http://www.processdox.com/forum/ Thu, 11 Mar 2010 03:40:07 +0800 MyBB http://www.processdox.com/forum/showthread.php?tid=243 Thu, 18 Feb 2010 22:17:56 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=243

ITIL V3 Foundation Complete Certification Kit - 2009 Edition: Study Guide Book and Online Course - you get more than a book: you also get access to online CBT training. The Amazon reviews (linked above) give this combination high marks.

Foundations of IT Service Management: The Unofficial ITIL v3 Foundations Course in a Book is another book that gets high marks, and the associated web site contains sample examinations (login from the book is required), as well as instructor materials that you can use to teach ITIL within your organization using the book as student textbooks.

]]>

ITIL V3 Foundation Complete Certification Kit - 2009 Edition: Study Guide Book and Online Course - you get more than a book: you also get access to online CBT training. The Amazon reviews (linked above) give this combination high marks.

Foundations of IT Service Management: The Unofficial ITIL v3 Foundations Course in a Book is another book that gets high marks, and the associated web site contains sample examinations (login from the book is required), as well as instructor materials that you can use to teach ITIL within your organization using the book as student textbooks.

]]> http://www.processdox.com/forum/showthread.php?tid=242 Thu, 18 Feb 2010 21:07:29 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=242 newScale's service catalog offerings are among the best I've seen. In fact, Ajay Arora's presentation, titled Newscale's Actionable Service Catalog shows just how much the company 'gets it' and it shows in the design. Regardless of whether or not you are in the market for a service catalog tool or are developing one in-house I strongly recommend downloading the presentation. I also recommend Defining IT Success Through The Service Catalog: A Practical Guide, Second Edition, which was written in part by Newscale's founder and CTO.]]> newScale's service catalog offerings are among the best I've seen. In fact, Ajay Arora's presentation, titled Newscale's Actionable Service Catalog shows just how much the company 'gets it' and it shows in the design. Regardless of whether or not you are in the market for a service catalog tool or are developing one in-house I strongly recommend downloading the presentation. I also recommend Defining IT Success Through The Service Catalog: A Practical Guide, Second Edition, which was written in part by Newscale's founder and CTO.]]> http://www.processdox.com/forum/showthread.php?tid=241 Wed, 17 Feb 2010 05:54:23 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=241 Board Briefing on IT Governance (2nd edition) is a 66 page guide published by the IT Governance Institute and,despite the page count, is quick reading with a lot of information packed into every page.]]> Board Briefing on IT Governance (2nd edition) is a 66 page guide published by the IT Governance Institute and,despite the page count, is quick reading with a lot of information packed into every page.]]> http://www.processdox.com/forum/showthread.php?tid=240 Wed, 17 Feb 2010 04:10:52 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=240 this listing. An example is shown in the description of capacity management.

Dave Hawley has an interesting set of pages that appear to be evolving into an encyclopedia of ITIL processes. This one is worth a visit.]]> this listing. An example is shown in the description of capacity management.

Dave Hawley has an interesting set of pages that appear to be evolving into an encyclopedia of ITIL processes. This one is worth a visit.]]> http://www.processdox.com/forum/showthread.php?tid=239 Wed, 17 Feb 2010 04:06:43 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=239 Enterprise Architecture page contains a treasure trove of practical information regarding service oriented architecture guidelines, broken out as:

• Architecture Types (business, information and technology)
• Technology Types
• Business Areas
• Artifact Types

The last grouping is particularly interesting, especially the concept of bricks. I like the concise manner if which each brick is described, and found the catalog of bricks particularly invaluable.

Another invaluable resource I stumbled upon is the State Government of South Carolina's format for describing each ITIL process area in this listing. An example is shown in the description of capacity management.]]> Enterprise Architecture page contains a treasure trove of practical information regarding service oriented architecture guidelines, broken out as:

• Architecture Types (business, information and technology)
• Technology Types
• Business Areas
• Artifact Types

The last grouping is particularly interesting, especially the concept of bricks. I like the concise manner if which each brick is described, and found the catalog of bricks particularly invaluable.

Another invaluable resource I stumbled upon is the State Government of South Carolina's format for describing each ITIL process area in this listing. An example is shown in the description of capacity management.]]> http://www.processdox.com/forum/showthread.php?tid=238 Wed, 17 Feb 2010 02:04:47 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=238 January 2010 edition of ServiceTalk has an article that covers ITIL from inception to today. A great piece of history and worth bookmarking (or downloading).]]> January 2010 edition of ServiceTalk has an article that covers ITIL from inception to today. A great piece of history and worth bookmarking (or downloading).]]> http://www.processdox.com/forum/showthread.php?tid=237 Sat, 13 Feb 2010 04:11:39 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=237 http://technet.microsoft.com/en-us/libra...61988.aspx]]> http://technet.microsoft.com/en-us/libra...61988.aspx]]> http://www.processdox.com/forum/showthread.php?tid=236 Sat, 13 Feb 2010 04:09:05 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=236 Oracle Database Capacity Planning. While Mr. Manoharan addresses Oracle-specific facilities and collection points, he also outlines a capacity planning model that will work with any application, infrastructure CI or database. See slide 4 for the model.

A more theoretical approach is A Capacity Planning Study of Database Management Systems with OLAP Workloads, which is a thesis by Xilin Cui. Although the writing style is [understandably] academic, the material is solid and contains ideas and an overall approach that is both practical and directly applicable to real world capacity planning. Another academic-centric approach is in journal article by Joshua Onome Imoniana. What makes this particular article important is how Mr. Imoniana breaks down stakeholders of the process into views: Corporate view, Technical view, User view, Executive view. This places capacity management into a business context that is important to keep in mind.

Capacity Planning as a Performance Tuning Tool—Case Study for a Very Large Database Environment is relatively generic; i.e., vendor neutral, while showing real world examples of how to tie together capacity management and performance tuning - a bridge between capacity management and service level management process areas.

While Supporting Capacity Planning for DB2 UDB is ostensibly about DB2, the principles - as those contained in the preceding documents - are applicable to a more generic approach to both database capacity management and capacity management in general.

The final document, Capacity Planning for Web Operations, isn't really about database capacity management, but I am throwing it in because I liked the presentation and approach as set forth by John Allspaw at Flickr.]]> Oracle Database Capacity Planning. While Mr. Manoharan addresses Oracle-specific facilities and collection points, he also outlines a capacity planning model that will work with any application, infrastructure CI or database. See slide 4 for the model.

A more theoretical approach is A Capacity Planning Study of Database Management Systems with OLAP Workloads, which is a thesis by Xilin Cui. Although the writing style is [understandably] academic, the material is solid and contains ideas and an overall approach that is both practical and directly applicable to real world capacity planning. Another academic-centric approach is in journal article by Joshua Onome Imoniana. What makes this particular article important is how Mr. Imoniana breaks down stakeholders of the process into views: Corporate view, Technical view, User view, Executive view. This places capacity management into a business context that is important to keep in mind.

Capacity Planning as a Performance Tuning Tool—Case Study for a Very Large Database Environment is relatively generic; i.e., vendor neutral, while showing real world examples of how to tie together capacity management and performance tuning - a bridge between capacity management and service level management process areas.

While Supporting Capacity Planning for DB2 UDB is ostensibly about DB2, the principles - as those contained in the preceding documents - are applicable to a more generic approach to both database capacity management and capacity management in general.

The final document, Capacity Planning for Web Operations, isn't really about database capacity management, but I am throwing it in because I liked the presentation and approach as set forth by John Allspaw at Flickr.]]> http://www.processdox.com/forum/showthread.php?tid=235 Sat, 13 Feb 2010 01:50:42 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=235 Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector is a collection of case studies, findings and recommendations that should be incorporated into any organizational security awareness program. In fact, it provides some guidance with respect to what should be in a security awareness program.]]> Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector is a collection of case studies, findings and recommendations that should be incorporated into any organizational security awareness program. In fact, it provides some guidance with respect to what should be in a security awareness program.]]> http://www.processdox.com/forum/showthread.php?tid=234 Sat, 13 Feb 2010 01:46:40 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=234 Effective Risk Analysis is a good overview of Peltier's approach to risk management. For further reading, I strongly recommend the following books by Peltier:

Information Security Risk Analysis, Second Edition

Managing A Network Vulnerability Assessment]]> Effective Risk Analysis is a good overview of Peltier's approach to risk management. For further reading, I strongly recommend the following books by Peltier:

Information Security Risk Analysis, Second Edition

Managing A Network Vulnerability Assessment]]> http://www.processdox.com/forum/showthread.php?tid=227 Sat, 13 Feb 2010 01:22:53 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=227 Errant Architectures is a "must read" by architects and developers who actually care about service level management and performance. And, yes, I do believe there are architects and developers who do, although they are as rare as unicorns. Here is the lead-in to the article:When we let objects wander, we all pay the performance price. Here's how to avoid distributed dystopia's overhead of remote procedure calls and ignore middleware's siren song.]]> Errant Architectures is a "must read" by architects and developers who actually care about service level management and performance. And, yes, I do believe there are architects and developers who do, although they are as rare as unicorns. Here is the lead-in to the article:When we let objects wander, we all pay the performance price. Here's how to avoid distributed dystopia's overhead of remote procedure calls and ignore middleware's siren song.]]> http://www.processdox.com/forum/showthread.php?tid=226 Thu, 11 Feb 2010 00:23:28 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=226 PowerPoint presentation doesn't break any new ground, but does a good job of showing integration points between software engineering and operations. Food for thought.]]> PowerPoint presentation doesn't break any new ground, but does a good job of showing integration points between software engineering and operations. Food for thought.]]> http://www.processdox.com/forum/showthread.php?tid=225 Thu, 11 Feb 2010 00:08:11 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=225 ISO/IEC 27001 Information Security Management System vs ITIL –IT Security Management covers not only the touchpoints of ISO/IEC 27001 and ITIL from a security perspective, but shows an alignment to each ITIL/ITSM process area. Moreover, this presentation shows a clear path for integrating quality management into the processes. I consider this presentation to be must reading for all IT members, regardless of specialty or disciplines.]]> ISO/IEC 27001 Information Security Management System vs ITIL –IT Security Management covers not only the touchpoints of ISO/IEC 27001 and ITIL from a security perspective, but shows an alignment to each ITIL/ITSM process area. Moreover, this presentation shows a clear path for integrating quality management into the processes. I consider this presentation to be must reading for all IT members, regardless of specialty or disciplines.]]> http://www.processdox.com/forum/showthread.php?tid=224 Tue, 09 Feb 2010 03:12:22 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=224
However, outside of IT there is a rich, proven body of knowledge which can be easily refactored into policies, processes and procedures governing the availability and reliability of the platforms which deliver services to the business. Indeed, much of this material applies to financial management, service continuity management and other ITIL/ITSM process areas, but I am going to keep the discussion here.

One document that contains a wealth of information is the US Air Force's Maintenance Metrics Handbook. While the book itself is mainly concerned with aircraft maintenance metrics and is very similar to the US Navy's Naval Aviation Maintenance Program, there are ideas that can be borrowed and employed in availability management. In fact, these ideas can be extended to problem management as well. Among them are the concepts of fully mission capable and partially mission capable as indicators of system availability. For asset, configuration and change management (and financial management) the cannibalization rate could be a key performance indicator. This is where a part if taken from a spare or out of commission system and used to restore another to service. If cannibalization is formalized in, say, a rotating asset process, then the metric is useful.

How To Measure Performance: A Handbook of Techniques and Tools is not maintenance-specific, but is also not a document your average IT worker would pick up for an evening of light reading. It is, however, one of the best general purpose handbooks I have read for developing a metrics program, and slices and dices various approaches. At 186 pages it is not fast reading, but if you are truly interested in developing a metrics program (remember, availability is all about metrics), then it is a page turner.

Daryl Mather's The Maintenance Scorecard is, in my opinion, a must read, and also is an eyeopener. Consider one myth, "Myth 2- Availability as Effectiveness" as not only provocative, but thought provoking as well. See also Reliability Centered Maintenance (RCM) Scorecard for a more in-depth treatment of the subject.

What is the True Downtime Cost (TDC)? by Don Fitchett is more concerned with industrial production systems, but can easily be applied to IT systems supporting the business as well.

John S. Mitchell's Reliability Program Scorecard — Description and Use and downloadable spreadsheet is another non-IT resource that is directly applicable to IT and availability management.]]>
However, outside of IT there is a rich, proven body of knowledge which can be easily refactored into policies, processes and procedures governing the availability and reliability of the platforms which deliver services to the business. Indeed, much of this material applies to financial management, service continuity management and other ITIL/ITSM process areas, but I am going to keep the discussion here.

One document that contains a wealth of information is the US Air Force's Maintenance Metrics Handbook. While the book itself is mainly concerned with aircraft maintenance metrics and is very similar to the US Navy's Naval Aviation Maintenance Program, there are ideas that can be borrowed and employed in availability management. In fact, these ideas can be extended to problem management as well. Among them are the concepts of fully mission capable and partially mission capable as indicators of system availability. For asset, configuration and change management (and financial management) the cannibalization rate could be a key performance indicator. This is where a part if taken from a spare or out of commission system and used to restore another to service. If cannibalization is formalized in, say, a rotating asset process, then the metric is useful.

How To Measure Performance: A Handbook of Techniques and Tools is not maintenance-specific, but is also not a document your average IT worker would pick up for an evening of light reading. It is, however, one of the best general purpose handbooks I have read for developing a metrics program, and slices and dices various approaches. At 186 pages it is not fast reading, but if you are truly interested in developing a metrics program (remember, availability is all about metrics), then it is a page turner.

Daryl Mather's The Maintenance Scorecard is, in my opinion, a must read, and also is an eyeopener. Consider one myth, "Myth 2- Availability as Effectiveness" as not only provocative, but thought provoking as well. See also Reliability Centered Maintenance (RCM) Scorecard for a more in-depth treatment of the subject.

What is the True Downtime Cost (TDC)? by Don Fitchett is more concerned with industrial production systems, but can easily be applied to IT systems supporting the business as well.

John S. Mitchell's Reliability Program Scorecard — Description and Use and downloadable spreadsheet is another non-IT resource that is directly applicable to IT and availability management.]]> http://www.processdox.com/forum/showthread.php?tid=223 Tue, 09 Feb 2010 02:30:31 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=223

Rapid Bottleneck Identification - A Better Way to Do Load testing is a short (11 pages) paper by Oracle that can be applied to any web application or DBMS regardless of vendor.

Performance Tuning in a Virtual Environment by Empirix is a tool- and vendor-neutral PowerPoint presentation that is filled with excellent information about testing in virtual environments (and also touches upon rapid bottleneck identification.)

]]>

Rapid Bottleneck Identification - A Better Way to Do Load testing is a short (11 pages) paper by Oracle that can be applied to any web application or DBMS regardless of vendor.

Performance Tuning in a Virtual Environment by Empirix is a tool- and vendor-neutral PowerPoint presentation that is filled with excellent information about testing in virtual environments (and also touches upon rapid bottleneck identification.)

]]> http://www.processdox.com/forum/showthread.php?tid=222 Tue, 09 Feb 2010 02:04:13 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=222 Project Management Metric Guide is an invaluable, 55-page collection of all key performance indicators associated with project management.]]> Project Management Metric Guide is an invaluable, 55-page collection of all key performance indicators associated with project management.]]> http://www.processdox.com/forum/showthread.php?tid=221 Tue, 09 Feb 2010 01:57:48 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=221

Listing of KPIs for each ITIL process area

Article by Hank Marquis titled, How to Measure Service Quality (an interesting aspect is his introduction of Impacted User Minutes (IUM) as a metric.)

Continuous Improvement Using Metrics for ITSM

How to Leverage Metrics to Support ITIL Processes

George Spafford's excellent PowerPoint presentation titled How to Leverage Metrics to Support ITIL Processes (same title as the previous link, but the content is considerably different.)

]]>

Listing of KPIs for each ITIL process area

Article by Hank Marquis titled, How to Measure Service Quality (an interesting aspect is his introduction of Impacted User Minutes (IUM) as a metric.)

Continuous Improvement Using Metrics for ITSM

How to Leverage Metrics to Support ITIL Processes

George Spafford's excellent PowerPoint presentation titled How to Leverage Metrics to Support ITIL Processes (same title as the previous link, but the content is considerably different.)

]]> http://www.processdox.com/forum/showthread.php?tid=220 Tue, 09 Feb 2010 01:43:49 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=220 http://www.isaca.org/AMTemplate.cfm?Sect...ntID=35714

The guidelines are linked to Cobit, with control objectives and review points that need to be in place to pass most audits, including SAS70, SOX, etc.]]> http://www.isaca.org/AMTemplate.cfm?Sect...ntID=35714

The guidelines are linked to Cobit, with control objectives and review points that need to be in place to pass most audits, including SAS70, SOX, etc.]]> http://www.processdox.com/forum/showthread.php?tid=219 Tue, 09 Feb 2010 00:50:31 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=219 Musings on Change Management Metrics. Grab part 1: http://www.infosysblogs.com/ITSM-service...ent_m.html and part 2: http://www.infosysblogs.com/ITSM-service...t_m_1.html

This is an excellent article that I strongly recommend. It adds the dimension of metrics to this critical process, and is closely aligned to V3.]]> Musings on Change Management Metrics. Grab part 1: http://www.infosysblogs.com/ITSM-service...ent_m.html and part 2: http://www.infosysblogs.com/ITSM-service...t_m_1.html

This is an excellent article that I strongly recommend. It adds the dimension of metrics to this critical process, and is closely aligned to V3.]]> http://www.processdox.com/forum/showthread.php?tid=218 Mon, 08 Feb 2010 23:42:38 +0800 mtarrani http://www.processdox.com/forum/showthread.php?tid=218
On patch management and best practices:

• A Best Practice Approach to Implementing a Proactive Patch Management Strategy is a well thought out paper that covers the essentials in 15 pages
• Essentials of Patch Management Policy and Practice by Jason Chan is a quick read that hits upon the essence of patch management. This one is a great management overview
• For those in the Microsoft environment Patch Management Best Practices for WSUS is a wiki that is comprehensive for WSUS
• Sun's approach to patch management is viable for Unix (and Linux) centric sites
• Patch Management: No Longer Just an IT Problem By Michael J. Meyer and Joyce C. Lambert is an excellent article that was published in The CPA Journal Online
• The UK's National Infrastructure Security Co-Ordination Centre's Good Practice Guide: Patch Management is a comprehensive, 42-page paper that covers patch management in depth
• The US Government Accounting Office's Effective Patch Management is Critical to Mitigating Software Vulnerabilities is a transcript of testimony on the subject that should be read at the executive level of all enterprises, government and commercial
• NIST's Special Publication 800-40, Creating a Patch and Vulnerability Management Program is another comprehensive document that weighs in at 75 pages. However, be aware that there are gaps, as noted by NIST guidelines not adequate, warns Gartner

Enter the need for metrics (it's one thing to manage patches, and quite another to manage patch management!) Patch Management and the Need for Metrics addresses the need to add measurements to patch management in order to "meaningfully assess security posture". An HP presentation, Security Analytics Driving Better Metrics provides an executive overview of the value of metrics, while NIST's Performance Measurement Guide for Information Security goes into 80 pages of detail that can be turned into actionable processes and a security metrics strategy.]]>
On patch management and best practices:

• A Best Practice Approach to Implementing a Proactive Patch Management Strategy is a well thought out paper that covers the essentials in 15 pages
• Essentials of Patch Management Policy and Practice by Jason Chan is a quick read that hits upon the essence of patch management. This one is a great management overview
• For those in the Microsoft environment Patch Management Best Practices for WSUS is a wiki that is comprehensive for WSUS
• Sun's approach to patch management is viable for Unix (and Linux) centric sites
• Patch Management: No Longer Just an IT Problem By Michael J. Meyer and Joyce C. Lambert is an excellent article that was published in The CPA Journal Online
• The UK's National Infrastructure Security Co-Ordination Centre's Good Practice Guide: Patch Management is a comprehensive, 42-page paper that covers patch management in depth
• The US Government Accounting Office's Effective Patch Management is Critical to Mitigating Software Vulnerabilities is a transcript of testimony on the subject that should be read at the executive level of all enterprises, government and commercial
• NIST's Special Publication 800-40, Creating a Patch and Vulnerability Management Program is another comprehensive document that weighs in at 75 pages. However, be aware that there are gaps, as noted by NIST guidelines not adequate, warns Gartner

Enter the need for metrics (it's one thing to manage patches, and quite another to manage patch management!) Patch Management and the Need for Metrics addresses the need to add measurements to patch management in order to "meaningfully assess security posture". An HP presentation, Security Analytics Driving Better Metrics provides an executive overview of the value of metrics, while NIST's Performance Measurement Guide for Information Security goes into 80 pages of detail that can be turned into actionable processes and a security metrics strategy.]]>