Apr 12th

5 Skills Learners Master with CompTIA Security+

CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. Here are 5 skills that learners will master with CompTIA Security+ certification.

#1 ATTACKS, THREATS & VULNERABILITIES

Includes updated coverage of the latest threats, attacks, and vulnerabilities, such as IoT device weaknesses, newer DDoS attacks, and social engineering techniques based on current events.

#2 ARCHITECTURE & DESIGN

Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks.

#3 IMPLEMENTATION

Has been expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security.

#4 OPERATIONS & INCIDENT RESPONSE

Includes organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics.

#5 GOVERNANCE, RISK & COMPLIANCE

Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.

Get in touch with us!
Questions about Security+ or any other training?  Call (614) 481-4345 or e-mail info@babsim.com.

Source: comptia.org/security

Apr 8th

Cloud Computing – A Beginner’s Guide

What is Cloud Computing?

Simply put, cloud computing is the delivery of computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (“the cloud”) to offer faster innovation, flexible resources, and economies of scale. You typically pay only for cloud services you use, helping you lower your operating costs, run your infrastructure more efficiently, and scale as your business needs change.

Benefits of Cloud Computing

Cloud computing is a big shift from the traditional way businesses think about IT resources. Here are seven common reasons organizations are turning to cloud computing services:

Types of Cloud Computing

Not all clouds are the same and not one type of cloud computing is right for everyone. Several different models, types, and services have evolved to help offer the right solution for your needs.

First, you need to determine the type of cloud deployment, or cloud computing architecture, that your cloud services will be implemented on. There are three different ways to deploy cloud services: on a public cloud, private cloud, or hybrid cloud.

Public Cloud

Public clouds are owned and operated by a third-party cloud service providers, which deliver their computing resources, like servers and storage, over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software, and other supporting infrastructure is owned and managed by the cloud provider. You access these services and manage your account using a web browser.

Private Cloud

A private cloud refers to cloud computing resources used exclusively by a single business or organization. A private cloud can be physically located on the company’s on-site datacenter. Some companies also pay third-party service providers to host their private cloud. A private cloud is one in which the services and infrastructure are maintained on a private network.

Hybrid Cloud

Hybrid clouds combine public and private clouds, bound together by technology that allows data and applications to be shared between them. By allowing data and applications to move between private and public clouds, a hybrid cloud gives your business greater flexibility, more deployment options, and helps optimize your existing infrastructure, security, and compliance.

Get in touch with us!
Questions about Cloud Computing or any other training?  Call (614) 481-4345 or e-mail info@babsim.com.

Apr 5th

Types of Requirements Elicitation Techniques

The following are common Requirements Elicitation techniques used in Business Analysis. This is the process of collecting information from stakeholders so that the requirements may be documented for application development.

Brainstorming is a group elicitation technique where a problem or topic is presented to the group, and participants are asked to produce as many ideas to solve/address the topic as possible. As ideas are presented, a scribe documents the ideas and ensures the participants can see what is being captured. One of the fundamental rules in brainstorming is that ideas are ‘not judged’ or discussed while they are added to the list, so that momentum is not hindered. Participants are encouraged to use new ways of looking at the situation. If facilitated properly, brainstorming can be fun, engaging, and productive. It is an easy technique to use to generate a lot of ideas in a brief period of time.

Document Analysis – There is often a wealth of written information available to you from which you can discern potential requirements or even just to understand your stakeholders better. Internally you may have existing (albeit out of date) system documentation and vision documents written by your project management office (PMO) to justify your project. Externally there may be web sites describing similar systems, the sites of your competitors, or even textbooks describing the domain in which you’re currently working.

A focus group is composed of pre-qualified individuals whose objective is to discuss and comment on a topic. This is an opportunity for individuals to share their own perspectives and discuss them in a group setting. This could lead participants to re-evaluate their own perspectives considering others’ experiences. A trained moderator manages the administrative pre-work, facilitates the session, and produces the report. Observers may record or monitor the focus group but do not participate.

Interviews – You meet with someone to discuss their requirements. Although interviews are sometimes impromptu events, it is more common to schedule a specific time and place to meet and to provide at least an informal agenda to the interviewee. It is also common to provide a copy of your interview notes to the interviewee, along with some follow up questions, for their review afterward. One danger of interviews is that you’ll be told how the person ideally wants to work, not how they actually work. You should temper interviews with actual observation.

Observation – You sit and watch end users do their daily work to see what really happens in practice, instead of the often-idealistic view which they tell you in interviews. You should take notes and then ask questions after an observation session to discover why the end users were doing what they were doing at the time.

Workshop – A facilitated and highly structured meeting that has specific roles of facilitator, participant, scribe, and observer. Requirements workshops have defined rules of behavior including when to speak, and typically use a U-shaped table. It is customary practice to distribute a well-defined agenda and an information package which everyone is expected to read beforehand. Official meeting minutes are written and distributed after a workshop including a list of action items assigned during the session that the facilitator is responsible for ensuring are performed.

This is just a sampling of some of the common requirements elicitation techniques. Which ones have you had the most success with? Would you like to learn more about Requirements Elicitation training? Give us a call at 614-481-4345 or email info@babsim.com.

Apr 1st

The 7 ITIL Guiding Principles

The ITIL® Guiding Principles are recommendations that guide an organization in all circumstances, regardless of changes in its goals, strategies, type of work, or management structure. They interact and depend upon each other. Not all principles will be critical in every situation, but they should all be reviewed on each occasion to determine how appropriate they are.

The ITIL® Guiding Principles
1. Focus on Value
2. Start Where You Are
3. Progress Iteratively with Feedback
4. Collaborate and Promote Visibility
5. Think and Work Holistically
6. Keep IT Simple and Practical
7. Optimize and Automate

#1 – Focus on Value

This guiding principle when applied effectively will enable an organization to identify and stay focused on what is truly valuable to the customer. And like in the service definition, when part of your culture, it can reduce the chaos and keep staff focused on value and help them to understand how what they do contributes to the co-creation of value. A service is a means of enabling value co-creation.

• First Step: Know who is being served
  • Who the consumer is and who the key stakeholders are
• Next: Understand what is truly of value to consumer
  • Focus on overall Customer Experience (CX) and User Experience (UX)

 #2 – Start Where You Are

This principle will help an organization get the most out of what they already have in terms of all their assets. It helps to eliminate waste and organize what you already have. It works closely with the Optimize and Automate guiding principle.

• Consider what is already available to be leveraged
  • Avoid temptation to begin totally anew
• Assess where you are
  • Measure—direct observation is always preferred method
• Apply the principle
  • Have a proper understanding of the current state of services and methods

 #3 – Progress Iteratively with Feedback

This incorporates DevOps and Agile practices and enables your organization to produce products and services consumers need more quickly and with less errors. It supports organizations that have a bit of a risk appetite.

• Resist the temptation to do everything at once
• Each iteration should be both manageable and managed
• Continually re-evaluate
  • Revise to reflect any changes in circumstances
• Seek and use Feedback
  • Before each iteration
  • During each iteration
  • After each iteration
  • Analyze feedback to identify improvement opportunities, risks, and issues

 #4 – Collaborate and Promote Visibility

This guiding principle helps to create and maintain a safe environment where staff and consumers are enabled to be open and honest. They can be when all are focused on the same goals and objectives and have the mindset of value co-creation as in the definition of a service. It helps to break down barriers between staff and customers.

• Inclusion is generally a better policy that exclusion
  • Creative solutions and important perspectives can be obtained from unexpected sources
• Engage stakeholders
  • Maintain solid communication and visibility
• Isolated work creates Silos
  • Silos can prevent information sharing
  • Assumptions and rumors can prevail
  • Note: Frameworks such as Agile and Lean require collaboration

#5 – Think and Work Holistically

This principle recognizes the complexity of systems and how holistic thinking ensures you’re not missing something in the co-creation of value for the customer. It can, for example, expidite the handling of problems… especially the more complex and impactful ones

• Taking a holistic approach to service management includes establishing an understanding of how all the parts of an organization work together in an integrated way
• All the organization’s activities should be focused on the delivery of value
• Integrated methods should be used to handle activities as a whole

#6 – Keep IT Simple and Practical

This helps organizations to reduce and minimize waste. This is a significant challenge for most organizations. It applies to just about everything in the service value system. Especially to value streams and processes.

Cloud services help with this. You can use only what you need

• Always use the minimum number of steps needed to accomplish an objective
• Use Outcome-based thinking to produce practical solutions
• If something provides no value, eliminate it
• Always ask if what is being considered contributes to value creation
• Create and use rules to handle exceptions
  • Designers need to think about exceptions, but they cannot handle them all

#7 – Optimize and Automate

This applies to the Service Desk in handling incidents and requests. For example, Automation helps to get the most of a service desk. Some incidents can be handled directly by the users with proper automation and the same for service requests.

• Use technology to scale up and take on frequent and repetitive tasks
• Before automating, optimize to whatever level is possible and reasonable
  • Optimization is the means to make something as effective and useful as it needs to be

Automation can save the organization in the following:

• • • Lowered Costs
    • Reduced human error
    • Improved employee experience

Ready to learn more about ITIL4? Give us a call at 614-481-4345 or email info@babsim.com.

Mar 29th

Microsoft Information Protection Administrator

Microsoft is launching a new portfolio of security training and certifications! Today we are going to introduce you to the fourth and final new offering.

SC-400: Microsoft Information Protection Administrator
Do you plan and implement controls that meet organizational compliance needs? Do you translate requirements and compliance controls into technical implementation and assist organizational control owners to become and stay compliant? Do you work with stakeholders to implement technology that supports policies and controls necessary to sufficiently address regulatory requirements for their organization? Do you define applicable requirements, test IT processes and operations against those policies and controls, and create policies and rules for content classification, data loss prevention, governance, and protection? If so, it sounds like you’re an Information Protection Administrator, and this training and certification is for you.

Learn more about the training HERE.

Learn more about the exam HERE.

Ready to learn more about Microsoft Security certification training (dates coming soon!)? Give us a call at 614-481-4345 or email info@babsim.com.