Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Implementing ITIL", Randy A. Steinberg

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Implementing ITIL", Randy A. Steinberg
Date: Wed, 01 Aug 2007 08:29:50 -0800 
BKIMITIL.RVW   20070228

"Implementing ITIL", Randy A. Steinberg, 2005, 141206618-2
%A   Randy A. Steinberg RandyASteinberg@aol.com
%C   Suite 6E, 2333 Government Street, Victoria, BC   V8T 4P4
%D   2005
%G   141206618-2
%I   Trafford Publishing
%O   888-232-4444 FAX 250-383-6804 sales@trafford.Com
%O  http://www.amazon.com/exec/obidos/ASIN/1412066182/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1412066182/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1412066182/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   489 p.
%T   "Implementing ITIL"

Chapter one notes that there are problems in how information
technology (IT) works in supporting the enterprise.  Steinberg does
mention that there should be better integration of the various parts
and functions of IT service, that IT service management (ITSM) should
be performed better, and that the Information Technology
Infrastructure Library (ITIL) is a framework for improving ITSM, but
does not, at this point, define either ITIL (and never does explain
ITSM).  Nine general principles for success are listed in chapter two. 
The precepts are sound (such as targeting the "Pareto" processes that
are going to give you the best results for least effort), but vague:
there are almost no details on how to accomplish this wonderful state. 
Chapter three provides a generic and rather terse outline of a general
project management cycle, under the heading of a process for
implementing ITSM over a period of a year.  Modification of the
culture of a corporation is a massive and difficult task: the
suggestions in chapter four have some interesting and useful detail in
regard to communications, but disregard the challenges involved.  A
catalogue of roles for large teams and projects is given in chapter
five: this is probably too large for most ITSM ventures.

Chapters six through eleven outline the general stages in a project
cycle, albeit with idiosyncratic names for most phases (and missing a
few steps, such as requirements definition, testing, post-
implementation assessment, and maintenance).  The material is
reasonable, although quite terse and vague.  A great deal of space is
devoted to forms, checklists, and questionnaires.  These would
probably be quite useful as templates for those involved in an ITSM
improvement project, but would have to be refined for a specific
situation.  "Vision," in chapter six, is basically the project concept
or initiation phase.  "Assessment" is given a separate chapter
(seven), but seems to be part of the concept definition.  Planning is
in eight, and implementation in nine.  "Initial wins" are described,
in chapter ten, as small, quick projects that provide some early
"high" returns on the efforts.  The text outlines a management cycle
for small projects and so duplicates a good deal of material that was
presented earlier.  There is also a list of initial win projects,
although the value of most is questionable and they would have to be
carefully reviewed for a specific environment.  "Control work," in
chapter eleven, is partly implementation of small projects, partly
overall project documentation and management, and lots of workflow
model charts: the content is rather a mixed bag.

Chapter twelve finally gets around to some details of ITIL: the text
does, rather briefly, present the topical areas (known, in ITIL
parlance, as processes) of the management of incidents, problems,
change, release (of software), configuration, service levels,
availability, capacity, continuity, finance, the service desk, and
security.  A poorly explained and formatted two-dimensional chart of
the information flow between processes makes up chapter thirteen. 
Various software utilities and their bare-bones functions are listed
in fourteen, while fifteen mentions miscellaneous documents related to
the ITIL processes.  Chapter sixteen has a terse catalogue of roles
and job descriptions for the processes.  Guiding principles are
defined, in chapter seventeen, in a way that is very similar to vision
or mission statements, albeit with somewhat more detail.

(ITIL is a decent overview of the provision of IT services, but note
that it has gaps.  For example, incident response is seen only in
terms of customer service, without any relation to security.  Security
management has solid and important directives on management, a
holistic approach, policies, and audit, but when it comes to the
actual provision of controls, the advice is to have proper ones,
without much detail on what those might be.)

The title of the work is somewhat misleading.  The largest part of the
book has to do with generic project management.  ITIL does get some
presentation, but not until the book is more than half over.  In
addition, the work is poorly structured and written.  The end of
chapter sixteen, as one example, talks about roles for "ICT," but ICT
is not defined until the end of chapter seventeen (and then only as
"Infrastructure Control").  The material is not complicated, but the
writing is frequently unclear, and it is only the simplicity of the
basic concepts that prevents the reader from getting lost.  (Sometimes
the writing is completely off the wall.  "Fix just one IT service
problem per day and within 90 days you will have made 107 service
improvements" is clearly self-contradictory.)

For those who have not done much in the way of project management,
there are some helpful guides that will get you going (although you
will need to check in other references such as Scott Berkun's "The Art
of Project Management" [cf. BKARPRMA.RVW] or "Applied Software Project
Management" by Stellman and Greene [cf. BKAPSWPM.RVW] in order to deal
with the missing bits).  For those not familiar with ITIL, chapter
twelve is a reasonable introduction.  For those working to improve
ITSM within their enterprises you will probably need a bit more help
than is provided herein.

copyright Robert M. Slade, 2007   BKIMITIL.RVW   20070228


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
  If you do buy a computer, don't turn it on. - Richards' 2nd Law
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Implementing ITIL", Randy A. Steinberg, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Date:  [CISSP-D] CISSP achieved - sharing my experience, Syed Ali Abbas
Previous by Thread:  [CISSP-D] File - ++CISSP-Discuss.doc, CISSP-Discuss
Next by Thread:  [CISSP-D] CISSP achieved - sharing my experience, Syed Ali Abbas
Indexes:  [Date] [Thread] [Top] [All Lists]