Visible Ops
What readers are saying about Visible OpsCommon Sense Approach that is all too uncommon...,Robin P. Yearsley "Robin Yearsley" (UK) - January 11, 2006 The Authors have (at last) found a meaningful way to pinpoint one of the best ways to begin implementing ITIL. By starting with reducing "reactive time" and focusing on Incident, Problem and Change Management - the book provides a pragmatic and valuable insight into how one could go about the process of implementing ITIL from scratch in a greenfield site. As an ITIL expert myself - this is often a fundamental stumbling block for many organizations. The Auditable steps are also often overlooked in many of todays "recommended" approaches. The audit process will ensure that "what gets measured gets attended to". I recommend this book to anyone who is beginning on their ITIL journey - as a natural complement to the core OGC texts, or anyone who is considering how they would overlay their ITIL implementation with Audit capability. The best tool I ever bought for my work compootergeek "Marie" October 26, 2005 Visible Ops set me in the right direction for performing the research I needed to prepare a proposal for my boss. The book was a great tool for understanding the different CONTROLs I NEEDed to grasp, in order to REALLY know how my job/workflow is part of the IT Operation. I was finally able to design an acceptable outline of the metric components that my IT job needs to "perform". And now I'm on my way to setting the stage of value in my job. A way to stop the IT insanity Richard Bejtlich "TaoSecurity.com" August 5, 2005 I read The Visible Ops Handbook because a friend told me his company was considering integrating the booklet's ideas into their product line. I had not heard much about the Information Technology Infrastructure Library (ITIL), but I was familiar with the problems caused by poor administration. I perform network incident response (IR), so I am often asked to solve problems in three days that clients have been confronting for three months or years. After reading Visible Ops, I will recommend it to every IR client who asks me to remediate intrusions. Simply put, Visible Ops provides four simple steps to stop the IT insanity. The book offers a quote attributed to Albert Einstein on p 42: "Insanity is doing the same thing over and over, and expecting a different result." Many organizations have unintentionally embraced this concept, continuing to pursue the same broken administration techniques and wondering when they will ever stop fighting fires. The Visible Ops process is the answer they have been pursuing. My favorite aspect of the book is its narrative examples. These contain quotes by real administrators and managers and address problems like "the DHCP server, running on a DNS server, built four years ago by a college intern, that no one touches nor understands." Another similarly amusing (and sad) section presents seven steps in the "spectrum of change" on p 36. This ranges from the poor end, like "Oblivious to Change: 'Hey, did the switch just reboot?'" and "Aware of Change: 'Hey, who just rebooted the switch?'" to the most mature option, "Managing Change". In terms of the booklet's advice, I found it rock solid, especially this recommendation: when a problem occurs, don't log into the infrastructure and begin troubleshooting. Rather, check to see who made the last configuration change. Since "80% of IT and system outages are caused by operator and application errors," and not intruders, those confronting an incident should always begin by looking at themselves, and not outside "hackers." I also found Appendix A, Preparing for Audits, to be a succinct and helpful look at the worldview of the auditor. The "Controls 101" section described preventative, detective, and corrective controls, which reminded me of the protection, detection, and response phases of the security process. Advice on p 70 also made sense in light of the debate over intrusion detection systems vs "intrusion prevention systems": "Document your preventative controls, and have detective controls in place to show they work." If your IPS is both a preventative and detective control, how do you check when it has failed? I found few reasons to dislike Visible Ops, but I had enough issues to give only four stars. First, the book needs to be printed in a bigger form factor. The problem with Visible Ops is that its small size (5x7) reduces some of the fonts used in various tables to be almost illegible. Second, the booklet is too internally repetitive. This is especially true in the appendices, where points continue to reappear. Third, I fear that the book, along with all those taking an audit-centric approach to security, sees controls as the be-all, end-all of the security process. It seems too much attention is paid to preventing incidents, with not enough resources devoted to detection and response. Corrective controls, for example, do not receive the attention they deserve. Rebuilding from bare metal is the recovery action of choice in Visible Ops, but rebuilding another vulnerable server strays towards the definition of insanity mentioned earlier. Overall, I recommend everyone associated with IT, security, operations, and audit read Visible Ops. The booklet is small enough to read in a few hours, since the main material and Appendix A ends on p 73. I look forward to more extensive materials from this excellent team of authors. ITIL play book Big John - June 30, 2005 We have used the Viz Ops pamplet to be our play book for setting up and running Change and Configuration Management at a large Government agency. Our success has been in part due to the advice taken from this valuable resource. We have been using the ITIL framework for the past year, but others inour organization were not familiar with ITIL. We sent out copies Viz Ops to all our keystakeholders. Now we have a common language, and a similar framework to go to. Using the very simple steps in the book we have cut down on the time wasted in endless change meetings, stream lined our processes, and improved our effectiveness by cutting out the wate often associated with this political ITIL process. I would highly reccomend this book to anyone who is trying to make a go at ITIL for the first time, or anyone who has organizational gridlock and wants to find some way to make the process more efficient. I really like Viz Ops. The Missing ITIL Book Darrin Jillson - October 24, 2004 I can remember when I first discovered ITIL. I was both excited and disappointed. I was excited because I had found a framework that I could leverage with my IT team for improvement. I was disappointed because within all the ITIL books it never defined a clear path to start implementation. It was a pleasure to read the Visible Ops Handbook and find a documented plan that I could use to implement our improvement process. The authors understand and address the real challenges with managing IT improvement. Philosophy Of Information Technology Control 101 John Withington - October 22, 2004 Visible Ops gets to the essence of good control practices for today's IT environment. Having preached the gospel of IT control and governance for over 20 years, I believe Visible Ops presents a control philosophy and methodology that is a dream come true for IT auditors. The extensive journey of discussions with IT professionals, Palmer Group members, and Practitioner's Roundtable sessions that Kevin, Gene, and George embarked on has produced a gem. John P. Withington Vice President - Information Systems Audit NASD No IT Professional should be without a copy of... Robin J. Basham "Robin Basham" - October 21, 2004 After reading the Visible Ops Handbook, my VP of IT Governance and I were so impressed that we made it required client reading on all of our Sarbanes-Oxley compliance engagements. Plenty of writers are saying what needs to be in place, while Visible Ops actually explains a path to getting there. Great, clear, concise reading. A MUST. Robin Basham, President, Phoenix Businsess & Systems Process, Inc |