What is ITIL?

I am often asked “What in the world is ITIL?”  ITIL is Information Technology Infrastructure Library. Okay so what is that?  ITIL is the most popular approach to IT Service Management.  It gives us a framework of best practices to help us identify the services we need, then plan, deliver and support those services. What we are trying to do in ITIL is align our IT services with the needs of the business, making sure we are providing the right mix of services to meet the business needs in the most cost effective way. 

This approach works because it is based on tested practices that are used by successful companies not theory.   There is not just one way to apply ITIL, each organization adapts the practices to fit their needs.  

The framework is based around a five phase lifecycle and the best practices are laid out in the five core publications that align with the phases.  This lifecycle takes us from deciding on the services we need, to designing the services, building, testing, and implementing the service, to the day to day operations of delivering the services, and then to improving the processes. 

This is a very basic answer to the question and of course there is a lot more involved.  I will be exploring the return on investment and each phase of the lifecycle over the next few months.

-Sandy Bentch, Business IT Expert

Taking On Microsoft's Lync Certification!

As a technical instructor, we are often challenged to take on and learn new technologies. For a Microsoft Certified Trainer, there are additional challenges – we have to earn our certification in those technologies before we can step into the classroom and share what we have learned.

Over the course of the past year, I’ve decided to tackle Microsoft Lync 2010. It seemed to be a good fit for me, as I spend a lot of time working in the messaging space with Microsoft Exchange 2010, and Lync integrates with Exchange. The other side of it is the fact that Lync evolved out of components that were part of Exchange back in the early days (pre-Active Directory), so that reinforced my resolve.

There are two exams to earn one’s MCITP:Microsoft Lync Certification. The first step is to become Microsoft Certified Technology Specialist for Lync by passing the TS: Microsoft Lync Server 2010, Configuring exam (70-664).  The second best piece of advice I can offer regarding this exam is to spend time with the product and the Lync 2010 Resource Kit. Specific to the exam, however, the best advice is to thoroughly ingest every article mentioned in Enrique Lima’s study guide for the Lync exam.

After you punch your ticket on 70-664, you’ll ramp up for the 70-665 exam. Once again, my old friend Enrique has another unofficial prep guide, and this one is a two parter: part one can be found here, and part two here.

Feel free to shoot me a line about any other questions you might have with Lync certification. Lync is one of Microsoft’s hottest properties right now, and the need for knowledgeable, certified professionals is on the rise.

Bob Reinsch

breinsch@centriq.com

Latest Security Events - Two Different Issues, Same Result

In the past week 2 companies have been hit with security breaches regarding unauthorized access. Although both incidents are different in the mode of attack the outcome is still the same, unauthorized access causing downtime and loss of integrity in a system which in the long run will have more of a financial impact.

First Lockheed Martin is hit with authorized access surrounding the use of remote server access by employees using RSA token system. Right now Lockheed Martin is reporting that a remote server was hacked into and that the hacker gained access to a system by possibly using an RSA token. This is significant because RSA in March reported a security breach and that possibly tokens were stolen. Could a hacker have used a stolen token to access Lockheed Martin or could a Lockheed Martin employee token been stolen and used to gain access? The answer is not clear and we may never know. However swift action by Lockheed Martin's cyber-security unit prevented any more unauthorized access or breach of data.

Second, PBS reported thier website was defaced by hackers because of the airing of the "Wiki Leaks story" last week. The hacking group claimed they were upset over the show and decided to show PBS the power of a hacking group. The website was restored and new security measures were added to prevent this type of attack in the future.

So what do these two different security breaches have in common? Both show what happens when "a threat + a vulnerablity = a breach." It can be assumed that Lockheed Martin, the largest supplier of military airplanes, has very good security. PBS, well since they are a non-profit company, they might not have the tightest security. Both Lockheed and PBS remind us that no matter what your company, vulnerabilities have to be addressed or eventually your company will either have a major disruption or downtime.

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom