Tesis sobre el tema "IT-incident management"

IT-security is a global problem and over the world Computer Emergency Response Teams (CERT) are created in order to solve the problem. The common understanding is that IT-security is important but no straight guideline how to deal with it. The Swedish IT-incident centre (SITIC) started 2003. It is a Swedish solution on an international problem. There are challenges to be met when handling an IT-incident centre – organisation form, activity and result. We believe a general solution in IT-incident management that will suit all parties in the society, is a hard task for SITIC as things stand today. What we can deduce from our investigation is that there is no greater need of SITIC among the global companies. We believe one reason for this is that they are going to create within their companies some sort of CERT function by themselves in the future. This in its turn, depend on that the companies do not have any trust to SITIC, they do not see the benefit with an activity as SITIC because they only see the reporting, they do not believe they are going to get something in return. Conclusion: Incident management is not only about reporting incidents, but a continuous life cycle with phases: detect, report, measure and follow-up.
IT-säkerhet är ett globalt problem och över världen skapas Computer Emergency Respons Teams (CERT) för att försöka att lösa olika problem. Den vanliga uppfattningen är att IT-säkerhet är viktigt men att inga direkta guidelines finns för hur man skall hantera det. SITIC som är det svenska IT-incident centret, startade 1 januari, 2003. Det är en svensk lösning på ett internationellt problem. För ett IT-incident center finns det utmaningar att hantera såsom organisations form, verksamhet och resultat. Vi tror att en generell lösning av hanteringen IT-incidenter som skulle passa alla parter i samhället blir svårt för SITIC att klara av som det ser ut idag. Vad vi kan härleda från vår utredning är att det inte finns något större behov av SITIC för de globala företagen. Vi tror att en av anledningarna är att företagen själva i framtiden tänker starta egna CERT-funktioner. Detta i sin tur kan bero på att företagen inte har något större förtroende för SITIC, de kan inte se någon fördel men verksamheten, de ser endast rapporteringsdelen. Företagen tror inte att de kommer att få något tillbaka när dom rapporterar sina incidenter till SITIC. Slutsats: Incident hantering handlar inte bara om att rapportera incidenter, utan det är en kontinuerlig livscykel innehållande faserna: upptäcka, rapportera, åtgärda och följa upp.

Thesis covers IT management with emphasis on incident management and its implementation to company, which desires to apply the best practice of information technology service management. First part of the thesis defines common language of modern management of IT processes -- Information Technology Infrastructure Library in its last 3rd version from 2011 (ITIL v3). Furthermore paper analyzes the function and role of Incident Management within company and its connections to other processes. Second part of the thesis describes practical implementation of the Incident Management and comparison of state before and after ITIL compliant processes.

Dissertation presented to obtain a Masters degree in Computer Science
Software development and software quality improvement have been strong topics for discussion in the last decades. Software Engineering has always been concerned with theories and best practices to develop software for large-scale usage. However, most times those theories are not validated in real live environments. Therefore, the need for experiments is immense. The incidents database can be an important asset for software engineering teams. If they learn from past experience in service management, then they will be able to shift from a reactive approach to a more proactive one. The main goal of this dissertation is shedding some light on the influential factors that affect incidents lifecycle, from creation to its closure, and also to investigate to what accuracy the ARIMA models are a valid approach to model and predict not only the ITIL incident management process, but also other ITIL processes and services in general. The dissertation presented herein is on the crossroads of Empirical Software Engineering and of the emerging area of Services Science. It describes an experiment conducted upon a sample of incident reports, recorded during the operation of several hundred commercial software products, over a period of three years (2005-2007), on six countries in Europe and Latin America. The incidents were reported by customers of a large independent software vendor. The primary goal of an Incident Management process is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations, thus ensuring that the best possible levels of service quality and availability are maintained. As a result of this, a software company can make use of a good incident management process to improve several areas of their business, particularly product development, product support, the relation with its customers and their positioning in the marketplace. The underlying research questions refer to the validation of which are the influencing factors affecting the incidents management lifecycle, and also aims at finding the existence of patterns and/or trends in incident creation and resolution based on a time series approach. Additionally, it presents the estimation, evaluation and validation of several ARIMA models created with the purpose of forecasting upon incident resolution based on incident creation historic data. Understanding causal-relationships and patterns on incident management can help software development organizations on optimizing their support processes and in allocating the adequate resources; people and budget.

The diploma thesis focuses on information systems analysis and assessment of a chosen company. After results evaluation based on this analysis, a proposal will be made on how to convert the former information system into a new one. This proposal will be described from an economic point of view at the end of the thesis as well.

In this 7.5 HEC B-level thesis in Computer Science, a service desk web application is designed for Swedish government agencies with integrated major incident reporting functionality to the Swedish Civil Contingencies Agency (Myndigheten för samhällsskydd och beredskap). There are several advantages to integrating the major incident reporting procedure into the regular incident management process - information would no longer have to be duplicated, and the problems of untraceability and under-reporting could additionally be solved. The proof-of-concept application was designed and partially developed with ASP.NET Core (MVC) web framework and Bootstrap front-end framework. The user interface was evaluated with heuristic evaluation by the author and two master’s students in Information Security at Luleå Technical University. Although the proposed software and interface design may have left room for improvement, it did highlight the societal need for an efficient and responsible incident management process and the general benefits of integration.

Användandet av IT relaterade tjänster har ökat kraftigt de senaste åren och visar inga tecken på att avstanna. Men i takt med att användningen ökar så ökar även riskerna, för vad händer egentligen när de IT-tjänster som så många företag och privatpersoner förlitar sig på plötsligt fallerar eller på annat sätt blir oåtkomliga? För att skydda sig mot sådana scenarier så blir det allt vanligare bland företag som driver IT-tjänster att använda sig incidenthantering, vars syfte är att genom fördefinierade processer återställa IT-tjänster till fungerande läge när en incident väl inträffar. För att implementera en incidenthanteringsprocess är det vanligt att verksamheter använder någon form av ramverk eller metod för att underlätta och effektivisera arbetet, i skrivande stund heter de mest använda ramverken ITIL och COBIT. Det är mycket vanligt att en incidenthanteringsprocess i en verksamhet bygger på någon form av system eller applikation vars syfte är att underlätta och effektivisera hanteringen av incidenter, ett sådant system benämns ofta som incidenthanteringssystemet. Trots att ramverk som ITIL och COBIT är använda i stor utsträckning världen över så uppstår det ett problem i att de båda saknar fokus på incidenthanteringssystemet och vad ett sådant system skall klara av. För när ramverken inte tar upp en sådan central del av incidenthanteringsprocessen så innebär det att den implementerande verksamheten själva måste lägga tid och resurser på att reda ut hur ett sådant system skall fungera. Denna studie adresserar problemet med att de vanligast använda ramverken för incidenthantering inte behandlar det, för processen, så centrala incidenthanteringssystemet genom att undersöka och besvara följande forskningsfrågor. Vilka implicita och explicita krav bör ett incidenthanteringssystem uppfylla?  Vilka krav på incidenthanteringssystemet går att utläsa från de mest använda ramverken för incidenthantering?  Hur matchar de framtagna kraven de krav som ställts av en verksamhet ur näringslivet? Denna studie riktar sig framförallt till de verksamheter eller individer som anser sig ha nytta av en sammanställning av de krav som ett incidenthanteringssystem bör uppfylla och kan fungera som ett stöd vid implementering eller inköp av ett nytt incidenthanteringssystem. Genom att identifiera kraven som ställs på ett incidenthanteringssystem utifrån de mest använda ramverken för incidenthantering så bidrar studien med resurser för implementationen av nämnt system drastiskt minskar. Samt genom att presentera ett konkret exempel, fallstudien, och jämföra det med kraven från ramverken bidrar studien med en referenspunkt för verksamheter att utgå ifrån när de implementerar eller köper ett nytt incidenthanteringssystem.
The use of IT-related services has increased massively over the past years and it shows no signs to stop. But alongside the usage increasing the risks also increases, because what will happen when the IT-services that so many rely upon suddenly cease to function, or in other ways become inaccessible? To protect against such scenarios it is increasingly more common for IT-service businesses to use incident management, whose purpose is to recover IT-services to their functional state, using predefined processes, should an event occur. It is common for IT-service businesses when implementing an incident management process to use some kind of framework or method to facilitate and streamline its work process, and as of writing this paper, the most used frameworks are ITIL and COBIT. It is very common for an IT-service business that in the incident management process develop a system or application whose purpose is to facilitate and streamline the incident management, and these are commonly referred to as Incident Management Systems. Even though ITIL and COBIT being widely used worldwide, there are some weaknesses in them, regarding Incident Management Systems, since both of the frameworks lack focus and depth of what an Incident Management System should manage. Such lack of focus and depth of a vital and central part of the Incident Management process, may prove expensive to IT-service businesses since the business needs to investigate what the system needs to manage, and how to manage it. This paper address the problem with ITIL and COBIT lack of focus and depth regarding the central part of the incident management process, the Incident Management System by investigating and reciprocate the following questions. Which implied and explicit requirements should an Incident Management System meet?  Which Incident Management System requirements can be found from the most used frameworks regarding Incident Management?  How well does the identified requirements match those requirements made by a real world company? The target audience for this paper is mainly IT-service business or individuals that considers themselves in need of a compilation of requirements that an Incident Management System should meet and can be used as a supporting tool when implementing or purchasing a new Incident Management System. By identifying requirements that an Incident Management Systems should meet from the most used framework regarding Incident Management, this paper will contribute with means for the implementation of the Incident Management System, reducing the costs for the investigation of demands of such a system. It will also present interested parties with a concrete example, the single case study, to compare with the requirements from the frameworks, contributing with a benchmark for IT-service business to start from when implementing or purchasing an Incident Management System.

Information security incident management is important for organizations and its importance is increasing. Information security incidents are increasing both in number and in scope and in 2018 GDPR and the NIS-directive require organizations to report incidents to a supervision authority. This study highlights IT-consulting companies and their vulnerable position as subcontractors. The study aims to address the lack of empirical research in incident management and to inform future theory development. The goal of the study is to answer the research questions (1) what challenges do IT-consultancy companies experience with their incident management? (2) What challenges are specifically related to the GDPR and the NIS-directive? And (3) what challenges are specific for consulting companies? Challenges with the incident management are identified and clarified by qualitative interviews with experts and a survey. The analysis of the results shows that some of the challenges are consistent with previous studies, while some are new and that the survey partly support the experts' opinions. The conclusion of the study is that the majority of the companies’ improvement opportunities are linked to internal and external communication, cost focus, absence of a major incident, awareness, GDPR, the role of consulting company and internationally recognized difficult activities. The research contribution of the study consists of identified challenges in the field of incident management derived from IT-consultancy companies. The result of the study are recommended to IT-consultancy companies that would like to improve their incident management process by gaining an understanding of incident management issues.
En väl fungerande process för incidenthantering är och blir allt viktigare för organisationer. Informationssäkerhetsincidenter ökar både i antal och i omfattning och 2018 träder GDPR och NIS-direktivet i kraft med krav på rapportering av utpekade incidenter till en tillsynsmyndighet. Denna studie belyser IT-konsultbolag och deras utsatta position som underleverantör och syftar till att adressera bristen av empirisk forskning inom incidenthantering och att bidra till en framtida teoriutveckling. Målet med studien är att besvara forskningsfrågorna (1) vilka utmaningar upplever IT-konsultbolag med deras incidenthantering? (2) vilka utmaningar är specifikt relaterade till GDPR och NIS-direktivet? och (3) vilka utmaningar och är specifika för just konsultbolag? Resultatet bygger på kvalitativa intervjuer med experter och en enkätundersökning och resultatet identifierar och tydliggör upplevda utmaningar med bolagens incidenthantering. Analysen av resultatet visar att vissa av bolagens utmaningar överensstämmer med tidigare studier medan vissa är nya och att enkätundersökningen till viss del stödjer experternas utlåtanden. Slutsatsen av studien är att bolagen har flertalet utvecklings- och förbättringsmöjligheter som är kopplade till intern och extern kommunikation, kostnadsfokus, avsaknad av en större incident, medvetenhet, GDPR, rollen som konsultbolag och internationellt erkända svåra aktiviteter. Studiens forskningsbidrag består av identifierade utmaningar inom området incidenthantering hos IT-konsultbolag och resultatet av studien rekommenderas till IT-konsultbolag som, genom att få en förståelse av incidenthanteringens problematik, vill förbättra och utveckla sin process för hantering av incidenter.

Effective fireground decision-making requires good situation awareness (SA) and appropriate selection from the information available to the incident commander. Individuals can display different information bias/scope in their view of the operational incident: either a liberal bias/scope towards accepting information as true with a risk of false alarm errors and/or a conservative bias/scope towards rejecting information with a risk of misses. Such decision - making bias/scope was examined over a series of five separate studies including operational fire fighters and incident commanders. The studies included a breathing apparatus (BA) exercise, two different table top operational incidents (domestic and commercial) and two exercises for flexible duty managers (FDM) in an assessable simulated fireground incident in 2012 and again in 2013. The studies were based on realistic incidents that both fire fighters and FDMs would be expected to respond to, in the final two studies each individual had to take over command and move towards a successful conclusion from an operational, environmental and social perspective. In all the studies, participants were required to answer true or false to a series of probe statements about the incident, which were analysed by a signal detection tool (QASA) to give a measure of actual situational awareness (ASA), perceived situational awareness (PSA) and bias/scope. The first exercise was a BA exercise undertaken to identify if bias was shown by FF’s when undertaking training, the data analysed by the QASA identified that most individuals displayed a high level of ASA about the incident, but also showed either a conservative bias/scope (with miss errors) or a liberal bias /scope (with false alarm errors). The results however also show that two individuals can appear to have similar ASA, but in fact still have very different bias/scope in regard to that knowledge. Once it was established that bias was identified this was developed using table top exercises as it allowed more participants and more control over undertaking the research within normal programmed training periods. The analysis of the two table top exercises showed ASA was high in both, but fire fighters perceived their PSA in a similar way if they had high confidence in one exercise they also had high confidence in the other exercise, or vice versa. However there was no significant correlation between the ASA scores and the PSA scores, with the pattern of bias/scope tendencies being differed across the two studies; with no significant correlation. In reviewing these results the identified difference in undertaking the 2 exercises was that in the second FF’s were familiar with the process and this allow a more relaxed approach, reducing pressure on the individual. While individuals showed bias patterns within the exercises undertaken, more pressurized exercises were identified to see if this bias was consistent for the individual when under pressure. Using the assessable incident commander exercises run by the FRS to test incident commander competence at a FDM level to undertake this. The exercises were used in 2012 and 2013 using the same individuals to compare their results, the outcome of these two simulated assessable fireground incident studies were; • for ASA: there was no significant correlation: r = -.120 and p= .623; • for PSA: there was a significant positive correlation: r =.577 and p = .012; • for bias/scope there was found a strongly positive significant correlation across the scores: r = .592 which is significant at the .008 level. The conclusion of the research is that individuals hold bias/scope tendencies and under pressure these tendencies are shown to be resting and will impact (condition) the individual’s decisions during periods of operational command during stressful conditions. The finding of bias/scope patterns is an important one that may have implications for understanding errors in incident ground decision - making. The finding of resting bias/scope patterns in FDM is an even more important one, which will have implications for understanding errors in incident ground decision - making and how we can help to reduce them. In semi structure interviews with FDMs who had undertaken the assessable exercises, they believed that knowing their bias was a first step to altering it to allow them to improve their decision making at pressurized incidents. Which supported the ultimate goal of the current research to further the understanding of bias/scope tendency, in order to support the training of effective fireground decision - making.

More than ever, businesses heavily rely on IT service delivery to meet their current and frequently changing business requirements. Optimizing the quality of service delivery improves customer satisfaction and continues to be a critical driver for business growth. The routine maintenance procedure plays a key function in IT service management, which typically involves problem detection, determination and resolution for the service infrastructure. Many IT Service Providers adopt partial automation for incident diagnosis and resolution where the operation of the system administrators and automation operation are intertwined. Often the system administrators' roles are limited to helping triage tickets to the processing teams for problem resolving. The processing teams are responsible to perform a complex root cause analysis, providing the system statistics, event and ticket data. A large scale of system statistics, event and ticket data aggravate the burden of problem diagnosis on both the system administrators and the processing teams during routine maintenance procedures. Alleviating human efforts involved in IT service management dictates intelligent and efficient solutions to maximize the automation of routine maintenance procedures. Three research directions are identified and considered to be helpful for IT service management optimization: (1) Automatically determine problem categories according to the symptom description in a ticket; (2) Intelligently discover interesting temporal patterns from system events; (3) Instantly identify temporal dependencies among system performance statistics data. Provided with ticket, event, and system performance statistics data, the three directions can be effectively addressed with a data-driven solution. The quality of IT service delivery can be improved in an efficient and effective way. The dissertation addresses the research topics outlined above. Concretely, we design and develop data-driven solutions to help system administrators better manage the system and alleviate the human efforts involved in IT Service management, including (1) a knowledge guided hierarchical multi-label classification method for IT problem category determination based on both the symptom description in a ticket and the domain knowledge from the system administrators; (2) an efficient expectation maximization approach for temporal event pattern discovery based on a parametric model; (3) an online inference on time-varying temporal dependency discovery from large-scale time series data.

CHDS State/Local
Approved for public release; distribution is unlimited
A review of the events of September 11 in New York City shows that inadequate inter-agency coordination or interdisciplinary collaboration existed among the rescuers arriving at the World Trade Center in Lower Manhattan. The 9/11 Commission recommended and NIMS mandated better coordination between the several agencies, specifically the fire and police departments. In 2004, New York City created the Citywide Incident Management System (CIMS) to address these shortcomings. The goal of this research is to provide an evaluation of CIMS several years after implementation; has it changed emergency response in New York City or are the same problems occurring? A survey of the FDNY chief officers was conducted and the results show that CIMS' policies are not consistently enacted. The history and creation of CIMS shortly following the September 11 terrorist attacks is discussed along with a brief background on interagency emergency operations. The history of conflict between the FDNY and the New York City Police Department (NYPD) and its motives are not the subject of this thesis, although they are discussed briefly. In closing, many of the same problems that plagued the emergency responders on September 11 still exist according to the survey results.

This research sheds light on the nature of the role of the operational risk controller in the financial services industry. The focus is on understanding how operational risk controllers interact with different layers of the organisation and become influential with the business lines and senior management. Nine semi-structured interviews were conducted with operational risk controllers, and it was found that their work is becoming increasingly focused on managing people with a view to creating mutual understanding. To achieve this, operational risk controllers should work more as independent facilitators in their interactions with the first line and senior management, as engaged toolmakers when adapting and reconfiguring tools, and as non-financial risk controllers when attempting to enable business leaders to understand the magnitude of operational risks.

Main focus of this thesis is creating workaround for ITIL processes in service desk systems. As a objective with highest priority was to choose service desk systems, then create interface which can make possible communication between service boards and selected processes. I described also in generally meaning ITIL library, common service desk functions and important ITIL processes. Management of incidents, problems, changes and configurations is based on a set of processes, which are able to manipulate with interface. Web services are main tool of implemented API for working with these processes. In conclusion are also presented several scenarios to demonstrate communication between clients and service across the board created interface.

Mestrado em Gestão de Sistemas de Informação
Nos dias de hoje, o recurso às melhores práticas para tecnologias de informação está a tornar-se cada vez mais comum, requerendo um maior investimento nesta área, dando assim melhor e maior suporte aos serviços de SI/TI prestados. No entanto, aderir aos modelos e standards de boas práticas não é trivial, o que faz com que muitas organizações não adoptem as mesmas. Consequentemente, os responsáveis desta área optam por implementar apenas alguns processos em vez de implementações mais abrangentes. Information Technology Infrastructure Library (ITIL) é um dos standards de boas práticas disponível e que por sinal muitas empresas já têm investido nela directa ou indirectamente, fornecendo assim linhas de orientação para melhorar os seus serviços de TI. Com este estudo, pretende-se identificar, através de um inquérito, qual o nível de maturidade das organizações relativamente a implementação dos processos ITIL. Os resultados obtidos revelam que o nível médio de maturidade entre as grandes empresas e as PMEs não diferem muito.
Nowadays, the use of best practices for information technology is becoming increasingly common, requiring greater investment in this area, thus giving better services and greater support for IS / IT providers. However, adhering to standards and models of good practice is not trivial, which means that many organizations do not adopt them. Consequently, those responsible for this area choose to implement only some processes rather than broader implementations. Information Technology Infrastructure Library (ITIL) is one of the standards of good practice available and by the way many companies have already invested in it directly or indirectly, thus providing guidelines to improve their IT services. This study aims to identify, through a survey, what level of maturity organizations have reached regarding the implementation of ITIL processes. The results show that, the average level of maturity between large companies and SMEs do not differ much.

Specification and new trends in the automotive industry impose higher requirements on supply chain management. This thesis describes a part of supply chain management -- reverse logistics and circulation of returnable transport units. The main goal and asset of this thesis is to analyse processes of the team managing the circulation of returnable transport units in the British automobile factories Jaguar and Land Rover. The next main aim and asset is to apply the ITIL methodics Incident management for creating and implementing an application which is based on the process analysis and supports informational needs of individual roles in this team.

碩士
國立交通大學
資訊管理研究所
93
Information Technology Service Management (ITSM) regards IT as a service to manage IT from service-oriented perspective, whereas enterprises can raise their competence through high quality IT Services. ITIL has defined several processes of managing IT services to provide the guidelines for the best practices of ITSM.　The Incident Management process handles incidents arisen from regular IT operations to reduce their negative effects on enterprise operations by providing first-aid resolutions or workaround solutions. ITIL-defined Incident Management process focuses on process activities, procedures, and guiding principles to provide practical instructions for handling incidents. Effective knowledge support for Incident Management has not been investigated. Furthermore, identifying the contextual information of incidents can provide more effective incident management by resolving the incidents according to their contextual information. This work proposes a framework of context-aware knowledge support for Incident Management. Association rule mining is employed to discover contextual knowledge of incidents from historical incident logs. Moreover, rule inferences are employed to infer possible contextual knowledge and resolutions. Consequently, effective knowledge supports for incident management can be achieved by providing needed contextual knowledge and possible resolutions through the rule mining and inferences.

Business process management is a methodology focused on the continuous improvement of business processes, providing for this a collection of best practices. These best practices enable the redesign of business processes to meet the desired performance. By using this methodology, organisations can improve their business processes to achieve their objectives. IT service management defines the management of IT operations as a service. There are several IT service management frameworks available, consisting in best practices that propose standardizing these processes for the respective operations. By adopting these frameworks, organisations can align IT with their business objectives. The objective of this research is to understand how business process management can be applied for the improvement of IT service management processes. To achieve this goal, a case study is conducted for the improvement of the time performance of an incident management process, as it is a process that, to the best of our knowledge, has not been analysed for this objective. The results obtained identified three best practices – activity automation, activity elimination and integral technology – as the best suited for the improvement of the time performance of the analysed incident management process. Using a simulation tool for business processes, it was revealed that the employment of these best practices in the analysed incident management process eliminates the effort required in the 1st support level and reduces in 10.7% the average processing time in the 2nd support level.
A gestão de processos de negócio é uma metodologia focada na melhoria contínua de processos de negócio, indicando para isso um conjunto de melhores práticas. Estas melhores práticas permitem o redesenho dos processos de negócio para obter o desempenho desejado. Através da aplicação desta metodologia, as organizações conseguem melhorar os seus processos de negócio para alcançarem os seus objectivos de negócio. A gestão de serviços de TI define a gestão das operações de TI como um serviço. Existem divesas frameworks para gestão de serviços de TI, consistindo em melhores práticas que propõem processos-padrão de TI para as respectivas operações. Com a adopção de frameworks, as organizações conseguem alinhar as TI com os seus objectivos de negócio. O objectivo desta investigação é perceber como é que a gestão de processos de negócio pode ser aplicada para a melhoria de processos de gestão de serviços de TI. Para atingir este objectivo, é conduzido um caso de estudo para a melhoria de desempenho do tempo num processo de gestão de incidentes, sendo este um processo que, de acordo com o conhecimento adquirido, ainda não foi analisado com este objectivo. Os resultados obtidos identificaram três melhores práticas – automação de atividades, eliminação de atividades e introdução de novas tecnologias – como as mais ajustadas para a melhoria de desempenho do tempo no processo de gestão de incidentes analisado. Recorrendo a uma ferramenta de simulação de processos de negócio, foi revelado que a aplicação destas melhores práticas no processo de gestão de incidentes analisado elimina o esforço necessário no 1º nível de suporte e reduz em 10.7% o tempo médio de processamento no 2º nível de suporte.

碩士
國立交通大學
管理學院資訊管理學程
102
The more complex the internal IT applications used by Enterprises, the more computer operation problems that result! For Enterprises, human resources and time for trouble shooting are very limited; this situation presents a significant challenge. It is an important issue for enterprises to correctly categorize problems and determine the most suitable cases for trouble shooting when they are facing the problems of high replacement rate of IT members and scattered know how. This study developed a system of Knowledge Support for IT Incident Management based on Case-Based Reasoning. This work integrates CBR with an event log to mine Knowledge for Case Incident Management, and we use rules of inference Support Knowledge for Case Incidents.

Over the last 25 years the concern of most organizations with Information Technology (IT) has been clearly exponential. In order to plan, organize, select, support and deliver IT services, it was necessary to implement IT frameworks. These frameworks are a set of the best practices to implement on IT service management. These frameworks are included in several processes of different areas of IT. This research work is focused very concretely on the Incident Management process. Once the organizations technical consulting services are available 24/7, an implementation of this process is crucial. Many of the IT frameworks contain similar processes. Many organizations, when trying to apply more than one framework, end up doing redundant work. Therefore, eliminating overlaps of activities becomes very useful for any process of IT frameworks. In this way, the process becomes simpler and less expensive for the organization. Given the need of the organizations evaluate the maturity of their incident management process and different organizations and different IT frameworks, was born the need for this research. This thesis proposes a Maturity Model for the incident management process that covers the main and most used IT frameworks.
Nos últimos 25 anos a preocupação da generalidade das empresas com as Tecnologias da Informação (TI) é claramente exponencial. De tal forma que, para conseguirem organizar, planear, selecionar, suportar e entregar os serviços de TI, foi necessário implementar frameworks de TI. Estas frameworks são um conjunto de boas práticas a implementar para gestão de serviços de TI. Nestas frameworks estão incluídos vários processos das diferentes áreas das TI. Este trabalho de investigação focou-se muito concretamente no processo de Gestão de Incidências. Sendo que a operacionalidade da generalidade dos serviços requerer disponibilidade de quase 24/7, a implementação deste processo é fulcral. Muitas das frameworks de TI contem processos similares. Muitas organizações, quando tentam aplicar mais que uma framework acabam por fazer trabalho redundante. Assim sendo, a eliminação de sobreposições das atividades torna-se bastante útil para qualquer processo das frameworks de IT. Desta forma o processo torna-se mais simples e menos dispendioso para a organização. Dada a necessidade das organizações de avaliarem a maturidade do seu processo de gestão de incidências e que diferentes organizações têm diferentes frameworks de TI, nasceu a necessidade deste trabalho de investigação. Esta tese propõe um Modelo de Maturidade para o processo de gestão de incidências que abranja as principais e mais utilizadas frameworks de TI.

Dissertação de mestrado integrado em Engenharia e Gestão de Sistemas de Informação
Esta dissertação, inserida no projeto de dissertação de mestrado em Engenharia e Gestão de Sistemas de Informação do departamento de Sistemas de Informação da Universidade do Minho, tem como tema “Comparação de Desempenho de Algoritmos de Machine Learning na Classificação de IT Incident Tickets”, que deriva do estágio profissional que o autor realizou no Grupo Petrotec. Todos os dias, colaboradores dos inúmeros departamentos da instituição reportam incidentes tecnológicos, isto é, problemas relacionados com os mais variados elementos de trabalho do seu quotidiano que, a priori, possam ser resolvidos pelos profissionais de TI. Quando se deparam com algum problema, dirigem-se a uma plataforma onde podem detalhar categórica e textualmente o incidente ocorrido, de forma a que o support agent perceba facilmente o cerne da questão. Contudo, nem todos os colaboradores são rigorosos e precisos a descrever o incidente, onde, por muitas vezes, se verifica uma categoria totalmente desfasada com a descrição textual do ticket, o que torna mais demorada a dedução da solução por parte do profissional. Nesta dissertação, é proposta uma solução que visa atribuir uma categoria ao novo incident ticket através da classificação do mesmo, especificando o técnico informático especializado na solução do incidente em questão, sendo um mecanismo que recorre a técnicas de Text Mining, Processamento de Linguagem Natural (PLN) e Machine Learning que tenta reduzir ao máximo a intervenção humana na classificação dos tickets, diminuindo o tempo gasto na perceção e resolução dos mesmos. Com isso, a classificação do atributo relativo à descrição textual do ticket vai ser fulcral para a dedução do agente informático a resolver o incidente. Os resultados obtidos foram bastante satisfatórios, decifrando qual os melhores procedimentos de processamento textual a serem realizados, obtendo posteriormente, na maior parte dos modelos de classificação utilizados, uma acuidade superior a 90%, o que torna legítima a implementação de todas as metodologias adotadas num cenário real, isto é, no Grupo Petrotec. No que concerne à recolha, processamento e mining dos dados, teve-se em conta a metodologia Cross Industry Standard Process for Data Mining (CRISP-DM) e como metodologia de investigação utilizou-se a Design Science Research (DSR).
This dissertation, included in the master's thesis project in Engineering and Management of Information Systems of the Information Systems department of the University of Minho, has the theme ‘Performance Comparison of Machine Learning Algorithms in Classifying IT Incident Tickets’, which derives from the professional internship that the author performed at Petrotec Group. Every day, employees from the numerous departments of the institution report technological incidents, that is, problems related to the most varied elements of their daily work that can be solved by IT professionals. When faced with a problem, they go to a platform where they can categorically and verbally detail the incident that occurred, so that the 'support agent' easily understands the heart of the matter. However, not all employees are rigorous and accurate in describing the incident, where there is often a category that is totally out of step with the textual description of the ticket, which makes the professional's deduction from the solution more time consuming. In this dissertation, a solution is proposed which aims to assign a category to the new incident ticket through the classification of the same, specifying the specialized support agent in solving the incident in question, being a mechanism, which uses Text Mining, Natural Language Processing (NLP) and Machine Learning techniques and tries to reduce as much as possible the human intervention in the classification of the tickets, decreasing the time spent in their perception and resolution. Therefore, the classification of the attribute related to the ticket's textual description will be central to the assignment of the ‘support agent’ to solve the incident. The results obtained were quite satisfactory, deciphering the best textual processing procedures to be carried out, subsequently obtaining, in most of the classification models used, an accuracy of more than 90%, which makes the implementation of all the methodologies adopted in a real scenario legitimate, that is, in the Petrotec Group. Regarding to data collection, processing and mining, the Cross Industry Standard Process for Data Mining (CRISP-DM) methodology was taken into account and Design Science Research (DSR) was used as the research methodology.

ACM Classification: K.6 Management of Computing and Information Systems
O ISCTE – Instituto Universitário de Lisboa, através dos seus serviços de informática, decidiu adoptar o ITIL® v3 para equiparar as suas práticas de gestão de serviços de TI às melhores práticas conhecidas, para uma posterior certificação dos seus serviços de acordo com a norma ISO/IEC 20000:2005. Atendendo que não existem estudos de implementação do ITIL® v3 em instituições do ensino superior portuguesas, que possam servir de referência para as unidades organizacionais fornecedoras de serviços de TI destas instituições, realizou-se uma investigação qualitativa, exploratória e descritiva, baseada num estudo de caso com o principal objectivo de identificar o que pode ser aprendido a partir de um estudo de uma implementação do processo de gestão de incidentes e do processo de satisfação de pedidos, das melhores práticas do ITIL® v3, nesta Instituição. O projecto foi dividido em duas grandes fases, (i) análise da situação existente na qual foi avaliado o grau de maturidade dos serviços e recolhidas informações através de documentos, de entrevistas e de observação directa, e (ii) definição e modelagem em Business Process Modeling Notation (BPMN) da proposta a adoptar para os processos visados, com base na interpretação dos requisitos das melhores práticas do ITIL® v3 que melhor se adaptam às actuais características de serviços de TI da instituição. Neste contexto, apresentam-se os resultados obtidos e os condicionalismos encontrados, contribuindo para o melhor entendimento e para amenizar a carência de estudos destas temáticas em instituições de ensino superior em Portugal.
ISCTE – Lisbon University Institute, through its IT Services has decided to adopt the ITIL® v3 to match its IT services management practice to the best known practices for future certification of their services according to the norm ISO/ IEC 20000:2005. Considering that there are no ITIL® v3 implementation studies within Portuguese academic institutions that can be used as reference to the organizational units that supply the IT services for these same institutions, a qualitative, exploratory and descriptive research took place. This research, supported on a case study, has its main objective to identify what can be gathered from the study of incident management process and request fulfillment process implementation, according the ITIL® v3 best practices, within this institution. The project was divided in two major phases, (i) existing situation analysis in which it was evaluated the maturity degree of the services and gathered information through documents, interviews and direct observation, and (ii) modeling and definition, in Business Process Modeling Notation (BPMN), of the adopting proposal for the related processes, based on the interpretation of the requisites regarding ITIL® v3 best practices that better adapt to today´s IT service characteristics within the institution. Therefore, obtained results and constraints found are presented, giving its contribution to a better understanding of the studied themes as well as contributing to minimize the lack of these study subjects within Portuguese academic institutions.

Information technology (IT) is nowadays the pillar of any organization that needs to be competitive, efficient and deliver quality services to its customers. This means that, given its importance, it is fundamental to use good practices and standards that allow effective management of IT services. Therefore, several IT frameworks have emerged in recent years to support IT managers, not only improve the predictability and performance of IT services but also align them with business goals. A good example is ITIL, a set of best practices for IT service management that has been accompanied, in the last years, by the implementation of the ISO 20000 standard in companies that want to further increase quality of their IT services. The proposal presented in this research project is to develop a maturity model for ISO 20000, a tool that will allow any organization to not only evaluate the maturity level of its current IT processes, Incident and Service Request Management in particular, but to also serve as a roadmap on how to align with ISO 20000 requirements and obtain certification. In order to achieve the goals defined in this project, authors used the Design Science Research (DSR) methodology, which included several stages, including literature review, interviews with IT experts and interviews with organizations.
As tecnologias de informação (TI) são hoje o pilar de qualquer organização que necessita de ser competitiva, eficiente e entregar serviços de qualidade aos clientes. Isto significa que, dada esta importância, é fundamental o recurso a boas práticas e standards que permitam uma gestão eficaz dos serviços de TI. Neste sentido, diversas frameworks de TI têm surgido, nos últimos anos, para apoiar gestores e decisores de TI, não só a melhorar a previsibilidade e performance dos serviços de TI, mas também a alinhá-los com os objectivos de negócio. Um bom exemplo destas frameworks é o ITIL, um conjunto de boas práticas para gestão de serviços de TI muito popular na comunidade e que tem vindo a ser acompanhado, nos últimos tempos, pela implementação de um standard de gestão de serviços de TI - o ISO 20000 - em empresas que desejam alcançar um novo patamar de qualidade na gestão de serviços. A proposta apresentada neste projecto de investigação é, por isso, altamente relevante e assenta na criação de um modelo de maturidade para ISO 20000. Esta é uma ferramenta que permitirá a qualquer organização não só avaliar o nível maturidade dos seus processos actuais de TI, em particular Incident e Service Request Management, mas também obter indicações de como poderá alinhar-se com os requisitos ISO 20000 e obter certificação. Para alcançar os objectivos definidos, os autores recorreram à metodologia Design Science Research que incluiu várias etapas, entre elas, revisão da literatura, entrevistas com experts de TI e entrevistas com organizações