ITSS 3300 Test 2 Review PDF
Document Details
Uploaded by Deleted User
Tags
Related
Summary
This document provides a review of various organizational processes, including structured and dynamic processes, along with organizational process levels, scope, and examples. It also discusses information silos and CRM. The document is likely a study guide or review for a course related to business process management.
Full Transcript
ITSS 3300.S24 Test 2 Review 1 Processes & Organizations What’s a Process? o A process is a means people use to organize an activity and achieve an organization’s goals o Two dimensions of proces...
ITSS 3300.S24 Test 2 Review 1 Processes & Organizations What’s a Process? o A process is a means people use to organize an activity and achieve an organization’s goals o Two dimensions of process quality are: § Process efficiency: A ratio of outputs to inputs § Process effectiveness: How well a process achieves organizational strategic goals o How can processes be improved? § Change the process structure § Change the process resources § Change both Structured vs. Dynamic Processes Structured Dynamic Support operational & structured managerial Support strategic & less structured managerial decisions & activities decisions & activities Standardized Less specific, fluid Usually formally defined & documented Usually informal Exceptions are rare & not (well) tolerated Exceptions frequent & expected Process structure changes slowly & with Adaptive processes that change structure rapidly & organizational agony readily Organizational Process Levels Scope Example Characteristics Workgroup Doctor’s Office Support one or more workgroup processes 10 - 100 users Procedures often formalized Problem solutions within group Workgroups can duplicate data Somewhat difficult to change Enterprise Hospital Support one or more enterprise processes 100 - 1,000+ users Procedures formalized Problem solutions affect enterprise Eliminate workgroup data duplication Difficult to change Inter-Enterprise Hospital System Support one or more inter-enterprise processes 1,000+ users Systems procedures formalized Problem solutions affect multiple organizations Can resolve problems of duplicated enterprise data Very difficult to change How can information systems improve process quality? o By performing an activity ITSS 3300.S24 Test 2 Review 2 o Partially or completely automating an activity o By augmenting a human performing an activity o By controlling data quality Why is that important? Information silos What’s an information silo? An information silo is an information system unable to communicate with other information systems What are the problems introduced by information silos? o Duplicated data o Data inconsistencies o Disjointed processes o Lack of integrated enterprise data o Increased cost to the organization due to duplication o Decreased efficiency How can information systems solve the problems of information silos? o Database integration: Multiple information systems can use a common database o Revised applications: A common application may be used to feed multiple databases; example: distributed applications The five challenges involved in implementing enterprise application solutions are: o The need for collaborative management o The need to identify and resolve requirements gaps early o The need to overcome transition challenges o The need to overcome employee resistance o The need to adapt to new technology Customer Relationship Management o How does a CRM support enterprise processes? It’s a suite of applications, databases, and a set of inherent processes used to manage all interactions with customer through four phases of customer life cycle: § Marketing § Customer Acquisition § Relationship Management § Loss/Churn o Supports customer-centric organizations (all organizations should be customer-centric) CRM Components o Solicitation & Lead Management Applications o Sales Applications o Relationship Management Applications o Customer Support Applications o CRM Database Enterprise Resource Planning o How does ERP support enterprise processes? ERP is a suite of applications (modules), a database and a set of inherent processes for consolidating business operations into a single, consistent, computing platform o Primary purpose of ERP is integration, which allow real-time updates o ERP includes all the components of a CRM system, as well as: § Supply chain § Manufacturing § Human resources § Accounting Business Process Modeling What is a Business Process? o A business process is a collection of linked tasks which find their end in the delivery of a service or product to a client o Business processes can be modeled using “business process modeling notation” Why Model Business Processes? Documentation may be used for: o Communication with SMEs (subject matter experts): In this case, the persons responsible for the tasks being documented ITSS 3300.S24 Test 2 Review 3 o Analysis: For efficiency and effectiveness gains (may or may not involve technology); may include simulations o As the foundation documentation for the design of technical solutions How Do You Document Business Processes? o Document business processes by creating an abstraction of the process using standardized techniques (symbology) and breaking the process down into key elements o The key elements of a process are: § Tasks: Input, modify, output § Decisions: Two or more alternatives § Sequencing / Flows: Temporal representation § Identity: Of those accountable, roles, swim lanes Business Process Terms o Activities: Collections of related tasks that receive inputs and produce outputs. o Repository: A collection of something; e.g. an inventory is a physical repository, and a database is a data repository o Roles: Collections of activities o Resources: People or computer applications that are assigned to roles o Data flow: Movement of data between one activity and another or between an activity and a repository Business Process Modeling Notation: The Object Management Group (OMG) created a standard set of terms and graphical notations for documenting business processes known as Business Process Modeling Notation. IT Governance What is GRC? Governance, risk and compliance (GRC) refers to a strategy for managing an organization's overall governance, enterprise risk management and compliance with regulations. Think of GRC as a structured approach to aligning IT with business objectives, while effectively managing risk and meeting compliance requirements. o Governance: Ensuring that organizational activities, like managing IT operations, are aligned in a way that supports the organization's business goals. o Risk: Making sure that any risk (or opportunity) associated with organizational activities is identified and addressed in a way that supports the organization's business goals. In the IT context, this means having a comprehensive IT risk management process that rolls into an organization's enterprise risk management function. o Compliance: Making sure that organizational activities are operated in a way that meets the laws and regulations impacting those systems. In the IT context, this means making sure that IT systems, and the data contained in those systems, are used and secured properly. What's the relationship between IT governance and GRC (governance, risk and compliance)? IT governance and GRC are practically the same thing. o GRC is the parent program; as mentioned, IT governance is a subset of GRC. o GRC can be solely IT-focused or broadly focused: § If the CISO reports to the CIO, GRC is almost always IT-focused § If the CISO is a peer of the CIO, GRC is broadly focused in terms of the business risks it addresses. Importance of IT Governance o Organizations today are subject to many regulations governing the protection of confidential information, financial accountability, data retention and disaster recovery, among others. They're also under pressure from shareholders, stakeholders and customers. Examples include: § Payment Card Industry Data Security Standard (PCI DSS) § Health Insurance Portability and Accountability Act (HIPAA) § Sarbanes-Oxley (SOX) § Gramm-Leach-Bliley (GLB) § General Data Protection Regulation (GDPR) o Four-dimension model: Another key component in ITIL is the four-dimension model. The four dimensions reflect the former 4 P’s of ITIL – people, products, partners, processes. Each component of the SVS should consider these four dimensions, which are: § Organizations and people: People are key in this dimension and every person should have a clear understanding of their contribution in the SVS. The organization covers as well as formal structure, culture and the fitting level of capacity and competence. § Information and technology products: This is the information managed in the service and any supporting information and knowledge including protect, manage and archive it. Technology is main driver for benefit in service management. This may be artificial intelligence, machine learning, the use of mobile platforms, cloud ITSS 3300.S24 Test 2 Review 4 solutions, collaboration tools, automated testing and operations as well as continuous integration / continuous development / continuous deployment solutions. § Partners and suppliers: Every service provider uses other organizations to create their own value. The strategy for the decisions about the use of others is influenced by their own strategy focus, corporate culture, resource scarcity, cost concerns, subject matter expertise, external constraints, and demand patterns. § Value streams and processes: Value streams are a series of steps, which create value as products or services. Each product or service in an organization shall be a definition of the value stream. Processes transform with a set of activities input and output. The processes underpin the value streams. There are political, economic, social, technological, legal, and environmental factors, which influence a service provider. o o o The CMMI model breaks down organizational maturity into five levels. For businesses that embrace CMMI, the goal is to raise the organization up to Level 5, the “optimizing” maturity level. Once businesses reach this level, they aren’t done with the CMMI. Instead, they focus on maintenance and regular improvements. CMMI’s five maturity levels are: § Initial: Processes are viewed as unpredictable and reactive. At this stage, “work gets completed but it’s often delayed and over budget.” This is the worst stage a business can find itself in — an unpredictable environment that increases risk and inefficiency. § Managed: There’s a level of project management achieved. Projects are “planned, performed, measured and controlled” at this level, but there are still a lot of issues to address. § Defined: At this stage, organizations are more proactive than reactive. There’s a set of “organization-wide standards” to “provide guidance across projects, programs and portfolios.” Businesses understand their shortcomings, how to address them and what the goal is for improvement. § Quantitatively managed: This stage is more measured and controlled. The organization is working off quantitative data to determine predictable processes that align with stakeholder needs. The business is ahead of risks, with more data-driven insight into process deficiencies. § Optimizing: Here, an organization’s processes are stable and flexible. At this final stage, an organization will be in constant state of improving and responding to changes or other opportunities. The organization is stable, which allows for more “agility and innovation,” in a predictable environment. Advantages of FAIR o FAIR uses dollar estimates for losses and probability values for threats and vulnerabilities. Combined with a range of values and levels of confidence, it allows for true mathematical modeling of loss exposures. o Note that a possibility is a binary condition, whereas probability is a continuum between absolute certainty and impossibility. o FAIR has more detailed definitions of threats, vulnerabilities and risks than other frameworks. Most methodologies have definitions but stop at that level. FAIR has a taxonomy that breaks down the terms on a more granular level. Cybersecurity The goal of cybersecurity is to protect against threats and loss as inexpensively as possible while balancing risk versus freedom, which requires finding the appropriate trade-off between risk of loss and cost of implementing safeguards. A threat is a person or organization that seeks to obtain or alter data without the owner’s knowledge. Examples include hackers. A vulnerability is an opportunity for threats to gain access to individual or organizational assets. Examples include: 1) Incorrect data modification, 2) Faulty service, 3) Denial of service, 4) Loss of infrastructure A safeguard is some measure that individuals or organizations take to block the threat from obtaining the asset. Examples might include: 1) Firewalls, 2) Identification & Access Management (IAM), 3) Encryption The sources of threats include: o Human error: Accidental problems caused by employees and non-employees. o Computer crime: Employees and non-employees who intentionally destroy or steal data or system components. o Natural disasters: Fires, floods, hurricanes, earthquakes, tsunamis, avalanches and other acts of nature. Hacking includes activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. And while hacking might not always be for malicious purposes it’s typically unlawful activity by cybercriminals — motivated by financial gain, protest, information gathering (spying), and even just for the “fun” of the challenge. Hackers can be classified as: ITSS 3300.S24 Test 2 Review 5 o Black hat: Criminals who break into computer networks with malicious intent. They may also release malware that destroys files, holds computers hostage, or steal passwords, credit card numbers, and other personal information. Black hats are motivated by self-serving reasons, such as financial gain, revenge, or simply to spread havoc. Sometimes their motivation might be ideological, by targeting people they strongly disagree with. o Gray hat: Enact a blend of both black hat and white hat activities. Gray hat hackers often look for vulnerabilities in a system without the owner's permission or knowledge. If issues are found, they report them to the owner, sometimes requesting a small fee to fix the problem. o White hat: Sometimes called “ethical hackers” or “good hackers” – are the antithesis of black hats. They exploit computer systems or networks to identify their security flaws so they can make recommendations for improvement. White hat hackers use their capabilities to uncover security failings to help safeguard organizations from dangerous hackers. They can sometimes be paid employees or contractors working for companies as security specialists who attempt to find gaps in security. Malware, created by hackers, is a broad category of software that includes: o Viruses: Computer programs that replicate themselves. o Trojan horses: Viruses that masquerade as useful programs. o Worms: Viruses that self-propagate using a network. o Spyware: Programs installed on user’s computer without the user’s knowledge; secretly reports user’s actions. o Adware: Similar to spyware, but creates pop-up ads, changes browser default pages and search results. o Ransomware: Malicious software that blocks access to systems until money is paid to the attacker. Firewalls are computing devices that prevent unauthorized access. Firewalls use access control lists (ACLs) that permit (whitelist) or deny (blacklist) inbound and/or outbound traffic based on port and IP address. Types of firewalls include: o Perimeter firewall: o Internal firewall: o Packet-filtering firewall:. Need to know types of firewall Firewalls are also used in setting up a DMZ network, which is a perimeter network that protects and adds an extra layer of security to an organization’s internal local-area network from untrusted traffic. A common DMZ is a subnetwork that sits between the public internet and private networks. Encryption is the process of converting human-readable plaintext to incomprehensible text, also known as ciphertext. Encryption requires the use of a cryptographic key: a set of mathematical values that both the sender and the recipient of an encrypted message agree on. The two main kinds of encryption are symmetric encryption and asymmetric encryption, also known as public key encryption. o Symmetric encryption: There is only one key, and all communicating parties use the same (secret) key for both encryption and decryption. o Asymmetric encryption: There are two keys: one key is used for encryption, and a different key is used for decryption. The decryption key is kept private (hence the "private key" name), while the encryption key is shared publicly, for anyone to use (hence the "public key" name). Key escrow is a trusted party that maintains copies of encryption keys. Data can be encrypted “at rest” or “in flight.” Typical “in flight” encryption methods are : o SSL: Secure socket layer used to encrypt web traffic using server-side SSL certificates. o TLS: Transport layer security is an improved version of SSL. Encryption is used in creating a virtual private network (VPN), which allows for secure, private communication via a “data tunnel” over what would otherwise be a public network. In answering the who and what regarding sensitive data, management employs technical safeguards like identity and access management (IAM): o Identification: Identifies the user. o Authentication: Authenticates the user using the following: o Password o Smart card (embedded microchip) o Personal Identification Number (PIN) o Biometric authentication using fingerprints, facial features and retinal scans. ITSS 3300.S24 Test 2 Review 6 Organizations typically employ multifactor authentication (MFA), which is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism. MFA relies on: o Knowledge: Something only the user knows. o Possession: Something only the user has. o Inherence: Something only the user is. IT Service Delivery o Service Level Management (SLM): The objective is to negotiate Service Level Agreements with the customers and to design services in accordance with the agreed service level targets. Service Level Management is also responsible for ensuring that all Operational Level Agreements and Underpinning Contracts are appropriate, and to monitor and report on service levels. o Risk Management: The objective is to identify, assess and control risks. This includes analyzing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats. o Capacity Management: The objective is to ensure that the capacity of IT services and the IT infrastructure is able to deliver the agreed service level targets in a cost effective and timely manner. Capacity Management considers all resources required to deliver the IT service, and plans for short-, medium-, and long-term business requirements. o Availability Management: The objective is to define, analyze, plan, measure and improve all aspects of the availability of IT services. Availability Management is responsible for ensuring that all IT infrastructure, processes, tools, roles etc. are appropriate for the agreed availability targets. o IT Service Continuity Management (ITSCM): The objective is to manage risks that could seriously impact IT services. ITSCM ensures that the IT service provider can always provide minimum agreed Service Levels, by reducing the risk from disaster events to an acceptable level and planning for the recovery of IT services. ITSCM should be designed to support Business Continuity Management. o Information Security Management: The objective is to ensure the confidentiality, integrity and availability of an organization's information, data and IT services. Information Security Management usually forms part of an organizational approach to security management which has a wider scope than the IT Service Provider. Service Transition: The objective of ITIL Service Transition is to build and deploy IT services. The Service Transition life cycle stage also makes sure that changes to services and service management processes are carried out in a coordinated way. o Project Management (Transition Planning and Support): The objective is to plan and coordinate the resources to deploy a major release within the predicted cost, time and quality estimates. o Application Development: The objective is to make available applications and systems which provide the required functionality for IT services. This process includes the development and maintenance of custom applications as well as the customization of products from software vendors. o Release and Deployment Management: The objective is to plan, schedule and control the movement of releases to test and live environments. The primary goal of Release Management is to ensure that the integrity of the live environment is protected and that the correct components are released. o Service Validation and Testing: The objective is to ensure that deployed releases and the resulting services meet customer expectations, and to verify that IT operations is able to support the new service. o Service Asset and Configuration Management: The objective is to maintain information about configuration items required to deliver an IT service, including their relationships. o Knowledge Management: The objective is to gather, analyze, store and share knowledge and information within an organization. The primary purpose of Knowledge Management is to improve efficiency by reducing the need to rediscover knowledge. Project Management What’s a Project? A project is a temporary endeavor undertaken to create a unique product, service or result; the outcome may be tangible or intangible. o Because it’s temporary, projects have a beginning and an end; temporary does not mean a project is short in duration. o The end is reached when the objective has been met or is terminated because the objectives cannot be met. Projects may have repetitive elements, but they differ from operations in that operations involve the repetitive process of an organization’s existing procedures. ITSS 3300.S24 Test 2 Review 7 A project can involve a single individual or multiple individuals, a single organizational unit, multiple organizational units or multiple organizations. What is Project Management? Project management is the application of knowledge, skills, tools, and techniques to project activities to meet project requirements. Project management is categorized into five process groups: o Initiating processes define a new project or a new phase of an existing project by obtaining authorization to start the project or phase. o Planning processes that establish the scope of the project, refine the objectives, and define the course of action required to obtain the objectives. o Executing processes are performed to complete the work defined in the project management plan to satisfy project specifications. o Monitoring & controlling is the only project management process group that interacts with all other four. In this phase, the project team checks whether everything is going as planned using processes to track, review and regulate the progress and performance of the project. o Closing processes to finalize all activities across all process groups. Managing a project typically includes: o Identifying requirements o Addressing various needs, concerns and expectations of stakeholders in planning and executing a project o Setting up, maintaining, and carrying out communications among stakeholders that are active, effective and collaborative in nature o Managing stakeholders towards meeting project requirements and creating project deliverables o Balancing the competing project constraints, which include: § Scope § Quality § Schedule § Budget § Resources § Risks Who Does Project Management? There are five stakeholders: o Project leader (or project manager): The head of the project; defines, plans, controls, and leads the project o Project team members: Produce the outputs (deliverables) for the project; participate in the project management process; contribute their skills and effort to perform tasks o Sponsor (or upper manager): The person with formal authority who is ultimately responsible for the project; oversees the project; acts as a liaison between the upper management team and the project leader; provides authority, guidance, and maintains project priority o Project customer: The person or group whose needs and requirements drive the project; receives the final output(s) that the project produces; provides product requirements and funding o Functional managers (also known as resource managers or line managers): Provide company policy and resources, particularly people who are involved in the project Naturally, these stakeholders are organized by team, department, business unit, and company, both internal and external In addition to the stakeholders mentioned, project teams can also include: o Supporting experts: Performs activities required to develop or execute the project management plan in such roles as contracting, financial management, logistics, legal, safety, engineering, test or quality control. o User or customer representatives: Members of the organization that will accept the deliverables or products that are assigned to act as liaisons to ensure proper coordination, advice on requirements, or validate acceptability of the project’s results. May themselves be project managers for the customer organization. o Sellers: Vendors or suppliers that have a contractual obligations to provide components or services necessary for the project. o Business partners and their members: External organizations that have a special relationship with the enterprise, sometimes attained through a certification process. They provide special expertise to fulfill a specified role such as installation, customization, training or support. Org Structure Functional Matrix Projectized ITSS 3300.S24 Test 2 Review 8 Project Weak Balanced Strong Characteristics PM’s Authority Little to None Low Low to Moderate Moderate to High High to Almost Total Resource Little to None Low Low to Moderate Moderate to High High to Almost Total Availability Who Manages Functional Mgr Functional Mgr Mixed Project Manager Project Manager PM’s Role Part-time Part-time Full-time Full-time Full-time PM Admin Staff Part-time Part-time Part-time Full-time Full-time Projects, Programs & Portfolios Project Program Portfolio Programs have larger scope and Portfolios have organizational provide more significant scope that changes with the benefits; projects in a program strategic objectives of the Scope are related by common organization outcome or collective capability Project lifecycles may be predictive, iterative and incremental, or adaptive: o Predictive lifecycles are ones in which the project scope, and the time and cost to deliver that scope, are determined early in the project lifecycles. The project proceeds through a series of sequential or overlapping phases, with the work in each phase being substantially different than the prior phase. o Iterative and incremental lifecycles are ones in which phases intentionally repeat one or more project activities as the team’s understanding of the product increases. o Adaptive lifecycles (aka change-driven or agile methods) are intended to respond to high levels of change and ongoing stakeholder involvement. Adaptive methods are also iterative and incremental, but differ in that iterations are very rapid (usually 2 to 4 weeks; known as sprints) Project Phases: A phase is a collection of logically related project activities that culminates in the completion of one or more deliverables. A generic project lifecycle involves starting the project, organizing and preparing, carrying out the project work, and closing the project. Notice how these align with process groups mentioned earlier; they are, however, not the same thing! Process groups may be done within a single phase. o Waterfall: The Waterfall methodology is the oldest formal methodology; it’s widely adopted, most prominently in the software industry. Characteristics include: § It’s sequential. § Heavily requirements-focused; you need to have a crystal-clear idea of what the project demands before proceeding further as there is no scope for correction once the project is underway. § It’s divided into discrete stages; you start by collecting and analyzing requirements, designing the solution (and your approach), implementing the solution and fixing issues, if any. § Each stage in this process is self-contained; you wrap up one stage before moving onto another. o Advantages include: § Ease of use: This model is easy to understand and use. The division between stages is intuitive and easy to grasp regardless of prior experience. § Structure: The rigidity of the Waterfall method is a liability but can also be a strength. The clear demarcation between stages helps organize and divide work. Since you can't go back, you have to be "perfect" in each stage, which often produces better results. § Documentation: The sharp focus on gathering and understanding requirements makes the Waterfall model heavily reliant on documentation. This makes it easy for new resources to move in and work on the project when needed. ITSS 3300.S24 Test 2 Review 9 o Agile (Scrum): Agile, another software development-focused PM methodology, emerged as a response to the failure of Waterfall method for managing complex projects. § In approach and ideology, Agile is the opposite of the Waterfall method. As the name implies, this method favors a fast and flexible approach; there is no top-heavy requirements-gathering. It’s iterative with small incremental changes that respond to changing requirements. § Scrum isn't a fully-featured project management methodology; it describes an approach to Agile management with a focus on project teams, short "sprints" and daily stand-up meetings. § While it borrows the principles and processes from Agile, Scrum has its own specific methods and tactics for dealing with project management. § The Scrum approach places the project team front and center of the project; often, there is no project manager; the team is expected to be self-organizing and self-managing. § Ideal for highly focused and skilled teams; not so much for others. § "Agile is the philosophy and Scrum the methodology. While Scrum is Agile, Agile isn’t Scrum." o Advantages § Flexibility and freedom: Since there are no fixed stages or focus on requirements, it gives your resources much more freedom to experiment and make incremental changes; this makes it particularly well-suited for creative projects. § Scrum "sprints": The Scrum approach is heavily focused on 30-day "sprints.” Project team breaks down a wish list of end-goals into small chunks, then works on them in 30-day sessions (sometimes as short a 2-week sessions) with daily stand-up meetings; this makes it easy to manage large and complex projects. § Fast paced: The "sprint" approach with its 2- to 4-week limit and daily stand-up meetings promotes rapid iteration and development. § Team-focused: Since the project team is expected to manage itself, Scrum teams have clear visibility into the project. It also means that project leaders can set their own priorities as per their own knowledge of their capabilities. o Disadvantages § Quality not a consideration: It may be possible that a project is scoring high on earned value performance scale, but the quality of work is below par. Quality is an important criteria in any project, and unfortunately it is not considered in EVA. § Lacks flexibility in addressing unforeseeable risks: In EVM, planned value is the baseline on which calculations are made and predictions based. But there is always an element of uncertainty involved while doing any predictions. A project may be on schedule when EVA is done, but because of unforeseeable risks it can get delayed at later stages; basing assumptions on planned value entails significant risk of failure.. § Cost of implementing: Generally, software is required and coordination between different departments should be very good for it to achieve its goal. § Time required: Collection of relevant data pertaining to actual costs is time-consuming, particularly in big and diverse projects. IT Service Management Service Operation is sometimes referred to as IT Operations Management, or ITOM. The processes of Service Operation are: o Application Management: The objective is to manage applications throughout their lifecycle. o Facilities Management: The objective is to manage the physical environment where the IT infrastructure is located. Facilities Management includes all aspects of managing the physical environment, for example power and cooling, building access management, and environmental monitoring. This function is most closely associated with managing data centers. o Request Fulfilment: The objective is to fulfill service requests, which in most cases are minor (standard) changes (e.g. requests to change a password) or requests for information. This is often done by an organization’s IT help desk in conjunction with Access Management. o Access Management: The objective is to grant authorized users the right to use a service, while preventing access to non-authorized users. The Access Management processes essentially execute policies defined in Information Security Management. Access Management is sometimes also referred to as Rights Management or Identity Management, or Identity Access Management (IAM). ITSS 3300.S24 Test 2 Review 10 o Technical Management: Provides technical expertise and support for the management of the IT infrastructure. This expertise may be embedded within a customer-facing account team (IPM, SM, CSM, DSE), or may be back- office support. o IT Operations Control: The objective is to monitor and control the IT services and their underlying infrastructure. The process IT Operations Control executes day-to-day routine tasks related to the operation of infrastructure components and applications. This includes job scheduling, backup and restore activities, print and output management, and routine maintenance. This function is often associated with an organization’s network operations center, or NOC. The NOC plays a central role in o Disaster recovery involves the carrying out of a disaster recovery plan, which are the procedures necessary to restore service to a specific point or time: o Recovery Point Objective (RPO): The maximum targeted period during which transactional data is lost from an IT service due to a major incident. o Recovery Time Objective (RTO): The targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. Disaster recovery often involves the failover to a backup site. A backup site may be hot, warm, or cold: o Hot: Essentially mirrors the primary datacenter infrastructure. § The backup site is populated with servers, cooling, power, and office space (if applicable). § The most important feature offered from a hot site is that the production environment(s) are running concurrently with your main data center. § This syncing allows for minimal impact and downtime to business operations. In the event of a significant outage event to the main data center, the hot site can take the place of the impacted site immediately. § Running two hot sites is called high availability. Running three or more hot sites, e.g. AWS multi-region implementation, is called continuous availability. o Warm: Data center space with some pre-installed server hardware. § The difference between a hot site and a warm site is that while the hot site provides a mirror of the production data center and its environment(s), a warm site will contain only servers ready for the installation of production environments. o Cold: Data center space without any server-related equipment installed. § The cold site provides power, cooling, and/or office space which waits in the event of a significant outage to the main work site or data center. § The cold site will require extensive support from engineering and IT personnel to get all necessary servers and equipment migrated and functional. Continual Service Improvement Objective: The Continual Service Improvement (CSI) process uses methods from quality management in order to learn from past successes and failures. The ITIL CSI lifecycle stage aims to continually improve the effectiveness and efficiency of IT processes and services, in line with the concept of continual improvement adopted in ISO 20000. The processes of Continual Service Improvement are: o Service Review: To review business services and infrastructure services on a regular basis. The aim of this process is to improve service quality where necessary, and to identify more economical ways of providing a service where possible. o Process Evaluation: To evaluate processes on a regular basis. This includes identifying areas where the targeted process metrics are not reached, and holding regular benchmarks, audits, maturity assessments and reviews. o Definition of CSI Initiatives: To define specific initiatives aimed at improving services and processes, based on the results of service reviews and process evaluations. The resulting initiatives are either internal initiatives pursued by the service provider on his own behalf, or initiatives which require the customer's cooperation. o Monitoring of CSI Initiatives: To verify if improvement initiatives are proceeding according to plan, and to introduce corrective measures where necessary. The goals of IT Service Management are: o Drive IT efficiency. o Promote business alignment. o Support regulatory compliance. o Reduce the incident lifecycle. o Drive customer satisfaction. Software Automation ITSS 3300.S24 Test 2 Review 11 Software automation, or robotic process automation (RPA), is a form of business process automation technology based on metaphorical software robots (bots) or on artificial intelligence (AI) /digital workers RPA is an application of technology, governed by business logic and structured inputs, aimed at automating business processes What are the Benefits of RPA? RPA provides organizations with the ability to reduce staffing costs and human error. It does this by providing: o Greater Productivity o Greater Accuracy o Cost Savings & Fast ROI o Integrate Across Platforms o Harness Artificial Intelligence (AI) o Scalability Two Types of Automation o Attended automation: Attended RPA bots are like virtual assistants, helping an individual employee with their tasks to boost productivity § What: Assists with front-office tasks by collaborating with employees and teams § How: Employees trigger a bot and interact with it as it helps. Managers can orchestrate tasks between people and bots and coordinate across internal resources § When: Attended RPA bots are ready and waiting to be activated by employees whenever they are needed to help the process along § Where: Attended bots can run on workstations, private servers, or in the cloud § Why: o Increases productivity o Reduces average call handle time o Enhances customer experience o Increases compliance o Unattended automation: Unattended RPA bots run automation that works on its own. The aim for many business processes is end-to-end automation, where bots are enabled to execute entire processes independently § What: Automates back-office processes at scale § How: Unattended RPA bots work independently, following a rules-based process to completion § When: Unattended RPA bots operate on a preset schedule, or as triggered by logic in the process flow § Where: Unattended bots can run on workstations, private servers, or in the cloud § Why: o Reduces operating costs o Increases productivity o Eliminates errors o Frees employees from repetitive work o Improves compliance When to Automate? There are four basic requirements when determining possible RPA fits: o The process must be rule-based o The process must be repeated at regular intervals, or have a pre-defined trigger o The process must have defined inputs and outputs o The task should have sufficient volume E-Commerce o Business to Consumer (B2C): Transactions happen between businesses and consumers. In B2C e-commerce, businesses are the ones selling products or services to end-users (i.e. consumers). § Online retail typically works on a B2C model. § Retailers with online stores such as Walmart, Macy’s, and IKEA are all examples of businesses that engage in B2C e-commerce. § Includes subtypes like M(obile)-Commerce & F(acebook)-Commerce. o Business to Business (B2B): As its name states, B2B e-commerce pertains to transactions conducted between two businesses. Any company whose customers are other businesses operate on a B2B model. § Examples include Alibaba, ADP, Grainger, and Square. o Consumer to Consumer (C2C): C2C e-commerce happens when something is bought and sold between two consumers. C2C commonly takes place on online marketplaces such as eBay, in which one individual sells a product or service to another. ITSS 3300.S24 Test 2 Review 12 o Government to Business (G2B): G2B transactions take place when a company pays for government goods, services, or fees online. Examples could be a business paying for taxes using the Inter o Business to Government (B2G): When a government entity uses the Internet to purchases goods or services from a business, the transaction may fall under B2G e-commerce. Examples include OpenGov and Tyler Technologies, both providers of cloud-based software for public sector budgeting, reporting, communications, and performance. o Consumer to Government (C2G): Consumers can also engage in C2G e-commerce. People paying for traffic tickets or paying for their car registration renewals online may fall under this category. Where Does E-Commerce Occur? o Online Storefronts: A merchant’s website used to buy and sell goods via shopping carts. o Online Marketplaces: Sites that facilitate transactions between merchants and customers. Traffic: E-Commerce, like brick & mortar stores, relies heavily on traffic—bringing people into your “store” to shop. Traffic is either… o Organic: Unpaid traffic obtained through search engine results. o Paid: Direct traffic that is generated through online advertising.. Internet marketing includes the following: o Search Engine Marketing (SEM): A form of internet marketing that involves the promotion of websites by increasing their visibility in search engine results pages (SERPs) primarily through paid advertising. o Search Engine Optimization (SEO): Process of improving the quality and quantity of website traffic to a website or a web page from search engines. SEO targets unpaid traffic, known as natural or organic results. o Local Search Engine Optimization (local SEO): Similar to (national) SEO in that it’s also a process affecting the visibility of a website or a web page in a web search engine's unpaid results, but limits the scope to and focuses the results based on geography. o Social Media Marketing: The use of social media platforms and websites to promote a product or service. o Email Marketing: Sending a commercial message, typically to a group of people, using email. o Referral Marketing: A method of promoting products or services to new customers through referrals, usually word of mouth. Such referrals often happen spontaneously, but businesses can influence this through appropriate strategies. o Content Marketing: A form of marketing focused on creating, publishing, and distributing content for a targeted audience online. Think blogs. o Native Advertising: A type of advertising that matches the form and function of the platform upon which it appears. In many cases it functions like an advertorial, and manifests as a video, article or editorial. The word native refers to this coherence of the content with the other media that appear on the platform. o Search Engines Optimization: The goal of SEO is to improve the ranking of a website in a search engine’s results page, making it more likely for a consumer to click on that link. From there, it’s up to that company to convert visitors to buyers. SEO considers: o How search engines work (a trade secret). o The computer-programmed algorithms that dictate search engine behavior (also a trade secret). Search engines have three main functions: o Crawl: Scouring the Internet for content using crawlers, aka spiders, looking over the code/content for each URL they find. You can prevent crawlers from crawling a site for various reasons. You can also direct how a site is crawled using a robots.txt file in your website. o Index: Store and organize the content found during the crawling process. Once a page is in the index, it’s in the running to be displayed as a result to relevant queries. o Rank: Provide the pieces of content that will best answer a searcher's query, which means that results are ordered by most relevant to least relevant.. AWS Demo Amazon Web Services (AWS) is a public cloud provider that provides on-demand delivery of compute power, database, storage, applications, and other IT resources via the internet with pay-as-you-go pricing. The advantages of cloud computing are: o Agility: The ability to respond quickly to changes in demand. o Elasticity: The ability to dynamically increase and decrease resources programmatically. o Lower Cost: You only pay for what you use. ITSS 3300.S24 Test 2 Review 13 o Survivability: Cloud providers operate multiple data centers within a given area or region. o No Obsolescence: Cloud providers continuously upgrade their network and data center infrastructure. o Economies of Scale: Cloud providers buy in bulk and can sell for less. Amazon Web Services (AWS) offers the following services: o EC2: Elastic Compute Cloud. Think application servers. o S3: Simple Storage Service. Think file servers, but you can use them to host a website. o Aurora: Relational database. o CloudFront: Content delivery service. o EMR: Hadoop for Big Data and machine learning. o RedShift: Data warehousing. o Route 53: Domain Name System (DNS).