Search

What is ITIL® V3?

Lack of standardised practices in the IT sector created a discordant environment for services, as their efficiency was considerably low and error rates were high as compared to current standards. These irregularities prompted the UK government to envision a set of guidelines for every IT Service organisation to follow. These guidelines, it was hoped, would help not only government organisations but private ones as well.Therefore, in the 1980s, the UK government, in a bid to increase efficiency and standardise IT processes, created a framework with libraries from around the globe. These multiple libraries were concentrated into seven volumes in ITIL® V2 and eventually five volumes in ITIL® V3. Each volume/certification focuses on a specific part of ITSM.What is ITIL® V3?ITIL® V3 focuses on business needs and calibrates the services according to them. Its other main purpose is also to continuously improve the services while reducing the costs at the same time. Due to ITIL® V3’s ability to smoothly combine business expertise with IT processes, which maximises customer satisfaction, it is adding value to millions of people and businesses around the world.Its principal purpose is to enable IT professionals to be business service partners as well. It aims to, therefore, combine the business aspect of ITSM - by catering to business and customer requirements - with the professional expertise of the IT industry.Brought to the public arena in 2007, ITIL® V3 was upgraded and relaunched in 2011 by AXELOS - in collaboration with Her Majesty’s Cabinet Office and Capita PLC as 2011 ITIL® V3. This version included strategic elements which aligned the modern ITSM processes to current business needs.There are three major ITIL® V3 Fundamentals which we will discuss now.ITIL® V3 Incident Management: It is not unusual that services get disrupted within an organisation, but what’s essential is to protect productivity when it happens. ITIL® V3 Incident management is a process which lays down the best set of practices in the industry to effectively handle an incident without much downtime and also ensuring smooth business productivity.ITIL® V3 Change Management: Existing solutions/applications need to be upgraded to keep up with modern technological advancements as well as business needs. It, therefore, becomes essential that such changes do not directly or indirectly affect productivity. ITIL® V3 Change Management focuses on avoiding downtimes by handling, prioritising, and rolling out the required changes.ITIL® V3 Problem Management: Many times, we start getting similar kind of incidents. This is the indication to club all of them into a single problem. The problem aims to provide an RCA (Root cause analysis) of the issue and until then, to also provide a workaround. ITIL® V3 Problem Management helps in managing such problems and avoiding major issues. It also maintains a Known Error Database (KEDB) whose solution is unknown.ITIL® examsITIL® V3 contains five sections as part of the IT service lifecycle, and each section includes multiple processes. ITIL® offers flexibility to an organisation in the form of freedom to adopt any or all of the processes from a particular section. ITIL® is a collection of e-books. Its examinations were earlier administered by EXIN and ISEB, both of which are independent bodies. Both of these bodies gave their certification according to your location.The two independent bodies formed an alliance during late 2006 to further ITSM. Currently, all exams and certificates are being administered by Accredited Training Organisations (ATOs). These accreditations are themselves administered by Strategic Examination Institutes. These, in turn, need to be accredited directly by AXELOS which enables them to offer certification to the ATOs.Benefits of implementing ITIL® in an organisationITIL® powers a well-run IT organisation that not only works efficiently but also keeps optimising the services regularly to provide greater customer experience. Some of the key benefits of implementing ITIL® in an IT organisation as well as businesses are as follows:Cost-effective runIncreased efficiency and productivityIncreased customer satisfactionProvision of comprehensive guidance and standards to followLesser downtime during a service disruptionMinimal service disruptionsEasily manageable incidentsAn easily scaling and changing environmentSome of the examples of accessible services and applications designed with ITIL® and ITSM are:SamanageInvGate Service DeskManageEngine ServiceDesk PlusVision HelpDeskGiants like Disney and Sony are prime examples of how one can manage services within a big organisation. Learners can easily take up these case studies to understand the ground situation in the industry. All in all, ITIL® provides a streamlined framework which helps in managing risks, reducing costs while monitoring day to day activities, and finally improvising the course through learning.What are the five sections of the ITIL® V3 Framework?The ITIL® Framework has five sections which have evolved over time to reflect the needs of the business and the IT environment. Briefly, this evolution can be described as under: The first release of ITIL®, released by the UK government to standardise the IT standards, boasted of multiple volumes collected from professionals worldwide.The second release of ITIL® V2 consisted of 7 volumes which concentrated all past volumes of IT basic operations.ITIL® V3 is more focused on the business side of the industry along with other aspects as well.ITIL® V3, hence, comprises of five sections which cover all aspects of ITSM. These sections further include multiple processes which the organisations implement according to their needs.Service StrategyService DesignService TransitionService OperationContinual Service ImprovementThese five sections cover the lifecycle of service in ITSM. We will discuss each section one by one to get a clear understanding of what each section contributes towards the lifecycle.Service Strategy: As ITIL® V3 is focused more on the business aspect of ITSM, this section is dedicated to catering to the business cases. It checks on the defined business goals and their new requirements. It further develops a strategy which helps provide a service the business needs in a cost-effective and efficient way.Service Design: After the requirements are gathered from the business, this section helps in implementing those requirements in the form of architecture, processes, policies, and documentation. It fulfils its role by providing comprehensive guidance.Service Transition: Changes in technology and business needs are inevitable, which is why it is imperative that such changes, when they are deployed, do not hinder or disrupt the ongoing services. This stage, therefore, looks after the transition stage of service. When a service is transitioning into the business environment, this section provides guidance and processes activities.  Service Operation: This section is more pertaining to the customer. It ensures that every business meets its customer expectations or requirements. It focuses on processes and delivery activities to ensure smooth working of daily operational tasks by monitoring given services.Continual Service Improvement: As the name suggests, this section is for the improvement of services. Based on its learning, which it receives through past services’ failures/successes, it introduces changes to the existing services.Roles in this space, of ITIL® and ITSM, can be elaborated as under:What is ITIL® V3 credit system?ITIL® V3 has a credit system which awards recognition through certificate-based examination. There are multiple certifications and with each one, you accumulate credits.You can enhance your reputation in the IT industry by rising through the ranks of ITIL® certifications which is awarded on a credit-basis exam. Credits are required to be eligible for higher certifications.The ITIL® V4 modules vary slightly from the ITIL® V3 structure and will be released during 2019, with Foundation being made available in February 2019. Modules, including the ITIL® Specialist module, the ITIL® Strategist and the ITIL® Leader will be released in the latter half of 2019.  Post the ITIL® V4 Foundation level; the candidate can choose to pursue either the ITIL® Managing Professional (ITIL® MP) or ITIL® Strategic Leader (ITIL® SL). End-learners must complete both - the ITIL® MP and ITIL® SL - to be eligible to certify as an ITIL® Master.To be certified as an ITIL® Managing Professional, the candidate must complete the following modules:ITIL® V4 FoundationITIL® Specialist: Create, Deliver & SupportITIL® Specialist: Drive Stakeholder ValueITIL® Specialist: High-Velocity ITITIL® Strategist: Direct, Plan & ImproveTo be certified as an ITIL® SL, candidates must complete the following modules:ITIL® 4 FoundationITIL® Strategist: Direct, Plan & ImproveITIL® Leader: Digital and IT StrategyThe ITIL® Strategist: Direct, Plan & Improve is a universal module for both the ITIL® streams. This is followed by the MALC i.e.  Managing Across The Lifecycle, ITIL® Expert and then the ITIL® Master, all of which are advanced levels to ensure the candidate attains the ITIL® certification.Some important pointers of ITIL® V4 are as under:Start with the ITIL 4 Foundation certification which fetches you two credits and its corresponding Foundation certificate.For each specialization after Foundation, until MALC, you will be awarded three or four credits depending upon the certification. ITIL® Practitioner certification fetches you three credits while covering the whole spectrum of the best practices.ITIL® Practitioner can be taken either immediately after Foundation or after before MALC and after completion of rest of the certifications.Before Managing across the Lifecycle (MALC), you can gather 17 credits in any order you prefer.To advance to ITIL® Expert level, you’d need a total of 22 credits including an ITIL® Practitioner certification and then MALC.It is important to note that the ITIL® system uses a credit system right from the Foundation level through the Expert levels with each certification amounting to a certain number of credits. The following chart illustrates the current ITIL® credit system:Sr. NoLevel of ITIL® certificationNo. of credits awarded1ITIL® Foundation22ITIL® Practitioner33ITIL® IntermediateLifecycle ModuleService Strategy3Service Design3Service Transition3Service Operation3Continual Service Improvement3Capability ModuleOperational Support and Analysis4Planning, Protection, and Optimization4Release, Control, and Validation4Service Offerings and Agreements44Managing across the lifecycle55ITIL® ExpertWhat are the ITIL® V3 services and processes?As part of the lifecycle of ITIL® V3 services, five sections are defined and each of them plays a key role in the service’s life. These five sections contain multiple processes, which in turn, are adopted by the companies or organisations into their teams.Starting from the planning, according to the business needs, to the improvement or the eventual retiring of a service, ITIL® V3 covers all stages of ITSM. Due to the coverage it provides, it has become an essential part of ITSM.There are millions of ITIL® V3 professionals around the globeIt is up to an organisation as to which processes of a section it may want to select and what not. This property of ITIL® makes it flexible for implementation purposes.The five sections in a lifecycle of an ITIL® V3 service are:Service Strategy: It strategizes how to create a service that caters to the needs of a business. Processes included under Service Strategy are:Strategy GenerationFinancial ManagementDemand ManagementService Portfolio ManagementService Design: All the infrastructure, technology, processes, and policies of service along with other things are designed in this section with the help of the following processes:Service Catalog ManagementService Level ManagementAvailability ManagementCapacity ManagementIT Service Continuity ManagementInformation Security ManagementSupplier Management      Service Transition: All the changes introduced in the services are needed to be smooth and non-disrupting to productivity. This section covers that with the help of the following processes:Transition Planning and SupportChange ManagementService Asset and Configuration ManagementRelease and Deployment ManagementService Validation and TestingEvaluationKnowledge ManagementService Operation: This section ensures the smooth running of daily operational tasks and checks whether the business is meeting customer requirements or not. It accomplishes this task with the help of the following processes:Event ManagementIncident ManagementRequest FulfillmentProblem ManagementAccess Management      Continual Service Improvement: To continuously improve the efficiency of the services through learning from past services, this section employs the following processes:The 7 improvement processService MeasurementService Reporting      Difference between ITIL® V2 & ITIL® V3With the introduction of ITIL® V3, AXELOS aimed to focus more on the business needs of the industry, instead of just concentrating all resources on the basic IT operations - which ITIL® V2 did. The ITIL® V2 contained the following disciplines:Service SupportService DeliveryWe can conclude from the above disciplines that the sole aim of ITIL® V2 was to support basic IT processes. ITIL® V3, on the other hand, extends this support to the whole lifecycle of a service and more importantly, catering to the needs of the business and customers.Besides these, ITIL® V3 has other major differences and upgrades from ITIL® V2 which we have compiled and shown in the table below:ITIL® V2ITIL® V3Majorly process-orientedFocused on the complete lifecycle of service in ITSM (including business needs)Has seven volumesHas five volumesEfficient and cost-effective processesStrategic emphasis is given along with efficiency and cost-effectiveness to the processA singular function was divided into ten processes25 processes categorised suitably under four functionsNo clear assignment of roles in processesRoles and responsibilities are clearly defined for each processFocused on “what” perspective - “what can be done and why”Aimed at the “how” approach - how it can be doneIncludes 700 pages of publicationsIncludes 1400 pages of its five key publicationsFocuses on the theoretical part of the business in ITSMFocuses on the practical aspect and aligns much better with the needs of modern business

What is ITIL® V3?

9992
What is ITIL® V3?

Lack of standardised practices in the IT sector created a discordant environment for services, as their efficiency was considerably low and error rates were high as compared to current standards. These irregularities prompted the UK government to envision a set of guidelines for every IT Service organisation to follow. These guidelines, it was hoped, would help not only government organisations but private ones as well.

Therefore, in the 1980s, the UK government, in a bid to increase efficiency and standardise IT processes, created a framework with libraries from around the globe. These multiple libraries were concentrated into seven volumes in ITIL® V2 and eventually five volumes in ITIL® V3. Each volume/certification focuses on a specific part of ITSM.

What is ITIL® V3?

ITIL® V3 focuses on business needs and calibrates the services according to them. Its other main purpose is also to continuously improve the services while reducing the costs at the same time. Due to ITIL® V3’s ability to smoothly combine business expertise with IT processes, which maximises customer satisfaction, it is adding value to millions of people and businesses around the world.

Its principal purpose is to enable IT professionals to be business service partners as well. It aims to, therefore, combine the business aspect of ITSM - by catering to business and customer requirements - with the professional expertise of the IT industry.

Brought to the public arena in 2007, ITIL® V3 was upgraded and relaunched in 2011 by AXELOS - in collaboration with Her Majesty’s Cabinet Office and Capita PLC as 2011 ITIL® V3. This version included strategic elements which aligned the modern ITSM processes to current business needs.

There are three major ITIL® V3 Fundamentals which we will discuss now.

Three major ITIL Fundamentals

  • ITIL® V3 Incident Management: It is not unusual that services get disrupted within an organisation, but what’s essential is to protect productivity when it happens. ITIL® V3 Incident management is a process which lays down the best set of practices in the industry to effectively handle an incident without much downtime and also ensuring smooth business productivity.
  • ITIL® V3 Change Management: Existing solutions/applications need to be upgraded to keep up with modern technological advancements as well as business needs. It, therefore, becomes essential that such changes do not directly or indirectly affect productivity. ITIL® V3 Change Management focuses on avoiding downtimes by handling, prioritising, and rolling out the required changes.
  • ITIL® V3 Problem Management: Many times, we start getting similar kind of incidents. This is the indication to club all of them into a single problem. The problem aims to provide an RCA (Root cause analysis) of the issue and until then, to also provide a workaround. ITIL® V3 Problem Management helps in managing such problems and avoiding major issues. It also maintains a Known Error Database (KEDB) whose solution is unknown.

ITIL® exams

ITIL® V3 contains five sections as part of the IT service lifecycle, and each section includes multiple processes. ITIL® offers flexibility to an organisation in the form of freedom to adopt any or all of the processes from a particular section. ITIL® is a collection of e-books. Its examinations were earlier administered by EXIN and ISEB, both of which are independent bodies. Both of these bodies gave their certification according to your location.

The two independent bodies formed an alliance during late 2006 to further ITSM. Currently, all exams and certificates are being administered by Accredited Training Organisations (ATOs). These accreditations are themselves administered by Strategic Examination Institutes. These, in turn, need to be accredited directly by AXELOS which enables them to offer certification to the ATOs.

Benefits of implementing ITIL® in an organisation

Benefits of implementing ITIL

ITIL® powers a well-run IT organisation that not only works efficiently but also keeps optimising the services regularly to provide greater customer experience. Some of the key benefits of implementing ITIL® in an IT organisation as well as businesses are as follows:

  • Cost-effective run
  • Increased efficiency and productivity
  • Increased customer satisfaction
  • Provision of comprehensive guidance and standards to follow
  • Lesser downtime during a service disruption
  • Minimal service disruptions
  • Easily manageable incidents
  • An easily scaling and changing environment

Some of the examples of accessible services and applications designed with ITIL® and ITSM are:

  • Samanage
  • InvGate Service Desk
  • ManageEngine ServiceDesk Plus
  • Vision HelpDesk

Giants like Disney and Sony are prime examples of how one can manage services within a big organisation. Learners can easily take up these case studies to understand the ground situation in the industry. All in all, ITIL® provides a streamlined framework which helps in managing risks, reducing costs while monitoring day to day activities, and finally improvising the course through learning.

What are the five sections of the ITIL® V3 Framework?

The ITIL® Framework has five sections which have evolved over time to reflect the needs of the business and the IT environment. Briefly, this evolution can be described as under:

  • The first release of ITIL®, released by the UK government to standardise the IT standards, boasted of multiple volumes collected from professionals worldwide.
  • The second release of ITIL® V2 consisted of 7 volumes which concentrated all past volumes of IT basic operations.
  • ITIL® V3 is more focused on the business side of the industry along with other aspects as well.

ITIL® V3, hence, comprises of five sections which cover all aspects of ITSM. These sections further include multiple processes which the organisations implement according to their needs.

five sections of the ITIL® V3 Framework

  • Service Strategy
  • Service Design
  • Service Transition
  • Service Operation
  • Continual Service Improvement

These five sections cover the lifecycle of service in ITSM. We will discuss each section one by one to get a clear understanding of what each section contributes towards the lifecycle.

  • Service Strategy: As ITIL® V3 is focused more on the business aspect of ITSM, this section is dedicated to catering to the business cases. It checks on the defined business goals and their new requirements. It further develops a strategy which helps provide a service the business needs in a cost-effective and efficient way.
  • Service Design: After the requirements are gathered from the business, this section helps in implementing those requirements in the form of architecture, processes, policies, and documentation. It fulfils its role by providing comprehensive guidance.
  • Service Transition: Changes in technology and business needs are inevitable, which is why it is imperative that such changes, when they are deployed, do not hinder or disrupt the ongoing services. This stage, therefore, looks after the transition stage of service. When a service is transitioning into the business environment, this section provides guidance and processes activities.  
  • Service Operation: This section is more pertaining to the customer. It ensures that every business meets its customer expectations or requirements. It focuses on processes and delivery activities to ensure smooth working of daily operational tasks by monitoring given services.
  • Continual Service Improvement: As the name suggests, this section is for the improvement of services. Based on its learning, which it receives through past services’ failures/successes, it introduces changes to the existing services.

Roles in this space, of ITIL® and ITSM, can be elaborated as under:

Roles in ITIL

What is ITIL® V3 credit system?

ITIL® V3 credit system

ITIL® V3 has a credit system which awards recognition through certificate-based examination. There are multiple certifications and with each one, you accumulate credits.

You can enhance your reputation in the IT industry by rising through the ranks of ITIL® certifications which is awarded on a credit-basis exam. Credits are required to be eligible for higher certifications.

The ITIL® V4 modules vary slightly from the ITIL® V3 structure and will be released during 2019, with Foundation being made available in February 2019. Modules, including the ITIL® Specialist module, the ITIL® Strategist and the ITIL® Leader will be released in the latter half of 2019.  

Post the ITIL® V4 Foundation level; the candidate can choose to pursue either the ITIL® Managing Professional (ITIL® MP) or ITIL® Strategic Leader (ITIL® SL). End-learners must complete both - the ITIL® MP and ITIL® SL - to be eligible to certify as an ITIL® Master.

To be certified as an ITIL® Managing Professional, the candidate must complete the following modules:

  • ITIL® V4 Foundation
  • ITIL® Specialist: Create, Deliver & Support
  • ITIL® Specialist: Drive Stakeholder Value
  • ITIL® Specialist: High-Velocity IT
  • ITIL® Strategist: Direct, Plan & Improve

To be certified as an ITIL® SL, candidates must complete the following modules:

  • ITIL® 4 Foundation
  • ITIL® Strategist: Direct, Plan & Improve
  • ITIL® Leader: Digital and IT Strategy

The ITIL® Strategist: Direct, Plan & Improve is a universal module for both the ITIL® streams. This is followed by the MALC i.e.  Managing Across The Lifecycle, ITIL® Expert and then the ITIL® Master, all of which are advanced levels to ensure the candidate attains the ITIL® certification.

Some important pointers of ITIL® V4 are as under:

  • Start with the ITIL 4 Foundation certification which fetches you two credits and its corresponding Foundation certificate.
  • For each specialization after Foundation, until MALC, you will be awarded three or four credits depending upon the certification. ITIL® Practitioner certification fetches you three credits while covering the whole spectrum of the best practices.
  • ITIL® Practitioner can be taken either immediately after Foundation or after before MALC and after completion of rest of the certifications.
  • Before Managing across the Lifecycle (MALC), you can gather 17 credits in any order you prefer.
  • To advance to ITIL® Expert level, you’d need a total of 22 credits including an ITIL® Practitioner certification and then MALC.

It is important to note that the ITIL® system uses a credit system right from the Foundation level through the Expert levels with each certification amounting to a certain number of credits. The following chart illustrates the current ITIL® credit system:

Sr. No
Level of ITIL® certificationNo. of credits awarded
1ITIL® Foundation
2
2ITIL® Practitioner
3
3ITIL® IntermediateLifecycle ModuleService Strategy
3
Service Design
3
Service Transition
3
Service Operation
3
Continual Service Improvement
3
Capability ModuleOperational Support and Analysis
4
Planning, Protection, and Optimization
4
Release, Control, and Validation
4
Service Offerings and Agreements
4
4Managing across the lifecycle
5
5ITIL® Expert

What are the ITIL® V3 services and processes?

As part of the lifecycle of ITIL® V3 services, five sections are defined and each of them plays a key role in the service’s life. These five sections contain multiple processes, which in turn, are adopted by the companies or organisations into their teams.

Starting from the planning, according to the business needs, to the improvement or the eventual retiring of a service, ITIL® V3 covers all stages of ITSM. Due to the coverage it provides, it has become an essential part of ITSM.

There are millions of ITIL® V3 professionals around the globe

It is up to an organisation as to which processes of a section it may want to select and what not. This property of ITIL® makes it flexible for implementation purposes.

The five sections in a lifecycle of an ITIL® V3 service are:

  • Service Strategy: It strategizes how to create a service that caters to the needs of a business. Processes included under Service Strategy are:
    • Strategy Generation
    • Financial Management
    • Demand Management
    • Service Portfolio Management
  • Service Design: All the infrastructure, technology, processes, and policies of service along with other things are designed in this section with the help of the following processes:
    • Service Catalog Management
    • Service Level Management
    • Availability Management
    • Capacity Management
    • IT Service Continuity Management
    • Information Security Management
    • Supplier Management      
  • Service Transition: All the changes introduced in the services are needed to be smooth and non-disrupting to productivity. This section covers that with the help of the following processes:
    • Transition Planning and Support
    • Change Management
    • Service Asset and Configuration Management
    • Release and Deployment Management
    • Service Validation and Testing
    • Evaluation
    • Knowledge Management
  • Service Operation: This section ensures the smooth running of daily operational tasks and checks whether the business is meeting customer requirements or not. It accomplishes this task with the help of the following processes:
    • Event Management
    • Incident Management
    • Request Fulfillment
    • Problem Management
    • Access Management      
  • Continual Service Improvement: To continuously improve the efficiency of the services through learning from past services, this section employs the following processes:
    • The 7 improvement process
    • Service Measurement
    • Service Reporting      

Difference between ITIL® V2 & ITIL® V3

With the introduction of ITIL® V3, AXELOS aimed to focus more on the business needs of the industry, instead of just concentrating all resources on the basic IT operations - which ITIL® V2 did. The ITIL® V2 contained the following disciplines:

  • Service Support
  • Service Delivery

We can conclude from the above disciplines that the sole aim of ITIL® V2 was to support basic IT processes. ITIL® V3, on the other hand, extends this support to the whole lifecycle of a service and more importantly, catering to the needs of the business and customers.

Besides these, ITIL® V3 has other major differences and upgrades from ITIL® V2 which we have compiled and shown in the table below:

ITIL® V2
ITIL® V3
Majorly process-oriented
Focused on the complete lifecycle of service in ITSM (including business needs)
Has seven volumes
Has five volumes
Efficient and cost-effective processes
Strategic emphasis is given along with efficiency and cost-effectiveness to the process
A singular function was divided into ten processes
25 processes categorised suitably under four functions
No clear assignment of roles in processes
Roles and responsibilities are clearly defined for each process
Focused on “what” perspective - “what can be done and why”
Aimed at the “how” approach - how it can be done
Includes 700 pages of publications
Includes 1400 pages of its five key publications
Focuses on the theoretical part of the business in ITSM
Focuses on the practical aspect and aligns much better with the needs of modern business
KnowledgeHut

KnowledgeHut

Author

KnowledgeHut is an outcome-focused global ed-tech company. We help organizations and professionals unlock excellence through skills development. We offer training solutions under the people and process, data science, full-stack development, cybersecurity, future technologies and digital transformation verticals.
Website : https://www.knowledgehut.com

Join the Discussion

Your email address will not be published. Required fields are marked *

1 comments

Antony 09 Apr 2019

Good one

Suggested Blogs

The 7 Highest-Paying IT Certifications Must Do In 2017-18

Launching a career in IT takes much more than just college education. You need to be tech-trained and have one of the top IT certifications. Wondering why you need such certifications? Jobs in the IT domain require specific skill sets and having such certifications validate your ability to perform the job. Being certified also works in your favor when you are looking for a job for the first time or need a job change since the hiring managers would know you possess the skills to succeed. From security and networking to cloud computing and virtualization, there exists a wide range of IT certifications that would help you to earn a fat paycheck and launch your dream IT career, or take your career a few notches above in case you are already employed. However, not every certification would help. You need to find the ones that will give you the optimal return on your money. But with a proliferation of a wide range of certifications, each claiming to be better than its competitors, how do you decide which is the best for you? We bring you some help in your endeavor by listing the top seven IT certifications that you must do in 2017-18 to enjoy a rewarding IT career. 1. Certified in Risk and Information Systems Control (CRISC) This certification from ISACA is designed for IT project managers and professionals as well as others whose job needs them to recognize and manage IT and business threats through suitable IS (Information Systems) controls. The CRISC exam covers the whole life cycle, from design and implementation to continuing maintenance, and will fetch you an average yearly salary of $131,298. On our list, this is the highest-paying certification. To get it, you must have a minimum of 3 years’ experience in at least two of the four areas (Identification, Assessment, Control Monitoring and Reporting, and Response and Mitigation) covered by this certification and pass the exam that consists of 150 multiple-choice questions. You can register for this computer-based test on the ISACA website, which will cost you at least $420 (a bit more actually when you add the cost of test materials and preparation to it). In 2017, this exam is offered in three test windows (May 1 - June 30; August 1- September 30; and November 1 to December 30). Every year, you will need CPE (Continuing Professional Education) credits for maintaining your certification.  2. Certified Information Security Manager (CISM) The primary focus of this certification from ISACA is information security management. Though this certification will let you deal with engineering and designing of security protocols, you will have greater involvement in the company’s security management. This certification will let you earn an average yearly salary of $128,156. To get it, you must have 5 years’ experience in Information Security, a minimum of 3 of which should be as a security manager. This experience of yours must be achieved within the 10-year period prior to your date of application for certification or within the 5-year period from the date of passing the exam. Unlike the CRISC where no exceptions are applicable to the experience requirement, the CISM has some alternatives to the experience requirement. This exam consists of 200 multiple-choice questions. You can register for this computer-based test on the ISACA website, which will cost you about $415 (but a lot more actually when you add the cost of test materials and preparation courses to it). In 2017, this exam is offered in three test windows (May 1 - June 30; August 1- September 30; and November 1 to December 30). Every year, you will need continuing education credits for maintaining your certification.  3. AWS Certified Solutions Architect – Associate This certification is aimed at people involved in designing and managing applications on the AWS (Amazon Web Services) platform. The exam covers everything from AWS best practices, AWS cost estimation and identification of cost control measures, to AWS system design and deployment. For getting this certification, you need to have hands-on AWS experience (1 year or more) along with proficiency in one high-level programming language. The candidates also need to have the ability to recognize an AWS-based application and define requirements for it together with the experience of deploying hybrid systems with AWS and components on-premises and be capable of providing the best practices for setting up reliable and secure applications on the AWS platform. Kryterion testing centers offer this computer-based exam that consists of 60 multiple-choice questions. The exam registration fee is $150. However, armed with this certification, you will get to earn a yearly average of $125,091. 4. Certified Information Systems Security Professional (CISSP) This CISSP certification is your ideal choice if you are an auditor, analyst, systems engineer, security consultant, or manager since it gives you the chance to prove your capability of engineering, designing and maintaining the IT security policy of a company. Pearson Vue Testing centers offer this exam against a few of $599. This exam consisting of 250 multiple-choice questions and needs an eligible candidate to have a minimum of 5 years’ of full-time work experience in two or more of the eight domains CISSP CBK (Common Body of Knowledge) domains. Those not having adequate work experience can meet 1 year of required experience with a 4-year college degree (or its regional equivalent), or a credential permitted by the CISSP Prerequisite pathway. As a second alternative, you can earn your (ISC)2 Associate designation by taking and passing the CISSP exam, after which you will have up to 6 years’ time to earn the necessary work experience. You must earn CPE credits every year to stay certified. This certification will give you access to a career that pays an average yearly salary of $121,729. 5. Project Management Professional (PMP) This is the most renowned project management certification that lets you work in almost any industry, at any location and with any methodology. Project Management Institute (PMI) has created this test and manages it as well. You have to apply at the PMI website to take this exam. After the approval of your application, you would be able to sign up for the actual exam via Prometric. The prerequisites of this exam are having a secondary degree (associate’s degree, high school diploma, or the global equivalent) along with 7,500 hours of project management experience and 35 hours of project management education; or having a 4-year degree together with 4,500 hours of project management experience and 35 hours of project management education. You will need to shell out $405 for taking this test. Every three years, you need to compulsorily earn 60 PDUs (professional development units) for maintaining your PMP. $119,349 is the average yearly salary that this certification will bring your way.  6. Citrix Certified Associate – Networking (CCA-N)   This certification is ideal for systems or network administrators, architects and engineers adept in desktop and app virtualization, who plan to expand their skills to include NetScaler 10.5 for desktop and solutions app. To get certified, you have to prepare with the recommended training that includes two options: taking Citrix NetScaler Essentials and Unified Gateway or CNS-222; or getting prepared with Citrix NetScaler Unified Gateway or CNS-221 in case you’ve already taken the Citrix NetScaler Essentials and Traffic Management or CNS-220. In addition, you have to analyze the preparation guide for Exam 1Y0-250: Implementing Citrix NetScaler 10 for App and Desktop Solutions; and pass Exam 1Y0-250. The exam costs $200 and the certification would stay valid for 3 years. With CCA-N certification, you can aim to earn an average yearly salary of $102,598.  7. ITIL v3 Foundation It’s the entry-level ITIL certification that offers an extensive knowledge of the IT lifecycle together with the ITIL terminology and concepts. It covers everything from capacity and availability management to incident and change management, along with IT operations and application management. Selection and authorizations of partners are done by ITIL, who in turn provide education, training, and certifications. The ITIL foundation exam consists of 40 multiple-choice questions and costs $150 plus taxes (VUE/Prometric). To pass this exam, you should have knowledge (at the comprehension level) of ITIL service life-cycle, service management as a practice, and the key models as well principles along with awareness level knowledge of generic definitions and concepts, selected processes, roles and functions, as well as technology and architecture, among others. Simply passing this exam is all you need to do to get certified, and once you have this certification, you can expect to earn an average yearly salary of $103,408.  Summary A quick analysis of this list shows that all these top certifications pay more than $100,000 on an average, and are related to the domains that are experiencing a growing demand in the market, namely security, virtualization and cloud computing, together with networking and business. All these IT certifications can help in your career advancement – no matter whether you are a junior-level employee aiming to improve your skills to bag better opportunities in the IT industry, or a tenured employee looking to constantly grow and adapt your skills to meet the fast-changing IT landscape. But since you will come across a huge number of IT certifications that are offered today, it becomes important to research well before taking your pick since a handful are far more valuable than the others.  
The 7 Highest-Paying IT Certifications Must Do In ...

Launching a career in IT takes much more than just... Read More

5 Trends Influencing Cloud Computing In 2019

Cloud security was the biggest concern of 53% of the webmasters that participated in the giving birth to an important 2017 cloud computing trend, i.e., improved cloud security. The cloud providers like Google, Microsoft, AWS etc., have started coming up with advanced threat monitoring tools and other robust identity management functionalities to increase the security within every layer of cloud infrastructure. This improved cloud security trend would not just reinforce the trust of organization on cloud computing but also transform the way cloud security was being operated over the years.   Like improved cloud security with many cloud benefits, there are many other trends that are influencing cloud computing in 2017. These trends are changing the way cloud computing was being used as well as provided by the organizations and cloud providers respectively in the yesteryears. A clear understanding of these trends is imperative to gain a competitive edge in terms of speed, agility as well cost savings. So, let’s not waste any more time and jump straight to the five trends that are influencing cloud computing in 2017.  Hyperconvergence The hype around hyperconvergence in the realm of cloud computing has increased drastically in 2017. A gradual shift can be seen to hyperconverged cloud infrastructure aka HCI that has provided ease in the process of managing integrated technologies with the help of a common toolset. It will allow organizations to leverage the already integrated storage resources that will ease power computation for faster cloud implementation. Organizations that seek to build their own private cloud resources would be turning their attention towards hyperconverged cloud infrastructure that offers the support of virtualization at present.  Hybrid Cloud Management Due to the increased need for flexibility and swift information sharing, an orchestration between the private cloud and public cloud services has surfaced in the cloud computing domain. This amalgamation of public and private clouds is called a hybrid cloud. The need for effective management of hybrid cloud has given birth to cloud service brokers in 2017. They are responsible for not just defining all the hybrid services but also securing and managing them. The rise of these hybrid cloud manager aka cloud service brokers would be a big influence in the way cloud computing management worked earlier.  Enterprise Cloud Computing A dramatic rise in enterprise cloud computing has been witnessed in the first semester of this year. Instead of depending on a single cloud for their different information technology and business needs, companies are now diversifying their approach to multiple cloud models. Enterprise cloud computing is allowing businesses to make contracts with different cloud providers irrespective of them being private, public or hybrid. They are now getting their services hosted on different platforms that offer the most appropriate solution to their needs.  Cloud-Run Business Apps At present, the share of cloud-run business apps is 70%, which is gradually increasing with the expansion of enterprise cloud computing. By the end of 2020, more than 90% of the organizations in the world would have cloud-run apps for their business. Increased productivity, enterprise mobility, and user-driven customization are some of the core drivers for business apps towards cloud computing. Cloud adoption has accelerated in 2017 and would continue to do so in the coming years.   Cloud Containers On The Rise Cloud containers like Linux are used by top companies like Google, Microsoft, Facebook etc., and are becoming a rage among other organizations too. They offer a more secure, streamlined and simplistic implementation methods for each and every infrastructure requirement. Cloud container is one of the most relevant developments for the developers as it enables the packaging of applications in a more standardized way. It also facilitates the development of various micro services that’ll provide ease in security, monitoring, storing and networking etc. While cloud computing is not a new technology for businesses, the trends discussed above have given it a makeover and transformed the way it is being used by businesses in 2017. All the five trends, i.e., hyperconvergence, hybrid cloud, enterprise cloud, cloud-run business apps and cloud containers have led to a continuous expansion of cloud computing throughout the first two quarters of this year and would continue to influence cloud computing in days to come.  We have been able to cover only a small part of what Cloud Computing has to offer. There is so much more to learn. You can move on to the AWS certification course of KnowledgeHut that will help you prepare for the AWS certification exams.
5 Trends Influencing Cloud Computing In 2019

Cloud security was the biggest concern of 53% of t... Read More

Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or in more technical terms, “Penetration Testing” is not something you can master by reading an article or doing a crash course. There is much more to ethical hacking! In this article, we would have a look at what hacking is, the different types of hackers, steps involved in a hacking or penetration testing activity including common tools and techniques, how the industry looks at ethical hacking and the common certifications related to hacking. Before we jump into the details, let us understand what a vulnerability is, because we would be using this term again and again. Vulnerability is any loophole or a weakness in the system that could be exploited by a hacker. What is hacking and ethical hacking? To understand hacking, let us first understand what a hacker does. Whenever we think of a hacker, we imagine a guy with a hood, sitting in a dark room, having multiple computer screens in front of him and typing something at a blazing speed! We hate to burst your bubble, but most hackers do not fit that preconceived stereotype! A computer hacker is a person with deep domain expertise in computer systems, who is well versed in various methods of overcoming defense mechanisms by exploiting vulnerabilities in a computer system or network. A hacker could be financially or politically motivated or could be working with an organization to help them strengthen their infrastructure. Hacking refers to the activities that can overpower/derail the security mechanisms of digital devices like computers, smartphones, tablets, and even entire networks. It exploits the vulnerabilities present in the system or network to gain unauthorized access to confidential information. Hacking could be for personal benefit or with malicious intent. However, in ethical hacking, the hacker exploits the vulnerability, gains access to the data, but never alters, deletes or uses it for personal or professional gain. The hacker, in this case, will disclose the vulnerability to the owner of the system with a “Proof of Concept” (PoC) and request the owner to get the vulnerability remediated. Generally, ethical hackers have explicit permission to exploit the target from the owner. Who are the different types of hackers? Hackers can be generally categorized into three types based on the kind of work they do and the intent behind their hacking. Black Hat Hackers – These are hackers who attempt to bypass security mechanisms to gain unauthorized access with a malicious intent. Generally, these hackers work with the intent of financial gain and/or causing damage to the target. They may be individuals, self-motivated groups (also known as hacktivists who aim to bring political or social change) or politically motivated groups (state sponsored hackers). White Hat Hackers – These are professionals generally working with or for a company to help strengthen its digital security systems. The white hat hacker has explicit permission from the system or the information owner to attack the system. The intent here is to fix potential vulnerabilities before the black hat hackers could exploit them. Grey Hat Hackers – These individuals operate either as   white hat hackers or black hat hackers, hence the nomenclature. What are the steps involved in hacking? Let us take a deeper dive into ethical hacking and understand the steps involved. Throughout this section, we will look at the steps involved in ethical hacking, and some commonly used tools and techniques which hackers generally use. To illustrate our explanation, let us assume an attacker, Mr. X is targeting an organization TaxiCompany Inc. 1. Reconnaissance or Foot-printing – As per the Oxford dictionary, reconnaissance means, “the activity of getting information about an area for military purposes, using soldiers, planes, etc.”. Similarly, in hacking, reconnaissance means gathering information about your target. This information includes IP address ranges, Network, DNS Records, Websites, or people working with the organization. So, in this step, Mr. X would try to find the details of the key people working for TaxiCompany Inc., its website, etc. Reconnaissance could be active or passive in nature. In active foot printing, Mr. X would directly be scanning the network of TaxiCompany, or its websites using various tools. In passive foot printing, the Mr. X would not directly interact with any infrastructure or person. He would rather look at publicly available information from social media, public websites, etc. Commonly used tools/techniques for reconnaissance:  Who Is: Who is lookup tells you details about the website, the owner, contact number of the owner, and the address where the website is registered? You can simply visit who.is and enter the domain you wish to search for. NMAP: NMAP or the Network Map is a tool widely used for recon and scanning. Hackers can use this tool to find details like IP range, active hosts, open ports, etc. A simple command is nmap to find active hosts is “nmap -sn 192.168.1.1-100”. This command will find all active hosts in the provided IP range. Social Engineering: This is a technique, whereby the attacker engages directly or indirectly with the staff of the target organization and manipulates them psychologically to reveal confidential information. Some other tools which are used for footprinting include social media sites, Nessus, Acunetix, lullar.com 2. Scanning – Once Mr. X has some basic information about the TaxiCompany, he would start to collect in-depth information which could help him penetrate the network and access confidential information. Mr. X is most likely to use port scanners, sweepers and vulnerability scanners of different types. Mr. X could now be targeting the website or the network of the organization. For websites, using scanners like Nessus and Acunetix could give loads of information about the server where the website is hosted, open ports, server version, hosting platform, etc. In case of a network, network mapping and scanning tools will help Mr. X understand the active hosts, services (ports) running on them and with some intense scans, the OS running on the active hosts and even the vulnerabilities present! Kali Linux is a distribution of Linux operating system which is widely used by hackers around the globe for hacking and penetration testing. It contains almost every tool one would need for various steps of hacking. NMAP, wireshark, ncap, metasploit, etc. are pre-loaded in Kali Linux. Now based on the information gathered in the scanning phase, Mr. X can now easily look for vulnerabilities in the OS or the hardware using databases like NVD or CVE. Commonly used tools/techniques for scanning: Apart from NMAP, the below tools are used to perform vulnerability scanning: Nessus: The most famous vulnerability scanner from Tenable, it has 100s of plugins which allows you to make sure all vulnerabilities and misconfigurations are identified. Acunetix: Acunetix is known for its features and capabilities for web application scanning. 3. Gaining Access – Now Mr. X knows the network, active hosts, services running, details of the operating system and the vulnerabilities present. Next, Mr. X would gain access to the assets of TaxiCompany. Mr. X now has several options to penetrate the network. He can send a “Phishing Mail” to some key people (contacted using social engineering) and trick them into clicking a malicious link (and seek username and password). Alternately, he could try tricking them into downloading a malicious attachment and installing a keylogger to get all the keystrokes. This is a fairly easy task. There are certain fake-mailers like zmail or emkei.cz which allow you to send email to anyone using any email ID as the source email. Emkei is a very popular and useful tool for sending fake email and running phishing campaigns. One can design a mail looking exactly like the original one from the same email ID and trick someone into clicking or downloading something. Designing a phishing page or creating a malicious file is also possible using “Metasploit”. Metasploit allows you to create an exploit and using msfvenom (or any similar tool) you can attach this exploit to an innocent looking pdf or excel file! Once the target user inside TaxiCompany opens this attachment, Mr. X gets the meterpreter shell and can now access almost everything on the target machine. Mr. X has now successfully gained the access of a system within TaxiCompany. Now he is free to navigate the system and the network to get the information he is looking for or infect more devices! Commonly used tools/techniques for gaining access: Kali Linux: A fully loaded operating system with all the tools starting from wireshark to Metasploit to burp suite, it contains everything! Phishing: A technique where the users are lured into clicking or downloading something on their computers. It is also possible by phone calls; a common example is fraudsters pretending to be from Bank and asking card details and OTP. 4. Maintaining Access – Once Mr. X has gained access; he would probably like to secure that access or create another one to ensure that he has a persistent access to that machine. This could be done by using Trojans, Rootkits and backdoors. This is generally done to ensure that more information could be gained or to launch attacks using this machine. In a case where attacker controls a machine and uses it to launch further attacks, the machine is said to be a bot. An attacker uses several of these bots, called ‘botnet’, to launch attacks such as Distributed Denial of Service (DDoS) wherein thousands of requests are sent to a server at a time, potentially consuming all the bandwidth and forcing the legitimate traffic to drop. 5. Covering Tracks – Now Mr. X has the access to the TaxiCompany’s confidential information and one of the computer systems. He now wants to make sure that he is not caught! This is generally done by corrupting or deleting the logs. While this is done at the end, some precautions need to be taken from the onset, such as using a Virtual Private Network or a VPN. VPN is a tool which encrypts any data between the source and the destination, hence making it very difficult to intercept the data. Also, VPN ensures that your actual public IP address is not visible to the target. There is always a dummy IP address which is visible to the target. So even if someone gets to know the IP of the attacker, that would actually be only the IP address of the VPN service provider! Some common free VPN tools are Hide my Ass, Nord VPN and Express VPN. How does the industry view ethical hacking? Ethical hacking is not only about CTF, HTB and bug bounties. It is much more than that. These days every company hires ethical hackers to make sure that their network, applications and data are secure from cyberattacks. Penetration testers are highly paid within an organization and they play a key role in identifying the security vulnerabilities and helping to fix them. There are various sub domains for ethical hacking which include mobile security, web application security, network penetration testing, API security and system security. Certifications related to ethical hacking If you want to pursue a career in Cyber Security, or to be more precise, in ethical hacking, having a credential is helpful. It affirms your prowess in cyber security and gives you an edge over your counterparts during the hiring process. Below are a few certifications in the field of ethical hacking that are globally acknowledged: EC-Council Certified Ethical Hacker (CEH) – The CEH, or Certified Ethical Hacker credential is the number one certification that any aspiring ethical hacker should aspire towards. The most common certification in the field of cyber security, it provides in-depth working knowledge about ethical hacking and the concepts related to it. CompTIA Security+  –  A little less technical than the CEH, CompTIA Security+ aims at imparting fundamental knowledge of security concepts and offers less focus on practical, hands-on skills. Offensive Security’s OSCP – One of the toughest and most reputed certifications in this sector that necessitates passing a 24-hour exam, it aims to test your skill set and understanding of cyber security. KnowledgeHut offers in-depth training that can help you to prep for these sought-after certification exams. Get guidance from the experts—click here to explore ways to crack these exams at your very first attempt!  
7391
Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or... Read More