Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Measuring ITIL", Randy A. Steinberg

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Measuring ITIL", Randy A. Steinberg
Date: Tue, 17 Apr 2007 13:12:15 -0800 
BKMSITIL.RVW   20070119

"Measuring ITIL", Randy A. Steinberg, 2006, 1-4120-9392-9
%A   Randy A. Steinberg RandyASteinberg@aol.com
%C   Suite 6E, 2333 Government Street, Victoria, BC   V8T 4P4
%D   2006
%G   1-4120-9392-9
%I   Trafford Publishing
%O   888-232-4444 FAX 250-383-6804 sales@trafford.Com
%O  http://www.amazon.com/exec/obidos/ASIN/1412093929/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1412093929/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1412093929/robsladesin03-20
%O   Audience s- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   154 p.
%T   "Measuring ITIL"

Chapter one is supposed to be an introduction to the book. 
Unfortunately, it jumps right in without bothering to define some
basics (such as what ITSM is, and why we should want to measure it). 
(It probably stands for Information Technology Services Management,
since ITIL, the Information Technology Infrastructure Library is about
that topic.)  Purportedly an overview of metrics, chapter two is
actually an exhortation to measure things.  Aspects of a metrics model
framework are listed in chapter three, although the details don't do
much to explain any overall structure or operation.

Chapter four is a set of tables of incident response metrics. 
Unfortunately, the material is cyclically self-referential, without
ever explaining real details.  Similar non-definitions are given for
various management areas in subsequent chapters: problems in five,
change in six, release in seven, configuration in eight, service desk
(no management) in nine, service levels in ten, availability in
eleven, capacity in twelve, service continuity in thirteen, IT
financials in fourteen, and IT workforce in fifteen.  (If you are well
familiar with ITIL you will recognize the structure, but the book does
not explain it.)

Chapter sixteen suggests that if you have very few sources of metrics,
then you should collect and display a few metrics.  Chapter seventeen
describes the DICE (Duration, Integrity, Commitment, Effort) model
that attempts to predict the likelihood of success of an ITIL (the
first time the Information Technology Infrastructure Library is
materially mentioned in the book, despite the title) implementation. 
Unfortunately, the text stops short of really explaining how to use
the model, or calculate the parameters you are to enter.  There is a
tiny bit more information on the ITSM Metrics Model Tool, in chapter
eighteen, but unfortunately the detail is on the output side, rather
than input.  Chapter nineteen outlines a full program (including an
enormous staff) for using the metrics, but, since everything is based
on measurements that have not been fully explained, it is hard to say
how useful all of this is.

If you are fully versed in ITIL, this book might help you decide how
to measure your operations.  Mind you, if you are completely familiar
with ITIL, and are using it, you probably already have your own
metrics in hand.

copyright Robert M. Slade, 2007   BKMSITIL.RVW   20070119


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
The goal is a society in which the basic social unit is you and
your television set. If the kid next door is hungry, it's not
your problem. If the retired couple next door invested their
assets badly and are now starving, that's not your problem
either.              - Noam Chomsky (1928- ), The Common Good (1998)
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Measuring ITIL", Randy A. Steinberg, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Information Insecurity", Eduardo Gelbstein/Ahmad Kamal, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] REVIEW: "Information Security Awareness Basics", Fred Cohen, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] REVIEW: "Information Insecurity", Eduardo Gelbstein/Ahmad Kamal, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] REVIEW: "Information Security Awareness Basics", Fred Cohen, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]