The purpose of ISM is to ensure that ___ meets the requirements of the overall ___
IT Security
Business security
Service time is the agreed ___ also known as ___
Service hours
Uptime
Availability is the ability of a service to perform its agreed ___ when ___
Function
Required
A repository for all availability management reports, plans, etc is called a ____.
This repository is apart of the___
Availability management information system
SKMS
The objectives of availability management include doing what it takes to meet ___ and ___ availability requirements
Current
Future
Downtime is an ____ to service during ___
Unplanned interruption
Service hours
What is the equation for maintainability/MTRS
Maintainability (MTRS in hours) =
Total downtime in hours
/
Number of service breaks
Low value, low risk suppliers of standard services which can be easily sourced elsewhere are ___ suppliers
Commodity
VBF stands for
Vital business function
What is the equation to calculate availability
Availability % =
Agreed Service Time (AST) - Downtime
/
AST
*100
Serviceability is the ability for a ___ to meet the ___ of its ___
3rd party supplier
Terms
Contract
The objective of ISM is to ___ the interest of those relying on information, and the systems and communications that deliver the information, from harm resulting from failures of __, ___, and ___
Protect
Confidentiality
Integrity
Availability
Resilience is the concept of having a ___ that does not result in service ___
Failure
Downtime
Middle level managers are responsible for managing relationship with ___ suppliers though regular service reviews
Tactical
Maintainability is how ___ the fault in a service can be ____
Quickly
Overcome
Information security provides the ___ for security activities
Strategic direction
Suppliers assessed as medium value and medium risk are ___ suppliers
Tactical suppliers
Resilience through redundancy is the use of one or more additional configuration items to provide ___
Fault tolerance
ISM is the identification and mitigation of ___ to the __ of the organization’s ___
Risks
Security
Information
Maintainability is measured as the ___
Mean time to restore service (MTRS)
The purpose of availability is to meet the ___ defined in the SLA
Availability requirements
ISM stands for
Information security management
Reliability is ___ a service can perform agreed function without ____
How long
Interruption
Developing a strategy for service continuity, based on this business impact analysis and the risk management actions and aligned to the business continuity strategy, is a major part of the ___ process
ITSCM process
The scope of availability management is all operational services and technology except what?
Business continuity management
IT service management
The system where information security policies are stored is the __
Security management information system (SMIS)
Suppliers with relatively low impact are ___ suppliers
Operational
Reliability is measured by this: ____
MTBF - mean (avg) time between failures
Suppliers who are assessed as high value and high risk are ___ suppliers
Strategic
Best way to categorize a supplier is based on assessing the ___ and ___ from using the supplier and the __ and ___ of its services to the business
Risk
Impact
Value
Importance
The scope of ISM includes both ___ aspects and ___ aspects
Physical aspects
Technical aspects
Relationship between the business and a strategic supplier could be coined as ___
Partnering
A _____ is a system keeps supplier policies and all information regarding suppliers and contracts
Supplier and Contract Management information system (SCMIS)
SCMIS stands for
Supplier and Contract Management information system
Supplier management is the process responsible for obtaining __ for __ from suppliers
Value
Money
Operational suppliers are managed by
Junior managers
Senior level management are responsible for __ suppliers
Strategic
Relationship with tactical suppliers involve significant ___ activity
Commercial activity
Businesses and strategic suppliers share ___ to enable long term cooperation
Confidential information
Suppliers can be categorized into what 4 categories?
Strategic
Tactical
Operational
Commodity
The information security policy should cover __ of __
All areas of security
___ suppliers require little management
Commodity
Capacity Management is responsible for ensuring capacity of ___ and the ___ is able to meet agreed current and future capacity and performance needs in a cost effective and timely manner
IT services
IT Infrastructure
The purpose of capacity management is to understand the current and future capacity needs of a service and to ensure the service and its ___ are able to deliver to this level
supporting services
The objectives of capacity management are met by the development of a detailed plan that states what 3 things?
- The current business requirements
- Expected future requirements
- The actions that will be taken to meet these requirements
Those responsible for capacity management will review any issues that arise and help resolve any incidents or problems that are the result of _____
insufficient capacity
The capacity management process is responsible for ensuring ___ at all times
sufficient capacity
Capacity management should ensure that as ___ for the service falls, the capacity provided for that service is also reduced
demand
Capacity Management is responsible for ensuring capacity of IT services and the IT infrastructure is able to meet agreed ___ and ____ capacity and performance needs in a cost effective and timely manner
current
future
Capacity Management includes __ aspects of a service provision and therefor may involve __, ___, and ___ functions
all
technical
applications
operations management
Capacity Management also includes ___ resources.
Although ___ is an line management responsibility, the calculation of ___ in this area is also a part of the capacity management process
- staff resources
- staffing
- resource requirements
Capacity management also involves monitoring ___ of ___
patterns of business activity
Capacity Management is responsible for ensuring capacity of IT services and the IT infrastructure is able to meet agreed current and future ___ and ___ needs in a cost effective and timely manner
capacity
performance
To draw up the capacity plan, you must understand the ___ requirements of the business. ___ is therefore a subprocess of the overall capacity management process
- future
- business capacity management
The aim of the business capacity management subprocess of capacity managment is to calculate what the ___ and ___ mean for the ___
business plan
forecast
infrastructure
Capacity Management also involves monitoring the patterns of business activity to understand how well the __ is meeting the demands upon it
infrastructure
Capacity Management subprocesses:
- Business capacity management
- Service Capacity management
- Component capacity management
Service Capacity management means the ___ requirements of each of the live services must be understood and monitored to check how well the service is performing
- service level
The most technical aspect of capacity management is ___
component capacity management
Service Capacity management involves understanding how the use of individual ___ may vary over time
live services
Component capacity management is most likely to be carried out by the ___ staff
technical management
Component capacity management requires a detailed understanding of __ of the __ that make up the end to end service and their individual capabilities and utilization
all
components
All of the information gathered in the capacity management stage is stored in the ____ system
capacity management information (CMIS)
Capacity management works with the business to understand its current and future business needs and investigate future technical developments that may be able to help provide capacity more cheaply
This information will be used to draw up the ___
capacity plan
The capacity plan is an __ from the capacity management process.
It captures the current and future ___ and proposes how these should be met
output
requirements
CMIS stands for ___
capacity management information system
The capacity plan should cover __ to __ months ahead so that planned expenditure can be included in the negotiation of the IT budget.
This requires ____ to be made and they should be stated in the plan
12 to 18 months
assumptions
The capacity plan should contain an introductory section explaining the current ___ and its ___ and any ___ capacity issues
infrastructure
performance
current
The capacity plan should consider a number of ___ based on being reasonable possible outcomes
possible scenarios
The capacity plan should examine the current capacity ___ of each service, how these are met, and the ___ for ___ capacity requirements, based on the ___
demands
forecast
future
scenarios
The capacity plan should recommend a particular ___
approach
The capacity plan is stored in the ___
capacity management information system (CMIS)
A service delivers value only when it is ___ to use
available
ITSCM stands for
IT service continuity management
There is a requirement of the ___ to have a plan to recover from a catastrophic event that could prevent it from being delivered at all in a timescale and cost that meets the business requirement
IT Service provider
The business itself should have a ____ process with a ___ plan in place to ensure they can minimize the impact of a catastrophic event and recover from it
business continuity management process
business continuity plan
Ensuring IT service continuity is an essential element of the ___ of the service
warranty
ITSCM is responsible for the ___ of the IT services required by the business
continuity
BCM stands for
business continuity management
The IT service continuity management process is responsible for __ and managing the risks to the IT services, agreeing with the business what the ___ requirement for the service would be in the event of a disaster, and ensuring that this agreed level can be ___.
identifying
minimum
provided
The ITSCM, a human resources continuity plan, a financial management continuity plan, a building management continuity plan, and so on make up
BCM plan
An objective of the the ITSCM process is to ___ the chance of a disaster occurring at all by identifying the risks to IT services and implementing cost-effective ____ to reduce or remove the risk
reduce
countermeasures
ITSCM should develop a number of __ to provide acceptable level of IT services for various ___
plans
scenarios
The IT service continuity management process is responsible for identifying and managing the ___ to the IT services, agreeing with the business what the __ requirements for the service would be in the event of a disaster, and ensuring that this agreed level can be provided
risks
minimum
Service continuity requirements may change over time, so ITSCM must carry out ___ to determine the continuity plan still fits the requirement or must be changed
business impact analysis
Risks to the IT services may change over time so ITSCM must conduct ___
risk assessments
When ITSCM solutions involve the use of services supplied by external third-party suppliers, ITSCM will work with __ to ensure the necessary contracts are negotiated and agreed
supplier management
BIA stands for
business impact analysis
ITSCM focus is on major events that have a catastrophic ___ on the service provider’s ability to provide services
impact
ITSCM is not concerned with service ___, those are handled through the incident management process
interruptions
ITSCM does not get involved with managing __ as a result of business changes
risks
The scope of the ITCM process includes agreeing on the policies and the services to be included in the ___, carrying out ___, and assessing and managing likely ___.
plans
business impact analysis (BIA)
risks
MTBF is the average ___ or the average___
Time between failures
Uptime
The ITSCM lifecycle has 3 phases:
- Requirements and strategy
- Implementation
- Ongoing operation
- Business impact analysis
- Risk assessment -
- IT service continuity strategy
Are all apart of what stage of the ITSCM lifecycle?
Requirements and strategy
The purpose of the ___ process is to carry out the coordination of the many different activities (availability, security, continuity, capacity) of service design.
design coordination
- Education, awareness and training
- Review and audit
- Testing
- Change management
Are all apart of what stage of the ITSCM lifecycle?
Ongoing operation
The many different processes involved in service design are all potential sources of conflict. Design coordination provides a ___ to avoid complications and misunderstandings
single point
The objectives of the design coordination process include ensuring that all aspects of the design, including the ___, ___, and ___ are designed to provide the utility and warranty of the service to a level that meets the business requirement now and in the future.
architecture
processes
metrics
- Develop IT service continuity plans
- Develop IT plans, recovery plans and procedures
- Organization planning
- Risk reduction and recovery implementation
- Initial testing
Are all apart of what stage of the ITSCM lifecycle?
Implementation
___ ensures the resolution of conflicting demands of service design
design coordination
Design coordination covers all the various activities in design and ensures ___ across them.
consistency
ITSCM is not concerned with service interruptions those are handled through the ___ process
Incident management