IT Professional - Chapter 14 PDF
Document Details
Uploaded by ExtraordinaryMars
Anoka-Ramsey Community College
Tags
Summary
This chapter delves into the professional aspects of Information Technology (IT) including legal and ethical considerations, scripting, call centre procedures and the communication techniques needed to serve customers in an efficient manner. Keywords: IT professional, troubleshooting, scripting, and customer service.
Full Transcript
Chapter 14: The IT Professional An IT professional must be familiar with the legal and ethical issues that are inherent in this industry. There are privacy and confidentiality concerns that you must take into consideration during every customer encounter as you interact with customers in the field,...
Chapter 14: The IT Professional An IT professional must be familiar with the legal and ethical issues that are inherent in this industry. There are privacy and confidentiality concerns that you must take into consideration during every customer encounter as you interact with customers in the field, in the office, or over the phone. If you become a bench technician, although you might not interact with customers directly, you will have access to their private and confidential data. This chapter discusses some common legal and ethical issues. Call center technicians work exclusively over the phone with customers. This chapter covers general call center procedures and the process of working with customers. As an IT professional, you will troubleshoot and fix computers, and you will frequently communicate with customers and co-workers. In fact, troubleshooting is as much about communicating with the customer as it is about knowing how to fix a computer. In this chapter, you learn to use good communication skills as confidently as you use a screwdriver. You will also learn about scripting to automate processes and tasks on various operating systems. For example, a script file might be used to automate the process of performing a backup of a customer's data or run a list of standard diagnostics on a broken computer. The script file can save the technician a lot of time, especially when the same tasks need to be performed on many different computers. You will learn about scripting languages and some basic Windows and Linux script commands. You will also learn key scripting terms like conditional variables, conditional statements, and loops. You will perform a lab writing very basic scripts. Relationship Between Communication Skills and Troubleshooting Think of a time when you had to call a repair person to get something fixed. Did it feel like an emergency to you? Perhaps you had a bad experience with a repair person. Are you likely to call that same person to fix a problem again? What could that technician have done differently in their communication with you? Did you have a good experience with a repair person? Did that person listen to you as you explained your problem and then ask you a few questions to get more information? Are you likely to call that person to fix a problem again? Speaking directly with the customer is usually the first step in resolving the computer problem. To troubleshoot a computer, you need to learn the details of the problem from the customer. Most people who need a computer problem fixed are probably feeling some stress. If you establish a good rapport with the customer, the customer might relax a bit. A relaxed customer is more likely to be able to provide the information that you need to determine the source of the problem and then fix it. Follow these guidelines to provide great customer service: - Set and meet expectations, adhere to the agreed upon timeline, and communicate the status with the customer. - If necessary, offer different repair or replacement options. - Provide documentation on the services provided. - Follow up with customers and users after services are rendered to verify their satisfaction. Relationship Between Communication Skills and Professional Behavior Whether you are talking with a customer on the phone or in person, it is important to communicate well and to present yourself professionally. If you are talking with a customer in person, that customer can see your body language. If you are talking with a customer over the phone, that customer can hear your tone and inflection. Customers can also sense whether you are smiling when you are speaking with them on the phone. Many call center technicians use a mirror at their desk to monitor their facial expressions. Successful technicians control their own reactions and emotions from one customer call to the next. A good rule for all technicians to follow is that a new customer call means a fresh start. Never carry your frustration from one call to the next. Active Listening To better enable you to determine the customer's problem, practice active listening skills. Allow the customer to tell the whole story. During the time that the customer is explaining the problem, occasionally interject some small word or phrase, such as "I understand," "Yes," "I see," or "Okay." This behavior lets the customer know that you are there and that you are listening. However, a technician should not interrupt the customer to ask a question or make a statement. This is rude, disrespectful, and creates tension. Many times in a conversation, you might find yourself thinking of what to say before the other person finishes talking. When you do this, you are not actively listening. Instead, listen carefully when your customers speak, and let them finish their thoughts. You asked the customer to explain the problem to you. This is known as an open-ended question. An open-ended question rarely has a simple answer. Usually it involves information about what the customer was doing, what they were trying to do, and why they are frustrated. After you have listened to the customer explain the whole problem, summarize what the customer has said. This helps convince the customer that you have heard and understand the situation. A good practice for clarification is to paraphrase the customer's explanation by beginning with the words, "Let me see if I understand what you have told me." This is a very effective tool that demonstrates to the customer that you have listened and that you understand. After you have assured the customer that you understand the problem, you will probably have to ask some follow-up questions. Make sure that these questions are pertinent. Do not ask questions that the customer has already answered while describing the problem. Doing this only irritates the customer and shows that you were not listening. Follow-up questions should be targeted, closed-ended questions based on the information that you have already gathered. Closed-ended questions should focus on obtaining specific information. The customer should be able to answer a closed-ended question with a simple "yes" or "no" or with a factual response, such as "Windows 10." Use all the information that you have gathered from the customer to complete a work order. Using Professional Behavior with the Customer Be positive when communicating with the customer. Tell the customer what you can do. Do not focus on what you cannot do. Be prepared to explain alternative ways that you can help them, such as emailing information and step-by-step instructions, or using remote control software to solve the problem. When dealing with customers, it is sometimes easier to explain what you should not do. The following list describes things that you should not do when talking with a customer: - Do not minimize a customer's problems. - Do not use jargon, abbreviations, acronyms, and slang. - Do not use a negative attitude or tone of voice. - Do not argue with customers or become defensive. - Do not say culturally insensitive remarks. - Do not disclose any experiences with customers on social media. - Do not be judgmental or insulting or call the customer names. - Avoid distractions and do not interrupt when talking with customers. - Do not take personal calls when talking with customers. - Do not talk to co-workers about unrelated subjects when talking with the customer. - Avoid unnecessary holds and abrupt holds. - Do not transfer a call without explaining the purpose of the transfer and getting customer consent. - Do not use negative remarks about other technicians to the customer. If a technician is not going to be on time, then the customer should be informed as soon as possible. Tips for Hold and Transfer When dealing with customers, it is necessary to be professional in all aspects of your role. You must handle customers with respect and prompt attention. When on a telephone, make sure that you know how to place a customer on hold, as well as how to transfer a customer without losing the call. Keeping the Customer Call Focused Part of your job is to focus the customer during the phone call. When you focus the customer on the problem, it allows you to control the call. These practices make the best use of your time and the customer's time: - **Use proper language** -- Be clear and avoid technical language that the customer might not understand. - **Listen and question** -- Listen carefully to the customer and let them speak. Use open and closed ended questions to learn details about the customer's problem. - **Give feedback** -- Let the customer know that you understand the problem and develop a friendly and positive conversational manner. Just as there are many different computer problems, there are many different types of customers. By using active listening skills, you may be given some hints as to what type of customer is on the phone with you. Is this person very new to computers? Is the person very knowledgeable about computers? Is your customer angry? Do not take any comments personally, and do not retaliate with any comments or criticism. If you stay calm with the customer, finding a solution to the problem will remain the focal point of the call. Recognizing certain customer traits can help you manage the call accordingly. Tips for helping a rude customer - Do listen very carefully, as you do not want to ask the customer to repeat any information. - Do follow a step-by-step approach to determining and solving the problem. - Do try to contact the customer's favorite technician, if they have one, to see if that technician can take the call. Tell the customer, "I can help you right now, or see if your preferred technician is available." If the customer wants the preferred technician and they are available, politely transfer the call. If the technician is not available, ask the customer if he or she will wait. If they will wait, note that in the ticket. - Do apologize for the wait time and the inconvenience, even if there has been no wait time. - Do reiterate that you want to solve their problem as quickly as possible. - Do not ask the customer to do any obvious steps if there is any way you can determine the problem without that information. - Do not be rude to the customer, even if they are rude to you. Tips for helping a knowledgeable customer - Do consider setting up a call with a level two technician, if you are a level one technician. - Do give the customer the overall approach to what you are trying to verify. - Do not follow a step-by-step process with this customer. - Do not ask to check the obvious, such as the power cord or the power switch. Consider suggesting a reboot instead. Tips for helping a talkative customer - Do let the customer tell their problem without interrupting, even if they are angry. This allows the customer to release some of their anger before you proceed. - Do sympathize with the customer's problem. - Do apologize for the wait time or inconvenience. - Do not, if at all possible, put this customer on hold or transfer the call. - Do not spend the call time talking about what caused the problem. It is better to redirect the conversation to solving the problem. Tips for helping an inexperienced customer - Do allow the customer to talk for about one minute. - Do gather as much information about the problem as possible. - Do politely step in to refocus the customer. - Do ask as many closed-ended questions as you need to after you have regained control of the call. - Do not encourage non-problem related conversation by asking social questions such as "How are you today?" Documentation Overview Different types of organizations have different operating procedures and processes that govern business functions. Documentation is the main way of communicating these processes and procedures to employees, customers, suppliers, and others. Purposes for documentation include: - Providing descriptions for how products, software, and hardware function through the use of diagrams, descriptions, manual pages and knowledgebase articles. - Standardizing procedures and practices so that they can be repeated accurately in the future. - Establishing rules and restrictions on the use of the organization's assets including acceptable use policies for internet, network, and computer usage. - Reducing confusion and mistakes saving time and resources. - Complying with governmental or industry regulations. - Training new employees or customers. Keeping documentation up to date is just as important as creating it. Updates to policies and procedures are inevitable, especially in the constantly changing environment of information technology. Establishing a standard timeframe for reviewing documents, diagrams, and compliance policies ensures that the correct information is available when it is needed. Keeping documentation current is a challenge for even the best managed IT departments. IT documentation can come in many different forms, including diagrams, manuals, configurations and source code. In general, IT documentation falls into four broad categories: Policies, Operations, Projects and User Documentation. **Policy Documents** - Acceptable use policies that describe how technology is to be used within the organization. - Security policies that outline all aspects of information security, including password policies and security incident response methods. - Regulatory compliance policies which describe all federal, state, local and industry regulations that apply to the organization. - Disaster recovery policies and procedures that provide detailed plans for what must be done to restore services in the event of an outage. **Operation and Planning Documents** - IT strategy and planning documents outline the near- and long-term goals of the department. - Proposals for future projects and project approvals. - Meeting presentations and minutes. - Budgets and purchasing records. - Inventory management, including hardware and software inventories, licenses, and management methods, such as the use of asset tags and barcodes. **Project Documents** - User requests for changes, updates or new services. - Software design and functional requirements, including flow diagrams and source code. - Logical and physical network topology diagrams, equipment specifications, and device configurations. - Change management forms. - User testing and acceptance forms. **User Documentation** - Features, functions, and operation of software, hardware, and services provided by the IT department. - End-user manuals for hardware and software. - Help desk ticket database with ticket resolutions. - Searchable knowledgebase articles and FAQs. Report and Procedures **Acceptable use policy**\ An acceptable use policy (AUP) is an agreement between two or more parties that defines the appropriate user access to resources or services. Before the user is granted access, the user must agree to the AUP and follow the policy outlined in the AUP. For example, splash screens can be used to display the rules and remind the user of data handling procedures before allowing access to a workstation or app. **Incident report**\ An incident report, also known as an after-action report (AAR) , can be used to document an episode of a critical and major incident, such as a security breach. The report can include investigative information and event analysis from the interested stakeholders. The purpose of the report is to identify potential issues, provide insight for improvements, and allow prompt corrective action to prevent a similar event in the future. Incident reports should be filed promptly in a clear and professional manner. The incident report should be non-biased without personal thoughts, emotions, or solutions. **Standard operating procedures**\ Standard operating procedures (SOP) are step-by-step instructions to guide employees on how to use computers and networked services efficiently, securely, and are informed of expected responsibilities. The main goals of the SOP are to establish uniformity across the company, create high-quality work consistently, and reduce miscommunications. Custom software package installation procedures are an example of SOP. Procedures for custom installation of a software package: 1. **Verify system requirements** -- Verify that the custom software package can be supported and integrated into existing computers and IT infrastructure. 2. **Validate installation files** -- After downloading the installation files from the source, verify that the files are not corrupt by comparing hash values generated locally and from the source. 3. **Confirm software license** -- Software licensing is a contract between a software company and the end user. It dictates how the software should be used and the number of devices to which the software can be installed. Always verify that the software license can be used for the intended purpose and the number of users. 4. **Update Process** -- The new software should be added to any change control and monitoring processes. 5. **Develop up-to-date training and support documentation** -- Update support and training documentation after the software installation. User Checklists SOP can also be in the form of user checklists. Two examples of user checklists are: - New-user setup checklist - End-user termination checklist **New-user setup checklist**\ A formal onboarding process helps new hires or employees changing job roles. Some of the typical process can include: - Setting up the user accounts with the necessary permissions and security clearance - Assigning devices and receiving training as necessary - Learning about security policy and data privacy agreements **End-user termination checklist**\ When an employee retires, changes job roles, or leaves the organization, the end-user termination checklist should be part of the off-boarding process. Some of typical process can include: - Take back the device and wipe all data from the device. - Transfer or release software licenses. - Deactivate account access and remove all account permissions. Knowledge Base and Articles A knowledge base is a centralized repository of articles and documents that allow users to create, share, and manage knowledge across the organization. The articles in the knowledge base can provide these common types of data: - Answers to frequently asked questions (FAQs) - Troubleshooting scenarios - Internal database to support self-service support - Training documents - Links to external legitimate and verifiable knowledge base articles Regulatory Compliance Requirements Federal, state, local, and industry regulations can have documentation requirements over and above what is normally documented in the company's records. Regulatory and compliance policies often specify what data must be collected and how long it must be retained. A few of the regulations may have implications on internal company processes and procedures. Some regulations require keeping extensive records regarding how the data is accessed and used. Failure to comply with laws and regulations can have severe consequences, including fines, termination of employment, and even incarceration of offenders. It is important to know how laws and regulations apply to your organization and to the work you perform. Asset Databases Asset management is the tracking and management of assets to ensure that they are used properly, maintained, upgraded, and disposed of responsibly at the end of their lifecycles. The organization needs an inventory of all the deployed hardware assets along with the consumables, spare components in case of hardware failures, and software assets, such as warranty information, licenses, and intellectual property (IP). **Database system**\ Many software solutions are available for businesses to manage and track their assets. Asset management software can improve the visibility and management of the assets to reduce hardware and software costs. A simple spreadsheet can track the assets, but it can be difficult to maintain and provide accurate accounting in real time. A centralized asset management database system can be configured to track the assets and store the information, such as device type, serial number, asset ID, deployed location, user history, number of licenses, warranty, and service information. Some asset management software can be configured for network discovery. The software scans the network and retrieves the hardware information, such as make and model and serial numbers, the device configurations, and monitoring data. **Asset tags and IDs**\ Asset tags, working in conjunction with an asset management database system, can provide up-to-date and accurate information about an asset. An asset tag identifies the equipment with a unique serial number, barcode, QR code, or radio frequency ID (RFID) and is typically adhered to the asset. An RFID tag contains encoded digital data that is captured by a scanner using radio waves. The use of asset tags allows companies to track assets from purchase to disposal and streamline maintenance management. Asset tags with a database system provide visibility and security for your assets. Asset Procurement **Procurement life cycle**\ A procurement life cycle includes the following stages in the use of the asset. - **Planning** -- Analysis of the organization's current and future needs combined with potential asset impact on business, network, daily operations and implemented devices is needed before requesting a new or upgraded asset. - **Procurement** -- A budget is determined, and a supplier or vendor is identified to deliver the asset. - **Deployment** -- The procured asset can be installed or integrated with the other tools in the business. All of this should occur in a secure manner. - **Maintenance** -- Provisions should be made to keep your assets in operating condition to optimize their use. Some of the maintenance tasks include security updates, data backups, and part replacements. - **Disposal** -- When an asset has reached the end of life, the asset should be sanitized of any data. The sanitized asset can be sold, recycled, donated, or destroyed. The asset management database should be updated to reflect the change in the status of the asset. **Warranty and licensing**\ For each hardware asset, the invoice, warranty, support contract, and vendor contact information should be readily available. For each software asset, License information, subscription-based details, and number of allotted users or devices should be readily available. **Assigned users** Depending on the type of assets, the assets can be assigned to individuals or shared within the entire organization. Typical assets managed by individual accounts: - Workstations - Laptops - Mobile devices, like smartphones and tablets - Software license Shared assets managed by individuals or security groups within a department: - Servers - Routers - Switches - Access points Change Control Process Controlling changes in an IT environment can be difficult. Changes can be as minor as replacing a printer, or as important as upgrading all the enterprise servers to the latest operating system version. Most larger enterprises and organizations have change management procedures in place to ensure that installations and upgrades go smoothly, A good change management process can prevent business functions from being negatively impacted by the updates, upgrades, replacements, and reconfigurations that are a normally part of IT operations. Change management usually starts with a change request from a stakeholder or from within the IT organization itself. Most change management processes include the following: - **Identification** - What is the change? Why is it needed? Who are the stakeholders? - **Assessment** - What business processes are impacted by this change? What are the costs and resources necessary for implementation? What risks are associated with making (or not making) this change? - **Planning** - How long will this change take to implement? Is there downtime involved? What is the roll back or recovery process if the change fails? - **Approval** - Who must authorize this change? Has approval to proceed with the change been obtained? - **Implementation** - How are stakeholders notified? What are the steps to complete the change, and how will the results be tested? - **Acceptance** - What is the acceptance criteria and who is responsible for accepting the results of the change? - **Documentation** - What updates are required to change logs, implementation steps, or IT documents because of this change? All the results of the process are recorded on a change request or change control document that becomes part of the IT documentation. Some expensive or complex changes that impact necessary business functions may require the approval of a change board or committee before work can begin. Disaster Recovery Overview We often think of a disaster as being something catastrophic, such as the destruction caused by an earthquake, tsunami or wildfire. In information technology, a disaster can include anything from natural disasters that affect the network structure to malicious attacks on the network itself. The impact of data loss or corruption from unplanned outages caused by hardware failure, human error, hacking, or malware can be significant. A disaster recovery plan is a comprehensive document that describes how to restore operation quickly and keep critical IT functions running during or after a disaster occurs. The disaster recovery plan can include information such as offsite locations where services can be moved, information on replacing network devices and servers, and backup connectivity options. Some services may even need to be available during the disaster in order to provide information to IT personnel and updates to others in the organization. Services that might need to be available during or immediately after a disaster include: - Web services and internet connectivity. - Data stores and backup files. - Directory and authentication services. - Database and application servers. - Telephone, email and other communication services. In addition to having a disaster recovery plan, most organizations take steps to ensure they are ready in case a disaster occurs. These preventive measures can ease the impact of unplanned outages on the operation of the organization. Elements of a Disaster Recovery Plan The first step in creating a disaster recovery plan is to identify the most critical services and applications that will need to be restored quickly. That information should be used to create a disaster recovery plan. There are five major phases of creating and implementing a disaster recovery plan. **Phase 1 - Network Design Recovery Strategy** **Phase 2 - Inventory and Documentation** **Phase 3 - Verification** **Phase 4 - Approval and Implementation** **Phase 5 - Review** **Phase 1 - Network Design Recovery Strategy** Analyze the network design. Some aspects of the network design that should be included in the disaster recovery are: - Is the network designed to survive a major disaster? Are there backup connectivity options and is there redundancy in the network design? - Availability of offsite servers or cloud providers that can support applications such as email and database services. - Availability of backup routers, switches, and other network devices. - Location of services and resources that the network needs. Are they spread over a wide geography? Are backups easily accessible in an emergency? **Phase 2 - Inventory and Documentation** Create an inventory of all locations, devices, vendors, used services, and contact names. Verify cost estimates that are created in the risk assessment step. **Phase 3 - Verification** Create a verification process to prove that the disaster recovery strategy works. Practice disaster recovery exercises to ensure that the plan is up to date and workable. **Phase 4 - Approval and Implementation** Obtain senior management approval and develop a budget to implement and maintain the disaster recovery plan. **Phase 5 - Review** After the disaster recovery plan has been implemented for a year, review the plan. Information in the plan must be kept up to date, or critical services may not be restored in the case of a disaster. Ethical and Legal Considerations in IT When you are working with customers and their equipment, there are some general ethical customs and legal rules that you should observe. These customs and rules often overlap. You should always have respect for your customers, as well as for their property. Computers and monitors are property, but property also includes any information or data that might be accessible, for example: - Emails - Phone lists and contact lists - Records or data on the computer - Hard copies of files, information, or data left on a desk Before accessing computer accounts, including the administrator account, get the permission of the customer. During the troubleshooting process, you might have gathered some private information, such as usernames and passwords. If you document this type of private information, you must keep it confidential. Divulging customer information to anyone else is not only unethical but might be illegal. Do not send unsolicited messages to a customer. Do not send unsolicited mass mailings or chain letters to customers. Never send forged or anonymous emails. Legal details of customer information are usually covered under the service-level agreement (SLA). The SLA is a contract between a customer and a service provider that defines the service or goods the customer will receive and the standards to which the provider must comply. Personal Identifiable Information (PII) Take particular care to keep personally identifiable information (PII) confidential. PII is any data that could potentially identify a specific individual. NIST Special Publication 800-122 defines PII as, "any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information". Examples of PII include, but are not limited to: - Names, such as full name, maiden name, mother's maiden name, or alias - Personal identification numbers, such as social security number (SSN), passport number, driver's license number, taxpayer identification number, or financial account or credit card number, address information, such as street address or email address - Personal characteristics, including photographic images (especially of the face or other identifying characteristics), fingerprints, handwriting, or other biometric data (e.g., retina scan, voice signature, facial geometry) PII violations are regulated by several organizations in the United States, depending on the type of data. The EU General Data Protection Regulation (GDPR) also regulates how data is handled for personal data, including financial and healthcare information. Payment Card Industry (PCI) Payment Card Industry (PCI) information is considered personal information that needs to be protected. We hear about countless breaches of credit card information on the news that impact millions of users. Often it is days or weeks before a merchant realizes there is a breach. All businesses and organizations, large or small, need to adhere to strict standards to protect the consumer's information. The PCI Security Standards Council was formed in 2005 by the 5 major credit card companies in an effort to protect account numbers, expiration dates, magnetic strip and chip data for transactions around the globe. The PCI council partners with organizations, including NIST, to develop standards and security procedures around these transactions. In one of the worst breaches in history, malware infected the point of sale system of a major retailer, impacting millions of consumers. This may have been prevented with adequate software and policies for data breach prevention. As an IT professional you should be aware of PCI compliance standards. Protected Health Information (PHI) Protected Health Information (PHI) is another form of PII that needs to be secured and protected. PHI includes patient names, addresses, dates of visits, telephone and fax numbers, and email addresses. With the move from paper copy records to electronic records, Electronic Protected Health Information (ePHI) is also regulated. Penalties for breaches of PHI and ePHI are very severe and regulated by the Health Insurance Portability and Accountability Act (HIPAA). Examples of these types of breaches are easily found with an internet search. Unfortunately, the breach may be undetected for months. Some breaches have occurred from one person giving out information to an unauthorized person. Human error can cause violations. For example, accidentally faxing health information to the wrong party is a violation. Other examples are sophisticated attacks. Recent phishing attacks on a California-based health plan went undetected for almost a month before they recognized it and then notified 37,000 patients that their data had been breached. As an IT professional, you should be aware of protecting PHI and ePHI. Legal Considerations in IT The laws in different countries and legal jurisdictions vary, but generally, actions such as the following are considered to be illegal: - It is not permissible to make any changes to system software or hardware configurations without customer permission. - It is not permissible to access a customer's or co-worker's accounts, private files, or email messages without permission. - It is not permissible to install, copy, or share digital content (including software, music, text, images, and video) in violation of copyright and software agreements or the applicable law. Copyright and trademark laws vary between states, countries, and regions. - It is not permissible to use a customer's company IT resources for commercial purposes. - It is not permissible to make a customer's IT resources available to unauthorized users. - It is not permissible to knowingly use a customer's company resources for illegal activities. Criminal or illegal use typically includes obscenity, child pornography, threats, harassment, copyright infringement, Internet piracy, university trademark infringement, defamation, theft, identity theft, and unauthorized access. - It is not permissible to share sensitive customer information. You are required to maintain the confidentiality of this data. This list is not exhaustive. All businesses and their employees must know and comply with all applicable laws of the jurisdiction in which they operate. Licensing As an IT technician, you may encounter customers who are using software illegally. It is important that you understand the purpose and types of common software licenses, should you determine that a crime has been committed. Your responsibilities are usually covered in your company's corporate end-user policy. In all instances, you must follow security best practices, including documentation and chain of custody procedures. A software license is a contract that outlines the legal use, or redistribution, of that software. Most software licenses grant end-user permission to use one or more copies of software. They also specify the end-user's rights and restrictions. This ensures that the software owner's copyright is maintained. It is illegal to use licensed software without the appropriate license. **Personal License** Most software is licensed rather than sold. Some types of personal software licenses regulate how many computers can run a copy of the software. Other licenses specify the number of users that can access the software. Most personal software licenses allow you to run the program on only one machine. There are personal software licenses that allow you to copy the software onto multiple computers. These licenses usually specify that the copies cannot be used at the same time. One example of a personal software license is an End User License Agreement (EULA). A EULA is a license between the software owner and an individual end-user. The end-user must agree to accept the terms of the EULA. Sometimes, accepting a EULA is as simple as opening the physical package that holds a CD of the software, or by downloading and installing the software. A common example of agreeing to a EULA occurs when updating the software on tablets and smartphones. The end-user must agree to accept the EULA when updating the operating system, or installing or updating software found on the device, as shown in the figure above. **Enterprise License** An enterprise license is a software site license held by a company. Typically with an enterprise license, the company pays for its employees to use the software. This software does not need to be registered every time it is installed on another employee's computer. In some cases, the employees may need to use a password to activate each copy of the license. **Open Source Licenses** Open source licensing is a copyright license for software that allows developers to modify and share the source code that runs the software. In some cases, an open source license means that the software is free to all users. In other cases, it means that the software can be purchased. In both instances, users have access to the source code. Some examples of open source software are Linux, WordPress, and Firefox. If software is being used by an individual who is not using it to make money, that person would have a personal license for that software. Personal software licenses are often free or low-cost. **Commercial Software License** If a person uses software to make money, that person would pay a commercial license. Commercial software licenses are usually more expensive than personal licenses. **Digital Rights Management** In addition to licensing, there is also software that helps to control the illegal use of software and content. Digital rights management (DRM) is software that is designed to prevent illegal access to digital content and devices. DRM is used by hardware and software manufacturers, publishers, copyright holders, and individuals. Their purpose for using DRM is to prevent copyrighted content from being copied freely. This helps the copyright holder to maintain control of the content and to be paid for access to that content. Call Centers A call center environment is usually very organized and professional. Customers call in to receive help for a specific computer-related problem. The typical workflow of a call center starts with calls from customers displayed on a callboard. Level one technicians answer these calls in the order that the calls arrive. If the level one technician cannot solve the problem, it is escalated to a level two technician. In all instances, the technician must supply the level of support that is outlined in the customer's Service Level Agreement (SLA). A call center might exist within a company and offer service to the employees of that company as well as to the customers of that company's products. Alternatively, a call center might be an independent business that sells computer support as a service to outside customers. In either case, a call center is a busy, fast-paced work environment, often operating 24 hours a day. Level One Technician Responsibilities Call centers sometimes have different names for level one technicians. These technicians might be known as level one analysts, dispatchers, or incident screeners. Regardless of the title, the level one technician's responsibilities are fairly similar from one call center to the next. The primary responsibility of a level one technician is to gather pertinent information from the customer. The technician has to accurately enter all information into the ticket or work order. Examples of the type of information that the level one technician must obtain is shown in the figure. Some problems are very simple to resolve, and a level one technician can usually take care of these without escalating the work order to a level two technician. When a problem requires the expertise of a level two technician, the level one technician must describe a customer's problem on a work order using a succinct sentence or two. An accurate description is important because it helps other technicians quickly understand the situation without having to ask the customer the same questions again. +-----------------------------------------------------------------------+ | **Information Checklist** | +=======================================================================+ | - Contact information | | | | - What is the manufacturer and model of computer? | | | | - What OS is the computer using? | | | | - Is the computer plugged in to the wall or running on battery | | power? | | | | - Is the computer on a network? If so, is it a wired or wireless | | connection? | | | | - Was any specific application being used when the problem | | occurred? | | | | - Have any new drivers or updates been installed recently? If so, | | what are they? | | | | - Description of the problem | | | | - Priority of problem | +-----------------------------------------------------------------------+ Level Two Technician Responsibilities As with level one technicians, call centers sometimes have different names for level two technicians. These technicians might be known as product specialists or technical-support personnel. The level two technician's responsibilities are generally the same from one call center to the next. The level two technician is usually more knowledgeable and experienced than the level one technician or has been working for the company for a longer period of time. When a problem cannot be resolved within a predetermined amount of time, the level one technician prepares an escalated work order, as shown in the figure. The level two technician receives the escalated work order with the description of the problem and then calls the customer back to ask any additional questions and resolve the problem. Level two technicians can also use remote access software to connect to the customer's computer to update drivers and software, access the operating system, check the BIOS, and gather other diagnostic information to solve the problem. Script Examples As an IT professional, you will be exposed to many different types of files. One very important type of file is the script file. A script file is a simple text file written in scripting languages to automate processes and tasks on various operating systems. In the field, a script file might be used to automate the process of performing a backup of a customer's data or run a list of standard diagnostics on a broken computer. The script file can save the technician a lot of time, especially when the same tasks need to be performed on many different computers. You should also be able to identify the many different types of script files because a script file may be causing a problem at startup or during a specific event. Often, preventing the script file from running may eliminate the problem that is occurring. The commands in a script file might be written on the command line one at a time but, is more effectively done in a script file. The script is designed to be executed line by line using a command line interpreter in order to perform various commands. The script can be created using a text editor such as Notepad but, an IDE (Integrated Development Environment) is often used to write and execute the script. Scripting Languages A scripting language is different than a compiled language because each line is interpreted and then executed when the script is run. Examples of scripting languages include Windows batch files, PowerShell, Linux shell script, VBScript, JavaScript, and Python. Compiled languages such as C, C++, C\#, and Java, need to be converted into executable code using a "compiler". Executable code is directly readable by the CPU while scripting languages are interpreted into code that the CPU can read one line at a time by a command interpreter or by the operating system. This makes scripting languages unsuitable for situations where performance is a significant factor. Basic Script Commands Various commands are available at the terminals of each operating system. Some Windows commands are based on DOS and accessible through the command prompt. Other Windows commands are accessible through PowerShell. Linux commands are written to be compatible with UNIX commands and are often accessed through BASH (Bourne Again SHell). Conditional Statements Conditional Statements Conditional Statements Conditional statements are needed for scripts to make decisions. These statements usually come in the form of an if-else or a case statement. In order for these statements to make a decision, a comparison must be made using operators. The syntax of these commands will vary, depending on the Operator language. When making a mathematical comparison, use relational operators. Other types of operators include arithmetic (+, -, \*, /, %), logical (and, or, not), assignment (+=, -+, \*=), and bitwise (&, \|, \^). This table below lists common relational operators is a list of relational operators in various scripts. The IT Professional In this chapter, you learned about the relationship between communication skills and troubleshooting skills. These two skills need to be combined to make you a successful IT technician. You learned about the legal aspects and ethics of dealing with computer technology and the property of the customer. You learned that you should always conduct yourself in a professional manner with your customers and co-workers. Professional behavior increases customer confidence and enhances your credibility. You learned how to recognize the signs of a difficult customer and learn what to do and what not to do when you are on a call with this customer. You must understand and comply with your customer's SLA. If the problem falls outside the parameters of the SLA, find positive ways of telling the customer what you can do to help, rather than what you cannot do. In addition to the SLA, you must follow the business policies of the company. These policies include how your company prioritizes calls, how and when to escalate a call to management, and when you can take breaks and lunch. You performed several labs on how to fix hardware, operating system, network, and security problems. You learned about the ethical and legal aspects of working in computer technology. You should be aware of your company's policies and practices. In addition, you might need to familiarize yourself with your local or country's trademark and copyright laws. A software license is a contract that outlines the legal use, or redistribution, of that software. You learned about the many different types of software licenses including Personal, Enterprise, Open Source and Commercial. Cyber laws explain the circumstances under which data (evidence) can be collected from computers, data storage devices, networks, and wireless communications. First response is the term used to describe the official procedures employed by those people who are qualified to collect evidence. You learned that even if you are not a system administrator or computer forensics expert, it is a good habit to create detailed documentation of all the work that you do. Being able to prove how evidence was collected and where it has been between the time of collection and its entry into the court proceeding is known as the chain of custody. Finally, you learned about script files which are files written in scripting languages to automate processes and tasks on various operating systems. The script file can save the technician a lot of time, especially when the same tasks need to be performed on many different computers. You learned about scripting languages and some basic Windows and Linux script commands. You learned about variables which are designated places to store information within a computer, conditional statements, which are needed for scripts to make decisions, and loops, which repeat commands or tasks. Learning about scripting is important and so is experience practicing writing scripts. In this chapter you performed a lab writing some very basic scripts in different scripting languages to help understand how each language handles automating tasks.