Some years ago, I described ITIL - the Information Technology Infrastructure Library, an excellent resource for best practices in IT service management and operations. Other ITIL resources include a public discussion site and many documents and certifications which are described on the official site and the public site.

Today I am reviewing a well-known handbook that applies ITIL principles to system and network operations. Visible Ops Handbook: Starting ITIL in 4 Practical Steps by Kevin Behr, Gene Kim and George Spafford (2004) and published by the IT Process Institute (ITPI), is a superb little (5" x 7" x 84 pp) booklet available online for $20; a PDF version is also available for download. We use this booklet in the Master of Science in Information Assurance (MSIA) program at Norwich University. 

The book opens with a thought-provoking introduction that outlines the key problems facing IT operations groups worldwide. Some of the challenges they enumerate are:

* “A ‘cowboy culture’ where seemingly ‘nimble’ behavior has promoted destructive side effects. The sense of agility is all too often a delusion.

* A ‘pager culture’ where IT operations believes that true control simply is not possible, and that they are doomed to an endless cycle of break/fix triggered by a pager message at late hours of the night.

* An environment where IT operations and security are constantly in a reactive mode, with little ability to figure out how to free themselves from fire-fighting long enough to invest in any proactive work.”

Phase One: “Stabilize the Patient” and “Modify First Response”

* In this early phase of the plan, the IT group works “to reduce the amount of unplanned work as a percentage of total work done down to 25% or less… The primary goal of this phase is to stabilize the environment, allowing work to shift from perpetual firefighting to more proactive work that addresses the root cases of problems.

Phase Two: “Catch & Release” and “Find Fragile Artifacts” Projects

* The second phase of Visible Ops focuses on cataloguing resources and knowledge so that the IT group can move toward complete control of the tools they are supposed to be managing. Deviant configurations, ultra-fragile systems – all of these have to be identified and documented before they can be corrected.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.