Metrics for the Internet, Information Technology,
and Service Management
Over 540 Objective
Metrics Defined
83 Graphical Metric Reports
show over 240 metrics
Compliant with ITIL
ISO 20000
IT Service Management
Version 4.0
- Added section on Outsourcing Metrics
- Updated style sheet
- Correct minor errata
Version 3.1
- Sample reports reviewed and modified to comply with ITIL and IT Service Management
- Service Management and Help Desk Section Updated to comply with ITIL and IT Service Management
- Graphics Updated
- Glossary Updated
Version 3.0
- Sample reports reviewed and modified to comply with Sarbanes-Oxley
- Sample reports presented in landscape format
Metric and IT Measurement News
Service-Oriented Architecture and IT Service Management Are Keys To Success in the Recovery
SOA and ITSM drive success and productivity
One bad customer experience can cost you that customer for life. Hospitality, travel, retail, healthcare, and financial services are especially prone to losing customers who have a negative experience. It does not take much for a customer to decide that you and your company are not worth his time, effort, or money.
Customers like to feel loved, and they are turned off very quickly when they sense that you do not care about the pain they are feeling. Even if you cannot help them because the situation is beyond your control, acknowledge that you understand both the situation and their frustration.
No
customer wants the person serving her to be distracted or preoccupied. Ever go
to the local mall and try to get help from a teenager focused more on texting
her friends than helping you find what youre looking for? On the other hand,
being too focused can be a bad thing. Have you ever asked an innocent question
out of curiosity and then found yourself stuck for an eternity while a customer
support person hunts endlessly for an answer? This person is likely so focused
on getting the answer that he does not realize that you really do not care that
much about it and would rather not wait for an answer to an inessential
question. Be sure your people understand the degree of focus required for the
job.
Even if the employee has the right skill set and experience, his odds of being successful and remaining on the job are low if his core behaviors and tendencies do not line up with those needed for success in that particular role. This is especially true for customer-facing roles in which your frontline employees act as extensions of your brand and heavily influence the customer experience.
- more infoIT Service Management drives customer satisfaction
Industry estimates peg the costs of acquiring new customers as being about five times more than the costs incurred to satisfy existing customers. IT Service Management and change control are keys to this process.
Customer retention and satisfaction also drive profits. According to some experts*, a 2 percent increase in customer retention can have the same effect on profits as cutting costs by 10 percent. And a 5 percent reduction in customer defection rate can increase profits by up to 25 to 125 percent, depending on the industry.
Additionally, existing customers are the ones who are most likely to be future purchasers. Theyve already shown they want and like your products or services and are willing to pay for them. And in many cases, customer profitability tends to increase over the life of a retained customer.
So whats the key to retaining customers? Keeping customers happy has always been a cornerstone of good business practice. But with today's economic conditions, delivering good service to ensure satisfaction has become critical to any companys success.
- more infoSecurity of wireless networks compromised by Google
Security of wireless networks is a concern of Connecticut Attorney General Richard Blumenthal who is heading up a 30-state investigation into Google's Wi-Fi data gathering scandal.
Blumenthal's investigation adds to the legal headaches for Google caused by the revelation that its Street View cars were collecting wireless "payload" data in addition to geolocation data from unsecured wireless hot spots. Ever since Google revealed the extent of its data gathering a month ago in response to inquiries from German regulators, lawyers and politicians have been lining up to express their outrage.
"Consumers have a right and a need to know what personal information--which could include e-mails, Web browsing, and passwords--Google may have collected, how, and why," Blumenthal said in a statement posted on his Web site. "Google must come clean, explaining how and why it intercepted and saved private information broadcast over personal and business wireless networks."
- more infoRecord mangement key to information goverance
Effective record management and information governance provides a
foundation for addressing the various challenges faced with electronic
information, including:
-
Management of information growth. Proactively monitoring and managing what content is being stored based on business value and record keeping obligations;
-
Mitigation of risk. Reducing risk and ensuring conformance with different regulatory, legal and business policies; and
-
Management of access to content. Driving competitive advantage and improving business operations through both access control and better re-use of information. Policy is at the heart of each of these challenges and key to an information governance strategy.
-
Information governance is most effective when policies can be carried forward consistently with enabling technologies. Foundational technologies at the core of a good information governance strategy include classification, security and access control, retention policy management, search, archiving and content management.
Recovery Point and Recovery Time Metrics
Recovery point objective (RPO) refers to the amount of data loss a customer can tolerate, specifically the point in time to which your enterprise must be able to recover the data. Some enterprises require an RPO of ZERO. That means the enterprise cannot lose a single committed transaction in the event of a site failure; they must be able to recover the data back to the zero minute of the time of the disaster. There are implications to setting up an RPO of zero. The replication solution will require synchronous replication (explained in detail later in this section) and may impact performance of the application being replicated.
An
RPO of greater than zero, for example 30 minutes, can be handled differently. An
RPO of 30 minutes means the customer can tolerate losing the last 30 minutes of
transactions in the event of a site failure. If the disaster occurrs at 12:00,
the customer must be able to recover the data to at least 11:30 (30 minutes
prior to the disaster). This can most likely be accomplished with asynchronous
replication with minimal performance impact to the application. In this
situation, careful planning and monitoring of the write-history log is essential
to support the expected RPO.
A RPO can only be
determined by their business rules and other governances of their environment.
The customer must weigh the risk of data loss in a higher RPO against the cost
and performance impact of a zero RPO.
Recovery time objective (RTO) refers to the amount of time it takes a customer to get their backup site up and running after a complete failure at the primary site. Most customers have an RTO of anywhere from 15 minutes to 8 hours, though the average is about 2 hours. This includes the time to failover the replicated LUNs (logical Unit Number) to the backup EVA (Enterprise Virtural Array) , recover the backup database and bring it online, and redirect any applications to the backup database server. A faster RTO can usually be accomplished by prestaging the backup site to the greatest extent possible.
Most Common Security Weaknesses - Sarbanes-Oxley Compliance
Security Manual Template has a solution
for each of these weaknesses.
1. Improper account provisioning with segregation of
duties
2. Insufficient
controls for change management
3. A general lack of understanding around key system
configurations
4. Audit
logs not being reviewed (or that review itself not being logged)
5. Abnormal transactions not
identified in a timely manner be considered abnormal or a violation of a
security policy within the network.
go to http://www.itproductivity.org/Security.htm
- more infoRisk management starts with risk assessment
There have been lessons learned from the current financial crisis in wasy to address perceived weaknesses in risk identification, assessment and management. The direction that CEOs and CIOs need to taker are:
- Risk management must be given greater authority
- Senior executives must lead risk management from the top
- Management needs to review the level of risk expertise in their
organisation, particularly at the
highest levels - Managers should pay more attention to the data that populate risk models,
and must combine
this output with human judgment - Stress testing and scenario planning can arm executives with an
appropriate response to events
Incentive systems must be constructed so that they reward long-term stability, not short-term
profit - Risk factors should be consolidated across all the business operations
- Managers should ensure that they do not rely too heavily on data from external providers
- A careful balance must be struck between the centralisation and decentralisation of risk
- Risk management systems should be adaptive rather than static
Common threads for security issues
A comprehensive survey compares findings of several security studies and finds that:
- Big jumps in incidence of password sniffing, financial fraud, and malware infection.
- Organizations often are fraudulently represented as the sender of a phishing message.
- Average losses due to security incidents are down again this year (from $289,000 per company to $234,244 per company), though they are still above 2006 figures.
- Twenty-five percent of companies felt that over 60 percent of their financial losses were due to non-malicious actions by insiders.
- Most companies are satisfied, though not overjoyed, with all security technologies.
- Most companies t their investment in end-user security awareness training was inadequate, but most felt their investments in other components of their security program were adequate.
- When asked what actions were taken following a security incident, 22 percent stated that they notified individuals whose personal information was breached and 17 percent stated that they provided new security services to users or customers.
- When asked what security solutions ranked highest on their wishlists, many named tools that would improve their visibility - better log management, security information and event management, security data visualization, security dashboards and the like.
- Companies generally said that regulatory compliance efforts have had a
positive effect on their organization's security
programs.
Improving knowledge worker productivity a CIO challenge
Many analysts support the notion of an integrated productivity environment for information workers. Many vendor frameworks combine these capabilities to create the next-generation workplace for information workers. The introduction of Microsoft Office 2007, Open Office and Google Documents are solutions with tight design integration, deliver the functionality that would have previously required 6 - 10 products for a full business productivity platform. The next releases of these products will take this integration to the next level by providing more flexibility in delivery and new capabilities to help improve productivity by saving the business time and money. - more infoChnage control and Quality Assurance Fail at McAfee
Change control and quality control fail at McAfee, as a result they released a product that caused thousands of customer PC to fail. McAfee has responded with the following statements:
How did this DAT file get through McAfees Quality Assurance process?
- Process Some specific steps of the existing Quality Assurance processes were not followed: Standard Peer Review of the driver was not done, and the Risk Assessment of the driver in question was inadequate. Had it been adequate it would have triggered additional Quality Assurance steps.
- Product Testing there was inadequate coverage of Product and Operating System combinations in the test systems used. Specifically, XP SP3 with VSE 8.7 was not included in the test configuration at the time of release.
What is McAfee going to do to ensure this does not repeat?
- Strict enforcement of rules and processes regarding DAT creation and Quality Assurance.
- Addition of the missing Operating Systems and Product configurations.
- Leveraging of cloud based technologies for false remediation.
- A revision of Risk Assessment criteria is underway.
What is McAfee going to do to prevent this from happening again?
- Nearly all of McAfee's 7,000 employees have been working around the clock to help customers get back to business as usual and to make sure this never happens again.
- McAfee is implementing additional QA protocols for any releases that directly impact critical system files. McAfee is rolling out additional capabilities in Artemis that will provide another level of protection against false positives by leveraging an expansive whitelist of critical system files and their associated cryptographic hashes.