatoes. Video games, YouTube, and social media are robbing us of our exercise time. Depression, stress and poor sleep habits are increasingly becoming common medical occurrences. And of course, there is the question of privacy and security. With our entire life being online, our lives are being constantly snooped on. Your entire life history can be accessed by any stranger with a few entries on a website. Phishing, viruses, and hacking are the new forms of robbery which not only result in huge losses but also keep the perpetrator anonymous. Addiction, lack of empathy, more violence, development issues in children, lack of attention and many more issues have been associated with technology. But can we ignore the advantages that technology has offered and go back to the basics. Can we once again live like people did in the stone ages? That thought seems more far-fetched than anything else. The bottom line is—you cannot escape technology. So how you use it and how much you allow it to pervade your life is entirely in your hands. Whether you love it or hate it, technology is here to stay!
2056
Evolution Of Technology, It’s Important To Life

Our conflicting views on whether technology is a b... Read More

Top 10 Trending Courses in Information Technology for IT Aspirants

The best part to jump to the bandwagon of information technology or IT is, there is an enormous possibility for an individual if he or she starts studying a diploma or a degree, does either a master degree or a research course. He or she can get full-fledged engineering degree. We have listed down here in order of priority, top to down for a beginners to advanced level technical course that an IT aspirant look for. Java or J2E and Its Frameworks Java or J2EE is one of the most trusted, powerful and widely used technology by almost all the medium and big organizations around domains, like banking and insurance, life science, telecom, financial services, retail and much, much more. You have many things to learn in Java or J2EE, like the core part – J2SE, JSP, STRUTS, SPRING and/or HIBERNATE. This is one of the best and most advanced sophisticated applications. If you want to learn Java, you need to start from the ab initio to the advanced level step-by-step. There are many different frameworks as well as supporting technologies to learn for Java aspirants but the given things are must learn and highly demanding in current software market. CISCO Technologies Whether you are fascinated about learning network and switching technologies, then CISCO technologies would be your choice. You can learn CCNA, CCNP and more from CISCO academy. These types of certificates are global certifications. You will get global prospects after completing and learning these types of courses. If you are not coming from engineering backgrounds, then also you can learn CCNA or CCNP, or both. Then you need to take some ad hoc classes for non-engineering students. The great number of fresher and experienced candidate, these days, are pursuing networking courses, if you are one of them, then CISCO technologies can be your choice. A majority of CISCO institutes want degree – graduation in any discipline. SAS – Statistical Analysis System SAS is a popular course. This can be your career as SAS consultant that many medium and large organizations looking for fresher and experienced SAS qualified candidates. This is nothing but a data analytics course that can give you global exposure. The demand for SAS – data analytics is growing day-by-day and the business intelligence domain has emerged one of the most trusted and lucrative option for science graduate. These days, SAS is a’ la mode for fresher and experienced science graduate. It is an integrated system of software products that help to perform critical data-entry, data-retrieval, data-management, data-mining, report writing and graphics. DBA – MySQL – SQL Server In this highly competitive as well as dynamic Software/IT industry, there is one course the one course, which is very popular and can give you stable career is, DBA. This is a course or an ad hoc for students who are interested in learning MySQL and SQL server and like to create, manage as well as maintain the huge data files and other database flavors available in the market. DBA can be your best bet for career-oriented course, when you will be conversant with database with other supporting technologies; you can easily and quickly learn MySQL and DB2 in a much shorter period. The demand for DBA courses are increasing day-by-day and the demand shows the popular it is and the effective career you get after completing these technologies. Microsoft Technologies Microsoft technologies are high in popularity these days. You can be a database developer or a MS technology developer after passing one or multiple certifications, like MCSE, MCAD, MCSD, MCDST, MCDBA, MCAS and others. For enterprise and application development MCITP is one of the best for beginners and advanced level developers. Albeit, this type of certification is not at all a programming certification, but a system maintenance kind of, but have good future prospect. Cloud Computing Today’s biggest buzz in all small, medium and large IT town is all about cloud computing. You must use Google, Amazon etc. some of the big gun of cloud technology. If you are thinking of pursuing a course that can set your future-career in cloud computing, then IaaS, PaaS, SaaS, DaaS etc. would be learnt alpha and omega of cloud computing.
2912
Top 10 Trending Courses in Information Technology ...

The best part to jump to the bandwagon of informat... Read More

Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or in more technical terms, “Penetration Testing” is not something you can master by reading an article or doing a crash course. There is much more to ethical hacking! In this article, we would have a look at what hacking is, the different types of hackers, steps involved in a hacking or penetration testing activity including common tools and techniques, how the industry looks at ethical hacking and the common certifications related to hacking. Before we jump into the details, let us understand what a vulnerability is, because we would be using this term again and again. Vulnerability is any loophole or a weakness in the system that could be exploited by a hacker. What is hacking and ethical hacking? To understand hacking, let us first understand what a hacker does. Whenever we think of a hacker, we imagine a guy with a hood, sitting in a dark room, having multiple computer screens in front of him and typing something at a blazing speed! We hate to burst your bubble, but most hackers do not fit that preconceived stereotype! A computer hacker is a person with deep domain expertise in computer systems, who is well versed in various methods of overcoming defense mechanisms by exploiting vulnerabilities in a computer system or network. A hacker could be financially or politically motivated or could be working with an organization to help them strengthen their infrastructure. Hacking refers to the activities that can overpower/derail the security mechanisms of digital devices like computers, smartphones, tablets, and even entire networks. It exploits the vulnerabilities present in the system or network to gain unauthorized access to confidential information. Hacking could be for personal benefit or with malicious intent. However, in ethical hacking, the hacker exploits the vulnerability, gains access to the data, but never alters, deletes or uses it for personal or professional gain. The hacker, in this case, will disclose the vulnerability to the owner of the system with a “Proof of Concept” (PoC) and request the owner to get the vulnerability remediated. Generally, ethical hackers have explicit permission to exploit the target from the owner. Who are the different types of hackers? Hackers can be generally categorized into three types based on the kind of work they do and the intent behind their hacking. Black Hat Hackers – These are hackers who attempt to bypass security mechanisms to gain unauthorized access with a malicious intent. Generally, these hackers work with the intent of financial gain and/or causing damage to the target. They may be individuals, self-motivated groups (also known as hacktivists who aim to bring political or social change) or politically motivated groups (state sponsored hackers). White Hat Hackers – These are professionals generally working with or for a company to help strengthen its digital security systems. The white hat hacker has explicit permission from the system or the information owner to attack the system. The intent here is to fix potential vulnerabilities before the black hat hackers could exploit them. Grey Hat Hackers – These individuals operate either as   white hat hackers or black hat hackers, hence the nomenclature. What are the steps involved in hacking? Let us take a deeper dive into ethical hacking and understand the steps involved. Throughout this section, we will look at the steps involved in ethical hacking, and some commonly used tools and techniques which hackers generally use. To illustrate our explanation, let us assume an attacker, Mr. X is targeting an organization TaxiCompany Inc. 1. Reconnaissance or Foot-printing – As per the Oxford dictionary, reconnaissance means, “the activity of getting information about an area for military purposes, using soldiers, planes, etc.”. Similarly, in hacking, reconnaissance means gathering information about your target. This information includes IP address ranges, Network, DNS Records, Websites, or people working with the organization. So, in this step, Mr. X would try to find the details of the key people working for TaxiCompany Inc., its website, etc. Reconnaissance could be active or passive in nature. In active foot printing, Mr. X would directly be scanning the network of TaxiCompany, or its websites using various tools. In passive foot printing, the Mr. X would not directly interact with any infrastructure or person. He would rather look at publicly available information from social media, public websites, etc. Commonly used tools/techniques for reconnaissance:  Who Is: Who is lookup tells you details about the website, the owner, contact number of the owner, and the address where the website is registered? You can simply visit who.is and enter the domain you wish to search for. NMAP: NMAP or the Network Map is a tool widely used for recon and scanning. Hackers can use this tool to find details like IP range, active hosts, open ports, etc. A simple command is nmap to find active hosts is “nmap -sn 192.168.1.1-100”. This command will find all active hosts in the provided IP range. Social Engineering: This is a technique, whereby the attacker engages directly or indirectly with the staff of the target organization and manipulates them psychologically to reveal confidential information. Some other tools which are used for footprinting include social media sites, Nessus, Acunetix, lullar.com 2. Scanning – Once Mr. X has some basic information about the TaxiCompany, he would start to collect in-depth information which could help him penetrate the network and access confidential information. Mr. X is most likely to use port scanners, sweepers and vulnerability scanners of different types. Mr. X could now be targeting the website or the network of the organization. For websites, using scanners like Nessus and Acunetix could give loads of information about the server where the website is hosted, open ports, server version, hosting platform, etc. In case of a network, network mapping and scanning tools will help Mr. X understand the active hosts, services (ports) running on them and with some intense scans, the OS running on the active hosts and even the vulnerabilities present! Kali Linux is a distribution of Linux operating system which is widely used by hackers around the globe for hacking and penetration testing. It contains almost every tool one would need for various steps of hacking. NMAP, wireshark, ncap, metasploit, etc. are pre-loaded in Kali Linux. Now based on the information gathered in the scanning phase, Mr. X can now easily look for vulnerabilities in the OS or the hardware using databases like NVD or CVE. Commonly used tools/techniques for scanning: Apart from NMAP, the below tools are used to perform vulnerability scanning: Nessus: The most famous vulnerability scanner from Tenable, it has 100s of plugins which allows you to make sure all vulnerabilities and misconfigurations are identified. Acunetix: Acunetix is known for its features and capabilities for web application scanning. 3. Gaining Access – Now Mr. X knows the network, active hosts, services running, details of the operating system and the vulnerabilities present. Next, Mr. X would gain access to the assets of TaxiCompany. Mr. X now has several options to penetrate the network. He can send a “Phishing Mail” to some key people (contacted using social engineering) and trick them into clicking a malicious link (and seek username and password). Alternately, he could try tricking them into downloading a malicious attachment and installing a keylogger to get all the keystrokes. This is a fairly easy task. There are certain fake-mailers like zmail or emkei.cz which allow you to send email to anyone using any email ID as the source email. Emkei is a very popular and useful tool for sending fake email and running phishing campaigns. One can design a mail looking exactly like the original one from the same email ID and trick someone into clicking or downloading something. Designing a phishing page or creating a malicious file is also possible using “Metasploit”. Metasploit allows you to create an exploit and using msfvenom (or any similar tool) you can attach this exploit to an innocent looking pdf or excel file! Once the target user inside TaxiCompany opens this attachment, Mr. X gets the meterpreter shell and can now access almost everything on the target machine. Mr. X has now successfully gained the access of a system within TaxiCompany. Now he is free to navigate the system and the network to get the information he is looking for or infect more devices! Commonly used tools/techniques for gaining access: Kali Linux: A fully loaded operating system with all the tools starting from wireshark to Metasploit to burp suite, it contains everything! Phishing: A technique where the users are lured into clicking or downloading something on their computers. It is also possible by phone calls; a common example is fraudsters pretending to be from Bank and asking card details and OTP. 4. Maintaining Access – Once Mr. X has gained access; he would probably like to secure that access or create another one to ensure that he has a persistent access to that machine. This could be done by using Trojans, Rootkits and backdoors. This is generally done to ensure that more information could be gained or to launch attacks using this machine. In a case where attacker controls a machine and uses it to launch further attacks, the machine is said to be a bot. An attacker uses several of these bots, called ‘botnet’, to launch attacks such as Distributed Denial of Service (DDoS) wherein thousands of requests are sent to a server at a time, potentially consuming all the bandwidth and forcing the legitimate traffic to drop. 5. Covering Tracks – Now Mr. X has the access to the TaxiCompany’s confidential information and one of the computer systems. He now wants to make sure that he is not caught! This is generally done by corrupting or deleting the logs. While this is done at the end, some precautions need to be taken from the onset, such as using a Virtual Private Network or a VPN. VPN is a tool which encrypts any data between the source and the destination, hence making it very difficult to intercept the data. Also, VPN ensures that your actual public IP address is not visible to the target. There is always a dummy IP address which is visible to the target. So even if someone gets to know the IP of the attacker, that would actually be only the IP address of the VPN service provider! Some common free VPN tools are Hide my Ass, Nord VPN and Express VPN. How does the industry view ethical hacking? Ethical hacking is not only about CTF, HTB and bug bounties. It is much more than that. These days every company hires ethical hackers to make sure that their network, applications and data are secure from cyberattacks. Penetration testers are highly paid within an organization and they play a key role in identifying the security vulnerabilities and helping to fix them. There are various sub domains for ethical hacking which include mobile security, web application security, network penetration testing, API security and system security. Certifications related to ethical hacking If you want to pursue a career in Cyber Security, or to be more precise, in ethical hacking, having a credential is helpful. It affirms your prowess in cyber security and gives you an edge over your counterparts during the hiring process. Below are a few certifications in the field of ethical hacking that are globally acknowledged: EC-Council Certified Ethical Hacker (CEH) – The CEH, or Certified Ethical Hacker credential is the number one certification that any aspiring ethical hacker should aspire towards. The most common certification in the field of cyber security, it provides in-depth working knowledge about ethical hacking and the concepts related to it. CompTIA Security+  –  A little less technical than the CEH, CompTIA Security+ aims at imparting fundamental knowledge of security concepts and offers less focus on practical, hands-on skills. Offensive Security’s OSCP – One of the toughest and most reputed certifications in this sector that necessitates passing a 24-hour exam, it aims to test your skill set and understanding of cyber security. KnowledgeHut offers in-depth training that can help you to prep for these sought-after certification exams. Get guidance from the experts—click here to explore ways to crack these exams at your very first attempt!  
7413
Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or... Read More

Useful links