manajemen sistem informasi (msi) · pdf filehandout msi poltekpos indonesia handout manajemen...

handout MSI Poltekpos Indonesiahandout MSI Poltekpos Indonesia

HandoutHandout

MANAJEMEN SISTEM MANAJEMEN SISTEM INFORMASIINFORMASI

(MSI)(MSI)

Oleh :Oleh :

SOLIKIN WS., M.T.SOLIKIN WS., [email protected]


KuliahKuliah PenggantiPengganti

�� KelasKelas 2A 2A

�� SeninSenin, 13 , 13 OktOkt 20082008

�� PkPk. 08.00 . 08.00 –– 9.30 9.30 wibwib

�� RuangRuang : ?: ?


KuliahKuliah PenggantiPengganti

�� KelasKelas 2C 2C

�� SeninSenin, 14 , 14 OktOkt 20082008

�� PkPk. 11.00 . 11.00 –– 12.30 12.30 wibwib

�� RuangRuang : ? : ? TdkTdk jdjd


S O L I K I NS O L I K I N

� Email :

[email protected]

Atau

[email protected]

� Blog

www.solikinws.wordpress.com


MateriMateri dptdpt didi UnduhUnduh

� www.iqrosol.wordpress.com


TujuanTujuan

1. Mahasiswa memahami konsep

pengelolaan SI dan mampu

melakukan analisis kebutuhan

sumber daya

2. Mahasiswa mampu menentukan

kegiatan yang diperlukan dalam

mengelola SI


LingkupLingkup

1. Memberikan pengertian dan pengetahuan

tentang kegiatan yang perlu dilakukan dalam

mengelola SI

2. Memahami jenis, fungsi, struktur dan peran SI

pada suatu organisasi

3. Dapat melakukan analisis dan penetapan

kebutuhan dalam pengelolaan sumberdaya

agar SI dapat beroperasi secara optimal

4. Dapat menggunakan framework-framework

pengembangan dan pengelolaan SI


BukuBuku PustakaPustaka

1.1. MIS, Managing the digital firm, Kenneth C MIS, Managing the digital firm, Kenneth C

LaudonLaudon, Prentice Hall 2002, Prentice Hall 2002

2.2. Managing IT, E. Managing IT, E. WainrightWainright Martin, Prentice Hall Martin, Prentice Hall

20022002

3.3. MIS:ManagingMIS:Managing IT in the Business Enterprise, IT in the Business Enterprise,

James A. OJames A. O’’Brien. Mc Brien. Mc GrawwGraww Hill, 2004Hill, 2004

4.4. Information System, The foundation of EInformation System, The foundation of E--

Business, Steven Alter, 4thed, Prentice Hall, Business, Steven Alter, 4thed, Prentice Hall,

20022002


MRT (MRT (Mass Rapid Transit) Mass Rapid Transit)

SingaporeSingapore


MRTMRT� Mass Rapid Transit (MRT) di Singapura

adalah sebuah layanan keretapenumpang ber-AC yang modern, dengan stasiun pemberhentian diseluruh negeri.

� Terdapat tiga jalur utama – jalur North-South dari Marina Bay ke Jurong East, jalur East-West dari Changi Airport/PasirRis ke Boon Lay, dan jalur North-East dari Harbour Front ke Punggol.


MRTMRT

Dari pusat kota, perjalanan dengan MRT kestasiun Changi Airport hanya selama 27 menit. Layanan kereta dari stasiun Changi Airport beroperasi dengan frekuensi rata-rata 12 menitdan jam layanannya adalah sebagai berikut:Stasiun Changi Airport ke stasiun City Hall Kereta pertama: Pukul 05.31 (Senin sampaiSabtu), pukul 05.59 (Minggu dan hari libur)Kereta terakhir: Pukul 23.18 (setiap hari)


MRTMRT

Stasiun City Hall ke stasiun Changi Airport Kereta pertama: Pukul 06.09 (Senin sampaiSabtu), pukul 06.45 (Minggu dan hari libur)Kereta terakhir: Pukul 00.03 (setiap hari)Tarif untuk sekali perjalanan dari stasiunChangi Airport ke stasiun City Hall adalahSGD 1.40. Demi kenyamanan wisatawan, kereta yang melayani stasiun Changi Airport menyediakan rak bagasi dan ruang bebas disetiap gerbong.


RATISRATISRail Travel Information System (RATIS) Rail Travel Information System (RATIS) mengumumkanmengumumkan informasiinformasi jadwaljadwal kedatangankedatangan dandantujuantujuan keretakereta. . InformasiInformasi iniini ditampilkanditampilkan didi layarlayar plasma plasma didi peronperon, , dandan didi panel LED panel LED didi area. area. SilahkanSilahkan membacamembacatujuantujuan keretakereta didi RATIS RATIS atauatau mendengarkanmendengarkanpengumumanpengumuman dalamdalam keretakereta untukuntuk memastikanmemastikan AndaAndanaiknaik keretakereta yang yang tepattepat keke tujuantujuan AndaAnda. .

JikaJika AndaAnda naiknaik keretakereta yang yang menujumenuju stasiunstasiun PasirPasir RisRis, , AndaAnda harusharus turunturun didi stasiunstasiun pergantianpergantian TanahTanah MerahMerah, , lalulalu naiknaik keke keretakereta menujumenuju stasiunstasiun ChangiChangi Airport.Airport.

FrekuensiFrekuensiKeretaKereta beroperasiberoperasi dengandengan interval interval antaraantara duaduasetengahsetengah menitmenit dandan delapandelapan menitmenit daridari pukulpukul 05.30 05.30 pagipagi sampaisampai 00.30 00.30 malammalam setiapsetiap harihari. . PeriksalahPeriksalah didistasiunstasiun MRT yang MRT yang bersangkutanbersangkutan untukuntuk mendapatmendapatjadwaljadwal kedatangan/keberangkatankedatangan/keberangkatan yang yang tepattepat..


TiketTiket

TiketTiketBepergianBepergian dengandengan MRT MRT sangatsangat murahmurah, , dengandengan biayabiayamulaimulai daridari SGD 0.80 SGD 0.80 sampaisampai maksimalmaksimal SGD 1.70.SGD 1.70.

SelainSelain menggunakanmenggunakan tunaitunai, , AndaAnda dapatdapat membayarmembayartikettiket MRT MRT dandan bisbis dengandengan kartukartu ezez--link. link. KartuKartu iniini dapatdapatdibelidibeli atauatau diisidiisi ulangulang didi setiapsetiap kantorkantor penjualanpenjualan tikettiketTransitLinkTransitLink yang yang terletakterletak didi sebagiansebagian besarbesar stasiunstasiunMRT MRT dandan tempattempat pergentianpergentian bisbis. . SetiapSetiap kartukartu untukuntukdewasadewasa dijualdijual dengandengan isiisi minimal SGD 10 minimal SGD 10 ditambahditambahbiayabiaya deposit SGD 5.deposit SGD 5.

UntukUntuk informasiinformasi lebihlebih lanjutlanjut, , hubungilahhubungilah teleponteleponTransitLinkTransitLink: 1 800: 1 800--336 8900 (336 8900 (bebasbebas pulsapulsa didiSingapuraSingapura) ) atauatau kunjungikunjungi situssitus web web SMRTSMRT


�� MRT Singapore MRT Singapore dikeloladikelola oleholeh siapasiapa??

�� KapanKapan didi bangunnyabangunnya

�� KaitanKaitan dg IT?dg IT?

�� DstDst

�� Handout MSI Handout MSI PoltekPoltek PosPos


MateriMateri

1. IS Overview

2. IS Role in The Enterprises

3. WSF

4. IT IL

5. IS Architectures


IT ILIT IL(Information Technology (Information Technology

Infrastructure Library)Infrastructure Library)

Solikin, M.T. Solikin, M.T.

[email protected]@yahoo.com


IT ILIT IL


Alignment of the IT Plan with the Organizational PlanAlignment of the IT Plan with the Organizational Plan

The Relationship between Business, IS an IT The Relationship between Business, IS an IT

StrategiesStrategies


IT ILIT IL

�� PustakaPustaka InfrastrukturInfrastruktur TeknologiTeknologi InformasiInformasi) ) adalahadalah suatusuatu rangkaianrangkaian konsepkonsep dandan teknikteknikpengelolaanpengelolaan infrastrukturinfrastruktur, , pengembanganpengembangan, , sertasertaoperasioperasi teknologiteknologi informasiinformasi (TI). (TI).

�� Nama ITIL dan IT Infrastructure Library Nama ITIL dan IT Infrastructure Library merupakan merupakan merek dagangmerek dagang terdaftar dari terdaftar dari Office Office of Government Commerceof Government Commerce (OGC) (OGC) Britania RayaBritania Raya. . ITIL ITIL memberikanmemberikan deskripsideskripsi detildetil tentangtentangbeberapabeberapa praktikpraktik TI TI pentingpenting dengandengan daftardaftar cekcek, , tugastugas, , sertaserta prosedurprosedur yang yang menyeluruhmenyeluruh yang yang dapatdapat disesuaikandisesuaikan dengandengan segalasegala jenisjenisorganisasiorganisasi TI. TI.


IT ILIT IL�� WalaupunWalaupun dikembangkandikembangkan sejaksejak dasawarsadasawarsa 19801980--anan, ,

penggunaanpenggunaan ITIL ITIL barubaru meluasmeluas padapada pertengahanpertengahan 19901990--anan dengandengan spesifikasispesifikasi versiversi keduanyakeduanya (ITIL v2) yang (ITIL v2) yang paling paling dikenaldikenal dengandengan duadua set set bukunyabukunya yang yang berhubunganberhubungan dengandengan ITSMITSM ((IT Service ManagementIT Service Management), ), yaituyaitu Service DeliveryService Delivery ((AntarAntar LayananLayanan) ) dandan Service Service SupportSupport ((DukunganDukungan LayananLayanan) )

�� PadaPada 30 30 JuniJuni 20072007, OGC , OGC menerbitkanmenerbitkan versiversi ketigaketiga ITIL ITIL (ITIL v3) yang (ITIL v3) yang intinyaintinya terdiriterdiri daridari lima lima bagianbagian dandan lebihlebihmenekankanmenekankan padapada pengelolaanpengelolaan siklussiklus hiduphidup layananlayananyang yang disediakandisediakan oleholeh teknologiteknologi informasiinformasi


IT ILIT IL

�� Is a set of best practices and guidelines that Is a set of best practices and guidelines that define an integrated, processdefine an integrated, process--based approach based approach for managing information technology services. for managing information technology services.

�� ITIL can be applied across almost every type of ITIL can be applied across almost every type of IT environment IT environment

�� The Information Technology Infrastructure The Information Technology Infrastructure Library (ITIL) is a set of concepts and techniques Library (ITIL) is a set of concepts and techniques for managing information technology (IT) for managing information technology (IT) infrastructure, development, and operations infrastructure, development, and operations


IT ILIT IL�� ITIL began in the 1980s as an attempt by the British government ITIL began in the 1980s as an attempt by the British government to to

develop an approach for efficient and costdevelop an approach for efficient and cost--effective use of its many effective use of its many IT resources . IT resources .

�� ITIL is a proven set of guidance and best practices developed inITIL is a proven set of guidance and best practices developed in the the late 1980's by the United Kingdom Central Computer and late 1980's by the United Kingdom Central Computer and Telecommunications Agency (CCTA) Telecommunications Agency (CCTA)

�� ITIL stresses service quality and focuses on how IT services canITIL stresses service quality and focuses on how IT services can be be efficiently and costefficiently and cost--effectively provided and supported. In the ITIL effectively provided and supported. In the ITIL framework, the business units within an organization who framework, the business units within an organization who commission and pay for IT services (e.g. Human Resources, commission and pay for IT services (e.g. Human Resources, Accounting), are considered to be "customers" of IT services. ThAccounting), are considered to be "customers" of IT services. The IT e IT organization is considered to be a service provider for the custorganization is considered to be a service provider for the customers omers


Organizations can benefit in several Organizations can benefit in several

important ways from IT IL:important ways from IT IL:

1.1. IT services become more customerIT services become more customer--focused focused

2.2. The quality and cost of IT services are better The quality and cost of IT services are better managed managed

3.3. The IT organization develops a clearer The IT organization develops a clearer structure and becomes more efficient structure and becomes more efficient

4.4. IT changes are easier to manage IT changes are easier to manage

5.5. There is a uniform frame of reference for There is a uniform frame of reference for internal communication about IT internal communication about IT

6.6. IT procedures are standardized and integrated IT procedures are standardized and integrated

7.7. Demonstrable and auditable performance Demonstrable and auditable performance measurements are defined measurements are defined


ITIL detailsITIL details

�� ITIL takes a processITIL takes a process--based approach to managing and based approach to managing and providing IT services; IT activities are divided into providing IT services; IT activities are divided into processes, each of which has three levels processes, each of which has three levels

1.1. StrategicStrategic: An organization's objectives are determined, along : An organization's objectives are determined, along with an outline of methods to achieve the objectives. with an outline of methods to achieve the objectives.

2.2. TacticalTactical: The strategy is translated into an appropriate : The strategy is translated into an appropriate organizational structure and specific plans that describe which organizational structure and specific plans that describe which processes have to be executed, what assets have to be processes have to be executed, what assets have to be deployed, and what the deployed, and what the outcome(soutcome(s) of the processes should ) of the processes should be. be.

3.3. OperationalOperational: The tactical plans are executed. Strategic : The tactical plans are executed. Strategic objectives are achieved within a specified time. objectives are achieved within a specified time.


Each of these areas is a set of Each of these areas is a set of

best practices:best practices:1.1. Configuration ManagementConfiguration Management: Best practices for controlling production : Best practices for controlling production

configurations (for example, standardization, status monitoring,configurations (for example, standardization, status monitoring, asset asset identification). By identifying, controlling, maintaining and veidentification). By identifying, controlling, maintaining and verifying the rifying the items that make up an organization's IT infrastructure, these pritems that make up an organization's IT infrastructure, these practices actices ensure that there is a logical model of the infrastructure. ensure that there is a logical model of the infrastructure.

2.2. Incident ManagementIncident Management: Best practices for resolving incidents (any event : Best practices for resolving incidents (any event that causes an interruption to, or a reduction in, the quality othat causes an interruption to, or a reduction in, the quality of an IT f an IT service) and quickly restoring IT services. These practices ensuservice) and quickly restoring IT services. These practices ensure that re that normal service is restored as quickly as possible after an incidnormal service is restored as quickly as possible after an incident occurs. ent occurs.

3.3. Problem ManagementProblem Management: Best practices for identifying the underlying : Best practices for identifying the underlying cause(scause(s) of IT incidents in order to prevent future recurrences. These ) of IT incidents in order to prevent future recurrences. These practices seek to proactively prevent incidents and problems. practices seek to proactively prevent incidents and problems.

4.4. Change ManagementChange Management: Best practices for standardizing and authorizing : Best practices for standardizing and authorizing the controlled implementation of IT changes. These practices ensthe controlled implementation of IT changes. These practices ensure that ure that changes are implemented with minimum adverse impact on IT servicchanges are implemented with minimum adverse impact on IT services, es, and that they are traceable. and that they are traceable.


Each of these areas is a set of Each of these areas is a set of

best practices:best practices:5.5. Configuration ManagementConfiguration Management: Best practices for controlling production : Best practices for controlling production

configurations (for example, configurations (for example, Availability ManagementAvailability Management: Best practices for : Best practices for maintaining the availability of IT services guaranteed to a custmaintaining the availability of IT services guaranteed to a customer (for omer (for example, optimizing maintenance and design measures to minimize example, optimizing maintenance and design measures to minimize the the number of incidents). These practices ensure that an IT infrastrnumber of incidents). These practices ensure that an IT infrastructure is ucture is reliable, resilient, and recoverable. reliable, resilient, and recoverable.

6.6. Financial ManagementFinancial Management: Best practices for understanding and managing : Best practices for understanding and managing the cost of providing IT services (for example, budgeting, IT acthe cost of providing IT services (for example, budgeting, IT accounting, counting, charging). These practices ensure that IT services are provided charging). These practices ensure that IT services are provided efficiently, efficiently, economically, and costeconomically, and cost--effectively. effectively.

7.7. Service Level ManagementService Level Management: Best practices for ensuring that agreements : Best practices for ensuring that agreements between IT and IT customers are specified and fulfilled. These pbetween IT and IT customers are specified and fulfilled. These practices ractices ensure that IT services are maintained and improved through a cyensure that IT services are maintained and improved through a cycle of cle of agreeing, monitoring, reporting, and reviewing IT services agreeing, monitoring, reporting, and reviewing IT services


Figure 1 depicts the above processes, showing how the Service Figure 1 depicts the above processes, showing how the Service

Desk function serves as the single point of contact for the variDesk function serves as the single point of contact for the various ous

service management processesservice management processes


IT IL and information securityIT IL and information security

�� IT IL seeks to ensure that effective information security IT IL seeks to ensure that effective information security measures are taken at strategic, tactical, and measures are taken at strategic, tactical, and operational levels. Information security is considered an operational levels. Information security is considered an iterative process that must be controlled, planned, iterative process that must be controlled, planned, implemented, evaluated, and maintained implemented, evaluated, and maintained

�� IT IL breaks information security down into:IT IL breaks information security down into:

1.1. Policies Policies -- overall objectives an organization is overall objectives an organization is attempting to achieve attempting to achieve

2.2. Processes Processes -- what has to happen to achieve the what has to happen to achieve the objectives objectives

3.3. Procedures Procedures -- who does what and when to achieve who does what and when to achieve the objectives the objectives

4.4. Work instructions Work instructions -- instructions for taking specific instructions for taking specific actions actions


It defines information security as a complete cyclical It defines information security as a complete cyclical

process with continuous review and improvement, as process with continuous review and improvement, as

illustrated in Figure 2:illustrated in Figure 2:


As some organizations look at Implementation and As some organizations look at Implementation and

Monitoring as a single step, Monitoring as a single step, ITIL'sITIL's Information Security Information Security

Process can be described as a seven step processProcess can be described as a seven step process

1.1. Using risk analysis, IT customers identify their security Using risk analysis, IT customers identify their security requirements. requirements.

2.2. The IT department determines the feasibility of the requirementsThe IT department determines the feasibility of the requirementsand compares them to the organization's minimum information and compares them to the organization's minimum information security baseline. security baseline.

3.3. The customer and IT organization negotiate and define a service The customer and IT organization negotiate and define a service level agreement (SLA) that includes definition of the informatiolevel agreement (SLA) that includes definition of the information n security requirements in measurable terms and specifies how theysecurity requirements in measurable terms and specifies how theywill be verifiably achieved. will be verifiably achieved.

4.4. Operational level agreements (Operational level agreements (OLAsOLAs), which provide detailed ), which provide detailed descriptions of how information security services will be providdescriptions of how information security services will be provided, ed, are negotiated and defined within the IT organization. are negotiated and defined within the IT organization.

5.5. The SLA and The SLA and OLAsOLAs are implemented and monitored. are implemented and monitored.

6.6. Customers receive regular reports about the effectiveness and Customers receive regular reports about the effectiveness and status of provided information security services. status of provided information security services.

7.7. The SLA and The SLA and OLAsOLAs are modified as necessary are modified as necessary


Service level agreementsService level agreements

The SLA is a key part of the ITIL The SLA is a key part of the ITIL information security process. It is a information security process. It is a formal, written agreement that formal, written agreement that documents the levels of service, documents the levels of service, including information security, that IT is including information security, that IT is responsible for providing. The SLA responsible for providing. The SLA should include key performance should include key performance indicators and performance criteria. indicators and performance criteria. Typical SLA information security Typical SLA information security statements should include:statements should include:



1.1. Permitted methods of accessPermitted methods of access

2.2. Agreements about auditing and loggingAgreements about auditing and logging

3.3. Physical security measuresPhysical security measures

4.4. Information security training and awareness for Information security training and awareness for usersusers

5.5. Authorization procedure for user access rightsAuthorization procedure for user access rights

6.6. Agreements on reporting and investigating Agreements on reporting and investigating security incidentssecurity incidents

7.7. Expected reports and auditsExpected reports and audits



�� In addition to In addition to SLAsSLAs and and OLAsOLAs, ITIL defines three other , ITIL defines three other types of information security documentation:types of information security documentation:

1.1. Information security policiesInformation security policies: ITIL states that security policies : ITIL states that security policies should come from senior management and contain:should come from senior management and contain:

1.1. Objectives and scope of information security for an organizationObjectives and scope of information security for an organization

2.2. Goals and management principles for how information security is Goals and management principles for how information security is to be managedto be managed

3.3. Definition of roles and responsibilities for information securitDefinition of roles and responsibilities for information securityy

2.2. Information security plansInformation security plans: describes how a policy is : describes how a policy is implemented for a specific information system and/or business implemented for a specific information system and/or business unit.unit.

3.3. Information security handbooksInformation security handbooks: operational documents for : operational documents for dayday--toto--day usage; they provide specific, detailed working day usage; they provide specific, detailed working instructions. instructions.


Ten ways ITIL can improve Ten ways ITIL can improve

information securityinformation security1.1. ITIL keeps information security business and service focused. ToITIL keeps information security business and service focused. Too often, o often,

information security is perceived as a "cost information security is perceived as a "cost centercenter" or "hindrance" to business " or "hindrance" to business functions. With ITIL, business process owners and IT negotiate ifunctions. With ITIL, business process owners and IT negotiate information nformation security services; this ensures that the services are aligned wisecurity services; this ensures that the services are aligned with the business' th the business' needs. needs.

2.2. ITIL can enable organizations to develop and implement informatiITIL can enable organizations to develop and implement information security in a on security in a structured, clear way based on best practices. Information securstructured, clear way based on best practices. Information security staff can move ity staff can move from "fire fighting" mode to a more structured and planned approfrom "fire fighting" mode to a more structured and planned approach. ach.

3.3. With its requirement for continuous review, ITIL can help ensureWith its requirement for continuous review, ITIL can help ensure that information that information security measures maintain their effectiveness as requirements, security measures maintain their effectiveness as requirements, environments, environments, and threats change. and threats change.

4.4. ITIL establishes documented processes and standards (such as ITIL establishes documented processes and standards (such as SLAsSLAs and and OLAsOLAs) ) that can be audited and monitored. This can help an organizationthat can be audited and monitored. This can help an organization understand the understand the effectiveness of its information security program and comply witeffectiveness of its information security program and comply with regulatory h regulatory requirements (for example, HIPAA or Sarbanes Oxley). requirements (for example, HIPAA or Sarbanes Oxley).

5.5. ITIL provides a foundation upon which information security can bITIL provides a foundation upon which information security can build. It requires a uild. It requires a number of best practices number of best practices -- such as Change Management, Configuration such as Change Management, Configuration Management, and Incident Management Management, and Incident Management -- that can significantly improve that can significantly improve information security. For example, a considerable number of infoinformation security. For example, a considerable number of information security rmation security issues are caused by inadequate change management, such as issues are caused by inadequate change management, such as misconfiguredmisconfiguredservers. servers.


Ten ways ITIL can improve Ten ways ITIL can improve

information securityinformation security6.6. ITIL enables information security staff to discuss information sITIL enables information security staff to discuss information security in terms ecurity in terms

other groups can understand and appreciate. Many managers can't other groups can understand and appreciate. Many managers can't "relate" to low"relate" to low--level details about encryption or firewall rules, but they are llevel details about encryption or firewall rules, but they are likely to understand and ikely to understand and appreciate ITIL concepts such as incorporating information securappreciate ITIL concepts such as incorporating information security into defined ity into defined processes for handling problems, improving service, and maintainprocesses for handling problems, improving service, and maintaining ing SLAsSLAs. ITIL . ITIL can help managers understand that information security is a key can help managers understand that information security is a key part of having a part of having a successful, wellsuccessful, well--run organization. run organization.

7.7. The organized ITIL framework prevents the rushed, disorganized iThe organized ITIL framework prevents the rushed, disorganized implementation mplementation of information security measures. ITIL requires designing and buof information security measures. ITIL requires designing and building consistent, ilding consistent, measurable information security measures into IT services rathermeasurable information security measures into IT services rather than afterthan after--thethe--fact or after an incident. This ultimately saves time, money, anfact or after an incident. This ultimately saves time, money, and effort. d effort.

8.8. The reporting required by ITIL keeps an organization's managemenThe reporting required by ITIL keeps an organization's management well informed t well informed about the effectiveness of their organization's information secuabout the effectiveness of their organization's information security measures. The rity measures. The reporting also allows management to make informed decisions aboureporting also allows management to make informed decisions about the risks t the risks their organization has. their organization has.

9.9. ITIL defines roles and responsibilities for information securityITIL defines roles and responsibilities for information security. During an incident, . During an incident, it's clear who will respond and how they will do so. it's clear who will respond and how they will do so.

10.10. ITIL establishes a common language for discussing information seITIL establishes a common language for discussing information security. This can curity. This can allow information security staff to communicate more effectivelyallow information security staff to communicate more effectively with internal and with internal and external business partners, such as an organization's outsourcedexternal business partners, such as an organization's outsourced security services security services


Implementing ITILImplementing ITIL

�� ITIL enables information security staff to discuss ITIL enables information security staff to discuss information security in terms Critical factors for information security in terms Critical factors for successful ITIL implementation include: successful ITIL implementation include:

1.1. Full management commitment and involvement with Full management commitment and involvement with the ITIL implementationthe ITIL implementation

2.2. A phased approachA phased approach

3.3. Consistent and thorough training of staff and Consistent and thorough training of staff and managementmanagement

4.4. Making ITIL improvements in service provision and Making ITIL improvements in service provision and cost reduction sufficiently visiblecost reduction sufficiently visible

5.5. Sufficient investment in ITIL support toolsSufficient investment in ITIL support tools


ConclusionConclusion

�� Information security measures are steadily Information security measures are steadily increasing in scope, complexity, and increasing in scope, complexity, and importance. It is risky, expensive, and importance. It is risky, expensive, and inefficient for organizations to have their inefficient for organizations to have their information security depend on cobbledinformation security depend on cobbled--together, together, homegrownhomegrown processes. processes.

�� ITIL can enable these processes to be ITIL can enable these processes to be replaced with standardized, integrated replaced with standardized, integrated processes based on best practices. Though processes based on best practices. Though some time and effort are required, some time and effort are required,

�� ITIL can improve how organizations implement ITIL can improve how organizations implement and manage information security and manage information security


ItilItil Assessments & Assessments &

Implementation ServicesImplementation Services


Core Processes:Core Processes:

�� The planning, delivery and support of IT The planning, delivery and support of IT Services are divided into ten core processes Services are divided into ten core processes within ITIL. within ITIL.

�� These ten processes are distributed into two These ten processes are distributed into two groups, one that focuses on Service Support groups, one that focuses on Service Support and the other which focuses on Service and the other which focuses on Service Delivery. Delivery.

�� Service Support encompasses the operational Service Support encompasses the operational processes that enable an IT organization to processes that enable an IT organization to implement a stable IT infrastructure, while implement a stable IT infrastructure, while Service Delivery deals with the planning, Service Delivery deals with the planning, realization, continuation of services, and realization, continuation of services, and optimizing the cost performance of IT servicesoptimizing the cost performance of IT services


10 Core IT Service 10 Core IT Service

Management processes:Management processes:1.1. Incident Management Incident Management Timely coordination, diagnosis, Timely coordination, diagnosis,

correction, and restoration of interrupted IT services.correction, and restoration of interrupted IT services.

2.2. Availability Management Availability Management Optimizing and ensuring the Optimizing and ensuring the availability of IT services to support business objectives. availability of IT services to support business objectives.

3.3. Problem Management Problem Management Identifying and permanently Identifying and permanently removing the root causes of actual and potential removing the root causes of actual and potential problems.problems.

4.4. Capacity Management Capacity Management Optimizing the capacity of IT Optimizing the capacity of IT resources and services in alignment with business resources and services in alignment with business requirements. requirements.

5.5. Change Management Change Management Maximizing the business benefits Maximizing the business benefits of infrastructure change while reducing risk of making of infrastructure change while reducing risk of making changes. changes.


10 Core IT Service 10 Core IT Service

Management processes:Management processes:6.6. IT Service Continuity Management IT Service Continuity Management Ensuring the Ensuring the

availability and rapid restoration of IT services in the availability and rapid restoration of IT services in the event of a disaster. event of a disaster.

7.7. Configuration Management Configuration Management Establishing control of Establishing control of critical IT configuration items critical IT configuration items

8.8. Financial Management Financial Management Measuring, controlling and Measuring, controlling and recovering costs of IT service. recovering costs of IT service.

9.9. Release Management Release Management Improving release, distribution Improving release, distribution and maintenance processes of configuration items. and maintenance processes of configuration items.

10.10. Service Level Management Service Level Management Establishing, reporting on, Establishing, reporting on, and maintaining the delivery of agreed upon IT services and maintaining the delivery of agreed upon IT services levels to customers. levels to customers.


Introduction to IT Infrastructure Library Introduction to IT Infrastructure Library -- ITIL ITIL

Service Management Processes FrameworkService Management Processes Framework


View of Tools aligned to and used in support of View of Tools aligned to and used in support of

the ITIL frameworkthe ITIL framework CMDB=Configuration

Management Database

The CMDB will se serve

as the blueprint for how

the entire IT infrastructure

is structured, how vario

ious CIs — hardware,

software, incidents,

agreements, service

levels, docucumentation,

and soon — are related,

and how the entire

metasystem functioions.

Network Management

System (NMS) is a

combination of hardware

and software used to

monitor and administer

network


ITIL V3ITIL V3


Five essential core books represent Five essential core books represent

basic ITIL Service Lifecycle elementsbasic ITIL Service Lifecycle elements

1.1. Service StrategyService Strategy: Creating the set of services that help : Creating the set of services that help achieve business objectives.achieve business objectives.

2.2. Service DesignService Design: Designing services, from technical : Designing services, from technical and business perspective.and business perspective.

3.3. Service TransitionService Transition: How to change live production : How to change live production infrastructure, implementing the needed services.infrastructure, implementing the needed services.

4.4. Service OperationService Operation: Day: Day--toto--day IT business, operating. day IT business, operating. A place to start if you are new to ITIL.A place to start if you are new to ITIL.

5.5. Continual Service ImprovementContinual Service Improvement: Evaluating and : Evaluating and improving services in support of business goals. improving services in support of business goals.


ITSMITSM

�� ITSMITSM ((Information Technology Service Information Technology Service ManagementManagement, , ManajemenManajemen LayananLayanan TeknologiTeknologiInformasiInformasi) ) adalahadalah suatusuatu metodemetode pengelolaanpengelolaansistemsistem teknologiteknologi informasiinformasi (TI) yang (TI) yang secarasecarafilosofisfilosofis terpusatterpusat padapada perspektifperspektif konsumenkonsumenlayananlayanan TI TI terhadapterhadap bisnisbisnis perusahaanperusahaan

�� ITSM ITSM berfokusberfokus padapada prosesproses dandan karenanyakarenanyaterkaitterkait dandan memilikimemiliki minatminat yang yang samasama dengandengankerangkakerangka kerjakerja dandan metodologimetodologi gerakangerakanperbaikanperbaikan prosesproses ((sepertiseperti TQMTQM, , Six SigmaSix Sigma, , Business Process ManagementBusiness Process Management, , dandan CMMICMMI) )


ITSMITSM

�� DisiplinDisiplin iniini tidaktidak mempedulikanmempedulikan detildetil penggunaanpenggunaan produkproduksuatusuatu pemasokpemasok tertentutertentu atauatau detildetil teknisteknis suatusuatu sistemsistemyang yang dikeloladikelola, , melainkanmelainkan berfokusberfokus padapada upayaupayapenyediaanpenyediaan kerangkakerangka kerjakerja untukuntuk menstrukturkanmenstrukturkanaktivitasaktivitas yang yang terkaitterkait dengandengan TI TI dandan interaksiinteraksi antaraantarapersonilpersonil teknisteknis TI TI dengandengan penggunapengguna teknologiteknologi informasiinformasi

�� ITSM ITSM umumnyaumumnya menanganimenangani masalahmasalah operasionaloperasionalmanajemenmanajemen teknologiteknologi informasiinformasi ((kadangkadang disebutdisebutoperations architectureoperations architecture, , arsitekturarsitektur operasioperasi) ) dandan bukanbukanpadapada pengembanganpengembangan teknologinyateknologinya sendirisendiri


ITSMITSM

�� ContohnyaContohnya, , prosesproses pembuatanpembuatan perangkatperangkat lunaklunakkomputerkomputer untukuntuk dijualdijual bukanlahbukanlah fokusfokus daridaridisiplindisiplin iniini, , melainkanmelainkan sistemsistem komputerkomputer yang yang digunakandigunakan oleholeh bagianbagian pemasaranpemasaran dandanpengembanganpengembangan bisnisbisnis didi perusahaanperusahaan perangkatperangkatlunaklunak--lahlah yang yang merupakanmerupakan fokusfokus perhatiannyaperhatiannya

�� BanyakBanyak pula pula perusahaanperusahaan nonnon--teknologiteknologi, , sepertisepertipadapada industriindustri keuangankeuangan, , ritelritel, , dandan pariwisatapariwisata, , yang yang memilikimemiliki sistemsistem TI yang TI yang berperanberperan pentingpenting, , walaupunwalaupun tidaktidak terpaparterpapar langsunglangsung kepadakepadakonsumennyakonsumennya


ITSMITSM

�� SesuaiSesuai dengandengan fungsifungsi iniini, ITSM , ITSM seringsering

dianggapdianggap sebagaisebagai analogianalogi disiplindisiplin ERPERP

padapada TI, TI, walaupunwalaupun sejarahnyasejarahnya yang yang

berakarberakar padapada operasioperasi TI TI dapatdapat membatasimembatasi

penerapannyapenerapannya padapada aktivitasaktivitas utamautama TI TI

lainnyalainnya sepertiseperti manajemenmanajemen portfolio TIportfolio TI dandan

rekayasarekayasa perangkatperangkat lunaklunak


CMMICMMI

�� Capability Maturity Model IntegrationCapability Maturity Model Integration atauatau CMMICMMI ((bahasabahasaIndonesiaIndonesia: : IntegrasiIntegrasi Model Model KematanganKematangan KemampuanKemampuan) ) adalahadalah suatusuatupendekatanpendekatan perbaikanperbaikan prosesproses yang yang memberikanmemberikan unsurunsur--unsurunsurpentingpenting prosesproses efektifefektif bagibagi organisasiorganisasi. . PraktikPraktik--praktikpraktik terbaikterbaik CMMI CMMI dipublikasikandipublikasikan dalamdalam dokumendokumen--dokumendokumen yang yang disebutdisebut model, yang model, yang masingmasing--masingmasing ditujukanditujukan untukuntuk berbagaiberbagai bidangbidang yang yang berbedaberbeda

�� SaatSaat iniini terdapatterdapat duadua bidangbidang minatminat yang yang dicakupdicakup oleholeh model CMMI: model CMMI: developmentdevelopment ((pengembanganpengembangan) ) dandan acquisitionacquisition ((akuisisiakuisisi). ). VersiVersiterkiniterkini CMMI CMMI adalahadalah versiversi 1.2 1.2 dengandengan duadua model yang model yang tersediatersedia yaituyaituCMMICMMI--DEV (CMMI for Development) yang DEV (CMMI for Development) yang dirilisdirilis padapada AgustusAgustus 20062006dandan ditujukanditujukan untukuntuk prosesproses pengembanganpengembangan produkproduk dandan jasajasa, , sertasertaCMMICMMI--ACQ (CMMI for Acquisition) yang ACQ (CMMI for Acquisition) yang dirilisdirilis padapada November 2007November 2007dandan ditujukanditujukan untukuntuk manajemenmanajemen rantairantai suplaisuplai, , akuisisiakuisisi, , sertaserta prosesprosesoutsourcingoutsourcing didi pemerintahpemerintah dandan industriindustri


CMMICMMI

�� TerlepasTerlepas model model manamana yang yang dipilihdipilih oleholehsuatusuatu organisasiorganisasi, , praktikpraktik--praktikpraktik terbaikterbaikCMMI CMMI harusharus disesuaikandisesuaikan oleholeh masingmasing--masingmasing organisasiorganisasi tergantungtergantung padapadasasaransasaran bisnisnyabisnisnya. . OrganisasiOrganisasi tidaktidak dapatdapatmemperolehmemperoleh sertifikasisertifikasi CMMI, CMMI, melainkanmelainkandinilaidinilai dandan diberidiberi peringkatperingkat 11--5. 5. HasilHasilpemeringkatanpemeringkatan penilaianpenilaian iniini dapatdapatdipublikasikandipublikasikan jikajika dirilisdirilis oleholeh organisasiorganisasipenilainyapenilainya


�� Amazon.comAmazon.com : An Evolving Business Models: An Evolving Business Models

�� The Need for Frameworks and ModelsThe Need for Frameworks and Models

�� The Work System FrameworkThe Work System Framework

�� Work System PrinciplesWork System Principles

�� Relationships Relationships BeetwenBeetwen Work Systems and ISWork Systems and IS

�� The Principle Based Systems Analysis MethodThe Principle Based Systems Analysis Method

�� Measurement Work System PerformanceMeasurement Work System Performance

�� ClasificationClasification Related toRelated to

Understanding SystemsUnderstanding Systems

from Business Viewpointfrom Business Viewpoint


Amazon.comAmazon.com : An Evolving : An Evolving

Business ModelsBusiness Models

((Work System Snapshot, Work System Snapshot, Amazon.comAmazon.com

provides a different way to shop for provides a different way to shop for

books)books)


The Work System FrameworkThe Work System Framework

�� The CustomerThe Customer

�� The Product and ServicesThe Product and Services

�� The Business ProcessThe Business Process

�� The ParticipantThe Participant

�� The InformationThe Information

�� The TechnologyThe Technology

�� ContextContext

�� InfrastructureInfrastructure


The CustomerThe Customer

��People who use and People who use and

receive direct benefit receive direct benefit

from the products and from the products and

servicesservices


The Product and The Product and

ServicesServices�� The combination of The combination of

physical things information physical things information

and services that the work and services that the work

system produces for to system produces for to

customercustomer


The Business ProcessThe Business Process

�� The sets of the steps or The sets of the steps or

activities that are activities that are

performed within the work performed within the work

systemsystem


The ParticipantThe Participant

�� People who perform the People who perform the

work step in the work step in the

business processbusiness process


The InformationThe Information

�� The information used by The information used by

the participants to the participants to

perform their work perform their work


The TechnologyThe Technology

�� The hardware, software The hardware, software

and the other tools and and the other tools and

equipment used by the equipment used by the

participantsparticipants


ContextContext

�� The organizational, The organizational,

competitive, technical competitive, technical

and regulatory realm and regulatory realm

within which the work within which the work

system operatessystem operates


InfrastructureInfrastructure

�� Is share human and Is share human and

technical resources that technical resources that

the work system the work system relliesrellies

on even through these on even through these

resources exist and are resources exist and are

managed outside of it.managed outside of it.


TugasTugas--22

�� TugasnyaTugasnya peroranganperorangan

�� WaktunyaWaktunya : 1 : 1 mingguminggu

�� KirimKirim keke : : [email protected]@yahoo.com

�� UraianUraian TugasTugas ::�� TetapkanTetapkan 1 1 jenisjenis org/org/perusahaanperusahaan

�� SetiapSetiap mhsmhs tdktdk bolehboleh org org ygyg samasama

�� BuatBuat WSFWSF--nyanya ::�� WSF WSF InstitusiInstitusi

�� WSF Unit/Sub min 2 sub/unitWSF Unit/Sub min 2 sub/unit

�� DiketikDiketik menggunakanmenggunakan tools tools tertentutertentu


MateriMateri UTS UTS

1.1. MRTMRT

2.2. IT ILIT IL

3.3. ITSM+CMMIITSM+CMMI

4.4. WSFWSF

5.5. Open or Close : surprise!Open or Close : surprise!

manajemen sistem informasi (msi) · pdf filehandout msi poltekpos indonesia handout manajemen...

Documents