Getting a Networking Job: IT Operations
IT operations is the heartbeat of organizations using computers and networks to support their key business processes. Many networking professionals begin their networking careers in IT operations; some spend their entire careers there.
Change management is a basic IT operations process concerned with the management and control of changes made in IT systems. A proper change management process has formal steps of request, review, approval, execution, verification, and recordkeeping. The purpose of change control is the discussion of proposed changes before they take place, so that risks and other issues can surface.
All process and procedures, including those in incident management, vulnerability management, and change management, should be formally documented.
Configuration management is a basic IT operations process that is concerned with the management of configurations on servers, workstations, and network devices. Configuration management is closely related to change management. Whereas change management is involved with the process of performing the change, configuration management is involved with the preservation of present and prior configurations of each device and system.
The IT service (help) desk is a central point of contact for users who require information or assistance. Users call or send a message asking for help with some matter concerning the use of a computer, network, program, or application.
In many organizations, IT service desk personnel are trained to assist with several common and easily remedied issues, such as forgotten passwords, simple support issues related to office productivity tools, accessing central resources such as file servers, and printing. When service desk personnel are unable to assist directly, they will refer the issue to a specialist who can offer more advanced assistance.
Most organizations utilize a ticketing system to track open issues, the time required to fix issues, and resources used. When used properly, a ticketing system can be a rich source of statistics related to the types of assistance that uses are requesting and the resources and time required to fix them.
The velocity of harmful events has accelerated to a point where data review of incident logs is no longer an effective means of detecting unwanted behavior. Besides, the volume of available log data is too great for humans to review.
Organizations must centralize their logging. All devices and systems should send their log data to a purpose-built central repository, called a security incident and event management (SIEM) system. But more than that, organizations need tools that not only detect serious security events but also alert key personnel and even remediate the incident in seconds instead of weeks or months as is often the case.
Hardware problems, software problems, and disasters of many kinds make organizations wish they had a backup copy of critical information. Most organizations routinely perform backups, where important data is copied to backup media or servers in some remote location.
When data is no longer needed, it must be effectively destroyed so that unauthorized parties can’t recover it. Some companies pay little attention to this task, but others do a thorough job of data destruction. No, you won’t get to smash obsolete printers out in a field, but you might get to operate some cool equipment to destroy unneeded data.
Antimalware, antivirus, and advanced malware protection (AMP) refer to tools designed to detect and block malware infections and malware activities.
Organizations often combat malware by having several layers of control in place (known as a defense in depth), including the following:
Email server antimalware
Intrusion prevention systems (IPS)
The recent potency of malware is leading many organizations to enact more controls in the form of intrusion prevention systems, which block the command-and-control traffic associated with malware.
Remote access is both the business process as well as the technology that facilitates an employee’s ability to remotely access information systems that are not accessible from the Internet.
In the business process sense, many organizations permit only a subset of their workers to remotely access the internal environment. In the technical sense, remote access usually includes encryption of all communications, as well as two-factor authentication to make it harder for an attacker to gain access to internal systems.
The fact that many systems are opting to use cloud-based systems instead of internal systems makes some aspects of remote access obsolete. Or, to put it another way, cloud-based systems turn everyone into remote workers because their information systems are no longer located in their internal networks.
Incident management is an IT operations process used to properly respond to operational and security incidents. Organizations should have written incident response plans along with training and testing to ensure that these plans are accurate and that personnel understand how to follow them. Written playbooks for common incidents should be developed.
Security incidents are just a special type of incident management, requiring a few additional considerations such as regulatory requirements and privacy laws.
The steps in a mature incident management process are
Recovery or mitigation or both
Not all security incidents require all these steps, but this framework ensures an orderly and coordinated response to reduce the scope and effect of an incident, as well as a debriefing and follow-up activities to reduce the likelihood or effect of a similar incident in the future.
Vulnerability management is an IT operations process concerned with the identification and mitigation of vulnerabilities in IT systems. An effective vulnerability management process includes procedures for identifying vulnerabilities, prioritizing them, and making changes (through change management) to eliminate vulnerabilities that could be used by an intruder to successfully attack the environment.
Other IT operations processes
Honorable mentions that we won’t describe include the following: