INFORMATION SYSTEMS OPERATION

 Are in charge of the daily support of an organizations is hardware and

software management. This function is particularly important when very
large and centralized computing tasks are regularly executed for business
purposes and producing output or updating situations.
IS Management is responsible for all operations within the IS Department.
Therefore, operations management functions would:
• Resource allocation – management is responsible to make sure the necessary
resources are available for plan activities.
• Standards and procedures - management is responsible for establishing the
necessary standards procedures for all operations that are aligned with business
strategies
• Process monitoring is management is responsible for monitoring and measuring
the effectiveness and efficiencies of the IS operation process
MANAGEMENT OF IS OPERATIONS
Management control functions include:
 IS MANAGEMENT
• Making adequate resources available
• Planning for the most effective use of the resources
• Authorizing and monitoring IT resource usage based on corporate policy
• Monitoring operations to ensure compliance of standards

 IS OPERATIONS
• Working with schedules for operating shifts
• Authorization of changes to schedules
• Review and authorization of changes
• Ensuring changes do not cause on outage
• Monitoring system performance and resource usage
• Monitor SLA’s
• Planning for equipment replacement
• Maintaining job accounting reports and other audits
• Log reviews
 • Handling problems in a timely manner
• Planning for major or minor disruptions

 INFORMATION SECURITY
• Ensuring the CIA of data
• Monitoring the environment and security facility to maintain proper
conditions
• Identifying security vulnerabilities
• Keeping up to data with patches
• Detection of intension attempts
• Resolving information security events in a timely manner
• Limiting logical and physical access to resources to only those authorized

SERVICE MANAGEMENT

 IT Service Management (ITSM) is a concept made up of processes and

procedures for efficient and effective delivery of IT services to business
• ITSM focuses on business deliverables and infrastructure management
• Fine-tuning IT services to meet changing demands
• Measuring and demonstrating improvements in the quality of IT services
• Reduction of costs
 IT services are better managed with SLA’s and the services offered from
such agreements
 Changes should be handled to the change control process
 Controlling releases and ability to rollback when needed
SERVICE LEVEL
 Remember that the IS Department is a service organization for end users.
Which means there needs to be in adherence to the SLA’s
 The SLA’s describes services in non-technical terms for the viewpoint of the
customer
 Services level management is the process of:
• Defining, agreeing upon, documenting and managing levels of services
that are required and cost justified
 • The aim of service level management is to maintain the improve service
delivered to the customer
 Characteristics of IT services are used to define the SlA. There are many
tools available to monitor the efficiency and effectiveness of services which
include:
• Exception reports
• System and application logs
• Operator problem reports
• Operator work schedules
ISO 2
INFRASTRUCTURE OPERATIONS
 IT Operations are processes and activities that support and manage the
entire IT infrastructure, systems, applications and data, focusing on day-to-
day activities.
Tasks of IT operations staff include:
• Executing and monitoring schedule jobs
• Performing timely backup
• Looking for unauthorized access
• Monitoring for the adherence to the operation procedures
• Working with testing of DRP’s
• Monitoring the performance, capacity, availability and failure of
information resources

SCHEDULING
 Scheduling is a major function of the IS Department and scheduling
includes
• Jobs that must be run
• Sequence of job execution
• Conditions that cause program execution
 Low priority jobs can be scheduled of time is available
• Automated job scheduling software can provide extra control over this
process
  High priority jobs should be given optimal resource availability
• Some examples, such as backups, may be done at low peak times
 Job scheduling is necessary to make sure that is resources are optimally
used
MONITORING USE OF RESOURCES
 Computer resources, for example, should be used in a manner that benefits
the entire organization. Computer resources would include hardware,
software, telecommunications, networks, applications and data
PROCESS OF INCIDENT HANDLING
 Incident management is one of the critical processes in IT service
management, and needs to be attended to a continuous basis.
• The goal is to increase continuity of service by reducing or removing the
adverse effect of disturbances
• Incident handling should have a method of prioritizing items to determine
the impact of urgency
PROBLEM MANAGEMENT
 Problem management aims to resolve issues through the investigation and
in depth analysis of a major incident, or several incidents that are of a
similar nature
• The goal is to determine the root cause
• This root cause is sometimes called the known error
• A workaround may have to be developed to address this error state and
prevent any future occurrences
 Problem management and incident management have slightly different
goals. Incident management tries to return to a normal state, whereas
problem management tries to reduce the number of incidents
DETECTION, DOCUMNETATION, CONTROL, RESOLUTION AND REPORTING OF
ABNORMAL CONDITIONS
 The complex nature of software, hardware and their interrelationship
should have a mechanism to detect and document any abnormal conditons
 Logs should contain the following kinds of errors
 • Application, system, operator, network telecommunication and hardware
Log items should have the following information
• Error date, description, code source of error
• Individuals assigned to the error
• Statues code of the problem resolution
• Narrative of how the error was resolved
 Logs should be accessible only to those who are authorized, and those logs
should be updated as problems are resolved
 IS Management should ensure that problem Management mechanism are
maintained and monitored and outstanding errors are being addressed in a
timely manner
• Should also be documentation on how to escalate unresolved problems?
ISO 3
SUPPORT / HELPDESK
 Technical supports functions are to provide specialized knowledge of
production, identify and assist in system change, and assist in problem
resolution
 Typical support functions:
• Determining the source of computer incidents and taking corrective
actions
• Initiating problem reports and resolving incidents in a timely manner
• Answering inquiries regarding specific systems
• Providing multi-tiered support
• Providing technical support
• Communicating with IS operations abnormal patterns and calls
CHANGE MANAGEMENT PROCESSS
 Change control is an important function that should be handled by IS
Management. It is a often thought of as moving changes or upgrades from
the test environment to the production environement.
  Change management can also be used when changing hardware or
upgrading off the shelf applications
 Procedures associated with this migration process are in place to make sure
that:
• System, operations and program documentation are complete, up to date
and in compliance with the standard.
• Job preparation, scheduling and operating instructions have been
established
• Test results have been reviewed and approved
• Any data conversion was done accurately and completely
• System conversion occurred accurately and completely and has proper
approval
• The risk of causing an outage are reviewed and a rollback plan is
developed
RELEASE MANAGEMENT
 Software release management is a process where software is made
available to users, and the term release often describes the collection of
authorized changes
• Major release: normally a significant change or addition to new
functionality. A major update usually supersedes all preceding minor
upgrades
• Minor software releases: There are normally upgrades for small
enhancements and fixes
• Emergency software release: these are normally updates that have to the
small number of known problems. These are often submitted as quickly as
possible to prevent downtime and the potential of vulnerabilities going
unpatched.

 Planning a release involves:

• Getting consensus on the release contents
• Agreeing to the release strategy. This many be done in phrases
• Producing resource levels
• Agreeing on roles and responsibilities
• Creating a rollback plan
 • Developing a quality plan for the release
• Planning acceptance of support and the customer
INFORMATIOB SECURITY MANAGEMENT
 The goal is to ensure IT operation and security of business and data. This is
a critical part of IS operations. Security management includes:
• Performing risk assessments on information phase
• Performing business impact analysis
• Developing and enforcing information security policies, procedures and
standards
• Regular security assessments
• Implementing a formal vulnerability management
MEDIA SANITAZION
 There should be a program establishing how to deal with media
sanitization. This is a necessary step to preserve the confidentiality
transported, or discarded
• Sanitization involves the placement erasure of information stored on
storage media
• It is necessary to make sure that information cannot be restored after
being sanitized
• There should be a procedure for proper sanitization of the different types
of storage media