Search

What is ITIL® V3?

Lack of standardised practices in the IT sector created a discordant environment for services, as their efficiency was considerably low and error rates were high as compared to current standards. These irregularities prompted the UK government to envision a set of guidelines for every IT Service organisation to follow. These guidelines, it was hoped, would help not only government organisations but private ones as well.Therefore, in the 1980s, the UK government, in a bid to increase efficiency and standardise IT processes, created a framework with libraries from around the globe. These multiple libraries were concentrated into seven volumes in ITIL® V2 and eventually five volumes in ITIL® V3. Each volume/certification focuses on a specific part of ITSM.What is ITIL® V3?ITIL® V3 focuses on business needs and calibrates the services according to them. Its other main purpose is also to continuously improve the services while reducing the costs at the same time. Due to ITIL® V3’s ability to smoothly combine business expertise with IT processes, which maximises customer satisfaction, it is adding value to millions of people and businesses around the world.Its principal purpose is to enable IT professionals to be business service partners as well. It aims to, therefore, combine the business aspect of ITSM - by catering to business and customer requirements - with the professional expertise of the IT industry.Brought to the public arena in 2007, ITIL® V3 was upgraded and relaunched in 2011 by AXELOS - in collaboration with Her Majesty’s Cabinet Office and Capita PLC as 2011 ITIL® V3. This version included strategic elements which aligned the modern ITSM processes to current business needs.There are three major ITIL® V3 Fundamentals which we will discuss now.ITIL® V3 Incident Management: It is not unusual that services get disrupted within an organisation, but what’s essential is to protect productivity when it happens. ITIL® V3 Incident management is a process which lays down the best set of practices in the industry to effectively handle an incident without much downtime and also ensuring smooth business productivity.ITIL® V3 Change Management: Existing solutions/applications need to be upgraded to keep up with modern technological advancements as well as business needs. It, therefore, becomes essential that such changes do not directly or indirectly affect productivity. ITIL® V3 Change Management focuses on avoiding downtimes by handling, prioritising, and rolling out the required changes.ITIL® V3 Problem Management: Many times, we start getting similar kind of incidents. This is the indication to club all of them into a single problem. The problem aims to provide an RCA (Root cause analysis) of the issue and until then, to also provide a workaround. ITIL® V3 Problem Management helps in managing such problems and avoiding major issues. It also maintains a Known Error Database (KEDB) whose solution is unknown.ITIL® examsITIL® V3 contains five sections as part of the IT service lifecycle, and each section includes multiple processes. ITIL® offers flexibility to an organisation in the form of freedom to adopt any or all of the processes from a particular section. ITIL® is a collection of e-books. Its examinations were earlier administered by EXIN and ISEB, both of which are independent bodies. Both of these bodies gave their certification according to your location.The two independent bodies formed an alliance during late 2006 to further ITSM. Currently, all exams and certificates are being administered by Accredited Training Organisations (ATOs). These accreditations are themselves administered by Strategic Examination Institutes. These, in turn, need to be accredited directly by AXELOS which enables them to offer certification to the ATOs.Benefits of implementing ITIL® in an organisationITIL® powers a well-run IT organisation that not only works efficiently but also keeps optimising the services regularly to provide greater customer experience. Some of the key benefits of implementing ITIL® in an IT organisation as well as businesses are as follows:Cost-effective runIncreased efficiency and productivityIncreased customer satisfactionProvision of comprehensive guidance and standards to followLesser downtime during a service disruptionMinimal service disruptionsEasily manageable incidentsAn easily scaling and changing environmentSome of the examples of accessible services and applications designed with ITIL® and ITSM are:SamanageInvGate Service DeskManageEngine ServiceDesk PlusVision HelpDeskGiants like Disney and Sony are prime examples of how one can manage services within a big organisation. Learners can easily take up these case studies to understand the ground situation in the industry. All in all, ITIL® provides a streamlined framework which helps in managing risks, reducing costs while monitoring day to day activities, and finally improvising the course through learning.What are the five sections of the ITIL® V3 Framework?The ITIL® Framework has five sections which have evolved over time to reflect the needs of the business and the IT environment. Briefly, this evolution can be described as under: The first release of ITIL®, released by the UK government to standardise the IT standards, boasted of multiple volumes collected from professionals worldwide.The second release of ITIL® V2 consisted of 7 volumes which concentrated all past volumes of IT basic operations.ITIL® V3 is more focused on the business side of the industry along with other aspects as well.ITIL® V3, hence, comprises of five sections which cover all aspects of ITSM. These sections further include multiple processes which the organisations implement according to their needs.Service StrategyService DesignService TransitionService OperationContinual Service ImprovementThese five sections cover the lifecycle of service in ITSM. We will discuss each section one by one to get a clear understanding of what each section contributes towards the lifecycle.Service Strategy: As ITIL® V3 is focused more on the business aspect of ITSM, this section is dedicated to catering to the business cases. It checks on the defined business goals and their new requirements. It further develops a strategy which helps provide a service the business needs in a cost-effective and efficient way.Service Design: After the requirements are gathered from the business, this section helps in implementing those requirements in the form of architecture, processes, policies, and documentation. It fulfils its role by providing comprehensive guidance.Service Transition: Changes in technology and business needs are inevitable, which is why it is imperative that such changes, when they are deployed, do not hinder or disrupt the ongoing services. This stage, therefore, looks after the transition stage of service. When a service is transitioning into the business environment, this section provides guidance and processes activities.  Service Operation: This section is more pertaining to the customer. It ensures that every business meets its customer expectations or requirements. It focuses on processes and delivery activities to ensure smooth working of daily operational tasks by monitoring given services.Continual Service Improvement: As the name suggests, this section is for the improvement of services. Based on its learning, which it receives through past services’ failures/successes, it introduces changes to the existing services.Roles in this space, of ITIL® and ITSM, can be elaborated as under:What is ITIL® V3 credit system?ITIL® V3 has a credit system which awards recognition through certificate-based examination. There are multiple certifications and with each one, you accumulate credits.You can enhance your reputation in the IT industry by rising through the ranks of ITIL® certifications which is awarded on a credit-basis exam. Credits are required to be eligible for higher certifications.The ITIL® V4 modules vary slightly from the ITIL® V3 structure and will be released during 2019, with Foundation being made available in February 2019. Modules, including the ITIL® Specialist module, the ITIL® Strategist and the ITIL® Leader will be released in the latter half of 2019.  Post the ITIL® V4 Foundation level; the candidate can choose to pursue either the ITIL® Managing Professional (ITIL® MP) or ITIL® Strategic Leader (ITIL® SL). End-learners must complete both - the ITIL® MP and ITIL® SL - to be eligible to certify as an ITIL® Master.To be certified as an ITIL® Managing Professional, the candidate must complete the following modules:ITIL® V4 FoundationITIL® Specialist: Create, Deliver & SupportITIL® Specialist: Drive Stakeholder ValueITIL® Specialist: High-Velocity ITITIL® Strategist: Direct, Plan & ImproveTo be certified as an ITIL® SL, candidates must complete the following modules:ITIL® 4 FoundationITIL® Strategist: Direct, Plan & ImproveITIL® Leader: Digital and IT StrategyThe ITIL® Strategist: Direct, Plan & Improve is a universal module for both the ITIL® streams. This is followed by the MALC i.e.  Managing Across The Lifecycle, ITIL® Expert and then the ITIL® Master, all of which are advanced levels to ensure the candidate attains the ITIL® certification.Some important pointers of ITIL® V4 are as under:Start with the ITIL 4 Foundation certification which fetches you two credits and its corresponding Foundation certificate.For each specialization after Foundation, until MALC, you will be awarded three or four credits depending upon the certification. ITIL® Practitioner certification fetches you three credits while covering the whole spectrum of the best practices.ITIL® Practitioner can be taken either immediately after Foundation or after before MALC and after completion of rest of the certifications.Before Managing across the Lifecycle (MALC), you can gather 17 credits in any order you prefer.To advance to ITIL® Expert level, you’d need a total of 22 credits including an ITIL® Practitioner certification and then MALC.It is important to note that the ITIL® system uses a credit system right from the Foundation level through the Expert levels with each certification amounting to a certain number of credits. The following chart illustrates the current ITIL® credit system:Sr. NoLevel of ITIL® certificationNo. of credits awarded1ITIL® Foundation22ITIL® Practitioner33ITIL® IntermediateLifecycle ModuleService Strategy3Service Design3Service Transition3Service Operation3Continual Service Improvement3Capability ModuleOperational Support and Analysis4Planning, Protection, and Optimization4Release, Control, and Validation4Service Offerings and Agreements44Managing across the lifecycle55ITIL® ExpertWhat are the ITIL® V3 services and processes?As part of the lifecycle of ITIL® V3 services, five sections are defined and each of them plays a key role in the service’s life. These five sections contain multiple processes, which in turn, are adopted by the companies or organisations into their teams.Starting from the planning, according to the business needs, to the improvement or the eventual retiring of a service, ITIL® V3 covers all stages of ITSM. Due to the coverage it provides, it has become an essential part of ITSM.There are millions of ITIL® V3 professionals around the globeIt is up to an organisation as to which processes of a section it may want to select and what not. This property of ITIL® makes it flexible for implementation purposes.The five sections in a lifecycle of an ITIL® V3 service are:Service Strategy: It strategizes how to create a service that caters to the needs of a business. Processes included under Service Strategy are:Strategy GenerationFinancial ManagementDemand ManagementService Portfolio ManagementService Design: All the infrastructure, technology, processes, and policies of service along with other things are designed in this section with the help of the following processes:Service Catalog ManagementService Level ManagementAvailability ManagementCapacity ManagementIT Service Continuity ManagementInformation Security ManagementSupplier Management      Service Transition: All the changes introduced in the services are needed to be smooth and non-disrupting to productivity. This section covers that with the help of the following processes:Transition Planning and SupportChange ManagementService Asset and Configuration ManagementRelease and Deployment ManagementService Validation and TestingEvaluationKnowledge ManagementService Operation: This section ensures the smooth running of daily operational tasks and checks whether the business is meeting customer requirements or not. It accomplishes this task with the help of the following processes:Event ManagementIncident ManagementRequest FulfillmentProblem ManagementAccess Management      Continual Service Improvement: To continuously improve the efficiency of the services through learning from past services, this section employs the following processes:The 7 improvement processService MeasurementService Reporting      Difference between ITIL® V2 & ITIL® V3With the introduction of ITIL® V3, AXELOS aimed to focus more on the business needs of the industry, instead of just concentrating all resources on the basic IT operations - which ITIL® V2 did. The ITIL® V2 contained the following disciplines:Service SupportService DeliveryWe can conclude from the above disciplines that the sole aim of ITIL® V2 was to support basic IT processes. ITIL® V3, on the other hand, extends this support to the whole lifecycle of a service and more importantly, catering to the needs of the business and customers.Besides these, ITIL® V3 has other major differences and upgrades from ITIL® V2 which we have compiled and shown in the table below:ITIL® V2ITIL® V3Majorly process-orientedFocused on the complete lifecycle of service in ITSM (including business needs)Has seven volumesHas five volumesEfficient and cost-effective processesStrategic emphasis is given along with efficiency and cost-effectiveness to the processA singular function was divided into ten processes25 processes categorised suitably under four functionsNo clear assignment of roles in processesRoles and responsibilities are clearly defined for each processFocused on “what” perspective - “what can be done and why”Aimed at the “how” approach - how it can be doneIncludes 700 pages of publicationsIncludes 1400 pages of its five key publicationsFocuses on the theoretical part of the business in ITSMFocuses on the practical aspect and aligns much better with the needs of modern business
Rated 4.5/5 based on 1 customer reviews

What is ITIL® V3?

9990
What is ITIL® V3?

Lack of standardised practices in the IT sector created a discordant environment for services, as their efficiency was considerably low and error rates were high as compared to current standards. These irregularities prompted the UK government to envision a set of guidelines for every IT Service organisation to follow. These guidelines, it was hoped, would help not only government organisations but private ones as well.

Therefore, in the 1980s, the UK government, in a bid to increase efficiency and standardise IT processes, created a framework with libraries from around the globe. These multiple libraries were concentrated into seven volumes in ITIL® V2 and eventually five volumes in ITIL® V3. Each volume/certification focuses on a specific part of ITSM.

What is ITIL® V3?

ITIL® V3 focuses on business needs and calibrates the services according to them. Its other main purpose is also to continuously improve the services while reducing the costs at the same time. Due to ITIL® V3’s ability to smoothly combine business expertise with IT processes, which maximises customer satisfaction, it is adding value to millions of people and businesses around the world.

Its principal purpose is to enable IT professionals to be business service partners as well. It aims to, therefore, combine the business aspect of ITSM - by catering to business and customer requirements - with the professional expertise of the IT industry.

Brought to the public arena in 2007, ITIL® V3 was upgraded and relaunched in 2011 by AXELOS - in collaboration with Her Majesty’s Cabinet Office and Capita PLC as 2011 ITIL® V3. This version included strategic elements which aligned the modern ITSM processes to current business needs.

There are three major ITIL® V3 Fundamentals which we will discuss now.

Three major ITIL Fundamentals

  • ITIL® V3 Incident Management: It is not unusual that services get disrupted within an organisation, but what’s essential is to protect productivity when it happens. ITIL® V3 Incident management is a process which lays down the best set of practices in the industry to effectively handle an incident without much downtime and also ensuring smooth business productivity.
  • ITIL® V3 Change Management: Existing solutions/applications need to be upgraded to keep up with modern technological advancements as well as business needs. It, therefore, becomes essential that such changes do not directly or indirectly affect productivity. ITIL® V3 Change Management focuses on avoiding downtimes by handling, prioritising, and rolling out the required changes.
  • ITIL® V3 Problem Management: Many times, we start getting similar kind of incidents. This is the indication to club all of them into a single problem. The problem aims to provide an RCA (Root cause analysis) of the issue and until then, to also provide a workaround. ITIL® V3 Problem Management helps in managing such problems and avoiding major issues. It also maintains a Known Error Database (KEDB) whose solution is unknown.

ITIL® exams

ITIL® V3 contains five sections as part of the IT service lifecycle, and each section includes multiple processes. ITIL® offers flexibility to an organisation in the form of freedom to adopt any or all of the processes from a particular section. ITIL® is a collection of e-books. Its examinations were earlier administered by EXIN and ISEB, both of which are independent bodies. Both of these bodies gave their certification according to your location.

The two independent bodies formed an alliance during late 2006 to further ITSM. Currently, all exams and certificates are being administered by Accredited Training Organisations (ATOs). These accreditations are themselves administered by Strategic Examination Institutes. These, in turn, need to be accredited directly by AXELOS which enables them to offer certification to the ATOs.

Benefits of implementing ITIL® in an organisation

Benefits of implementing ITIL

ITIL® powers a well-run IT organisation that not only works efficiently but also keeps optimising the services regularly to provide greater customer experience. Some of the key benefits of implementing ITIL® in an IT organisation as well as businesses are as follows:

  • Cost-effective run
  • Increased efficiency and productivity
  • Increased customer satisfaction
  • Provision of comprehensive guidance and standards to follow
  • Lesser downtime during a service disruption
  • Minimal service disruptions
  • Easily manageable incidents
  • An easily scaling and changing environment

Some of the examples of accessible services and applications designed with ITIL® and ITSM are:

  • Samanage
  • InvGate Service Desk
  • ManageEngine ServiceDesk Plus
  • Vision HelpDesk

Giants like Disney and Sony are prime examples of how one can manage services within a big organisation. Learners can easily take up these case studies to understand the ground situation in the industry. All in all, ITIL® provides a streamlined framework which helps in managing risks, reducing costs while monitoring day to day activities, and finally improvising the course through learning.

What are the five sections of the ITIL® V3 Framework?

The ITIL® Framework has five sections which have evolved over time to reflect the needs of the business and the IT environment. Briefly, this evolution can be described as under:

  • The first release of ITIL®, released by the UK government to standardise the IT standards, boasted of multiple volumes collected from professionals worldwide.
  • The second release of ITIL® V2 consisted of 7 volumes which concentrated all past volumes of IT basic operations.
  • ITIL® V3 is more focused on the business side of the industry along with other aspects as well.

ITIL® V3, hence, comprises of five sections which cover all aspects of ITSM. These sections further include multiple processes which the organisations implement according to their needs.

five sections of the ITIL® V3 Framework

  • Service Strategy
  • Service Design
  • Service Transition
  • Service Operation
  • Continual Service Improvement

These five sections cover the lifecycle of service in ITSM. We will discuss each section one by one to get a clear understanding of what each section contributes towards the lifecycle.

  • Service Strategy: As ITIL® V3 is focused more on the business aspect of ITSM, this section is dedicated to catering to the business cases. It checks on the defined business goals and their new requirements. It further develops a strategy which helps provide a service the business needs in a cost-effective and efficient way.
  • Service Design: After the requirements are gathered from the business, this section helps in implementing those requirements in the form of architecture, processes, policies, and documentation. It fulfils its role by providing comprehensive guidance.
  • Service Transition: Changes in technology and business needs are inevitable, which is why it is imperative that such changes, when they are deployed, do not hinder or disrupt the ongoing services. This stage, therefore, looks after the transition stage of service. When a service is transitioning into the business environment, this section provides guidance and processes activities.  
  • Service Operation: This section is more pertaining to the customer. It ensures that every business meets its customer expectations or requirements. It focuses on processes and delivery activities to ensure smooth working of daily operational tasks by monitoring given services.
  • Continual Service Improvement: As the name suggests, this section is for the improvement of services. Based on its learning, which it receives through past services’ failures/successes, it introduces changes to the existing services.

Roles in this space, of ITIL® and ITSM, can be elaborated as under:

Roles in ITIL

What is ITIL® V3 credit system?

ITIL® V3 credit system

ITIL® V3 has a credit system which awards recognition through certificate-based examination. There are multiple certifications and with each one, you accumulate credits.

You can enhance your reputation in the IT industry by rising through the ranks of ITIL® certifications which is awarded on a credit-basis exam. Credits are required to be eligible for higher certifications.

The ITIL® V4 modules vary slightly from the ITIL® V3 structure and will be released during 2019, with Foundation being made available in February 2019. Modules, including the ITIL® Specialist module, the ITIL® Strategist and the ITIL® Leader will be released in the latter half of 2019.  

Post the ITIL® V4 Foundation level; the candidate can choose to pursue either the ITIL® Managing Professional (ITIL® MP) or ITIL® Strategic Leader (ITIL® SL). End-learners must complete both - the ITIL® MP and ITIL® SL - to be eligible to certify as an ITIL® Master.

To be certified as an ITIL® Managing Professional, the candidate must complete the following modules:

  • ITIL® V4 Foundation
  • ITIL® Specialist: Create, Deliver & Support
  • ITIL® Specialist: Drive Stakeholder Value
  • ITIL® Specialist: High-Velocity IT
  • ITIL® Strategist: Direct, Plan & Improve

To be certified as an ITIL® SL, candidates must complete the following modules:

  • ITIL® 4 Foundation
  • ITIL® Strategist: Direct, Plan & Improve
  • ITIL® Leader: Digital and IT Strategy

The ITIL® Strategist: Direct, Plan & Improve is a universal module for both the ITIL® streams. This is followed by the MALC i.e.  Managing Across The Lifecycle, ITIL® Expert and then the ITIL® Master, all of which are advanced levels to ensure the candidate attains the ITIL® certification.

Some important pointers of ITIL® V4 are as under:

  • Start with the ITIL 4 Foundation certification which fetches you two credits and its corresponding Foundation certificate.
  • For each specialization after Foundation, until MALC, you will be awarded three or four credits depending upon the certification. ITIL® Practitioner certification fetches you three credits while covering the whole spectrum of the best practices.
  • ITIL® Practitioner can be taken either immediately after Foundation or after before MALC and after completion of rest of the certifications.
  • Before Managing across the Lifecycle (MALC), you can gather 17 credits in any order you prefer.
  • To advance to ITIL® Expert level, you’d need a total of 22 credits including an ITIL® Practitioner certification and then MALC.

It is important to note that the ITIL® system uses a credit system right from the Foundation level through the Expert levels with each certification amounting to a certain number of credits. The following chart illustrates the current ITIL® credit system:

Sr. No
Level of ITIL® certificationNo. of credits awarded
1ITIL® Foundation
2
2ITIL® Practitioner
3
3ITIL® IntermediateLifecycle ModuleService Strategy
3
Service Design
3
Service Transition
3
Service Operation
3
Continual Service Improvement
3
Capability ModuleOperational Support and Analysis
4
Planning, Protection, and Optimization
4
Release, Control, and Validation
4
Service Offerings and Agreements
4
4Managing across the lifecycle
5
5ITIL® Expert

What are the ITIL® V3 services and processes?

As part of the lifecycle of ITIL® V3 services, five sections are defined and each of them plays a key role in the service’s life. These five sections contain multiple processes, which in turn, are adopted by the companies or organisations into their teams.

Starting from the planning, according to the business needs, to the improvement or the eventual retiring of a service, ITIL® V3 covers all stages of ITSM. Due to the coverage it provides, it has become an essential part of ITSM.

There are millions of ITIL® V3 professionals around the globe

It is up to an organisation as to which processes of a section it may want to select and what not. This property of ITIL® makes it flexible for implementation purposes.

The five sections in a lifecycle of an ITIL® V3 service are:

  • Service Strategy: It strategizes how to create a service that caters to the needs of a business. Processes included under Service Strategy are:
    • Strategy Generation
    • Financial Management
    • Demand Management
    • Service Portfolio Management
  • Service Design: All the infrastructure, technology, processes, and policies of service along with other things are designed in this section with the help of the following processes:
    • Service Catalog Management
    • Service Level Management
    • Availability Management
    • Capacity Management
    • IT Service Continuity Management
    • Information Security Management
    • Supplier Management      
  • Service Transition: All the changes introduced in the services are needed to be smooth and non-disrupting to productivity. This section covers that with the help of the following processes:
    • Transition Planning and Support
    • Change Management
    • Service Asset and Configuration Management
    • Release and Deployment Management
    • Service Validation and Testing
    • Evaluation
    • Knowledge Management
  • Service Operation: This section ensures the smooth running of daily operational tasks and checks whether the business is meeting customer requirements or not. It accomplishes this task with the help of the following processes:
    • Event Management
    • Incident Management
    • Request Fulfillment
    • Problem Management
    • Access Management      
  • Continual Service Improvement: To continuously improve the efficiency of the services through learning from past services, this section employs the following processes:
    • The 7 improvement process
    • Service Measurement
    • Service Reporting      

Difference between ITIL® V2 & ITIL® V3

With the introduction of ITIL® V3, AXELOS aimed to focus more on the business needs of the industry, instead of just concentrating all resources on the basic IT operations - which ITIL® V2 did. The ITIL® V2 contained the following disciplines:

  • Service Support
  • Service Delivery

We can conclude from the above disciplines that the sole aim of ITIL® V2 was to support basic IT processes. ITIL® V3, on the other hand, extends this support to the whole lifecycle of a service and more importantly, catering to the needs of the business and customers.

Besides these, ITIL® V3 has other major differences and upgrades from ITIL® V2 which we have compiled and shown in the table below:

ITIL® V2
ITIL® V3
Majorly process-oriented
Focused on the complete lifecycle of service in ITSM (including business needs)
Has seven volumes
Has five volumes
Efficient and cost-effective processes
Strategic emphasis is given along with efficiency and cost-effectiveness to the process
A singular function was divided into ten processes
25 processes categorised suitably under four functions
No clear assignment of roles in processes
Roles and responsibilities are clearly defined for each process
Focused on “what” perspective - “what can be done and why”
Aimed at the “how” approach - how it can be done
Includes 700 pages of publications
Includes 1400 pages of its five key publications
Focuses on the theoretical part of the business in ITSM
Focuses on the practical aspect and aligns much better with the needs of modern business
KnowledgeHut

KnowledgeHut

Author

KnowledgeHut is an outcome-focused global ed-tech company. We help organizations and professionals unlock excellence through skills development. We offer training solutions under the people and process, data science, full-stack development, cybersecurity, future technologies and digital transformation verticals.
Website : https://www.knowledgehut.com

Join the Discussion

Your email address will not be published. Required fields are marked *

1 comments

Antony 09 Apr 2019

Good one

Suggested Blogs

Measuring outcomes, not IT availability

The service level agreement (SLA) model has always served as a guarantee of a service in the IT world.Traditionally, SLAs have sought to measure what is perceived as quality of service by IT organizations using traditional metrics based on IT infrastructure and applications, such as “server up/down” or response times of an IT software application.  While this may have worked for technology that was less complex, it is not viable in today’s times. Historical role of SLAsIT and IT service management (ITSM) have always been highly influenced by SLAs, influencing behaviours, prioritizations of resources and steerage of relationships. Unfortunately, SLAs have largely created a negative culture between IT organizations and service providers. The construct of SLAs is the main reason IT departments are not perceived as innovative and strategic. IT organizations are often seen by the business as underperforming, disconnected from the needs of the business and simply a “commodity” rather than a partner. One of the major factors is that IT continues to design and report on metrics that have little to no value and do not demonstrate how IT is contributing to an organization’s business outcomes. “Watermelon reporting” is a common phrase often attributed to a service provider’s performance reporting. Typically, these SLA reports depict that the service provider has adhered to the agreed service levels and met all contractual service level targets. It looks “green” on the outside, just like a watermelon. However, the level of service perceived by the business does not reflect the “green” status reported (it might actually be “red”, like the inside of a watermelon); and this is regularly a source of annoyance to the rest of the organization. For instance, a typical SLA model might state that there can be no more than four priority 2 incidents within an agreed measurement window. Surely, once that target is met, the service provider is now motivated to focus on another customer’s priority 2 targets. Conversely, service providers are typically reluctant to agree to binding service levels for priority 3 and 4 incidents; these are typically agreed as “best effects” to restore services with KPIs (which attract no financial penalties). The result is that priority 3 and 4 issues take forever to get fixed and become the bugbear of IT users! Unfortunately, IT organizations and ITSM frameworks continue to use this outdated SLA model because it’s what they are comfortable with. In my experience, service level agreements are not typically negotiated or fully consulted with representatives from the business (the people that actually use the IT service); negotiations with service providers and the design of service levels is usually a procurement function. Procurement teams sometimes make proud statements about negotiating an agreement of “99.8% availability” with a service provider without articulating what this actually means. While suppliers measure availability differently, its relative meaning needs to be closely examined. In the past, it meant the server was up; today, there are so many components, integrations and different suppliers enabling a business process that the meaning has changed irrevocably. Combining business and IT objectives A meaningful use of SLAs includes measuring business processes mapped to business outcomes. In line with the ITIL principle “Focus on value”, outcomesare what matters more than outputs. Measuring business outcomes also takes serviced consumption into consideration, not only service delivery. This is what ITIL describes as the “co-creation of value through service relationship” in which “customers are an essential element in the process of creating value”. Considering the example of an airline, it’s now possible to report the availability of business processes, for example, check in passengers, provide the correct meals for special dietary requirements and allocate seats on a flight. This certainly sees a far more customer focused measurement than the previous SLA that measures whether the system overall is available/unavailable. To arrive at this understanding, it’s necessary to decouple the service and look at what you’re measuring. In the airline business, for instance, you recognize that the real value of an SLA is enabling customers to complete their journey. Whether the IT system is “up” for 99.8% is irrelevant. ITIL®: the SLA today and tomorrow ITIL®4 talks about facilitating value co-creation via a service value system: different components and activities working together to facilitate value creation through IT-enabled services. There are different types of end users including front-line staff and operational people and they all have different motivations, limitations and environments.ITIL®4 humanizes the guidance across the board. Applying design thinking to ITIL is more about understanding human behaviour of users. ITIL process owners often make erroneous assumptions about human behaviour, springing from a poor understanding of users’ environments, motivations and their inclination (or disinclination) to call the Service Desk. ITIL 4 emphasizes the importance of collaboration, transparency, automation where possible and working holistically. SLA: An outcome-based future The dream SLA model of the future is an outcome-based agreement by which external or internal service providers understand their role and how they collectively contribute to an organizations’ business outcomes. This approach changes the model from a silo-based, “finger pointing” culture to a more proactive and strategic partnership between IT, their service providers and the business which IT is there to serve. Without this approach, IT will continue to address the issues inadequately and generate reports that offer very little use to anybody. Effective IT organizations must change how they measure in order to be innovative and show the organizations they support how much they’re contributing to business outcomes.
Rated 4.5/5 based on 45 customer reviews
15314
Measuring outcomes, not IT availability

The service level agreement (SLA) model has always... Read More

Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or in more technical terms, “Penetration Testing” is not something you can master by reading an article or doing a crash course. There is much more to ethical hacking! In this article, we would have a look at what hacking is, the different types of hackers, steps involved in a hacking or penetration testing activity including common tools and techniques, how the industry looks at ethical hacking and the common certifications related to hacking. Before we jump into the details, let us understand what a vulnerability is, because we would be using this term again and again. Vulnerability is any loophole or a weakness in the system that could be exploited by a hacker. What is hacking and ethical hacking? To understand hacking, let us first understand what a hacker does. Whenever we think of a hacker, we imagine a guy with a hood, sitting in a dark room, having multiple computer screens in front of him and typing something at a blazing speed! We hate to burst your bubble, but most hackers do not fit that preconceived stereotype! A computer hacker is a person with deep domain expertise in computer systems, who is well versed in various methods of overcoming defense mechanisms by exploiting vulnerabilities in a computer system or network. A hacker could be financially or politically motivated or could be working with an organization to help them strengthen their infrastructure. Hacking refers to the activities that can overpower/derail the security mechanisms of digital devices like computers, smartphones, tablets, and even entire networks. It exploits the vulnerabilities present in the system or network to gain unauthorized access to confidential information. Hacking could be for personal benefit or with malicious intent. However, in ethical hacking, the hacker exploits the vulnerability, gains access to the data, but never alters, deletes or uses it for personal or professional gain. The hacker, in this case, will disclose the vulnerability to the owner of the system with a “Proof of Concept” (PoC) and request the owner to get the vulnerability remediated. Generally, ethical hackers have explicit permission to exploit the target from the owner. Who are the different types of hackers? Hackers can be generally categorized into three types based on the kind of work they do and the intent behind their hacking. Black Hat Hackers – These are hackers who attempt to bypass security mechanisms to gain unauthorized access with a malicious intent. Generally, these hackers work with the intent of financial gain and/or causing damage to the target. They may be individuals, self-motivated groups (also known as hacktivists who aim to bring political or social change) or politically motivated groups (state sponsored hackers). White Hat Hackers – These are professionals generally working with or for a company to help strengthen its digital security systems. The white hat hacker has explicit permission from the system or the information owner to attack the system. The intent here is to fix potential vulnerabilities before the black hat hackers could exploit them. Grey Hat Hackers – These individuals operate either as   white hat hackers or black hat hackers, hence the nomenclature. What are the steps involved in hacking? Let us take a deeper dive into ethical hacking and understand the steps involved. Throughout this section, we will look at the steps involved in ethical hacking, and some commonly used tools and techniques which hackers generally use. To illustrate our explanation, let us assume an attacker, Mr. X is targeting an organization TaxiCompany Inc. 1. Reconnaissance or Foot-printing – As per the Oxford dictionary, reconnaissance means, “the activity of getting information about an area for military purposes, using soldiers, planes, etc.”. Similarly, in hacking, reconnaissance means gathering information about your target. This information includes IP address ranges, Network, DNS Records, Websites, or people working with the organization. So, in this step, Mr. X would try to find the details of the key people working for TaxiCompany Inc., its website, etc. Reconnaissance could be active or passive in nature. In active foot printing, Mr. X would directly be scanning the network of TaxiCompany, or its websites using various tools. In passive foot printing, the Mr. X would not directly interact with any infrastructure or person. He would rather look at publicly available information from social media, public websites, etc. Commonly used tools/techniques for reconnaissance:  Who Is: Who is lookup tells you details about the website, the owner, contact number of the owner, and the address where the website is registered? You can simply visit who.is and enter the domain you wish to search for. NMAP: NMAP or the Network Map is a tool widely used for recon and scanning. Hackers can use this tool to find details like IP range, active hosts, open ports, etc. A simple command is nmap to find active hosts is “nmap -sn 192.168.1.1-100”. This command will find all active hosts in the provided IP range. Social Engineering: This is a technique, whereby the attacker engages directly or indirectly with the staff of the target organization and manipulates them psychologically to reveal confidential information. Some other tools which are used for footprinting include social media sites, Nessus, Acunetix, lullar.com 2. Scanning – Once Mr. X has some basic information about the TaxiCompany, he would start to collect in-depth information which could help him penetrate the network and access confidential information. Mr. X is most likely to use port scanners, sweepers and vulnerability scanners of different types. Mr. X could now be targeting the website or the network of the organization. For websites, using scanners like Nessus and Acunetix could give loads of information about the server where the website is hosted, open ports, server version, hosting platform, etc. In case of a network, network mapping and scanning tools will help Mr. X understand the active hosts, services (ports) running on them and with some intense scans, the OS running on the active hosts and even the vulnerabilities present! Kali Linux is a distribution of Linux operating system which is widely used by hackers around the globe for hacking and penetration testing. It contains almost every tool one would need for various steps of hacking. NMAP, wireshark, ncap, metasploit, etc. are pre-loaded in Kali Linux. Now based on the information gathered in the scanning phase, Mr. X can now easily look for vulnerabilities in the OS or the hardware using databases like NVD or CVE. Commonly used tools/techniques for scanning: Apart from NMAP, the below tools are used to perform vulnerability scanning: Nessus: The most famous vulnerability scanner from Tenable, it has 100s of plugins which allows you to make sure all vulnerabilities and misconfigurations are identified. Acunetix: Acunetix is known for its features and capabilities for web application scanning. 3. Gaining Access – Now Mr. X knows the network, active hosts, services running, details of the operating system and the vulnerabilities present. Next, Mr. X would gain access to the assets of TaxiCompany. Mr. X now has several options to penetrate the network. He can send a “Phishing Mail” to some key people (contacted using social engineering) and trick them into clicking a malicious link (and seek username and password). Alternately, he could try tricking them into downloading a malicious attachment and installing a keylogger to get all the keystrokes. This is a fairly easy task. There are certain fake-mailers like zmail or emkei.cz which allow you to send email to anyone using any email ID as the source email. Emkei is a very popular and useful tool for sending fake email and running phishing campaigns. One can design a mail looking exactly like the original one from the same email ID and trick someone into clicking or downloading something. Designing a phishing page or creating a malicious file is also possible using “Metasploit”. Metasploit allows you to create an exploit and using msfvenom (or any similar tool) you can attach this exploit to an innocent looking pdf or excel file! Once the target user inside TaxiCompany opens this attachment, Mr. X gets the meterpreter shell and can now access almost everything on the target machine. Mr. X has now successfully gained the access of a system within TaxiCompany. Now he is free to navigate the system and the network to get the information he is looking for or infect more devices! Commonly used tools/techniques for gaining access: Kali Linux: A fully loaded operating system with all the tools starting from wireshark to Metasploit to burp suite, it contains everything! Phishing: A technique where the users are lured into clicking or downloading something on their computers. It is also possible by phone calls; a common example is fraudsters pretending to be from Bank and asking card details and OTP. 4. Maintaining Access – Once Mr. X has gained access; he would probably like to secure that access or create another one to ensure that he has a persistent access to that machine. This could be done by using Trojans, Rootkits and backdoors. This is generally done to ensure that more information could be gained or to launch attacks using this machine. In a case where attacker controls a machine and uses it to launch further attacks, the machine is said to be a bot. An attacker uses several of these bots, called ‘botnet’, to launch attacks such as Distributed Denial of Service (DDoS) wherein thousands of requests are sent to a server at a time, potentially consuming all the bandwidth and forcing the legitimate traffic to drop. 5. Covering Tracks – Now Mr. X has the access to the TaxiCompany’s confidential information and one of the computer systems. He now wants to make sure that he is not caught! This is generally done by corrupting or deleting the logs. While this is done at the end, some precautions need to be taken from the onset, such as using a Virtual Private Network or a VPN. VPN is a tool which encrypts any data between the source and the destination, hence making it very difficult to intercept the data. Also, VPN ensures that your actual public IP address is not visible to the target. There is always a dummy IP address which is visible to the target. So even if someone gets to know the IP of the attacker, that would actually be only the IP address of the VPN service provider! Some common free VPN tools are Hide my Ass, Nord VPN and Express VPN. How does the industry view ethical hacking? Ethical hacking is not only about CTF, HTB and bug bounties. It is much more than that. These days every company hires ethical hackers to make sure that their network, applications and data are secure from cyberattacks. Penetration testers are highly paid within an organization and they play a key role in identifying the security vulnerabilities and helping to fix them. There are various sub domains for ethical hacking which include mobile security, web application security, network penetration testing, API security and system security. Certifications related to ethical hacking If you want to pursue a career in Cyber Security, or to be more precise, in ethical hacking, having a credential is helpful. It affirms your prowess in cyber security and gives you an edge over your counterparts during the hiring process. Below are a few certifications in the field of ethical hacking that are globally acknowledged: EC-Council Certified Ethical Hacker (CEH) – The CEH, or Certified Ethical Hacker credential is the number one certification that any aspiring ethical hacker should aspire towards. The most common certification in the field of cyber security, it provides in-depth working knowledge about ethical hacking and the concepts related to it. CompTIA Security+  –  A little less technical than the CEH, CompTIA Security+ aims at imparting fundamental knowledge of security concepts and offers less focus on practical, hands-on skills. Offensive Security’s OSCP – One of the toughest and most reputed certifications in this sector that necessitates passing a 24-hour exam, it aims to test your skill set and understanding of cyber security. KnowledgeHut offers in-depth training that can help you to prep for these sought-after certification exams. Get guidance from the experts—click here to explore ways to crack these exams at your very first attempt!  
Rated 4.0/5 based on 11 customer reviews
7331
Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or... Read More

Top 10 Trending Courses in Information Technology for IT Aspirants

The best part to jump to the bandwagon of information technology or IT is, there is an enormous possibility for an individual if he or she starts studying a diploma or a degree, does either a master degree or a research course. He or she can get full-fledged engineering degree. We have listed down here in order of priority, top to down for a beginners to advanced level technical course that an IT aspirant look for. Java or J2E and Its Frameworks Java or J2EE is one of the most trusted, powerful and widely used technology by almost all the medium and big organizations around domains, like banking and insurance, life science, telecom, financial services, retail and much, much more. You have many things to learn in Java or J2EE, like the core part – J2SE, JSP, STRUTS, SPRING and/or HIBERNATE. This is one of the best and most advanced sophisticated applications. If you want to learn Java, you need to start from the ab initio to the advanced level step-by-step. There are many different frameworks as well as supporting technologies to learn for Java aspirants but the given things are must learn and highly demanding in current software market. CISCO Technologies Whether you are fascinated about learning network and switching technologies, then CISCO technologies would be your choice. You can learn CCNA, CCNP and more from CISCO academy. These types of certificates are global certifications. You will get global prospects after completing and learning these types of courses. If you are not coming from engineering backgrounds, then also you can learn CCNA or CCNP, or both. Then you need to take some ad hoc classes for non-engineering students. The great number of fresher and experienced candidate, these days, are pursuing networking courses, if you are one of them, then CISCO technologies can be your choice. A majority of CISCO institutes want degree – graduation in any discipline. SAS – Statistical Analysis System SAS is a popular course. This can be your career as SAS consultant that many medium and large organizations looking for fresher and experienced SAS qualified candidates. This is nothing but a data analytics course that can give you global exposure. The demand for SAS – data analytics is growing day-by-day and the business intelligence domain has emerged one of the most trusted and lucrative option for science graduate. These days, SAS is a’ la mode for fresher and experienced science graduate. It is an integrated system of software products that help to perform critical data-entry, data-retrieval, data-management, data-mining, report writing and graphics. DBA – MySQL – SQL Server In this highly competitive as well as dynamic Software/IT industry, there is one course the one course, which is very popular and can give you stable career is, DBA. This is a course or an ad hoc for students who are interested in learning MySQL and SQL server and like to create, manage as well as maintain the huge data files and other database flavors available in the market. DBA can be your best bet for career-oriented course, when you will be conversant with database with other supporting technologies; you can easily and quickly learn MySQL and DB2 in a much shorter period. The demand for DBA courses are increasing day-by-day and the demand shows the popular it is and the effective career you get after completing these technologies. Microsoft Technologies Microsoft technologies are high in popularity these days. You can be a database developer or a MS technology developer after passing one or multiple certifications, like MCSE, MCAD, MCSD, MCDST, MCDBA, MCAS and others. For enterprise and application development MCITP is one of the best for beginners and advanced level developers. Albeit, this type of certification is not at all a programming certification, but a system maintenance kind of, but have good future prospect. Cloud Computing Today’s biggest buzz in all small, medium and large IT town is all about cloud computing. You must use Google, Amazon etc. some of the big gun of cloud technology. If you are thinking of pursuing a course that can set your future-career in cloud computing, then IaaS, PaaS, SaaS, DaaS etc. would be learnt alpha and omega of cloud computing.
Rated 4.0/5 based on 3 customer reviews
2549
Top 10 Trending Courses in Information Technology ...

The best part to jump to the bandwagon of informat... Read More