Search

ITIL Certification - Top 10 Reasons for Acquiring

ITIL is the acronym for Information Technology Infrastructure Library. It is often regarded as a collection of practices that emphasizes the correct alignment of Information Technology services with the requirements of a business. Moreover, according to industry experts, ITIL provides a practical framework for planning and identifying the necessary practices which would further support the core business functions of an organization. On the other hand, it is also a widely accepted fact that the amount of data that is required to operate and support business is growing exponentially. This has created unprecedented levels of managing this problem. This is where ITIL practices play a vital role in maintaining this massive data. This method allows data to be analyzed and distributed by following a reliable methodology. As per a recent Gartner Study, after the process of implementing ITIL, the clients have recognized improved satisfaction of the customers. They have also witnessed the better flow of information and communication between customers and the IT staff. The companies on hiring ITIL trained professionals have also observed a drastic reduction in the development of procedures. Moreover, another study conducted by Forrester have depicted that 85% of the businesses have faith in ITIL as it has inculcated significance to the way they serve their target audiences. Here is a list of top 10 reasons for professionals to opt for ITIL Certification. ITIL is a valuable skill set The framework of ITIL has proved to be hugely successful. Being certified in ITIL practices, the professionals can achieve their goal faster in a cost-effective manner. Moreover, they are also seen as a definite asset to a plethora of IT companies. It is so because professionals who are ITIL certified can manage IT practices in a better manner. Professionals get higher wages Professionals who have certificate in ITIL can have access to higher pay opportunities. An ITIL certified professional is indeed an advantage to the industry and is entitled to getting rewards and perks. ITIL certification has been listed as one of the highest-paying jobs in recent times. Professionals have the ability to communicate in ITSM’s common language Another advantage for organizations hiring a professional certified in ITIL certification is that they can speak the same language as the other ITIL professionals. They would have the ability to network with a more elite group of professionals who belong to various disciplines of Information Technology. As an employer, you would get better return on Investment (ROI) It is a widely accepted fact that professionals who are trained in ITIL Certification can fine tune the IT operations of your company. In this manner, it would provide your organization with maximum value and lower costs. It can bring efficiency to the processes of Information Technology. ITIL professionals have the strength to empower individual companies The professionals who have trained themselves in ITIL course possess the power to enable the different companies by the accurate measurement of IT service performance. Moreover, they can significantly streamline data management services that are helpful in improving the overall efficiency and communication structure of an organization.   In the case of an IT company, the data that come through various channels are growing substantially. You would have access to a lot of flexibility One of the unusual aspects in getting trained in ITIL lies in the fact that it would help you to have a better understanding of the inner workings of the processes that usually takes place in an IT company. You have the privilege to function in various ways, thus making yourself a valuable asset to your organization. On the other hand, the higher your ITIL certification level, the better qualified you become for more roles. Hence, it is evident that there are a vast ranges of job roles once you are certified in ITIL. You would learn to implement various types of tools in your organizational operation You would learn to apply the various devices that are associated with the course of ITIL. In this manner, you would learn to improve efficiency and effectiveness in business changes so that you can optimize the business operations. In other words, you would help your organization to sustain in this world of increasing cut-throat competition. Thus, by undertaking a training course in ITIL, you would be able to streamline the IT services by the flow of data. Moreover, as this course is more appropriate for professionals who belong to mid and senior-levels in an organization, it helps those professionals to develop their resume in a better manner. You would be knowledgeable of the best practices of ITIL The certified professionals can train by accessing practical procedures of IT handling. Hence, when they are finally given their job role in an IT company, they stand as an advantage for their parent company. An ITIL trained professional can enhance customer relationships The training procedures are designed in such a manner that it would provide support to the service providers so that they can seamlessly take into account the interests of the target audiences. Moreover, with the help of ITIL trained professionals, the businesses can drastically minimize the interruption time and can provide faster service to the customers. In this manner, they build a positive reputation in the minds of their target audiences. ITIL is omnipresent ITIL practices are ubiquitous and are used everywhere. Moreover, it is globally recognized, and hence as an ITIL trained professional, you stand the chance of securing top position in many reputed organizations. The demand of the ITIL framework is on a steady rise, and more than 10,000 organisations across the globe have adopted it. It is quite evident that the popularity of ITIL is here to stay and there exist many advantages of completing a certification course in it. Besides that, ITIL Certification helps a professional to leverage on enterprise architecture which further assists in the development of the organization as well as the professional. "Investing in ITIL has resulted in our ability to deliver more effectively, faster and at lower cost." Catch the full video from Bob Roark as he shares the benefits NuAxis Innovations has experienced https://t.co/mac1IO3h4h #MoreThanMeetsTheITIL pic.twitter.com/hgBWQsYvlJ — AXELOS Best Practice (@AXELOS_GBP) 1 February 2018

ITIL Certification - Top 10 Reasons for Acquiring

9K
ITIL Certification - Top 10 Reasons for Acquiring

ITIL is the acronym for Information Technology Infrastructure Library. It is often regarded as a collection of practices that emphasizes the correct alignment of Information Technology services with the requirements of a business. Moreover, according to industry experts, ITIL provides a practical framework for planning and identifying the necessary practices which would further support the core business functions of an organization.

On the other hand, it is also a widely accepted fact that the amount of data that is required to operate and support business is growing exponentially. This has created unprecedented levels of managing this problem. This is where ITIL practices play a vital role in maintaining this massive data. This method allows data to be analyzed and distributed by following a reliable methodology.

As per a recent Gartner Study, after the process of implementing ITIL, the clients have recognized improved satisfaction of the customers. They have also witnessed the better flow of information and communication between customers and the IT staff. The companies on hiring ITIL trained professionals have also observed a drastic reduction in the development of procedures. Moreover, another study conducted by Forrester have depicted that 85% of the businesses have faith in ITIL as it has inculcated significance to the way they serve their target audiences. Here is a list of top 10 reasons for professionals to opt for ITIL Certification.

ITIL is a valuable skill set

The framework of ITIL has proved to be hugely successful. Being certified in ITIL practices, the professionals can achieve their goal faster in a cost-effective manner. Moreover, they are also seen as a definite asset to a plethora of IT companies.

It is so because professionals who are ITIL certified can manage IT practices in a better manner.

Professionals get higher wages

Professionals who have certificate in ITIL can have access to higher pay opportunities. An ITIL certified professional is indeed an advantage to the industry and is entitled to getting rewards and perks. ITIL certification has been listed as one of the highest-paying jobs in recent times.

Professionals have the ability to communicate in ITSM’s common language

Another advantage for organizations hiring a professional certified in ITIL certification is that they can speak the same language as the other ITIL professionals. They would have the ability to network with a more elite group of professionals who belong to various disciplines of Information Technology.

As an employer, you would get better return on Investment (ROI)

It is a widely accepted fact that professionals who are trained in ITIL Certification can fine tune the IT operations of your company. In this manner, it would provide your organization with maximum value and lower costs. It can bring efficiency to the processes of Information Technology.

ITIL professionals have the strength to empower individual companies

The professionals who have trained themselves in ITIL course possess the power to enable the different companies by the accurate measurement of IT service performance. Moreover, they can significantly streamline data management services that are helpful in improving the overall efficiency and communication structure of an organization.  

In the case of an IT company, the data that come through various channels are growing substantially.

You would have access to a lot of flexibility

One of the unusual aspects in getting trained in ITIL lies in the fact that it would help you to have a better understanding of the inner workings of the processes that usually takes place in an IT company. You have the privilege to function in various ways, thus making yourself a valuable asset to your organization. On the other hand, the higher your ITIL certification level, the better qualified you become for more roles. Hence, it is evident that there are a vast ranges of job roles once you are certified in ITIL.


You would learn to implement various types of tools in your organizational operation

You would learn to apply the various devices that are associated with the course of ITIL. In this manner, you would learn to improve efficiency and effectiveness in business changes so that you can optimize the business operations. In other words, you would help your organization to sustain in this world of increasing cut-throat competition. Thus, by undertaking a training course in ITIL, you would be able to streamline the IT services by the flow of data. Moreover, as this course is more appropriate for professionals who belong to mid and senior-levels in an organization, it helps those professionals to develop their resume in a better manner.

You would be knowledgeable of the best practices of ITIL

The certified professionals can train by accessing practical procedures of IT handling. Hence, when they are finally given their job role in an IT company, they stand as an advantage for their parent company.

An ITIL trained professional can enhance customer relationships

The training procedures are designed in such a manner that it would provide support to the service providers so that they can seamlessly take into account the interests of the target audiences. Moreover, with the help of ITIL trained professionals, the businesses can drastically minimize the interruption time and can provide faster service to the customers. In this manner, they build a positive reputation in the minds of their target audiences.

ITIL is omnipresent

ITIL practices are ubiquitous and are used everywhere. Moreover, it is globally recognized, and hence as an ITIL trained professional, you stand the chance of securing top position in many reputed organizations. The demand of the ITIL framework is on a steady rise, and more than 10,000 organisations across the globe have adopted it.

It is quite evident that the popularity of ITIL is here to stay and there exist many advantages of completing a certification course in it. Besides that, ITIL Certification helps a professional to leverage on enterprise architecture which further assists in the development of the organization as well as the professional.

Joyeeta

Joyeeta Bose

Blog Author

Joyeeta Bose has done her M.Sc. in Applied Geology. She has been writing contents on different categories for the last 6 years. She loves to write on different subjects. In her free time, she likes to listen to music, see good movies and read story books.

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

Introduction to Hacking Web Applications

A web application is a program or software that runs on a web browser to perform specific tasks.  Any web application has several layers – web server, the content of the application that is hosted on the web server and the backend interface layer that integrates with other applications. Web application architecture is scalable and has components which have high availability.Hacking is the process of the appropriating the web application from its actual user by tinkering in various ways.  The web application hacker needs to have deep knowledge of the web application architecture to successfully hack it. To be a master, the hacker needs to practice, learn and also tinker with the application.Web application hacking requires tenacity, focus, attention to detail, observation and interfacing. There are many types of web application hacking, and many defense mechanisms available to counter and to protect the application from being hacked.Core defense mechanismsThere are four categories in which we can protect the web application:User access handling to the application data and functionalityUser input handling  Suitable defensive and offensive measures to frustrate the hackerApplication configuration to get the alert in case of unauthorized accessUser AccessA web application provides different roles for user access depending on the business requirement and use cases.  A classic example is a digital banking scenario, where the customer wants to access the banking functions to get the balance from his account or transfer the cash to someone else. Another example is a scenario where a Linux administrator wants to provide privileges and rights to authorized users.The web application uses the below security mechanisms:AuthenticationSession managementAccess controlAuthentication is identifying a user to whom the credentials belong. This can be done using is a user name and password.  Additional authentication can be done through the user’s mobile number or biometrics.Session management is the process of the user being signed in throughout, while using the web application.  Every time the user logs in to use the application, it is recorded as a session. Sessions can vary depending on the use case and application.Access control is a process of protecting the HTTP requests in Web application. This is the last layer of defense in the user access.User InputAll the user inputs in the web application are always untrusted. A web application should have defense mechanisms in place to prevent the user from writing malicious code or breaking the website.  We can handle the user input validation at various levels based on the need of the business.Input handling to reject all words related to hacking- this is a process of blacklisting them which the web server will check and confirm. These are called Semantic Checks.Also creating a set of rules to accept the user inputs – for example, only numbers that are safe for Bank account access can be used. This is called Safe Data Handling.We need to have multi-step validation where every component is checked for user inputs in the web application.We can have boundary validation to check all the external interfaces with the applications.Handling HackersTo get more sensitive alerts in the web application we need to have followingAudit logs recordsIP address blockingIntrusion Detection systemsFirewallsWe need to have application configuration with the key alert that has to be notified immediately when any hacker gets into the web application.Web application technologiesThe top web technologies that developers are using for web development are as below:HTMLCSSProgramming LanguagesJavaScript Coffee Script Python Ruby PHP GO Objective C SWIFT JavaFrameworks Node.JS Ruby on Rails Django Ionic Phonegap Bootstrap Foundation Wordpress Drupal .NET Angular JS Ember JS Backbone JSLibraries J Query UnderscoreDatabase MongoDB Redis Postgres SQL MySQL Oracle SQL ServerData Formats JSON XML CSVProtocols HTTP DDP RESTDigital Technologies for Web ApplicationsWeb Assembly – similar to JavaScript Movement UI Design Chabot’s Artificial Intelligence Dynamic Web Applications – PWA Blockchain Single Page Applications Web Server Software Computerized Transformation AMP Wins VR and AR Symfony LaravelBypassing client-side controlsThe process of sending data from server to client is very common in web applications.  The reverse is also true when client sends the data to the server. It is normal for software developers to assume that the client will not modify the data.  Avoiding the storage of data within the user session can help in security and also increase performance. Modifying the data stored in the client side is easy in comparison to the server side by the hacker.Two ways exist for bypassing: Application relies on client-side data to restrict the user input. So, restricting the client side controls the security. Application gathers data that is entered by user, the client implements methods to control the previous data.For both the options, the following are the techniques to by-pass client side controls: HTML form features Client Side Scripts Thick Client technologiesAuthentication and AuthorizationWeb applications have both authentication and authorization as key concepts supporting the web applications.Authentication refers to any verification process that checks whether a human or automated system is who or what it claims to be. Authentication is the process of verifying the identity of the individual. A unique identifier is added for the web application like Password, Login or username.  We can use OpenID, OAUTH, and SAML. The entire Authentication depends on the HTTP/HTTPS implementation.Authorization is a process in which we have controls to allow or restrict resources. It is entirely dependent on business use cases and it varies end to end.  For strengthening the authorization we should implement logging for all privileged actions. Invalid sessions should be made to log out. So we need to have strict controls on both the concepts to prevent hacking of web applications.XSS – Cross site scriptingThis is a type of injection in which malicious scripts are injected to trusted websites.  A hacker uses a web application to send malicious code. This is in the form of browser-side script. The end user has no way to know that a hacker has entered into the web application and he continues to execute the script. Script can access cookies, session tokens and all other sensitive information and even have the capability to rewrite the entire HTML page content.Types of XSS Stored XSS Reflected XSS DOM based XSSAll these can occur in Client XSS or Server XSS.Bypassing blacklists and whitelistsBlacklist refers to the practice of not allowing certain addresses and blocking them based on the need and requirement. They can be IP address, Networks and URLs.Whitelist indicates that a server would only allow through requests that contain a URL on an accepted list, and other requests will fail.Whitelist are harder to bypass as they are default controls in the web application.  The concept is that it redirects to the internal URL. We can bypass a blacklist byFooling it with redirects Tricking with DNS IPV6 address usage Switching out the encoding Hex Encoding Octal Encoding Dword Encoding URL Encoding Mixed EncodingCSRF – Cross site request forgeryCSRF is an attack that forces an end user to execute unwanted actions on a web application which is already authenticated. The hacker can send a link via an email and chat, and may trick the users of a web application into executing actions. In case the attack is on an administrator account the entire web application can be compromised. Unvalidated redirects These are possible when a web application accepts untrusted input. This can cause the web application to redirect the request to a URL containing untrusted inputs. Through the modification of the Untrusted URL input to a malicious site, the hacker launches a phishing attack and steals the user credentials.These redirects using credentials can also give the hacker the privilege functions which normally they cannot access.We need to have the user provide a short name, ID or token which is mapped server-side to a full target URL and this gives protection to the entire process.SQL injectionSQL injection is a process of injecting the malicious SQL query via the input data from the client to the web application.SQL injection can modify, read, and delete the sensitive information from the Databases. Has the ability to issue commands to the operating system Administration controls on the operations of the database Done through simple SQL commandsFile upload vulnerabilitiesWeb applications have these functionalities and features of uploading files.These files can be text, pictures, audio, video and other formats.We need to be careful while uploading files.A hacker can send a remote form Data POST request with mime type and execute the code.With this, the files upload will be controlled by the hacker.Attacking the application serverThe various formats of the attacks on the application server are listed below:Cross-Site Scripting (XSS)SQL Injection (SQLi)File upload  Local File Inclusion (LFI)Distributed Denial of Service (DDoS)Web application hacker’s toolkitThe hacker’s toolkit is as given below:Intercepting Web proxy – Modifies all HTTP messaging between browser and web applicationWeb application scanner -  For the hacker to get the entire information about the web application.A few of the tools which belong to the above two categories:Kali LinuxAngry IP ScannerCain & AbelEttercapBurp SuiteJohn the RipperMetaspoiltWeb application hacker’s methodologyConclusion:In this article, we have covered the entire hijacking web application concepts end to end. We have discussed the concepts of web applications and covered topics such as - Core defense mechanisms, Web application technologies, Bypassing client-side controls, Authentication and authorization, XSS – Cross site scripting, Bypassing blacklists and whitelists, CSRF – Cross site request forgery, Unvalidated redirects, SQL injection, File upload vulnerabilities, Attacking the application server, Web application hacker’s toolkit, and Web application hacker’s methodology.
9551
Introduction to Hacking Web Applications

A web application is a program or software that ru... Read More

Introduction to Session Hijacking Exploitation

In this article we will be talking about session hijacking and exploitation. You will learn about session management with its applications and the common ways of hacking session tokens. You will also learn how the key methods of session hijacking helps the hacker to penetrate the session. Get to know the differences that are present between session hijacking, session fixation and session spoofing, and also the activities that attackers will perform after the successful session hijacking. Finally, learn how we can prevent the session hijacking.Introduction to session managementSession management is a rule interface that helps interaction of the user with the web applications. HTTP is the communication protocol that websites and browsers use to interact and share the data. A session is a continuous HTTP request. Transactions are created that belong to the same user. HTTP is a stateless protocol.  The response pair and request are completely Predictable Session Tokens of the similar web interface and interactions.  Current command is not dependent on the previous command.  This makes us bring in the concept of session management which primarily interfaces the authentication and access control. These are both enabled in web applications.There are primarily the following types of session management:CookieURL RewritingThey can be used as silos or can be used together.  The best use case is to track the number of unique visitors to the website.Introduction to session hijacking and cookiesSession hijacking refers to an attack on a user session by a hacker. The session is live when we log into any service. The best use case is when we log in to our web application, say banking application, to do some financial transaction.  The other name for the session hijacking is Cookie Hijacking or cookie side jacking.  The more accurate information that a hacker gets regarding our sessions, the more precise is the hacker’s attack. This session hijacking is common for browser sessions and web applications.Session Hijacking WorkflowCommon ways of hacking session tokensA session Token can be compromised by the following ways:Predictable Session TokenSession ID should be unpredictable in the browser or the web application.Session token should be extremely descriptive for the hacker to not recognize it easily.Should not be with short session keys.Session SniffingAttacker uses a valid sniffer to capture the valid session ID.The hacker gets unauthorized access to the web server.Client Side attacks – ( XSS, Malicious JavaScript Codes, Trojans)Hacker hijacks the session ID by using the malicious code or programs running at the client side.Cross Site Scripting attack is very common to steal the session token.Can be done with malicious JavaScript codes.Man in the Middle attackThe hacker intercepts the communication between two systems.Hacker can split the original TCP connection into two new connections, Client and hacker and another hacker and server.Hacker acts like a proxy server and will be able to read, modify or edit the data.Man in the Browser AttackVery similar to the Man in the Middle Attack.Trojan Horse is used to intercept.Manipulation done between the browser and application.Key methods of session hijackingThere are five key methods of Session hijacking:Session FixationSession Side JackingCross Site ScriptingMalwareBrute ForceSession FixationThe hacker or attacker already has information about the session ID of the user. The hacker would have sent the email containing the Session ID. Attacker has to wait for the user to login. The hacker sends the user a crafted login that contains the hidden field with the fixed session ID.Session Side JackingHacker uses the packet sniffing technique to find the network traffic between two parties. Hacker then steals the session cookie. Most possible attacks happen in Unsecured Wi-Fi Spots. Even if the websites use SSL, the hacker can easily attack the networks to access the servers and get access to information or session of the users. Hacker uses Man in Middle Attack as one of the classic use cases for this session side jacking.Cross Site ScriptingAttacker sends the user a running code to get a copy of the cookie.For the user, these seem trustworthy as it is the server information.Typically, the hacker uses client-side script, such as JavaScript. This code attacks the browser to execute arbitrary code and provides information on session hijacking. Types – Reflected XSS,  Stored XSS, DOM- Based XSSMalwareUnwanted programs to steal the browser cookie files Performed without a user knowledge to obtain file or memory contents of the user’s computer or the server Hacker creates a client browser temporary local storage called as Cookie Jar.Brute ForceHacker uses key generation algorithms to get the session ID.Algorithm recognizes the sequential keys.Maximizes the predictable sessions and accesses the user's active session.Entropy is compromised using Brute Force and hacker is successful in stealing the information.Can only be protected with short predictable session identifier.We can use longer session keys.Exploiting the session hijack vulnerabilityFour categories of Vulnerabilities exploit the session hijack:XSS VulnerabilitiesInjecting Client-Side ScriptsJavaScript is embeddedCreates a faulty page and hacker attacksSession Side Jacking VulnerabilitiesUse packet Sniffers to attackE.g.- Man in the middle attackSession Fixation VulnerabilitiesMainly done through fake websitesUser assumes it is an original link and clicksMalware Installation VulnerabilitiesThe hacker sends the malicious code to disrupt the application or networks or the communicationHacker gets access to the applicationsOverall, the hacker exploits session hijacking through various vulnerabilities making the system highly unstable and gains unauthorized access. The user is not aware of any of the system changes, and he assumes that the session is original. The hacker gains control of the data or information through these vulnerabilities.Difference between session hijacking, session fixation and session spoofingTopicSession HijackingSession FixationSession SpoofingGoalTo get unauthorized access to active user sessionTo get unauthorized access to active user sessionTo steal or modify the dataMethodThrough Sniffing network trafficThis is an inverted technique to get access through pre-defined session cookie planted in the user browserCan be done through fake Email, fake Website or fake IP address creationsActivityPerformed on user who is currently logged in and already authenticatedThe hacker already knows the session IDs for getting unauthorized accessAttackers use stolen or counterfeit session tokens to initiate a new session and impersonate the original user, who might not be aware of the attackWhat Can Attackers Do After Successful Session Hijacking?The attacker can perform any action that the user was carrying out with his credentials.The hacker can gain access to multiple web applications, from financial systems and customer records to line-of-business systems potentially containing valuable intellectual property. The attacker can use session hijacking cookies for identifying authenticated users in single sign-on systems (SSO). Here are a few examples:Attackers can log into bank accounts for transferring moneyHackers can use the access for online shoppingHackers can get access to sensitive data and sell it on the dark webHackers can demand a ransom from the user in exchange for the dataPrevention of Session hijackingSession hijacking can be protected by taking preventive measures on the client side.Software Updating, End Point Security will be a key from a user side. Having Biometric authentication for every user session can prevent attacks. End to End encryption can be done between the user browser and web server using secure HTTP or SSL. We can have the session value stored in the session cookie. We can have an automatic log off after the session ends. We can use session ID monitors. VPN use can prevent unauthorized access. Web server generating long random session cookies can prevent attacks. Usage of Session ID monitors enhances security. Deleting the session cookie from the user server and computer enhances security. Having different HTTP header order for different sessions is a good precaution.ConclusionIn this article we have covered the key concepts of session hijacking and the ways by which this activity can be performed by the hacker. We have discussed the methods for unauthorized access by hackers or attackers, including the techniques used by hackers for injecting vulnerabilities. We have understood the concept of Session spoofing and Session fixation.  We learnt the various activities that a hacker can perform after getting control of the user session, and finally touched upon how to prevent session hijacking.
4318
Introduction to Session Hijacking Exploitation

In this article we will be talking about session h... Read More

ITIL Practitioner: Core Competencies, Guiding Principles and Service Strategy Importance

In my previous post, I wrote a beginners article for ITIL practitioner. There I spoke about how ITIL practitioner certification fits in the entire ITIL framework, we briefly touched upon the examination format for ITIL practitioner course, I wrote about what benefits you and your company can have if you choose to take ITIL practitioner certification and most importantly, I tried to answer the question, “whether you should choose to go for ITIL practitioner certification or not”. Now, in this post, I will try to delve a bit deeper into the other but very important aspects of ITIL practitioner course and those are following: What are the core competencies of ITIL Practitioner Various guiding principles of ITIL Practitioner And to answer the question of the previous post- “Why service strategy is considered the core of ITIL and ITSM framework” Let’s start! Core competencies of ITIL Practitioner: Core competencies refer to the major engine behind ITIL framework. All the processes, steps, functions and techniques revolve around these competencies in the ITIL universe. These three core competencies are as follows: Critical competency Guiding Approach CSI or Continual Service Improvement Critical Competency talks about the critical requirements that any member or professional or organization should possess if they want to achieve success in their service-based projects. Those competencies have been categorized into 3 sections: Communication Organizational change management Measurement and Metric I personally, like to refer to them as CMO [for the ease of memorization]. As expected, communication refers to the paradigm where every individual in your team/project is able to articulate his/her needs, wants, requests in a clear concise manner and as well as to be able to decipher the sender’s message in its accurate form of meaning. Not only this, it also covers the area where the project manager or the project owner needs to ensure that communications to all stakeholders, customers, internal or external are handled properly, documented for future reference and lead to overall service satisfaction. Measure and Metrics deals with the obvious concept that what you can’t measure, you can’t improve. Hence, you will not be able to gauge with accuracy if your service is providing the benefits or not, if your project is on track or not or if the service that is eating resources is performing its intended job or not. For example, an internet search engine service might be able to return more than 1000 results for the most basic of queries. But whether those results are relevant to the user or not will decide the fate of your internet search engine company. In the above case, the internet search engine service is doing the job well by returning more than 1000 results to choose, but if none of those results are the ones user is looking for then it is a failure. And you will not be able to know if you can’t measure effectiveness, efficiency, user satisfaction etc. Hence, measurement on the scale of defined metrics is very important competency to have in ITIL. Organization change management depicts an organizational structure that deals with change management for the service you are providing. Let us continue with the example of Internet search engine service.  Once you could identify, through Measurement and Metrics, that your service was not returning relevant results for your users, then obviously you will engage your engineering team to work on the improved service design. New service design will require changes in the existing search engine code, infrastructure and may be configurations as well. Not all changes, can be, should be and will be approved. Right? We all know that. So there needs to be a change management board for your organization [or project] that will discuss the merits and demerits of all the proposed changes, prioritize them as per business benefits and costs involved, then finally give go-ahead or not. This is what organizational change management is all about. No service management project or organization can succeed if they do not have these 3 competencies sorted out perfectly. And that is where your role as an ITIL practitioner becomes important. Guiding Principles of ITIL Practitioner Now since your project and organization has entrusted you to get the service management perfect and set the core competencies in place and get the parts moving, being a thorough professional and an ITIL practitioner, you will do those perfectly well. Because you have the knowledge required to do this. But what should be your guiding principles for the situations that are not mentioned in the ITIL practitioner guide, what should decide your way forward when you will encounter roadblocks resisting change, and what values should you believe in before you explain the needs of these improvements to stakeholders. And those mantras to guide you in difficult, uncertain, moralistic situations are known as “Nine Guiding principles of ITIL Practitioner”. I personally believe that even if you lose your ITIL practitioner guide [which I hope you don’t because it is not cheap] or if you forget the technical knowledge, as long as your guiding principles are correct you will never falter on your journey. Those principles are as follows: Focus on Value: Always try to look beyond materialistic gains. Look for long-term value. Will it help the organization in long run? Will it solve some genuine problems? Will your customers/users thank you for it? Design for experience: Always ask your designer to keep themselves in the user’s shoes and try to use the service as if they were them. Then check if this current service is being helpful to them or not. This actually helps eliminate a lot of faux pas that actually look good in presentation but are miserable failures when released to the market. Start where you are: There could be multiple interpretations to this statement, but in simple terms, it states, do not forget who you are, where you come from and what your current ground reality is. If you are clear about these things, then more often than not, you will make correct plans. Work Holistically: Always remember, your work and your service not only help solve a problem, but it interacts with a lot of other components in the ecosystem also whether technical, mechanical, and emotional or culturally. So work holistically. An internet search engine may provide accurate results, but in a country where those results are banned or are offending the audience’s religious faith can seriously backfire on you and your organization. Progress Iteratively: Always break the problem into smaller pieces and achieve one or two steps at a time. This helps you get user feedback and improve your service at a low cost, rather than creating the whole service and finding out that there is no market for it. Observe directly: What if you rely on sources to get you the feedback or user reactions or problems data and later on find out that the “source” did not understand the feedback properly, leading you to make something that was not required at all. Or worst, the “source” had vested interest and now your service is out of the market. So don’t take the risk. Focus more on getting the data directly. Be Transparent: Good or bad, whatever be the situation, it should be clearly communicated to your stakeholders. All the decisions along with their rationale should be explained to the audience. Precaution should be taken to not divulge unintended information to the unintended audience. Still, there should be transparency. For example, you got a feedback that in the Middle East your service was gaining negative publicity due to the search results being rendered on a particular topic in spite of the government directive against doing so. In such cases, you are expected to inform your stakeholders about the situation, your plan to tackle it and to inform the end user about the upcoming change. You need to explain the exact problem and its implication to the business users, but you need not maintain the same detailing while sending out communication to market users. So use your filtering mechanism but ensure that transparency is maintained. Collaborate: Not everybody has answer or solution to everything. So better to get best people for their competencies and sometimes, more minds can give you better results. So mix and collaborate. Simple! Keep it simple: Means keep things simple and do not overcomplicate them for showing proficiency. And finally, continually improving service talks about the goal where you have to keep finding ways to improve your service through measure and metrics via communication and organizational change management. So these are the 3 competencies of an ITIL practitioner along with their 9 guiding principles- Why is service strategy the core of ITIL Practitioner? You will be amazed by the answer! It keeps in line with the 9th guiding principle of ITIL. And that principle was: Keep it simple! And this is the reason, I did not answer this question up until now. The answer is: Service strategy deals with the knowledge of what service are you [as a company] going to create through this project and why. It talks about the plans to be executed to develop this service, how to market it, how to provision it, what business benefits will it drive for users and for the organization. So once you have that clear, all your plans, processes, techniques need to be modified to align with that goal, else there is no point of creating an internet search engine service that gives wrong results to the user even if it works very fast.  And this is the reason why Service strategy is the core of ITIL practitioner. Because you need to make it clear to the team you are going to work with!  
1048
ITIL Practitioner: Core Competencies, Guiding Prin...

In my previous post, I wrote a beginners article f... Read More

Useful links