- What is the relation between Availability, Availability service time and downtime?
Ans: Availability % = (Available service time –downtime) / Available service time
to ensure that all the IT services are available and are functioning correctly whenever customers and users want to use them in the framework of the SLAs in force.
- What is ISO/IEC 27002?
Ans: ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including selection, implementation and management of controls, taking into consideration the organization’s information security risk environment(s).
It is designed to be used by organizations that intend to:
- Select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;
- Implement commonly accepted information security controls, and
- Develop their independent information security management guidelines.
- What is Plan-Do-Check-Act (PDSA) cycle?
Ans: The PDSA Cycle is a systematic series of steps for gaining valuable learning and knowledge for the continual improvement of a product or process. Also known as the Deming Wheel, or Deming Cycle, the concept and application was first introduced to Dr. Deming by his mentor, Walter Shewhart of the famous Bell Laboratories in New York.
The four phases in the Plan-Do-Check-Act Cycle involve:
- Plan:Identifying and analyzing the problem.
- Do:Developing and testing a potential solution.
- Check:Measuring how effective the test solution was, and analyzing whether it could be improved in any way.
- Act: Implementing the improved solution fully.
- What type of information is captured in an information security policy?
Ans: Information security policies are the documented business and technical rules for protecting an organization from information security risk faced by its business and technical infrastructure. These written policy documents provide a high-level description of the various controls, which the organization will use to manage its information security risks.
The information security policy documents are also considered to be a formal declaration of management’s intent to protect its information asset from relevant risks. In specific cases, the policies are supported by information security procedures that identify key activities required to implement relevant information security policies.
- What is a balanced scorecard? Balanced scorecard is a strategic planning and management system that is used extensively in business and industry, government, and nonprofit organizations worldwide to align business activities to the vision and strategy of the organization, improve internal and external communications, and monitor organization performance against strategic goals.
Ans: Balanced scorecard is a strategic planning and management system that is used extensively in business and industry, government, and nonprofit organizations worldwide to align business activities to the vision and strategy of the organization, improve internal and external communications, and monitor organization performance against strategic goals.
- What is a Service Request?
Ans: Service requests are a formal request submitted by a user for some type of service, software, or hardware. A Service request generally refers to something the user wants and/or needs but does not already have, such as a printer or laptop. Service requests often involve items that are already approved. For instance, if it is a company policy that all employees get access to the cloud-based CRM system, and someone from the marketing department sends a service request for access to the CRM, this does not need any additional approval. The IT help desk can simply fulfill this request.
- What type of information is stored in a CMDB?
Ans: CMDB contains contents that are intended to hold a collection of IT assets commonly referred to as configuration items (CI) as well as descriptive relationships between such assets. When populated, the repository becomes a means of understanding how critical assets such as information systems are composed, what are their upstream sources or dependencies, and what are their downstream targets.
- Is there a trade-off between return and risk?
Ans: According to modern portfolio theory, there is a trade-off between risk and return. All other factors being equal, if a particular investment incurs a higher risk of financial loss for prospective investors, those investors must be able to expect a higher return in order to be attracted to the higher risk.
In majority of cases, even though there is no promise of higher returns on risky assets, so the higher risk just tends to scare off potential investors, keeping the returns on a given investment low. The only investments that can really try to promise higher returns for higher risk are bonds, and even then the higher returns won’t be generated if the issuing organization goes default.
- What is the difference between end-users and customers?
Ans: End-User – An end user or end customer directly receives the service or employs the product. End users are not the only customers as there may be intermediate entities like purchasing departments, whose expectations or needs must be carried forward through a series of service contracts or requirement definitions.
Customer– A customer may or may not have the ability to choose between different products and suppliers. For instance- In monopoly situations like local telephone and cable television services, there are scenarios when end users do not make the purchasing decision. It may include Clients of social service agencies or court-appointed lawyers or employees of an organization where the purchasing department makes the choices.
- How is IT Service Continuity Management (ITSCM) related to Business Continuity Planning (BCP)?
Ans: IT Service Continuity is a subset of Business Continuity Planning (BCP) and encompasses IT disaster recovery planning and wider IT resilience planning. It also incorporates those elements of IT infrastructure and services that relate to communications such as (voice) telephony and data communications.
It is a systematic process to prevent, predict and manage Information and Communications Technology (ICT) disruption and incidents, which have the potential to disrupt ICT services and should result in a more resilient IT service capability aligned to wider organizational requirements.