Time
3 hours 49 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Welcome to the Idol framework. Updated course from Cyber Eri i t.
00:05
My name is Daniel Riley. I'm your subject matter expert on the idol framework.
00:10
In this video, we're going to talk about the service operation phase, goals and processes.
00:16
Now, the over I'd be a overall idea of this phase is the day to day operation and maintenance and monitoring of all of our active service is on. And this is broken down into several components across several different business organizations
00:35
units as shown here,
00:38
you'll take in information from your service desk and you'll use that feature 80 operations and your financial management plans will talk a little bit about application management and technical management as well.
00:54
So we're talking about ensuring the timely on efficient delivery of all of our service is as the core concept on. We're going to do that through fulfilling of user requests, fixing problems and resolving any service failures that come up.
01:12
And that's in addition, any of our routine operational stuff that we have to be with.
01:19
So the first process we're going to talk about is the event management process. As things happen in on in or environment,
01:26
we collect them in logs, and each one is considered an event. And
01:34
we're going to make sure that we're constantly collecting these events across all our different service is,
01:41
and then we're gonna want to filter and categorize these events based off of their tight. This might be informational. Uh, warning. There might be critical or exceptional events.
01:55
Uh, And now, if we cannot correct the problem to an incident that pops up will create a problem record, and we'll send that off to a problem management function, which will talk more about in just a moment.
02:10
So the sub processes that make up the event management process First, we're gonna start with the rules maintenance, And this is where we maintain all of our technical mechanisms that we put in place to log and monitor events.
02:29
We're going to set those up, and then we're gonna make sure that we
02:31
keep them in a line with our
02:36
assumptions in our environment on make sure that they're generating meaningful events for us.
02:44
Once we collect the events, we're gonna send them through the first level filtering, which is often times called level one. Correlation.
02:52
Um,
02:53
this is where we're just getting rid of the informational events and looking for warnings and exceptions that will need to escalate
03:01
once we find those were gonna escalate. Those two are second level on. This is the response selection level where we interpret the meaning of the event and decide if we need to take some kind of corrective action.
03:17
Once we have decided on a response, we're gonna review that. We've handled all of the events appropriately on. We're gonna make sure all of our vet mugs are up to date and that we've looked for any trends from previous of that mobs, which we might use
03:37
to take better actions in the future.
03:40
All right, so moving into the incident management process, the idea of the incident management processes when something pops up, we want to manage it through the entire life cycle, from reporting all the way through to closing. And the whole idea is to return the service
03:58
back to use for user's as quickly as possible.
04:02
So the process is for the sub processes will use to make up. That process involved the incident management support, which is defining the tools and making sure that the employees have skills necessary in the knowledge acquired to handle incidents
04:18
as well as a system where we are longing and categorizing incidents using some known framework. And we're
04:30
consistently
04:33
evaluate incidents in the same manner.
04:39
So then we'll have our immediate incident resolution. This is also called first Year Supporter, Tier one Tech support. This is where we can solve a service interruption without the need to escalate it. And this is usually based on some agreed service level
04:56
meantime to recovery or some
04:59
of metric like that.
05:01
If we can't solve it in that time, where it's beyond the technical grasp of the tier one support, then it will get escalated to the tear to second to your support. And this is where we're going to involve more resources to investigate it, we might call third party. Ah,
05:20
resource is which are specialists
05:23
from a company to come and help us determine what
05:30
course of action are available to us.
05:33
Uh,
05:35
in the handling of major incidents process. This is where we're going to
05:42
get all hands on deck and
05:46
try to figure out the cause of a serious interruption on and get it back
05:53
without
05:54
so much regard to a service level agreement but a company
06:00
impact business impact case.
06:05
So we're going to use incident monitoring an escalation to pick out the upcoming incidences, incidences
06:15
and going
06:17
to pick countermeasures to introduce them as quickly as possible, hopefully to avoid incidents if at all possible.
06:29
Once we've set up countermeasures to try to avoid any further incidents from happening, will submit the incident report to a quality check, which is basically just to make sure that all of our information is sound. All of the pertinent details air collected
06:48
on and then we're going to keep those records for future reference. In case these events occur again,
06:55
we don't have to go back and rediscover information.
07:00
We also want to proactively inform our users as a part of our incident management process. And this is just the let users know As soon as there's a service problem, you don't want to let a user figure out on their own
07:15
because usually the next thing a user will do is called the help desk or service. That's to find out why there's ah interruption in some service, so if we proactively inform our users that some service is not functioning at the moment,
07:31
we can actually use this to reduced our workload during an incident.
07:39
We're going to want to keep
07:41
detailed records of all of our incidents, and we're gonna want to keep those records for future management in and allow them to inform our other processes going forward. So as our next service strategy session starts,
07:58
we may review our incident logs from the past
08:01
cycles and determine what we want our strategy to reflect in those incidents.
08:11
This is kind of just a workflow for an instant of management process. I wouldn't take too much time to study this simply because incident management from company to company varies. So this is just a NY idea of how one might map it. I would highly suggest
08:31
you asked for your organization
08:33
organization's incident management process.
08:39
So request fulfillment process is really about providing change support to our clients. This is often times in a help or support desk format. Call center support representatives provide this process a lot of the time.
08:58
Um, it was gonna be broken down into fulfillment support, which is all of the tools of process in training that gives skills necessary to handle service requests from clients.
09:13
Then we're going to handle the request. Logging in category categorization very similar to the way we would do an event
09:22
request could be seen as a subtype of an event, in fact, but we're gonna validate that the requester has the authorization to submit this request. And then we're going to record that the request has been made and we're going to make sure that we
09:41
applied due diligence in researching
09:43
on making sure that it's fulfilled.
09:48
Now the request model execution is where we process thes service requests within a timeframe and flow schedule that we have agreed upon neither in our service level agreements are in our operational level agreements and a request model itself
10:07
is simply
10:09
the flow of the process from the time that a request is made, how it enters our environment and how we tracked through its process to closure.
10:22
And we're going to use the request monitoring on escalation process to actually monitor that request model flow on. We're going to make sure that if we detect any deviations or blockages in the flow, we're going to introduce you
10:41
corrective measures as quickly as we can
10:43
to make sure that we keep in line with our service for silver
10:50
after we have monitored and got it through the entire process, we're going to submit the request record to a final quality check very similar to the way we did with our events. And then we're going to keep those records for future reference pretty much for the same reasons
11:11
now. I said that we're going to authenticator or authorize that a user is able to make a request on. And to do that, we can have to talk about these three topics here. Identification, authentication and authorization identification is who you claim to be.
11:30
This could be a user name and email
11:33
or some kind of identifying. Token authentication is some
11:37
method that you provide to prove that your identification is, in fact valid. This might be a password that only you know, or some biometric feature or some other token given to you and only you that should prove your identification uniquely
11:58
and then authorization is the set of permissions, the list of things that you're allowed to do once your identification has been authenticated.
12:11
So the access management processes about granting authorized users the right to use a particular service or subset of service is.
12:22
It's also the flip side of that where we prevent access to non authorized users.
12:28
So this is a collection of policies which we're going to define and then execute in an information security management process.
12:39
And you also hear this referred to a lot of times his identity and access management in a lot of Web consuls. Or it might be referred to his rights management in a lot of document materials.
12:54
So the sub processes that make up access management are defining the catalog of our roles and permissions. What are
13:05
our user roles? Such a supervisor's super add men's admits things like that. We're going to define what those rules are and what they can access in those roles, and this is called role based authentication. There are other authentication based schemes, but
13:26
in some way we're going to keep a catalogue of what our relationship rules are,
13:35
and this we're going to make sure that we who maintain it so that it's up to date with our current architecture,
13:41
Um, and this will help us stop what's called the accumulation of unwanted access rates. This is simply when I'm given
13:52
Task A and I need security credentials
13:58
A to do it,
13:58
and then I'm given task be and security credentials be.
14:03
But I've never taken away the security credentials. A. So even though I have finished that job, I have still accumulated the access rights required to do that job. And we don't want that. We want to end our access rights
14:20
as soon as we no longer need them.
14:26
So user access request processing is when we processed the internal or external requests to change this information, be it at a user to a role or at an access profile to a role,
14:41
um,
14:43
or to revoke any of that as well.
14:45
And we're gonna make sure that only authorized users or authorized personnel are able to make these requests to modify access rights
14:58
in the problem management process. We're gonna manage the life cycle of all problems. And now, if you were call a moment ago, I said that if an incidents root cause cannot be determined, it's going to be written up and sent through the problem management process. And that's this process
15:18
of the idea of problem. Management is also to prevent incidents from happening. So we look at incidents that we could not determine the cause of in greater detail. And we try to prevent future incidents from happening
15:35
on. And when we can't stop them, we're going to try to
15:39
minimize the impact that they can have.
15:43
Um,
15:46
and as I said, this is
15:48
the incidents that can't be solved through the incident management process as well as
15:56
perceived incidents that might come up but haven't been experienced in the wild yet. Um,
16:03
foreseen problems is the way to look at those.
16:10
So the proactive problem identification sub problem
16:14
sub process is really where we're going to go out into our environment and look for those perceived problems that I was just mentioning and look at identifying the problem solutions or workarounds that we can put in place
16:33
before they're experienced out in the wind.
16:37
Um, if we do have a problem that arises that we didn't perceive before it pops up,
16:42
we're going to go and categorize it and prioritize it,
16:47
Um, in our record, our problem record,
16:49
um,
16:52
and then we're going to diagnosis and hopefully resolve the problem in some way. This involves identifying the root cause. If we can, Ah, and initiating appropriate solutions. And of course, by appropriate we mean economically feasible
17:07
if there is such a solution available. If not, we might work through temporary work arounds. And then we will proactively inform our clients about those workarounds.
17:22
And now in the problem control phase, this is when we're gonna monitor those problems which we couldn't have couldn't solve or haven't solved as of yet.
17:33
Uh,
17:33
and as soon as we find a corrective measure or work around, we're going to implement.
17:41
So the problem closure and evaluation phase is when we ensure that a record of the problem has all of the actions that we've taken to try to solve or mitigate or work around that problem. Um
17:57
and that all known error records are updated so that we can accurately detect
18:03
this problem in our environment.
18:07
If we have major problems, they'll go through a special review process is called the Major problem review.
18:12
Uh, this is where we look at the solutions for major problems and see if we can use this knowledge to prevent any kind of re occurrence of the problem. And of course, we always wanna look toe learning the lessons from our problems in our failures and applying them to our future activities
18:32
on. Then we're gonna verify that all the problems that we've marked as closed have actually been eliminated. You will run into several cases where you believe you've solved the problem on Lee to find it so its head in a different place in the environment.
18:51
So problem management reporting is where we collect all of that information on we pass it along to service management and the other I tease of processes. And we make sure that everyone's informed of the ongoing problems that we're having, Um, how
19:08
far along they are in the process and life cycle.
19:11
And if we know any workarounds for them, we really want to make sure that we have everybody informed of those.
19:19
So this is just kind of, ah, another graphic layout of the possible, um,
19:26
problem management process, and this will again very based off of your organization. But they all have some element of collecting, be it through user reporting, an incident management systems or through network monitoring, like network
19:45
security analysis
19:47
agents that are monitoring traffic. All of that will be collected into a logging system, which will then be analyzed, And some analysts, either human or machine analyst, is going to propose solutions to the problems that are found.
20:06
Those will be designed and developed and then deployed.
20:11
Then we're going to measure the effect of our deployed answer and hopefully go through a successful close. And then that whole cycle will repeat
20:23
in the I T. Operation control process. This is where we're going to monitor the day to day control of the I T service is and all of the actual components that make up the infrastructure.
20:37
The service is run on.
20:38
The tasks related to operations of the infrastructure components can be things like updating firmware and software monitoring network connections and things that must be tended to every day.
20:59
We didn't break this out into sub processes because it's so dependent on the infrastructure. If you have a very small infrastructure, your day to day tasks might only be a matter of law cleanup. In monitoring
21:15
where is in a much larger environment, you might have an entire operation center
21:21
develop devoted just to I t operations or network operations.
21:29
Now, when we talk about I t operations, though we will talk a lot about Dev ops, which is this unique blend that's come up in the last
21:40
five or 10 years. Where, and we used to have separate departments and handoffs to handle a development would hand their project to a network engineer who would set it up somewhere. And then they would let the Quality Assurance team no where to go test.
22:00
And then the quality assurance team
22:02
would go and and make their reports, and all of this was very inefficient. So we started having
22:10
people who are efficient in all three areas. You'll have a very good developer who knows how unit testing works and who is familiar with deploying to different environments, either locally or in the cloud on this type of person, is
22:29
perfectly suited to development operations or death ops.
22:36
No, I t facility management's about managing the actual physical buildings and environment where the IittIe infrastructure is located.
22:45
In certain types of industry, there are still very large data centers and call centers that have to be managed, and the
22:56
procurement and an assessment of those facilities is covered here
23:03
essentially because of the way we're always evolving in business. We've moved from data centers. Ah, lot of times to cloud providers. And now two more hybrid clouds with some
23:15
service is being hosted in local
23:19
data centers and some being hosted offsite by Cloud service providers. And we call this type of hybrid like an on demand infrastructure.
23:32
We didn't break this out into some processes again because it's highly dependent on the structure of your organization.
23:38
If you have a very large organization, this might be a multi faceted team spread across the world. If you are a small start up company, this might be a sub process that you're CEO. Our CTO manages
24:00
the application management function isn't really a process. It's more treated in idle as a function,
24:07
but it plays a role in all application related aspects of the designing testing operation of tea Service is, and it also deals with developing the skills required. So the training,
24:25
coursework and certification of all the IittIe organization staff to make sure that they can
24:33
effectively and relevantly use the applications selected by the organization
24:40
So all of the application management functions tie in through the application development life cycle like we've talked about previously
24:52
and again, this has not been split out into sub processes since it's not treated as a process.
24:59
Now the technical management function is again not a process so much as treated as a function. But this is to provide the technical expertise about the I T infrastructure. So whereas the application management function was really about the software involved,
25:15
technical management is really more about the hardware
25:21
and networking aspects of a service or environment.
25:26
And so, again, this please a role in all of our technical aspects of designing and testing. Operating the day to day I T service is
25:36
on again, developing the skills required to operate. It falls under this function. So this is our training of our network engineering team, our database administration, team, things of that nature.
25:52
With that, we've come to the end of this video. I'd like to thank you for watching. And as always, if you have any questions, you can contact me on cyber harry dot i t my user name ist warder. T w a r T e r

Up Next

Axelos ITIL Foundations

This ITIL Foundation training course is for beginners and provides baseline knowledge for IT service management. It is taught by Daniel Reilly, one of our many great cyber security knowledge instructors who contribute to our digital library.

Instructed By

Instructor Profile Image
Daniel Reilly
Information Security Manager
Instructor