by Ajwad Zayani 11 days ago
72
More like this
Deliver
Obtain
Design
Enhance
Immerse
Plan
any change of state notified from monitoring tools
Event Categories
Exception
Warning
Informational
ITIL Event Template
Management Implication
Signifiance
What Changes
Event Name
Metrics
Inefficient Incident Response Processes
Undefined roles, lack of clear procedures, poor communication delay responses, leading to higher MTTR
Quality vs Speed
Rushing MTTR without qualitative repairing leads to recurring problems, increasing MTTR overtime
Compliance and Risk Management
Lower MTTR helps with compliance and regulations
Cost Savings, Productivity
Reducing MTTR lowers downtime > ^ cost savings and productivity
Mean Time To
Recovery
Respond
Resolve: resolve root cause issue (RCI)
Repair
unplanned interruption to service
Incident Response
Incident Prioritization
Priority Matrix
Incident Categorization
type, impact, affected systems
Incident Logging
IT svc mgmt sys
Incident Identification
user reported? disruption to IT svcs?
cause
Post-Incident Review (PIR)
References?
Next Steps
Remedies & Mitigations
Incident Description
Incident Overview
Error Control
managing known errors
implement fixes if justified
Re-evaluate known errors periodically to check impact, solution availability, workaround effectiveness
Assess cost, risk, benefits of fix implementation
Find Permanent Solutions
Problem Control
analyse problems and root causes
Timeline Analysis
Reporting & Improvements
Look for Patterns
Timeline Construction
Data Collection
document known errors for future ref/quick resolution
create workarounds
investigate causes, consider all factors
prioritize by risk, impact probability
Problem Identification
Feedback from suppliers, partners, internal teams
Insights from major Incident Management
Reports from users, svc desks, technical staff
Trend Analysis
Change Plans
Post-Change
Immediate Readiness
Support Team / Infrastructure & Security Teams / Customer-Facing Staff / Business Process Owners
Post-Implementation Cleanup & Documentation
Finalizing Change Implementation: Documentation & Compliance: Update tracking sheets to reflect latest system changes / Ensure approvals are obtained / confirm documentation is accurate and up-to-date
Technical Cleanup: remove temporary/redundant files / delete all testing data / verify no outdated configurations
Mid-Change
Rollback Scenarios
Security Breach/Compliance Risks
Performance Degradation
Critical System Failure
Minor Functional Issues
Key Steps
Sign-Off & Handover
Execute the Change
Backup & Pre-Implementation Checks
Pre-Change
People
Change Requester / Change Manager / CAB / Technical Approvers?Subject Matter Experts / Change Coordinator / Service Owner / Release Manager / IT Operations & Service Desk
Go Criteria
Implementation Readiness (implementation plan / rollback/ backup strat)
Training & Communication
Approvals & Governance
When?
Testing & Validation
Resource Availability
Compliance & Security Considerations
Change Windows & Maintenance Periods
Risk Assessment & Approval
Business Impact & DownTime Low
ISO 25010
Compatibility
Functional Suitability
software meets functional req
Usability
ease of use, user satisfaction
Performance Efficiency
optimize resource usage for better speed
Maintainability
easily updated, fixed, improved
Portability
transferred smoothly across diff environments
Security
protect data from unauthorised access
Reliability
perform consistently under given conditions
Non-Functional Requirements
Reliability Examples: System Stability, Data Integrity, Backup and Recovery, Fault Tolerance
Security Examples: Data Encryption, Authentication, Data Privacy, Vulnerability Management
Ensure Works Efficiently And Securely
System Qualities (Reliability, Speed, Security)
Functional Requirements
Use Cases
What System Must Achieve
Release, collection of collection that are grouped together and deployed into production as a unit
Agile/DevOps/DevSecOps
Under Sustainability: Recommendations
Monitor Stage: Continuously track energy consumption and emissions using monitoring tools
Deploy Stage: Select cloud regions with lower carbon intensity for deployment
Build & Test Stages: Use tools to measure and minimize energy use during testing
Code: Write optimized, lightweight code using green software patterns
Plan: energy-efficient languages/frameworks
Shift-Left Security Benefits
Security vulnerabilities cost 6x less when found in development vs testing, 15x less than in production
Security defects found during development cost 30x less than those in production
Automated Detection Impact
Defect in Production: 15-100x
Defect caught in QA 5-10x
Defects caught in peer review: 2-3x
Defects caught by automated testing: 1x
Risk of feature sprawl without backlog management
Steep learning curve, requires specialised expertise in automation and practice
Complicated to manage multiple release streams
Integrated Security throughout Development Lifecycle
Adaptive Flexibility, Respond Quickly To New Requirements
Rapid delivery through small, frequent releases
Gradual Enablement: new functionality activated at later points after code deployment
Post-Deployment Activities: significant release management occurs after deployment
Iterative Process: software deployed in small increments
Cross functional teams make autonomous decisions about changes (automated pipelines replace manual approvals)
Prioritize speed of delivery and adaptability over comprehensive upfront planning
Traditional/Waterfall
Cost Analysis
Cost of fixing defects increases exponentially as they progress through development phases (requirements to design, coding, testing, production)
Challenges
Risk of misaligned deliverables if requirements change
Delays delivering value to users
Inflexibility to any changes after planning
Benefits
Minimal Scope Creep (well-defined project boundaries)
Thorough Documentation (complliance/regulatory requirements)
Clear Structure and Predictable outcomes
All-at-Once Delivery: new functionality available immediately upon deployment
Upfront Planning: Most work occurs before deployment with detailed plans
Sequential Process: release management and deployment management combined into 1 process
CAB approves all changes, release manager creates and executes detailed release plan
work over speed of delivery
Execution of moving a release to production in controlled manner
Approaches
Continuous Delivery
components integrated, tested, deployed as needed / frequent feedback loops from users, incremental improvements / DevOps environments using auto toolchains for CI/CD / responsive adaptation to new requirements with distributed risk across smaller deployments
Push Deployment
components auto deployed to all target users / standardization and consistency across all environments / automatic security patches pushed to all corporate devices (vulnerability) / uniform deployment but less user flexibility, may disrupt if there are issues
Pull Deployment
new software available in controlled repo / exclusive or not all users need it at the same time / optional software available through svc portal / empower users but may lead to inconsistent environments and version control issues
Phased Deployment
deploy to part of production environment at a time / controlled rollout to limit potential issues and contain impact / roll out new software to users in one offce or country / lower risk but longer implementation
Big Bang Deployment
deploy to all targets at once / used when dependencies are incompatible between old and new components / database schema changes incompatible with prev versions / higher risk but faster complete implementation
Security Triad
Trends
DevSecOps: (C) Early identification of confidentiality vulnerabilities / (I) Automated integrity checks throughout development / (A) Improved system resilience
Quantum Computing: (C) Enables quantum encryption / (I) Offer new integrity verification / (A) Faster processing and recovery
AI Integration: (C) Enhanced threat detection / (I) improved data validation / (A) Better prediction
Availability: ensure info is reliably accessible when needed
Integrity: maintain accuracy, consistency, trustworthiness of data
Confidentiality: data accessible to only authorised
