Answer:- ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including selection, implementation, and management of controls, taking into consideration the organization’s information security risk environment(s). It is designed to be used by organizations that intend to: • Select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001 • Implement commonly accepted information security controls • Develop their independent information security management guidelines

Answer:- • Service Portfolio: It defines services provided by service providers across the market and all customers. The objective of ITIL Service Portfolio Management is to manage the Service Portfolio. Service Portfolio Management ensures that the service provider has the right mix of services to meet the required business outcomes at an appropriate level of investment. • Service Catalogue is a subset of Service Portfolio. Services ready to be offered to customers are listed in this catalog. An IT Service Catalog is a list of available technology resources and offerings within an organization. • Service Pipeline consists of services under development. It is a great opportunity to view the direction of a service provider’s growth as it discusses and includes the future services that are currently under development by the service provider.

Answer:- • The ITIL v2 library was organized into seven core books: (i) Service Support (ii) Service Delivery (iii) ICT Infrastructure Management (iv) Planning to Implement Service Management (v) Application Management (vi) Business Perspective (vii) Security Management • On the other hand, ITIL v3 is now organized into just five books: (i) Service Strategy (ii) Service Design (iii) Service Transition (iv) Service Operation (v) Continual Service Improvement • Basically, the v2 process areas have been logically grouped into a phased life cycle approach • In contrast to ITIL v2, ITIL v3 clearly defines the roles and responsibilities in each process and reasons the role of communication in the entire life cycle.

Answer:- Different knowledge management systems are given below. • CMIS (Capacity Management Information System): CMIS is a collection of IT infrastructure usage, capacity, and performance information that is gathered in a consistent manner and stored in one or more databases. It is a single book of records of IT infrastructure usage, capacity, and performance data, complete with associated business, application, and service statistics. Any IT staff who needs access to capacity management data can potentially use a CMIS. • AMIS (Availability Management Information System): It is a virtual repository of all Availability Management data, usually stored in multiple physical locations. • KEDB (Known Error Database): A known error is a problem that has a documented root cause and a workaround. Known errors are managed throughout their life cycle by the Problem Management process. The details of each known error are recorded in a Known Error Record stored in the Known Error Database (KEDB). • CMDB (Configuration Management Database): CMDB is a database that contains all relevant information about the components of the information system used in an organization’s IT services and the relationships between those components. CMDB provides an organized view of data and a means of examining the data from any desired perspective. Within this context, components of an information system are referred to as configuration items (CIs). A CI can be any conceivable IT component, including software, hardware, documentation, and personnel, as well as any combination of them. The processes of configuration management specify, control, and track configuration items and any changes made to them in a comprehensive and systematic fashion. • DML (Definitive Media Library): DML is a secure compound in which the definitive, authorized versions of software package configuration items (CIs) are stored and protected. It consists of one or more software libraries or file-storage areas referred to as repositories. • SKMS (Service Knowledge Management System): ITIL Knowledge Management aims at gathering, analyzing, storing, and sharing knowledge and information within an organization. The primary purpose of Knowledge Management is to improve efficiency by reducing the need to rediscover knowledge.

Answer:- • MOF: Microsoft Operations Framework (MOF) is a series of 23 documents that guide IT professionals through the processes of creating, implementing, and managing efficient and cost-effective services. • Hewlett Packard (HP ITSM Reference Model): This model is a significant tool useful in presenting and describing several management processes, inter-process relationships, and business linkages that IT needs to put in place for successful development, deployment, and support of services in the e-world. • IBM (IT Process Model ): This is an industry template that enables you to define common business processes and services across the enterprise. The software consists of a set of business process models and service definitions to support core system renewal and integration projects.

Answer:- Availability % = (Available service time – downtime)/Available service time It is used to ensure that all IT services are available and are functioning correctly whenever customers want to use them in the framework of SLAs in force.

Answer:- The two service management processes are Availability Management and IT Service Continuity Management. ITIL Availability Management aims at defining, analyzing, planning, measuring, and improving all aspects of the availability of IT services. Availability Management is responsible for ensuring that all IT infrastructure, processes, tools, roles, etc. are appropriate for the agreed availability targets. IT Service Continuity Management (ITSCM) aims at managing risks that could seriously impact IT services. ITSCM ensures that the IT service provider can always provide the minimum agreed service levels, by reducing the risk from disaster events to an acceptable level and planning for the recovery of IT services. ITSCM should be designed to support Business Continuity Management.

Answer:- The PDSA cycle is a systematic series of steps for gaining valuable learning and knowledge for the continual improvement of a product or process. Also known as the Deming Wheel or Deming Cycle, the concept and application of the PDSA cycle was first introduced to Dr. Deming by his mentor, Walter Shewhart of the famous Bell Laboratories in New York. the four phases of the plan-do-check-act cycle are as follows: • Plan: Identifying and analyzing the problem • Do: Developing and testing a potential solution • Check: Measuring how effective the test solution was and analyzing whether it could be improved in any way • Act: Implementing the improved solution fully

Answer:- Information security policies are the documented business and technical rules for protecting an organization from information security risks faced by its business and technical infrastructure. These written policy documents provide a high-level description of various controls, which the organization will use to manage its information security risks. The information security policy documents are also considered to be a formal declaration of the management’s intent to protect its information assets from relevant risks. In specific cases, the policies are supported by information security procedures that identify key activities required to implement relevant information security policies.

Answer:- A balanced scorecard is a strategic planning and management system that is used extensively in business, government, and nonprofit organizations worldwide to align business activities to the vision and strategy of an organization, improve internal and external communications, and monitor the organization’s performance against its strategic goals.

Answer:- The Operational-level Agreement (OLA) is a contract that defines how various IT groups within a company plan to deliver a service or a set of services. OLAs are designed to address and solve the problem of IT silos by setting forth a specific set of criteria and defining a specific set of IT services to be performed by each department. It should be noted that the term ‘Service Level Agreement’ (SLA) is used in many companies while discussing the agreements between two internal groups. However, according to the Information Technology Infrastructure Library (ITIL) framework for best practices, this type of internal contracts is better known as Operational-level Agreement.

Answer:- Capacity Management is responsible for ensuring that the organization is aware of new and changing technologies. It is the discipline that checks and verifies that IT infrastructure is provided at the right time in the right volume at the right price, with utmost efficiency. This requires inputs from many areas of the business to identify what services are (or will be) required, what IT infrastructure is needed to support these services, what level of contingency will be needed, and what the cost of this infrastructure will be.

Answer:- IT Service Continuity is a subset of Business Continuity Planning (BCP) and encompasses both IT disaster recovery planning and wider IT resilience planning. It also incorporates those elements of IT infrastructure and services that relate to (voice) telephonic and data communications. It is a systematic process to prevent, predict, and manage Information and Communications Technology (ICT) disruption and incidents, which have the potential to disrupt ICT services, and it should result in a more resilient IT service capability aligned to wider organizational requirements.

Answer:- It is known as Post-implementation Review (PIR). PIR is an assessment and review of the complete working solution. It will be performed after a period of live running, sometimes after the project is completed. The Post-implementation Review is used to evaluate the effectiveness of the system development after the system has been in production for a specific period of time (usually 6 months). It is a free-form report, and not all sections of it are relevant or necessary to the final product. A description of the Post-implementation Review report is always produced.