The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps Paperback – Jun 15 2005
|New from||Used from|
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
What Other Items Do Customers Buy After Viewing This Item?
Most Helpful Customer Reviews on Amazon.com (beta)
Simply put, Visible Ops provides four simple steps to stop the IT insanity. The book offers a quote attributed to Albert Einstein on p 42: "Insanity is doing the same thing over and over, and expecting a different result." Many organizations have unintentionally embraced this concept, continuing to pursue the same broken administration techniques and wondering when they will ever stop fighting fires. The Visible Ops process is the answer they have been pursuing.
My favorite aspect of the book is its narrative examples. These contain quotes by real administrators and managers and address problems like "the DHCP server, running on a DNS server, built four years ago by a college intern, that no one touches nor understands." Another similarly amusing (and sad) section presents seven steps in the "spectrum of change" on p 36. This ranges from the poor end, like "Oblivious to Change: 'Hey, did the switch just reboot?'" and "Aware of Change: 'Hey, who just rebooted the switch?'" to the most mature option, "Managing Change".
In terms of the booklet's advice, I found it rock solid, especially this recommendation: when a problem occurs, don't log into the infrastructure and begin troubleshooting. Rather, check to see who made the last configuration change. Since "80% of IT and system outages are caused by operator and application errors," and not intruders, those confronting an incident should always begin by looking at themselves, and not outside "hackers."
I also found Appendix A, Preparing for Audits, to be a succinct and helpful look at the worldview of the auditor. The "Controls 101" section described preventative, detective, and corrective controls, which reminded me of the protection, detection, and response phases of the security process. Advice on p 70 also made sense in light of the debate over intrusion detection systems vs "intrusion prevention systems": "Document your preventative controls, and have detective controls in place to show they work." If your IPS is both a preventative and detective control, how do you check when it has failed?
I found few reasons to dislike Visible Ops, but I had enough issues to give only four stars. First, the book needs to be printed in a bigger form factor. The problem with Visible Ops is that its small size (5x7) reduces some of the fonts used in various tables to be almost illegible. Second, the booklet is too internally repetitive. This is especially true in the appendices, where points continue to reappear.
Third, I fear that the book, along with all those taking an audit-centric approach to security, sees controls as the be-all, end-all of the security process. It seems too much attention is paid to preventing incidents, with not enough resources devoted to detection and response. Corrective controls, for example, do not receive the attention they deserve. Rebuilding from bare metal is the recovery action of choice in Visible Ops, but rebuilding another vulnerable server strays towards the definition of insanity mentioned earlier.
Overall, I recommend everyone associated with IT, security, operations, and audit read Visible Ops. The booklet is small enough to read in a few hours, since the main material and Appendix A ends on p 73. I look forward to more extensive materials from this excellent team of authors.
Great, clear, concise reading. A MUST.
President, Phoenix Businsess & Systems Process, Inc.
John P. Withington
Vice President - Information Systems Audit
I like the emphasis on change and release management, which (to me) is the keystone for ITIL. I also like how the steps have clear objectives that can be measured, as well as exit criteria to assure that each step is completed before moving to the next.
This is not a comprehensive book on implementing ITIL, but a starting point. More importantly, the approach set forth in the book will significantly improve the operational process capabilities of most IT organizations regardless of whether implementing ITIL is a goal.
Additional information about the book and the approach can be found on the authors' site. You can get to the site by pasting the ISBN number - B00006CNEY - into the search box, selecting all products, and clicking the GO button.
This book is a welcome and important addition to the ITIL body of knowledge because it cuts through to the essentials and provides you with a clear path to getting started.