Main › Microsoft Public Key Infrastructure 2015 (ERC-A9)

Microsoft Public Key Infrastructure 2015 (ERC-A9)

Microsoft Public Key Infrastructure 2015 (ERC-A9)

Main › Business Continuity Planning

Business Continuity Planning

Business Continuity Planning

Main › Information Security Metrics

Information Security Metrics

Information Security Metrics




  1. The Process of Auditing Information Systems
  2. Risk Based Auditing
  3. Audit Planning and Performance
  4. Reporting on Audit
  5. IT Governance and Management
  6. Strategic Planning and Models
  7. Resource Management
  8. Business Continuity Planning
  9. Systems Acquisition, Development and Implementation
  10. Systems Development Models
  11. Types of Specialized Business Applications
  12. Application Controls
  13. Information Systems Operations, Maintenance and Support
  14. System and Communications
  15. Hardware








CompTIA Security+ (Exam SY0-501) is the primary course you will need to take if your job responsibilities include securing network services, devices, and traffic in your organization. You can also take this course to prepare for the CompTIA Security+ certification examination. In this course, you will build on your knowledge of and professional experience with security fundamentals, networks, and organizational security as you acquire the specific skills required to implement basic security services on any type of computer network.

This course can benefit you in two ways. If you intend to pass the CompTIA Security+ (Exam SY0-501) certification examination, this course can be a significant part of your preparation. But certification is not the only key to professional success in the field of computer security. Today’s job market demands individuals with demonstrable skills, and the information and activities in this course can help you build your computer security skill set so that you can confidently perform your duties in any security-related role.


This course is targeted toward the information technology (IT) professional who has networking and administrative skills in Windows-based Transmission Control Protocol/Internet Protocol (TCP/IP) networks; familiarity with other operating systems, such as mac OS, Unix, or Linux; and who wants to further a career in IT by acquiring foundational knowledge of security topics; preparing for the CompTIA Security+ certification examination; or using Security+ as the foundation for advanced security certifications or career roles.




Domain 1:Security and Risk Management

1.1 Understand and apply concepts of confidentiality, integrity and availability

1.2 Apply security governance principles through:

1.3 Compliance:

– Legislative and regulatory compliance

– Privacy requirements compliance

1.4 Understand legal and regulatory issues that pertain to information security in a global context

1.5 Understand professional ethics

– Exercise (ISC)² Code of Professional Ethics

– Support organization’s code of ethics

1.6 Develop and implement documented security policy, standards, procedures, and guidelines

1.7 Understand business continuity requirements

– Develop and document project scope and plan

– Conduct business impact analysis

– Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)

– Organizational processes (e.g., acquisitions,divestitures, governance committees)

– Security roles and responsibilities

– Control frameworks

– Due care

– Due diligence

– Computer crimes

– Licensing and intellectual property (e.g., copyright, trademark, digital-rights management)

– Import/export controls

– Trans-border data flow

– Privacy

– Data breaches

1.8 Contribute to personnel security policies

1.9 Understand and apply risk management concepts

1.10 Understand and apply threat modeling

1.11 Integrate security risk considerations into acquisition strategy and practice

1.12 Establish and manage information security education, training, and awareness

– Appropriate levels of awareness, training, and education required within organization

– Periodic reviews for content relevancy

– Employment candidate screening (e.g., reference checks, education verification)

– Employment agreements and policies

– Employment termination processes

– Vendor, consultant, and contractor controls

– Compliance

– Privacy

– Identify threats and vulnerabilities

– Risk assessment/analysis (qualitative, quantitative,hybrid)

– Risk assignment/acceptance (e.g., system authorization)

– Countermeasure selection

– Implementation

– Types of controls (preventive, detective, corrective, etc.)

– Control assessment

– Monitoring and measurement

– Asset valuation

– Reporting

– Continuous improvement

– Risk frameworks

– Identifying threats (e.g., adversaries, contractors, employees, trusted partners)

– Determining and diagramming potential attacks (e.g., social engineering, spoofing)

– Performing reduction analysis

– Technologies and processes to remediate threats (e.g., software architecture and operations)

– Hardware, software, and services

– Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)

– Minimum security requirements

– Service-level requirements

Domain 2:Asset Security

2.1 Classify information and supporting assets (e.g., sensitivity, criticality)

2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)

2.3 Protect privacy

2.4 Ensure appropriate retention (e.g., media, hardware, personnel)

2.5 Determine data security controls (e.g., data at rest, data in transit)

2.6 Establish handling requirements (markings, labels, storage, destruction of sensitive information)

– Data owners

– Data processers

– Data remanence

– Collection limitation

– Baselines

– Scoping and tailoring

– Standards selection

– Cryptography

Domain 3:Security Engineering

3.1 Implement and manage engineering processes using secure design principles

3.2 Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)

3.3 Select controls and countermeasures based upon systems security evaluation models 3.4 Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)

3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)

3.7 Assess and mitigate vulnerabilities in mobile systems

3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT))

3.9 Apply cryptography

– Client-based (e.g., applets, local caches)

– Server-based (e.g., data flow control)

– Database security (e.g., inference, aggregation, data mining, data analytics, warehousing)

– Large-scale parallel data systems

– Distributed systems (e.g., cloud computing, grid computing, peer to peer)

– Cryptographic systems

– Industrial control systems (e.g., SCADA)

– Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)

– Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)

– Public Key Infrastructure (PKI)

– Key management practices

– Digital signatures

– Digital rights management

– Non-repudiation

– Integrity (hashing and salting)

– Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext)

3.10 Apply secure principles to site and facility design

3.11 Design and implement physical security

– Wiring closets

– Server rooms

– Media storage facilities

– Evidence storage

– Restricted and work area security (e.g., operations centers)

– Data center security

– Utilities and HVAC considerations

– Water issues (e.g., leakage, flooding)

– Fire prevention, detection and suppression

Domain 4:Communications and Network Security

4.1 Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)

4.2 Secure network components

4.3 Design and establish secure communication channels

4.4 Prevent or mitigate network attacks

– OSI and TCP/IP models

– IP networking

– Implications of multilayer protocols (e.g., DNP3)

– Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)

– Software-defined networks

– Wireless networks

– Cryptography used to maintain communication security

– Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices)

– Transmission media (e.g., wired, wireless, fiber)

– Network access control devices (e.g., firewalls, proxies)

– Endpoint security

– Content-distribution networks

– Physical devices

– Voice

– Multimedia collaboration (e.g., remote meeting technology, instant messaging)

– Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting)

– Data communications (e.g., VLAN, TLS/SSL)

– Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation)

Domain 5:Identity and Access Management

5.1 Control physical and logical access to assets

– Information

– Systems

– Devices

– Facilities

5.2 Manage identification and authentication of people and devices

5.3 Integrate identity as a service (e.g., cloud identity)

5.4 Integrate third-party identity services (e.g., on-premise)

5.5 Implement and manage authorization mechanisms

– Role-Based Access Control (RBAC) methods

– Rule-based access control methods

– Mandatory Access Control (MAC)

– Discretionary Access Control (DAC)

5.6 Prevent or mitigate access control attacks

5.7 Manage the identity and access provisioning lifecycle (e.g., provisioning, review)

– Identity management implementation (e.g., SSO, LDAP)

– Single/multi-factor authentication (e.g., factors, strength, errors)

– Accountability

– Session management (e.g., timeouts, screensavers)

– Registration and proofing of identity

– Federated identity management (e.g., SAML)

– Credential management systems

Domain 6:Security Assessment and Testing

6.1 Design and validate assessment and test strategies

6.2 Conduct security control testing

6.3 Collect security process data (e.g., management and operational controls)

6.4 Analyze and report test outputs (e.g., automated, manual)

6.5 Conduct or facilitate internal and third party audits

– Vulnerability assessment

– Penetration testing

– Log reviews

– Synthetic transactions

– Code review and testing (e.g., manual, dynamic, static, fuzz)

– Misuse case testing

– Test coverage analysis

– Interface testing (e.g., API, UI, physical)

– Account management (e.g., escalation, revocation)

– Management review

– Key performance and risk indicators

– Backup verification data

– Training and awareness

– Disaster recovery and business continuity

Domain 7:Security Operations

7.1 Understand and support investigations

7.2 Understand requirements for investigation types

7.3 Conduct logging and monitoring activities

7.4 Secure the provisioning of resources

7.5 Understand and apply foundational security operations concepts

7.6 Employ resource protection techniques

– Media management

– Hardware and software asset management

– Evidence collection and handling (e.g., chain of custody, interviewing)

– Reporting and documenting

– Investigative techniques (e.g., root-cause analysis, incident handling)

– Digital forensics (e.g., media, network, software, and embedded devices)

– Intrusion detection and prevention

– Security information and event management

– Continuous monitoring

– Egress monitoring (e.g., data loss prevention, steganography, watermarking)

– Asset inventory (e.g., hardware, software)

– Configuration management

– Physical assets

– Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems)

– Cloud assets (e.g., services, VMs, storage, networks)

– Applications (e.g., workloads or private clouds, web services, software as a service)

– Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust)

– Separation of duties and responsibilities

– Monitor special privileges (e.g., operators, administrators)

– Job rotation

– Information lifecycle

– Service-level agreements

– Operational

– Criminal

– Civil

– Regulatory

– Electronic discovery (eDiscovery)

7.7 Conduct incident management

7.8 Operate and maintain preventative measures

7.9 Implement and support patch and vulnerability management

7.10 Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis)

7.11 Implement recovery strategies

7.12 Implement disaster recovery processes

7.13 Test disaster recovery plans

7.14 Participate in business continuity planning and exercises

7.15 Implement and manage physical security

– Perimeter (e.g., access control and monitoring)

– Internal security (e.g., escort requirements/visitor control, keys and locks)

7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)

– Detection

– Response

– Mitigation

– Reporting

– Recovery

– Remediation

– Lessons learned

– Firewalls

– Intrusion detection and prevention systems

– Whitelisting/Blacklisting

– Third-party security services

– Sandboxing

– Honeypots/Honeynets

– Anti-malware

– Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation)

– Recovery site strategies

– Multiple processing sites (e.g., operationally redundant systems)

– System resilience, high availability, quality of service, and fault tolerance

– Response

– Personnel

– Communications

– Assessment

– Restoration

– Training and awareness

– Read-through

– Walkthrough

– Simulation

– Parallel

– Full interruption

Domain 8:Software Development Security

8.1 Understand and apply security in the software development lifecycle

8.2 Enforce security controls in development environments

8.3 Assess the effectiveness of software security

– Auditing and logging of changes

– Risk analysis and mitigation

– Acceptance testing

8.4 Assess security impact of acquired software

Main › CISRM) Certified Information System Risk Management

CISRM) Certified Information System Risk Management

CISRM) Certified Information System Risk Management


A minimum of 1 year of Information Systems

Student Materials:
  • Student Workbook
  • Student Reference Manual
  • Key Security Concepts & Definitions Book
Certification Exam:
  • Mile2 C)ISRM
  • Covers ISACA CRISC®
CPEs: 24
According to this course, you’ll have:
  • Certified by Mile2 Trainer, International Cyber Security Professional and practitioner
  • Authorized training materials
  • Friendly Placement Classroom
  • High Quality Classroom Equipment
  • The Best Catering
  • EXAM Voucher


  • Information System Security Officers
  • Risk Managers
  • Information Systems Owners
  • Info Security Control Assessors
  • System Managers
  • State & Local Government Risk Managers
  1. The Big Picture
  2. Domain 1 Risk Identification Assessment and Evaluation
  3. Domain 2 – Risk Response
  4. Domain 3 – Risk Monitoring
  5. Domain 4 – IS Control Design and Implementation

C)ISRM Part 1: The Big Picture

  • About the C)ISRM Exam
  • Exam Relevance
  • About the C)ISRM Exam
  • Section Overview
  • Part 1 Learning Objectives
  • Section Topics
  • Overview of Risk Management
  • Risk
  • Risk and Opportunity Management
  • Responsibility vs. Accountability
  • Risk Management
  • Roles and Responsibilities
  • Relevance of Risk Management Frameworks, Standards and Practices
  • Frameworks
  • Standards
  • Practices
  • Relevance of Risk Governance
  • Overview of Risk Governance
  • Objectives of Risk Governance
  • Foundation of Risk Governance
  • Risk Appetite and Risk Tolerance
  • Risk Awareness and Communication
  • Key Concepts of
  • Risk Governance
  • Risk Culture
  • Case Study
  • Practice Question 1
  • Practice Question 2
  • Practice Question 3
  • Practice Question 4
  • Practice Question 5
  • Acronym Review
  • Definition Review
C)ISRM Part II – Domain 1 Risk Identification Assessment and Evaluation
  • Section Overview
  • Exam Relevance
  • Domain 1 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • The Process
  • Describing the Business Impact of IT Risk
  • IT Risk in the Risk Hierarchy
  • IT Risk Categories
  • High Level Process Phases
  • Risk Scenarios
  • Definition of Risk Scenario
  • Purpose of Risk Scenarios
  • Event Types
  • Risk Scenario Development
  • Risk Registry & Risk Profile
  • Risk Scenario Development
  • Risk Scenario Components
  • Risk Scenario Development
  • Risk Scenario Development Enablers
  • Systemic, Contagious or Obscure Risk
  • Generic IT Risk Scenarios
  • Definition of Risk Factor
  • Examples of Risk Factors
  • Risk Factors— External Environment
  • Risk Factors— Risk Management Capability
  • Risk Factors— IT Capability
  • Risk Factors— IT Related Business Capabilities
  • Methods for Analyzing IT Risk
  • Likelihood and Impact
  • Risk Analysis Output
  • Risk Analysis Methods
  • Risk Analysis Methods—Quantitative
  • Risk Analysis Methods—Qualitative
  • Risk Analysis Methods—for HIGH impact risk types
  • Risk Analysis Methods
  • Risk Analysis Methods—Business Impact Analysis (BIA)
  • Methods for Assessing IT Risk
  • Identifying  and Assessing IT Risk
  • Definitions
  • Adverse Impact of Risk Event
  • Business Impacts From IT Risk
  • Business Related IT Risk Types
  • IT Project-Related Risk
  • Risk Components—Inherent Risk
  • Risk Components—Residual Risk
  • Risk Components—Control Risk
  • Risk Components—Detection Risk
  • Business Risk and Threats
  • Addressed By IT Resources
  • Identifying  and Assessing IT Risk
  • Methods For Describing
  • IT Risk In Business Terms
  • Case Study
  • Acronym Review
  • Definition Review
  • Domain 1 – Exercises
C)ISRM Part II Domain 2 – Risk Response 
  • Section Overview
  • Exam Relevance
  • Domain 2 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • Risk Response Objectives
  • The Risk Response Process
  • Risk Response Options
  • Risk Response Parameters
  • Risk Tolerance and Risk Response Options
  • Risk Response Prioritization Options
  • Risk Mitigation Control Types
  • Risk Response Prioritization Factors
  • Risk Response Tracking, Integration and Implementation
  • Process Phases
  • Phase 1—Articulate Risk
  • Phase 2—Manage Risk
  • Phase 3—React To Risk Events
  • Sample Case Study
  • Domain 2 – Exercise 1
C)ISRM Part II – Domain 3 – Risk Monitoring 
  • Course Agenda
  • Exam Relevance
  • Learning Objectives
  • Task Statements
  • Knowledge Statements
  • Essentials
  • Risk Indicators
  • Risk Indicator Selection Criteria
  • Key Risk Indicators
  • Risk Monitoring
  • Risk Indicator Types and Parameters
  • Risk Indicator Considerations
  • Criteria for KRI Selection
  • Benefits of Selecting Right KRIs
  • Disadvantages of Wrong KRIs
  • Changing KRIs
  • Gathering KRI Data
  • Steps to Data Gathering
  • Gathering Requirements
  • Data Access
  • Data Preparation
  • Data Validating Considerations
  • Data Analysis
  • Reporting and Corrective Actions
  • Optimizing KRIs
  • Use of Maturity Level Assessment
  • Assessing Risk Maturity Levels
  • Risk Management Capability Maturity Levels
  • Changing Threat Levels
  • Monitoring Changes in Threat Levels
  • Measuring Changes in Threat Levels
  • Responding to Changes in Threat Levels
  • Threat Level Review
  • Changes in Asset Value
  • Maintain Asset Inventory
  • Risk Reporting
  • Reporting Content
  • Effective Reports
  • Report Recommendations
  • Possible Risk Report Recipients
  • Periodic Reporting
  • Reporting Topics
  • Risk Reporting Techniques
  • Sample Case Study
  • Practice Question 1
  • Practice Question 2
  • Practice Question 3
  • Practice Question 4
  • Acronym Review
  • Definition Review
  • Domain 3 – Exercises
C)ISRM Part II Domain 4 – IS Control Design and Implementation 
  • Section Overview
  • Exam Relevance
  • Domain 4 Learning Objectives
  • Task Statements
  • Knowledge Statements
  • C)ISRM Involvement
  • Control Definition
  • Control Categories
  • Control Types and Effects
  • Control Methods
  • Control Design Considerations
  • Control Strength
  • Control Strength
  • Control Costs and Benefits
  • Potential Loss Measures
  • Total Cost of Ownership For Controls
  • Role of the C)ISRM in SDLC
  • The SDLC Process
  • The Systems
  • Development Life Cycle (SDLC)
  • ‘Meets and Continues to Meet’
  • SDLC
  • SDLC Phases
  • Addressing Risk Within the SDLC
  • Business Risk versus Project Risk
  • Understanding Project Risk
  • Addressing Business Risk
  • Understanding Business
  • and Risk Requirements
  • Understand Business Risk
  • High Level SDLC Phases
  • Project Initiation
  • Phase 1 – Project Initiation
  • Phase 1 Tasks
  • Task 1—Feasibility Study
  • Feasibility Study Components
  • Determining Feasibility
  • Outcomes of the Feasibility Study
  • Task 1—Define Requirement
  • Requirement Progression
  • Business Information Requirements (COBIT)
  • Requirements Success Factors
  • Task 3—Acquire Software “Options”
  • Software Selection Criteria
  • Software Acquisition
  • Software Acquisition Process
  • Leading Principles for Design and Implementation
  • C)ISRM Responsibilities
  • Key System Design Activities:
  • Steps to Perform Phase 2
  • Phase 2 – Project Design and Development
  • System Testing
  • Test Plans
  • Project Testing
  • Types of Tests
  • UAT Requirements
  • Certification and Accreditation
  • Project Status Reports
  • Phase 3 – Project Testing
  • Testing Techniques
  • Verification and Validation
  • Phase 4 – Project Implementation
  • Project Implementation
  • Implementation Phases
  • Phase 4 – Project Implementation
  • End User Training Plans & Techniques
  • Training Strategy
  • Data Migration/Conversion Considerations
  • Risks During Data Migration
  • Data Conversion Steps
  • Implementation Rollback
  • Data Conversion Project Key Considerations
  • Changeover Techniques
  • Post-Implementation Review
  • Performing Post-Implementation Review
  • Measurements of Critical Success Factors
  • Closing a Project
  • Project Management and Controlling
  • Project Management Tools and Techniques
  • Project Management Elements
  • Project Management Practices
  • PERT chart and critical path
  • PERT Attribute
  • Sample Case Study
  • Practice Question 1
  • Practice Question 2
  • Practice Question 3
  • Practice Question 4
  • Practice Question 5

Main › SCADA Security Fundamentals Theory

SCADA Security Fundamentals Theory

SCADA Security Fundamentals Theory

Main › ITIL® Service Operation (SO)

ITIL® Service Operation (SO)

ITIL® Service Operation (SO)


A 90-minute multiple-choice exam is included with the cost of the course.

For RAIL (live online instructor-led) sessions: The course will be in session on all three days (8:30am- approximately 5:00pm Central Time). After completing the course, you will take the exam through CSME at your convenience via an exam voucher. (Note: Exam Vouchers expire within 30 days of completion of the course). Upon registering, you will receive specific instructions on how to arrange for your exam. HP strongly recommends you take the exam within a few days of completing the course.


This 3-day course is designed for those involved in event management and monitoring, problem management and root cause analysis, and access management. The course also covers communication and stakeholder management, service desk organization, technical management, and application management. The course prepares attendees for the ITIL® Intermediate Qualification: Service Operation Certificate, one of the modules that leads to the ITIL® Expert Certificate in IT Service Management.

  • Hold the ITIL® Foundation Certificate in IT Service Management (or other appropriate earlier ITIL® and bridge qualifications)
  • A basic IT literacy and around 2 years IT experience are highly desirable
  • At least 21 contact hours (hours of instruction, excluding breaks, with an Accredited Training Organization (ATO) or an accredited e-learning solution), as part of a formal, approved training course/scheme
  • Complete at least 21 hours of personal study by reviewing the syllabus and the ITIL® Service Operation publication in preparation for the examination
  • Chief information officers (CIOs), Chief technology officers (CTOs), Managers, Supervisory staff, Team leaders, Service designers
  • IT architects, IT planners, IT consultants, IT audit managers, IT security managers
  • ITSM trainers involved in the ongoing management, co-ordination and integration of operation activities within the service lifecycle
  • Individuals who require a detailed understanding of the ITIL® service operation stage of the ITIL® service lifecycle and how it may be implemented to enhance the quality of IT service provision within an organization
  • IT professionals working within or about to enter a service operation environment and requiring an understanding of the concepts, processes, functions and activities involved
  • Individuals who have attained the ITIL® Foundation Certificate in IT Service Management and wish to advance to higher level ITIL® certifications
  • Individuals seeking the ITIL® Expert Certification in IT Service Management for which this qualification can be one of the prerequisite modules
  • Individuals seeking progress toward the ITIL® Master Certificate in IT Service Management for which the ITIL® Expert is a prerequisite

Candidates can expect to gain competencies in the following upon successful completion of the education and examination components related to this certification:

  • Introduction to service operation
  • Service operation principles
  • Service operation processes
  • Common service operation activities
  • Organizing for service operation: functions
  • Technology considerations
  • Implementation of service operation
  • Challenges, critical success factors and risks
  • Courses from the Lifecycle or Capability streams leading to the ITIL® Expert qualification
  • Identify the ITIL® lifecycle and the fundamental processes involved in Service Operation and how to integrate them into your business’ IT service model
  • Understand how IT and the Business can collaborate to improve overall productivity and efficiency
  • Learn how to move from a reactive relationship to a proactive relationship between IT and users

Introduction to Service Operation

  • The purpose, objectives and scope of service operation
  • The value to the business
  • The context of service operation in the ITIL® service lifecycle
  • The fundamental aspects of service operation and the ability to define them

Service Operation Principles

  • How an understanding of the basic conflict between maintaining the status quo and adapting to changes in business needs can lead to better service operation
  • Other service operation principles including: involvement in other lifecycle stages; understanding operational health; the need for good documentation and communication including a communication strategy
  • Service operation inputs and outputs

Service Operation Processes

  • The use, interaction and value of each of the service operation processes: event management, incident management, request fulfilment, problem management, and access management

Common Service Operation Activities

  • How the common activities of service operation are co-ordinated for the ongoing management of the technology that is used to deliver and support the services
  • How monitoring, reporting and control of the services contributes to the ongoing management of the services and the technology that is used to deliver and support the services
  • How the operational activities of processes covered in other lifecycle stages contribute to service operation
  • How IT operations staff should look for opportunities to improve the operational activities

Organizing for Service Operation

  • The role, objectives and activities of each of the four functions of service operation: service desk, technical management, IT operations management, and application management
  • Service operation roles and responsibilities, where and how they are used as well as how a service operation organization would be structured to use these roles

Technology Considerations

  • The generic requirements of technologies that support service management across all lifecycle stages
  • The specific technology required to support the service operation processes and functions

Implementation of Service Operation

  • Specific issues relevant to implementing service operation including: managing change in service operation; assessing and managing risk in service operation; operations staff involvement in service design and service transition
  • Planning and implementing service management technologies within a company

Challenges, critical success factors and risks

  • The challenges (e.g. engagement with staff outside service operation, justifying funding), critical success factors (e.g. management and business support, staff retention) and risks (e.g. loss of service) related to service operation

For more information about HP training programs in Ukraine visit the web site at