For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone
Note: ® ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.
The Itil Community Forum: Forums
ITIL :: View topic - Incident team declares "service restores" but i di
Joined: Mar 04, 2008 Posts: 1883 Location: Newcastle-under-Lyme
Posted: Tue Mar 22, 2011 2:13 am Post subject:
Boris,
this is where I'm supposed to cringe because you have taken the moral high ground of the "real world" and I should quickly reassure everybody that I too subscribe to "service is king".
In case I have not made myself clear, I am not disputing that it was correct to restore service with the chosen workaround, I am questioning whether the organization collectively knew that it was correct at the time it did it, or, to put it another way, whether the management system is sufficiently robust to protect service.
The difference between
"appropriate resolutions would not include anything that adversely impacts online service"
and
"appropriate resolutions would not include anything that adversely impacts system security"
is one of context. And the reality is that balance is required.
Had this incident been dealt with appropriately, then the security team would have been focussing on the problem resolution much in the way that John suggested, rather than breathing down the problem manager's neck and the problem manager would already be overseeing/co-ordinating this activity.
The serial approval described is not certain to be "appropriate" because tentative decisions gather momentum and this distorts risk assessment in areas subsequently considered. _________________ "Method goes far to prevent trouble in business: for it makes the task easy, hinders confusion, saves abundance of time, and instructs those that have business depending, both what to do and what to hope."
William Penn 1644-1718
Joined: Mar 10, 2008 Posts: 402 Location: Sunderland
Posted: Tue Mar 22, 2011 3:23 am Post subject:
Diarmid wrote:
Boris,
this is where I'm supposed to cringe because you have taken the moral high ground of the "real world" and I should quickly reassure everybody that I too subscribe to "service is king".
In case I have not made myself clear, I am not disputing that it was correct to restore service with the chosen workaround, I am questioning whether the organization collectively knew that it was correct at the time it did it, or, to put it another way, whether the management system is sufficiently robust to protect service.
The difference between
"appropriate resolutions would not include anything that adversely impacts online service"
and
"appropriate resolutions would not include anything that adversely impacts system security"
is one of context. And the reality is that balance is required.
Had this incident been dealt with appropriately, then the security team would have been focussing on the problem resolution much in the way that John suggested, rather than breathing down the problem manager's neck and the problem manager would already be overseeing/co-ordinating this activity.
The serial approval described is not certain to be "appropriate" because tentative decisions gather momentum and this distorts risk assessment in areas subsequently considered.
Maybe I just don't like Security guys
The best of them are reasonable human beings but most of them are officious twits
All times are GMT + 10 Hours Goto page Previous1, 2
Page 2 of 2
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
