Combining frequency and causing technology information can provide a view of the complexity of a problem and so indicate how difficult it will be to investigate (see Figure 1).
The problems in each quadrant have certain characteristics: Q1 – In a typical IT department 80 to 90% of problems are solid faults that are easily tracked down to a causing technology.
The appropriate technical or platform support team efficiently deals with these problems every day.
Q2 – Some recurring problems are due to a Known Error, or are obviously being caused by a particular hardware or software component.
These problems are handled by technical support people working with suppliers.
Q3 – Every so often a one-off problem occurs, and the cause of these may never be found.
Q4 – The technical ownership of these issues is unclear and so they are referred to as “grey problems” ie not black and white. Impact Grey problems have a significant impact on IT service, and: • • • • Form the bulk of ongoing recurring problems Create a disproportionately high IT support workload Give a pointer to more serious problems to come Cause the business to adjust practices around the problem Grey problem 265 ITIL perspective ITIL Service Operations implies that grey problems should be handled through a Problem Solving Group under the direction of the Problem Management function.
In practice, even those IT organisations that have adopted ITIL rarely have a procedure to handle a grey problem, leaving it to bounce between Technical Support Teams as each denies that their technology is to blame. Further reading • Grey problem case study  • Presentation to the British Computer Society  References  http:/ / www.publictechnology.net/ content/ 19065  http:/ / www.beds.
Uk/ documents/ 2009-04-22-MethodBasedProblemDiagnosis.
Pdf Hierarchical storage management Hierarchical Storage Management (HSM) is a data storage technique which automatically moves data between high-cost and low-cost storage media.
HSM systems exist because high-speed storage devices, such as hard disk drive arrays, are more expensive (per byte stored) than slower devices, such as optical discs and magnetic tape drives.
While it would be ideal to have all data available on high-speed devices all the time, this is prohibitively expensive for many organizations.
Instead, HSM systems store the bulk of the enterprise’s data on slower devices, and then copy data to faster disk drives when needed.
In effect, HSM turns the fast disk drives into caches for the slower mass storage devices.
The HSM system monitors the way data is used and makes best guesses as to which data can safely be moved to slower devices and which data should stay on the fast devices.
In a typical HSM scenario, data files which are frequently used are stored on disk drives, but are eventually migrated to tape if they are not used for a certain period of time, typically a few months.
If a user does reuse a file which is on tape, it is automatically moved back to disk storage.
The advantage is that the total amount of stored data can be much larger than the capacity of the disk storage available, but since only rarely-used files are on tape, most users will usually not notice any slowdown.
HSM is sometimes referred to as tiered storage.
HSM (originally DFHSM, now DFSMShsm) was first implemented by IBM on their mainframe computers to reduce the cost of data storage, and to simplify the retrieval of data from slower media.
The user would not need to know where the data was stored and how to get it back; the computer would retrieve the data automatically.
The only difference to the user was the speed at which data was returned.
Later, IBM ported HSM to its AIX operating system, and then to other Unix-like operating systems such as Solaris, HP-UX and Linux.
HSM was also implemented on the DEC VAX/VMS systems and the Alpha/VMS systems.
The first implementation date should be readily determined from the VMS System Implementation Manuals or the VMS Product Description Brochures.
Recently, the development of Serial ATA (SATA) disks has created a significant market for three-stage HSM: files are migrated from high-performance Fibre Channel Storage Area Network devices to somewhat slower but much cheaper SATA disks arrays totalling several terabytes or more, and then eventually from the SATA disks to tape.
The newest development in HSM is with hard disk drives and flash memory, with flash memory being over 30 times faster than disks, but disks being considerably cheaper. Hierarchical storage management Conceptually, HSM is analogous to the cache found in most computer CPUs, where small amounts of expensive SRAM memory running at very high speeds is used to store frequently used data, but the least recently used data is evicted to the slower but much larger main DRAM memory when new data has to be loaded.
In practice, HSM is typically performed by dedicated software, such as IBM Tivoli Storage Manager, CommVault , VERITAS Enterprise Vault , Sun Microsystems SAMFS/QFS , Quantum StorNext, or EMC Legato OTG DiskXtender. 266 Use Cases — 322 Planning to Implement Service Management The ITIL discipline – Planning to Implement Service Management attempts to provide practitioners with a framework for the alignment of business needs and IT provision requirements.
The processes and approaches incorporated within the guidelines suggest the development of a Continuous Service Improvement Program (CSIP) as the basis for implementing other ITIL disciplines as projects within a controlled program of work.
Planning to Implement Service Management focuses mainly on the Service Management processes, but also applies generically to other ITIL disciplines.components include: • • • • creating vision analyzing organisation setting goals implementing IT service management Small-Scale Implementation ITIL Small-Scale Implementation provides an approach to ITIL framework implementation for smaller IT units or departments.
It is primarily an auxiliary work that covers many of the same best practice guidelines as Planning to Implement Service Management, Service Support, and Service Delivery but provides additional guidance on the combination of roles and responsibilities, and avoiding conflict between ITIL priorities. Overview of the ITIL v3 library ITIL v3 is an extension of ITIL v2 and will fully replace it following the completion of the withdrawal period on 30 June 2011 .
ITIL v3 provides a more holistic perspective on the full life cycle of services, covering the entire IT organisation and all supporting components needed to deliver services to the customer, whereas v2 focused on specific activities directly related to service delivery and support.
Most of the v2 activities remained untouched in v3, but some significant changes in terminology were introduced in order to facilitate the expansion.
Five volumes comprise the ITIL v3, published in May 2007: 1.
ITIL Service Strategy 2.
ITIL Service Design 3.
ITIL Service Transition 4.
ITIL Service Operation 5.
ITIL Continual Service Improvement Service Strategy As the center and origin point of the ITIL Service Lifecycle, the ITIL Service Strategy volume provides guidance on clarification and prioritisation of service-provider investments in services.
More generally, Service Strategy focuses on helping IT organisations improve and develop over the long term.
In both cases, Service Strategy relies largely upon a market-driven approach.
Key topics covered include service value definition, business-case development, service assets, market analysis, and service provider types.
List of covered processes: • Service Portfolio Management  • Demand Management • IT Financial Management  Information Technology Infrastructure Library 323 Service Design The ITIL Service Design volume provides good-practice guidance on the design of IT services, processes, and other aspects of the service management effort.
Significantly, design within ITIL is understood to encompass all elements relevant to technology service delivery, rather than focusing solely on design of the technology itself.
As such, Service Design addresses how a planned service solution interacts with the larger business and technical environments, service management systems required to support the service, processes which interact with the service, technology, and architecture required to support the service, and the supply chain required to support the planned service.
Within ITIL v2, design work for an IT service is aggregated into a single Service Design Package (SDP).
Service Design Packages, along with other information about services, are managed within the service catalogues.
List of covered processes: • • • • • • • Service Catalogue Management Service Level Management Risk Management Capacity Management Availability Management IT Service Continuity Management Information Security Management • Compliance Management • IT Architecture Management • Supplier Management Service Transition Service transition, as described by the ITIL Service Transition volume, relates to the delivery of services required by a business into live/operational use, and often encompasses the “project” side of IT rather than “BAU” (Business as usual).
This area also covers topics such as managing changes to the “BAU” environment.
List of processes: • • • • • • Service Asset and Configuration Management Service Validation and Testing Evaluation Release Management Change Management Knowledge Management Service Operation Best practice for achieving the delivery of agreed levels of services both to end-users and the customers (where “customers” refer to those individuals who pay for the service and negotiate the SLAs).
Service operation, as described in the ITIL Service Operation volume, is the part of the lifecycle where the services and value is actually directly delivered.
Also the monitoring of problems and balance between service reliability and cost etc.
The functions include technical management, application management, operations management and Service Desk as well as, responsibilities for staff engaging in Service Operation.
List of processes: • Event Management • Incident Management • Problem Management. • Request Fulfilment Information Technology Infrastructure Library • Access Management 324 Continual Service Improvement (CSI) Aligning and realigning IT services to changing business needs (because standstill implies decline).
Continual Service Improvement, defined in the ITIL Continual Service Improvement volume, aims to align and realign IT Services to changing business needs by identifying and implementing improvements to the IT services that support the Business Processes.
The perspective of CSI on improvement is the business perspective of service quality, even though CSI aims to improve process effectiveness, efficiency and cost effectiveness of the IT processes through the whole lifecycle.
To manage improvement, CSI should clearly define what should be controlled and measured.
CSI needs to be treated just like any other service practice.
There needs to be upfront planning, training and awareness, ongoing scheduling, roles created, ownership assigned,and activities identified to be successful.
CSI must be planned and scheduled as process with defined activities, inputs, outputs, roles and reporting.
List of processes: • Service Level Management • Service Measurement and Reporting • Continual Service Improvement Criticisms of ITIL ITIL has been criticised on several fronts, including: • The books are not affordable for non-commercial users • Accusations that many ITIL advocates think ITIL is “a holistic, all-encompassing framework for IT governance” • Accusations that proponents of ITIL indoctrinate the methodology with ‘religious zeal’ at the expense of pragmatism • Implementation and credentialing requires specific training • Debate over ITIL falling under BSM or ITSM frameworks Rob England (also known as “IT Skeptic”) has criticised the protected and proprietary nature of ITIL .
He urges the publisher, OGC, to release ITIL under the Open Government Licence (OGL) CIO Magazine columnist Dean Meyer has also presented some cautionary views of ITIL, including five pitfalls such as “becoming a slave to outdated definitions” and “Letting ITIL become religion.” As he notes, “…it doesn’t describe the complete range of processes needed to be world class.
It’s focused on …
Managing ongoing services.” In a 2004 survey designed by Noel Bruton (author of “How to Manage the IT Helpdesk” and “Managing the IT Services Process”), organisations adopting ITIL were asked to relate their actual experiences in having implemented ITIL.
Seventy-seven percent of survey respondents either agreed or strongly agreed that “ITIL does not have all the answers”.
ITIL exponents accept this, citing ITIL’s stated intention to be non-prescriptive, expecting organisations to engage ITIL processes with existing process models.
Bruton notes that the claim to non-prescriptiveness must be, at best, one of scale rather than absolute intention, for the very description of a certain set of processes is in itself a form of prescription. While ITIL addresses in depth the various aspects of Service Management, it does not address enterprise architecture in such depth.
Many of the shortcomings in the implementation of ITIL do not necessarily come about because of flaws in the design or implementation of the Service Management aspects of the business, but rather the wider architectural framework in which the business is situated.
Because of its primary focus on Service Management, ITIL has limited utility in managing poorly designed enterprise architectures, or how to feed back into the design of the enterprise architecture. Information Technology Infrastructure Library Closely related to the Architectural criticism, ITIL does not directly address the business applications which run on the IT infrastructure; nor does it facilitate a more collaborative working relationship between development and operations teams.
The trend toward a closer working relationship between development and operations is termed: DevOps.
This trend is related to increased application release rates and the adoption of Agile software development methodologies.
Traditional service management processes have struggled to support increased application release rates – due to lack of automation – and/or highly complex enterprise architecture.
Some researchers group ITIL with Lean, Six Sigma and Agile IT operations management.
Applying Six Sigma techniques to ITIL brings the engineering approach to ITIL’s framework.
Applying Lean techniques promotes continuous improvement of the ITIL’s best practices.
However, ITIL itself is not a transformation method, nor does it offer one.
Readers are required to find and associate such a method.
Some vendors have also included the term Lean when discussing ITIL implementations, for example “Lean-ITIL”.
The initial consequences of an ITIL initiative tend to add cost with benefits promised as a future deliverable.
ITIL does not provide usable methods “out of the box” to identify and target waste, or document the customer value stream as required by Lean, and measure customer satisfaction. 325 — 327 ITIL® pins It has been a well-known tradition for years that passing an EXIN exam in IT Service Management (based on ITIL®) does not only result in a certificate, but is also accompanied by the presentation of a metal pin which can be attached to a shirt or jacket.
This distinguishing badge with basic gold colour is set in the form of the internationally well-known ITIL®-logo.
The ITIL® pins consist of small diamond like structure that is accepted worldwide.
The meaning and the shape of the diamond depicts coherence in the IT industry (infrastructure as well).
The four corners of the pin symbolises service support, service delivery, Infrastructure Management and IT Management.
There are three colours of ITIL® V2 pins: 1.
Green, for the Foundation Certificate 2.
Blue, for the Practitioner’s Certificate 3.
Red, for the Manager’s Certificate Exam candidates who have successfully passed the examinations for ITIL® version 2 will receive their appropriate pin from EXIN or their certification provider regional office or agent.
With the arrival of ITIL® V3, there are several new pins to display your achievements.
As of July 2008, EXIN and all certification providers will also provide ITIL® pins to exam candidates who have obtained ITIL® version 3 certificates.
The new pins are very similar to ITIL® V2 pins, but every level has a different color corresponding to the ITIL® V3 core books. Organisations Organisations and management systems cannot claim certification as “ITIL-compliant”.
An organisation that has implemented ITIL guidance in IT Service Management (ITSM), may however, be able to achieve compliance with and seek certification under ISO/IEC 20000.
Note that there are some significant differences between ISO/IEC20000 and ITIL Version 3 • ISO20000 only recognises the management of financial assets, not assets which include “management, organisation, process, knowledge, people, information, applications, infrastructure and financial capital”, nor the concept of a “service asset”.
So ISO20000 certification does not address the management of ‘assets’ in an ITIL sense. • ISO20000 does not recognise Configuration Management System (CMS) or Service Knowledge Management System (SKMS), and so does not certify anything beyond Configuration Management Database (CMDB). • An organisation can obtain ISO20000 certification without recognising or implementing the ITIL concept of Known Error, which is usually considered essential to ITIL. References  David Clifford, Jan van Bon (2008).
Implementing ISO/IEC 20000 Certification: The Roadmap.
Van Haren Publishing.
ISBN 908753082X.  Office of Government Commerce (UK) CCTA and OGC (http:/ / www.ogc.
Retrieved May 5, 2005.  Office of Government Commerce (UK) (http:/ / www.ogc.
Retrieved August 19, 2009.  Office of Government Commerce (2000).
The Stationery Office.
ISBN 0113300158.  Office of Government Commerce (2001).
IT Infrastructure Library.
The Stationery Office.
ISBN 0113300174.  Office of Government Commerce (2002).
ICT Infrastructure Management.
The Stationery Office.
ISBN 0113308655.  Cazemier, Jacques A.; Overbeek, Paul L.; Peters, Louk M. (2000).
The Stationery Office.
ISBN 011330014X.  Office of Government Commerce (2002).
The Stationery Office.
ISBN 0113308663.  Office of Government Commerce (2002).
Planning to Implement Service Management.
The Stationery Office.
ISBN 0113308779.  Office of Government Commerce (2005).
ITIL Small Scale Implementation.
The Stationery Office.
ISBN 0113309805.  http:/ / www.ogc.
Asp  Majid Iqbal and Michael Nieves (2007).
ITIL Service Strategy.
The Stationery Office.
ISBN 9780113310456.  Vernon Lloyd and Colin Rudd (2007).
ITIL Service Design.
The Stationery Office.
ISBN 9780113310470.  Shirley Lacy and Ivor Macfarlane (2007).
ITIL Service Transition.
The Stationery Office.
ISBN 9780113310487.  David Cannon and David Wheeldon (2007).
ITIL Service Operation.
The Stationery Office.
ISBN 9780113310463. Information Technology Infrastructure Library  George Spalding and Gary Case (2007).
ITIL Continual Service Improvement.
The Stationery Office.
ISBN 9780113310494.  http:/ / wiki.
Php/ Service_Portfolio_Management  http:/ / wiki.
Php/ Financial_Management  http:/ / www.itskeptic.org/ free-itil  http:/ / www.nationalarchives.
Uk/ doc/ open-government-licence/ open-government-licence.
Htm  Meyer, Dean, 2005. “Beneath the Buzz: ITIL” (http:/ / web.
Archive.org/ web/ 20050404165524/ http:/ / www.cio.com/ leadership/ buzz/ column.
Html?ID=4186), CIO Magazine, March 31, 2005  Survey: “The ITIL Experience – Has It Been Worth It”, author Bruton Consultancy 2004, published by Helpdesk Institute Europe, The Helpdesk and IT Support Show, and Hornbill Software.  Microsoft Operations Framework; Cross Reference ITIL V3 and MOF 4.0 (http:/ / go.
Microsoft.com/ fwlink/ ?LinkId=151991).
May 2009. .  http:/ / www.thefitsfoundation.org  Van Bon, Jan; Verheijen, Tieneke (2006), Frameworks for IT Management (http:/ / books.
Google.com/ books?id=RV3jQ16F1_cC), Van Haren Publishing, ISBN 9789077212905,  http:/ / www.itsmsolutions.com/ newsletters/ DITYvol2iss3.
Htm  ISACA (2008), COBIT Mapping: Mapping of ITIL V3 With COBIT 4.1 (http:/ / www.isaca.org/ Knowledge-Center/ Research/ ResearchDeliverables/ Pages/ COBIT-Mapping-Mapping-of-ITIL-V3-With-COBIT-4-1.
Aspx), ITGI, ISBN 9781604200355,  Brooks, Peter (2006), Metrics for IT Service Management (http:/ / books.
Google.com/ books?id=UeWDivqKcm0C), Van Haren Publishing, pp. 76–77, ISBN 9789077212691,  Morreale, Patricia A.; Terplan, Kornel (2009), “126.96.36.199 Matching ITIL to eTOM” (http:/ / books.
Google.com/ books?id=VEp0aMmH3iQC), CRC Handbook of Modern Telecommunications, Second Edition (2 ed.), CRC Press, ISBN 9781420078008,  ITIL V3 Qualification Scheme (http:/ / www.itil-officialsite.com/ Qualifications/ ITILV3QualificationScheme.
OGC Official Site. .
Retrieved 2011-05-02.  APMG (2008). “ITIL Service Management Practices: V3 Qualifications Scheme” (http:/ / www.itil-officialsite.com/ nmsruntime/ saveasdialog.
Asp?lID=572& sID=86). .
Retrieved 24 February 2009.  “EXIN Exams” (http:/ / www.exin-exams.com/ ).
EXIN Exams. .
Retrieved 2010-01-14.  “ISEB Professionals Qualifications, Training, Careers BCS – The Chartered Institute for IT” (http:/ / www.bcs.org/ server.
Retrieved 2010-01-14.  http:/ / www.apmgroupltd.com/  Office of Government Commerce (2006). “Best Practice portfolio: new contracts awarded for publishing and accreditation services” (http:/ / www.ogc.
Retrieved 19 September 2006.  http:/ / www.apmgroup.
Asp  http:/ / www.certification-register.org/  Office of Government Commerce (2008). “Best Management Practice: ITIL V3 and ISO/IEC 20000” (http:/ / www.best-management-practice.com/ gempdf/ ITIL_and_ISO_20000_March08.
Retrieved 24 February 2009. 328 External links • Official ITIL Website (http://www.itil-officialsite.com/home/home.asp) • The OGC website (http://www.ogc.gov.uk/) Information technology planning 329 Information technology planning Information Technology Planning is a discipline within the Information Technology domain and is concerned with making the planning process for information technology investments and decision-making a quicker, more flexible, and more thoroughly aligned process. According to Architecture & Governance Magazine, (Strategic) IT planning has become an overarching discipline within the Strategic Planning domain in which enterprise architecture is now one of several capabilities. Arguments for Information Technology Planning IT takes too long to adjust plans to meet business needs.
By the time IT is prepared, opportunities have passed and the plans are obsolete.
IT doesn’t have the means to understand how it currently supports business strategy.
The linkage between IT’s capabilities — and their associated costs, benefits, and risks — and business needs is not mapped out.
Additionally, information gathering and number crunching hold the process back. IT makes plans that don’t reflect what IT will actually do or what the business actually needs.
In the end, business doesn’t understand how IT contributes to the execution of strategy.
IT doesn’t start planning with a clear picture of which demand is truly strategic or which actions will have the biggest impact.
Information regarding business needs and the costs, benefits, and risks of IT capabilities comes from sources of varying quality.
IT then makes planning decisions based on misleading information. IT’s plans often end up rigid and unverifiable.
Plans don’t include contingencies that reduce the impact of change, nor have they been verified as the best plan of action via comparison to alternatives and scenarios.
IT simply doesn’t have the time and information for it.
Manually preparing multiple plans and selecting the best one would take too long for most organizations — especially considering the availability of the information needed for a comparison. — Heavily networked IT systems typically characterize information technology in government and business these days.
As a rule, therefore, it is advantageous to consider the entire IT system and not just individual systems within the scope of an IT security analysis and concept.
To be able to manage this task, it makes sense to logically partition the entire IT system into parts and to separately consider each part or even an IT network.
Detailed documentation about its structure is prerequisite for the use of the IT Baseline Protection Catalogs on an IT network.
This can be achieved, for example, via the IT structure analysis described above.
The IT Baseline Protection Catalog?s’ components must ultimately be mapped onto the components of the IT network in question in a modelling step. IT baseline protection 348 Baseline security check The baseline security check is an organisational instrument offering a quick overview of the prevailing IT security level.
With the help of interviews, the status quo of an existing IT network (as modelled by IT baseline protection) relative to the number of security measures implemented from the IT Baseline Protection Catalogs are investigated.
The result is a catalog in which the implementation status “dispensable”, “yes”, “partly”, or “no” is entered for each relevant measure.
By identifying not yet, or only partially, implemented measures, improvement options for the security of the information technology in question are highlighted.
The baseline security check gives information about measures, which are still missing (nominal vs.
From this follows what remains to be done to achieve baseline protection through security.
Not all measures suggested by this baseline check need to be implemented.
Peculiarities are to be taken into account! It could be that several more or less unimportant applications are running on a server, which have lesser protection needs.
In their totality, however, these applications are to be provided with a higher level of protection.
This is called the (cumulation effect).
The applications running on a server determine its need for protection.
In this connection, it is to be noted that several IT applications can run on an IT system.
When this occurs, the application with the greatest need for protection determines the IT system?s protection category.
Conversely, it is conceivable that an IT application with great protection needs does not automatically transfer this to the IT system.
This may happen because the IT system is configured redundantly, or because only an inconsequential part is running on it.
This is called the (distribution effect).
This is the case, for example, with clusters.
The baseline security check maps baseline protection measures.
This level suffices for low to medium protection needs.
This comprises about 80 % of all IT systems according to FSI estimates.
For systems with high to very high protection needs, risk analysis based information security concepts, like for example ISO 27001, are usually used. IT Baseline Protection Catalog and standards During its 2005 restructuring and expansion of the IT Baseline Protection Catalogs, the FSI separated methodology from the IT Baseline Protection Catalog.
The BSI 100-1, BSI 100-2, and BSI 100-3 standards contain information about construction of an information security management system (ISMS), the methodology or basic protection approach, and the creation of a security analysis for elevated and very elevated protection needs building on a completed baseline protection investigation.
BSI 100-4, the “Emergency management” standard, is currently in preparation.
It contains elements from BS 25999, ITIL Service Continuity Management combined with the relevant IT Baseline Protection Catalog components, and essential aspects for appropriate Business Continuity Management (BCM).
Implementing these standards renders certification is possible pursuant to BS 25999-2.
The FSI has submitted the FSI 100-4 standards design for online commentary under. The FSI brings its standards into line with international norms this way. IT baseline protection 349 Literature FSI:IT Baseline Protection Guidelines (pdf, 420 kB)  FSI: IT Baseline Protection Cataloge 2007  (pdf) FSI: FSI IT Security Management and IT Baseline Protection Standards  Frederik Humpert: IT-Grundschutz umsetzen mit GSTOOL.
Anleitungen und Praxistipps für den erfolgreichen Einsatz des BSI-Standards, Carl Hanser Verlag München, 2005.  (ISBN 3-446-22984-1) • Norbert Pohlmann, Hartmut Blumberg: Der IT-Sicherheitsleitfaden.
Das Pflichtenheft zur Implementierung von IT-Sicherheitsstandards im Unternehmen, ISBN 3-8266-0940-9 • • • • References  http:/ / www.cisco.com/ en/ US/ docs/ solutions/ Enterprise/ Security/ Baseline_Security/ securebasebook.
Html  http:/ / www.nortel.com/ corporate/ news/ collateral/ ntj3_baseline_04.
Pdf  “Department Baseline Security Policy and End User Agreement” (http:/ / www.ag.
Edu/ biochem/ department/ Documents/ Baseline Security Policy and End User Agreement.
Purdue University. .
Retrieved 17 December 2009.  “D16 Baseline Security Requirements for Information Systems” (http:/ / www.kent.
Uk/ About Kent Police/ policies/ d/ d16.
Kent Police. .
Retrieved 17 December 2009.  “Mapping ISO 27000 to baseline security” (https:/ / www.bsi.
De/ cae/ servlet/ contentblob/ 471598/ publicationFile/ 31081/ Vergleich_ISO27001_GS_pdf.
Retrieved 17 December 2009.  Entwurf BSI 100-4 (http:/ / www.bsi.
De/ literat/ bsi_standard/ bsi-standard_100-4_v090.
Pdf) (pdf)  http:/ / www.bsi.
De/ gshb/ Leitfaden/ GS-Leitfaden.
Pdf  http:/ / www.bsi.
De/ gshb/ deutsch/ download/ it-grundschutz-kataloge_2006_de.
Pdf  http:/ / www.bsi.
De/ literat/ bsi_standard/ index.
Htm  http:/ / www.humpert-partner.
De/ conpresso/ _rubric/ index.
Php?rubric=6 External links • • • • Federal Office for Security in Information Technology (http://www.bsi.bund.de/english/index.htm) IT Security Yellow Pages (http://www.branchenbuch-it-sicherheit.de/) IT Baseline protection tools (http://www.bsi.bund.de/english/gstool/index.htm) Open Security Architecture- Controls and patterns to secure IT systems (http://www.opensecurityarchitecture.org) IT cost transparency
Read more about ITIL Service : Impact Grey problems have a significant impact on IT service….: