MANAJEMEN SISTEM INFORMASI (MSI)

Transkripsi

1 Handout MANAJEMEN SISTEM INFORMASI (MSI) Oleh : SOLIKIN WS., M.T. [email protected]

2 Kuliah Pengganti Kelas 2A Senin,, 13 Okt 2008 Pk wib Ruang :?

3 Kuliah Pengganti Kelas 2C Senin,, 14 Okt 2008 Pk wib Ruang :? Tdk jd

4 S O L I K I N [email protected] Atau [email protected] Blog

5 Materi dpt di Unduh

6 Tujuan 1. Mahasiswa memahami konsep pengelolaan SI dan mampu melakukan analisis kebutuhan sumber daya 2. Mahasiswa mampu menentukan kegiatan yang diperlukan dalam mengelola SI

7 Lingkup 1. Memberikan pengertian dan pengetahuan tentang kegiatan yang perlu dilakukan dalam mengelola SI 2. Memahami jenis, fungsi, struktur dan peran SI pada suatu organisasi 3. Dapat melakukan analisis dan penetapan kebutuhan dalam pengelolaan sumberdaya agar SI dapat beroperasi secara optimal 4. Dapat menggunakan framework-framework pengembangan dan pengelolaan SI

8 Buku Pustaka 1. MIS, Managing the digital firm, Kenneth C Laudon,, Prentice Hall Managing IT, E. Wainright Martin, Prentice Hall MIS:Managing IT in the Business Enterprise, James A. O Brien. O Mc Graww Hill, Information System, The foundation of E-E Business, Steven Alter, 4thed, Prentice Hall, 2002

9 MRT (Mass( Rapid Transit) Singapore

10

11

12

13

14

15

16

17

18 MRT Mass Rapid Transit (MRT) di Singapura adalah sebuah layanan kereta penumpang ber-ac yang modern, dengan stasiun pemberhentian di seluruh negeri. Terdapat tiga jalur utama jalur North- South dari Marina Bay ke Jurong East, jalur East-West dari Changi Airport/Pasir Ris ke Boon Lay, dan jalur North-East dari Harbour Front ke Punggol.

19 MRT Dari pusat kota, perjalanan dengan MRT ke stasiun Changi Airport hanya selama 27 menit. Layanan kereta dari stasiun Changi Airport beroperasi dengan frekuensi rata-rata 12 menit dan jam layanannya adalah sebagai berikut: Stasiun Changi Airport ke stasiun City Hall Kereta pertama: Pukul (Senin sampai Sabtu), pukul (Minggu dan hari libur) Kereta terakhir: Pukul (setiap hari)

20 MRT Stasiun City Hall ke stasiun Changi Airport Kereta pertama: Pukul (Senin sampai Sabtu), pukul (Minggu dan hari libur) Kereta terakhir: Pukul (setiap hari) Tarif untuk sekali perjalanan dari stasiun Changi Airport ke stasiun City Hall adalah SGD Demi kenyamanan wisatawan, kereta yang melayani stasiun Changi Airport menyediakan rak bagasi dan ruang bebas di setiap gerbong.

21 RATIS Rail Travel Information System (RATIS) mengumumkan informasi jadwal kedatangan dan tujuan kereta. Informasi ini ditampilkan di layar plasma di peron, dan di panel LED di area. Silahkan membaca tujuan kereta di RATIS atau mendengarkan pengumuman dalam kereta untuk memastikan Anda naik kereta yang tepat ke tujuan Anda. Jika Anda naik kereta yang menuju stasiun Pasir Ris, Anda harus turun di stasiun pergantian Tanah Merah, lalu naik ke kereta menuju stasiun Changi Airport. Frekuensi Kereta beroperasi dengan interval antara dua setengah menit dan delapan menit dari pukul pagi sampai malam setiap hari. Periksalah di stasiun MRT yang bersangkutan untuk mendapat jadwal kedatangan/keberangkatan yang tepat.

22 Tiket Tiket Bepergian dengan MRT sangat murah, dengan biaya mulai dari SGD 0.80 sampai maksimal SGD Selain menggunakan tunai, Anda dapat membayar tiket MRT dan bis dengan kartu ez-link. Kartu ini dapat dibeli atau diisi ulang di setiap kantor penjualan tiket TransitLink yang terletak di sebagian besar stasiun MRT dan tempat pergentian bis. Setiap kartu untuk dewasa dijual dengan isi minimal SGD 10 ditambah biaya deposit SGD 5. Untuk informasi lebih lanjut, hubungilah telepon TransitLink: : (bebas( pulsa di Singapura) atau kunjungi situs web SMRT

23 MRT Singapore dikelola oleh siapa? Kapan di bangunnya Kaitan dg IT? Dst Handout MSI Poltek Pos

24 1. IS Overview Materi 2. IS Role in The Enterprises 3. WSF 4. IT IL 5. IS Architectures

25 IT IL (Information Technology Infrastructure Library) Solikin, M.T.

26 IT IL

27 Alignment of the IT Plan with the Organizational Plan The Relationship between Business, IS an IT Strategies

28 IT IL Pustaka Infrastruktur Teknologi Informasi) adalah suatu rangkaian konsep dan teknik pengelolaan infrastruktur, pengembangan, serta operasi teknologi informasi (TI). Nama ITIL dan IT Infrastructure Library merupakan merek dagang terdaftar dari Office of Government Commerce (OGC) Britania Raya. ITIL memberikan deskripsi detil tentang beberapa praktik TI penting dengan daftar cek, tugas, serta prosedur yang menyeluruh yang dapat disesuaikan dengan segala jenis organisasi TI.

29 IT IL Walaupun dikembangkan sejak dasawarsa 1980-an an, penggunaan ITIL baru meluas pada pertengahan an dengan spesifikasi versi keduanya (ITIL v2) yang paling dikenal dengan dua set bukunya yang berhubungan dengan ITSM (IT Service Management), yaitu Service Delivery (Antar Layanan) dan Service Support (Dukungan Layanan) Pada 30 Juni 2007,, OGC menerbitkan versi ketiga ITIL (ITIL v3) yang intinya terdiri dari lima bagian dan lebih menekankan pada pengelolaan siklus hidup layanan yang disediakan oleh teknologi informasi

30 IT IL Is a set of best practices and guidelines that define an integrated, process-based approach for managing information technology services. ITIL can be applied across almost every type of IT environment The Information Technology Infrastructure Library (ITIL) is a set of concepts and techniques for managing information technology (IT) infrastructure, development, and operations

31 IT IL ITIL began in the 1980s as an attempt by the British government to develop an approach for efficient and cost-effective use of its many IT resources. ITIL is a proven set of guidance and best practices developed in the late 1980's by the United Kingdom Central Computer and Telecommunications Agency (CCTA) ITIL stresses service quality and focuses on how IT services can be efficiently and cost-effectively provided and supported. In the ITIL framework, the business units within an organization who commission and pay for IT services (e.g. Human Resources, Accounting), are considered to be "customers" of IT services. The e IT organization is considered to be a service provider for the customers

32 Organizations can benefit in several important ways from IT IL: 1. IT services become more customer-focused 2. The quality and cost of IT services are better managed 3. The IT organization develops a clearer structure and becomes more efficient 4. IT changes are easier to manage 5. There is a uniform frame of reference for internal communication about IT 6. IT procedures are standardized and integrated 7. Demonstrable and auditable performance measurements are defined

33 ITIL details ITIL takes a process-based approach to managing and providing IT services; IT activities are divided into processes, each of which has three levels 1. Strategic: : An organization's objectives are determined, along with an outline of methods to achieve the objectives. 2. Tactical: : The strategy is translated into an appropriate organizational structure and specific plans that describe which processes have to be executed, what assets have to be deployed, and what the outcome(s) ) of the processes should be. 3. Operational: : The tactical plans are executed. Strategic objectives are achieved within a specified time.

34 Each of these areas is a set of best practices: 1. Configuration Management: : Best practices for controlling production configurations (for example, standardization, status monitoring, asset identification). By identifying, controlling, maintaining and verifying the items that make up an organization's IT infrastructure, these practices ensure that there is a logical model of the infrastructure. 2. Incident Management: : Best practices for resolving incidents (any event that causes an interruption to, or a reduction in, the quality of an IT service) and quickly restoring IT services. These practices ensure that normal service is restored as quickly as possible after an incident occurs. 3. Problem Management: : Best practices for identifying the underlying cause(s) ) of IT incidents in order to prevent future recurrences. These practices seek to proactively prevent incidents and problems. 4. Change Management: : Best practices for standardizing and authorizing the controlled implementation of IT changes. These practices ensure that changes are implemented with minimum adverse impact on IT services, es, and that they are traceable.

35 Each of these areas is a set of best practices: 5. Configuration Management: : Best practices for controlling production configurations (for example, Availability Management: : Best practices for maintaining the availability of IT services guaranteed to a customer (for example, optimizing maintenance and design measures to minimize the number of incidents). These practices ensure that an IT infrastructure is reliable, resilient, and recoverable. 6. Financial Management: : Best practices for understanding and managing the cost of providing IT services (for example, budgeting, IT accounting, counting, charging). These practices ensure that IT services are provided efficiently, economically, and cost-effectively. 7. Service Level Management: : Best practices for ensuring that agreements between IT and IT customers are specified and fulfilled. These practices p ensure that IT services are maintained and improved through a cycle cle of agreeing, monitoring, reporting, and reviewing IT services

36 Figure 1 depicts the above processes, showing how the Service Desk function serves as the single point of contact for the various service management processes

37 IT IL and information security IT IL seeks to ensure that effective information security measures are taken at strategic, tactical, and operational levels. Information security is considered an iterative process that must be controlled, planned, implemented, evaluated, and maintained IT IL breaks information security down into: 1. Policies - overall objectives an organization is attempting to achieve 2. Processes - what has to happen to achieve the objectives 3. Procedures - who does what and when to achieve the objectives 4. Work instructions - instructions for taking specific actions

38 It defines information security as a complete cyclical process with continuous review and improvement, as illustrated in Figure 2:

39 As some organizations look at Implementation and Monitoring as a single step, ITIL's Information Security Process can be described as a seven step process 1. Using risk analysis, IT customers identify their security requirements. 2. The IT department determines the feasibility of the requirements and compares them to the organization's minimum information security baseline. 3. The customer and IT organization negotiate and define a service level agreement (SLA) that includes definition of the information security requirements in measurable terms and specifies how they will be verifiably achieved. 4. Operational level agreements (OLAs( OLAs), which provide detailed descriptions of how information security services will be provided, are negotiated and defined within the IT organization. 5. The SLA and OLAs are implemented and monitored. 6. Customers receive regular reports about the effectiveness and status of provided information security services. 7. The SLA and OLAs are modified as necessary

40 As some organizations look at Implementation and Monitoring as a single step, ITIL's Information Security Process can be described as a seven step process 1. Using risk analysis, IT customers identify their security requirements. 2. The IT department determines the feasibility of the requirements and compares them to the organization's minimum information security baseline. 3. The customer and IT organization negotiate and define a service level agreement (SLA) that includes definition of the information security requirements in measurable terms and specifies how they will be verifiably achieved. 4. Operational level agreements (OLAs( OLAs), which provide detailed descriptions of how information security services will be provided, are negotiated and defined within the IT organization. 5. The SLA and OLAs are implemented and monitored. 6. Customers receive regular reports about the effectiveness and status of provided information security services. 7. The SLA and OLAs are modified as necessary

41 Service level agreements The SLA is a key part of the ITIL information security process. It is a formal, written agreement that documents the levels of service, including information security, that IT is responsible for providing. The SLA should include key performance indicators and performance criteria. Typical SLA information security statements should include:

42 Service level agreements 1. Permitted methods of access 2. Agreements about auditing and logging 3. Physical security measures 4. Information security training and awareness for users 5. Authorization procedure for user access rights 6. Agreements on reporting and investigating security incidents 7. Expected reports and audits

43 Service level agreements In addition to SLAs and OLAs,, ITIL defines three other types of information security documentation: 1. Information security policies: : ITIL states that security policies should come from senior management and contain: 1. Objectives and scope of information security for an organization 2. Goals and management principles for how information security is to be managed 3. Definition of roles and responsibilities for information security 2. Information security plans: : describes how a policy is implemented for a specific information system and/or business unit. 3. Information security handbooks: : operational documents for day-to to-day usage; they provide specific, detailed working instructions.

44 Ten ways ITIL can improve information security 1. ITIL keeps information security business and service focused. Too o often, information security is perceived as a "cost center" " or "hindrance" to business functions. With ITIL, business process owners and IT negotiate information i security services; this ensures that the services are aligned with the business' needs. 2. ITIL can enable organizations to develop and implement information on security in a structured, clear way based on best practices. Information security staff can move from "fire fighting" mode to a more structured and planned approach. ach. 3. With its requirement for continuous review, ITIL can help ensure that information security measures maintain their effectiveness as requirements, environments, and threats change. 4. ITIL establishes documented processes and standards (such as SLAs and OLAs) that can be audited and monitored. This can help an organization understand the effectiveness of its information security program and comply with h regulatory requirements (for example, HIPAA or Sarbanes Oxley). 5. ITIL provides a foundation upon which information security can build. b It requires a number of best practices - such as Change Management, Configuration Management, and Incident Management - that can significantly improve information security. For example, a considerable number of information security issues are caused by inadequate change management, such as misconfigured servers.

45 Ten ways ITIL can improve information security 6. ITIL enables information security staff to discuss information security s in terms other groups can understand and appreciate. Many managers can't "relate" to low- level details about encryption or firewall rules, but they are likely l to understand and appreciate ITIL concepts such as incorporating information security into defined processes for handling problems, improving service, and maintaining ing SLAs.. ITIL can help managers understand that information security is a key part of having a successful, well-run organization. 7. The organized ITIL framework prevents the rushed, disorganized implementation i of information security measures. ITIL requires designing and building consistent, measurable information security measures into IT services rather than after-the the- fact or after an incident. This ultimately saves time, money, and d effort. 8. The reporting required by ITIL keeps an organization's management t well informed about the effectiveness of their organization's information security measures. The reporting also allows management to make informed decisions about t the risks their organization has. 9. ITIL defines roles and responsibilities for information security.. During an incident, it's clear who will respond and how they will do so. 10. ITIL establishes a common language for discussing information security. This can allow information security staff to communicate more effectively with internal and external business partners, such as an organization's outsourced security services

46 Implementing ITIL ITIL enables information security staff to discuss information security in terms Critical factors for successful ITIL implementation include: 1. Full management commitment and involvement with the ITIL implementation 2. A phased approach 3. Consistent and thorough training of staff and management 4. Making ITIL improvements in service provision and cost reduction sufficiently visible 5. Sufficient investment in ITIL support tools

47 Conclusion Information security measures are steadily increasing in scope, complexity, and importance. It is risky, expensive, and inefficient for organizations to have their information security depend on cobbled- together, homegrown processes. ITIL can enable these processes to be replaced with standardized, integrated processes based on best practices. Though some time and effort are required, ITIL can improve how organizations implement and manage information security

48 Itil Assessments & Implementation Services

49 Core Processes: The planning, delivery and support of IT Services are divided into ten core processes within ITIL. These ten processes are distributed into two groups, one that focuses on Service Support and the other which focuses on Service Delivery. Service Support encompasses the operational processes that enable an IT organization to implement a stable IT infrastructure, while Service Delivery deals with the planning, realization, continuation of services, and optimizing the cost performance of IT services

50 10 Core IT Service Management processes: 1. Incident Management Timely coordination, diagnosis, correction, and restoration of interrupted IT services. 2. Availability Management Optimizing and ensuring the availability of IT services to support business objectives. 3. Problem Management Identifying and permanently removing the root causes of actual and potential problems. 4. Capacity Management Optimizing the capacity of IT resources and services in alignment with business requirements. 5. Change Management Maximizing the business benefits of infrastructure change while reducing risk of making changes.

51 10 Core IT Service Management processes: 6. IT Service Continuity Management Ensuring the availability and rapid restoration of IT services in the event of a disaster. 7. Configuration Management Establishing control of critical IT configuration items 8. Financial Management Measuring, controlling and recovering costs of IT service. 9. Release Management Improving release, distribution and maintenance processes of configuration items. 10. Service Level Management Establishing, reporting on, and maintaining the delivery of agreed upon IT services levels to customers.

52 10 Core IT Service Management processes: 6. IT Service Continuity Management Ensuring the availability and rapid restoration of IT services in the event of a disaster. 7. Configuration Management Establishing control of critical IT configuration items 8. Financial Management Measuring, controlling and recovering costs of IT service. 9. Release Management Improving release, distribution and maintenance processes of configuration items. 10. Service Level Management Establishing, reporting on, and maintaining the delivery of agreed upon IT services levels to customers.

53 Introduction to IT Infrastructure Library - ITIL Service Management Processes Framework

54 View of Tools aligned to and used in support of the ITIL framework CMDB=Configuration Management Database The CMDB will se serve as the blueprint for how the entire IT infrastructure is structured, how vario ious CIs hardware, software, incidents, agreements, service levels, docucumentation, and soon are related, and how the entire metasystem functioions. Network Management System (NMS) is a combination of hardware and software used to monitor and administer network

55 ITIL V3

56 Five essential core books represent basic ITIL Service Lifecycle elements 1. Service Strategy: : Creating the set of services that help achieve business objectives. 2. Service Design: : Designing services, from technical and business perspective. 3. Service Transition: : How to change live production infrastructure, implementing the needed services. 4. Service Operation: : Day-to to-day IT business, operating. A place to start if you are new to ITIL. 5. Continual Service Improvement: : Evaluating and improving services in support of business goals.

57

58

59 ITSM ITSM (Information Technology Service Management, Manajemen Layanan Teknologi Informasi) adalah suatu metode pengelolaan sistem teknologi informasi (TI) yang secara filosofis terpusat pada perspektif konsumen layanan TI terhadap bisnis perusahaan ITSM berfokus pada proses dan karenanya terkait dan memiliki minat yang sama dengan kerangka kerja dan metodologi gerakan perbaikan proses (seperti TQM, Six Sigma, Business Process Management, dan CMMI)

60 ITSM Disiplin ini tidak mempedulikan detil penggunaan produk suatu pemasok tertentu atau detil teknis suatu sistem yang dikelola, melainkan berfokus pada upaya penyediaan kerangka kerja untuk menstrukturkan aktivitas yang terkait dengan TI dan interaksi antara personil teknis TI dengan pengguna teknologi informasi ITSM umumnya menangani masalah operasional manajemen teknologi informasi (kadang disebut operations architecture, arsitektur operasi) dan bukan pada pengembangan teknologinya sendiri

61 ITSM Contohnya, proses pembuatan perangkat lunak komputer untuk dijual bukanlah fokus dari disiplin ini, melainkan sistem komputer yang digunakan oleh bagian pemasaran dan pengembangan bisnis di perusahaan perangkat lunak-lah lah yang merupakan fokus perhatiannya Banyak pula perusahaan non-teknologi teknologi, seperti pada industri keuangan, ritel, dan pariwisata, yang memiliki sistem TI yang berperan penting, walaupun tidak terpapar langsung kepada konsumennya

62 ITSM Sesuai dengan fungsi ini,, ITSM sering dianggap sebagai analogi disiplin ERP pada TI, walaupun sejarahnya yang berakar pada operasi TI dapat membatasi penerapannya pada aktivitas utama TI lainnya seperti manajemen portfolio TI dan rekayasa perangkat lunak

63 CMMI Capability Maturity Model Integration atau CMMI (bahasa Indonesia: Integrasi Model Kematangan Kemampuan) adalah suatu pendekatan perbaikan proses yang memberikan unsur-unsur penting proses efektif bagi organisasi. Praktik-praktik terbaik CMMI dipublikasikan dalam dokumen-dokumen yang disebut model, yang masing-masing ditujukan untuk berbagai bidang yang berbeda Saat ini terdapat dua bidang minat yang dicakup oleh model CMMI: development (pengembangan) dan acquisition (akuisisi). Versi terkini CMMI adalah versi 1.2 dengan dua model yang tersedia yaitu CMMI-DEV (CMMI for Development) yang dirilis pada Agustus 2006 dan ditujukan untuk proses pengembangan produk dan jasa, serta CMMI-ACQ (CMMI for Acquisition) yang dirilis pada November 2007 dan ditujukan untuk manajemen rantai suplai, akuisisi, serta proses outsourcing di pemerintah dan industri

64 CMMI Capability Maturity Model Integration atau CMMI (bahasa Indonesia: Integrasi Model Kematangan Kemampuan) adalah suatu pendekatan perbaikan proses yang memberikan unsur-unsur penting proses efektif bagi organisasi. Praktik-praktik terbaik CMMI dipublikasikan dalam dokumen-dokumen yang disebut model, yang masing-masing ditujukan untuk berbagai bidang yang berbeda Saat ini terdapat dua bidang minat yang dicakup oleh model CMMI: development (pengembangan) dan acquisition (akuisisi). Versi terkini CMMI adalah versi 1.2 dengan dua model yang tersedia yaitu CMMI-DEV (CMMI for Development) yang dirilis pada Agustus 2006 dan ditujukan untuk proses pengembangan produk dan jasa, serta CMMI-ACQ (CMMI for Acquisition) yang dirilis pada November 2007 dan ditujukan untuk manajemen rantai suplai, akuisisi, serta proses outsourcing di pemerintah dan industri

65 CMMI Terlepas model mana yang dipilih oleh suatu organisasi, praktik-praktik terbaik CMMI harus disesuaikan oleh masing- masing organisasi tergantung pada sasaran bisnisnya. Organisasi tidak dapat memperoleh sertifikasi CMMI, melainkan dinilai dan diberi peringkat 1-5. Hasil pemeringkatan penilaian ini dapat dipublikasikan jika dirilis oleh organisasi penilainya

66 Understanding Systems from Business Viewpoint Amazon.com : An Evolving Business Models The Need for Frameworks and Models The Work System Framework Work System Principles Relationships Beetwen Work Systems and IS The Principle Based Systems Analysis Method Measurement Work System Performance Clasification Related to

67 Amazon.com : An Evolving Business Models (Work System Snapshot, Amazon.com provides a different way to shop for books)

68 The Work System Framework The Customer The Product and Services The Business Process The Participant The Information The Technology Context Infrastructure

69 The Customer People who use and receive direct benefit from the products and services

70 The Product and Services The combination of physical things information and services that the work system produces for to customer

71 The Business Process The sets of the steps or activities that are performed within the work system

72 The Participant People who perform the work step in the business process

73 The Information The information used by the participants to perform their work

74 The Technology The hardware, software and the other tools and equipment used by the participants

75 Context The organizational, competitive, technical and regulatory realm within which the work system operates

76 Infrastructure Is share human and technical resources that the work system rellies on even through these resources exist and are managed outside of it.

77

78 Tugas-2 Tugasnya perorangan Waktunya : 1 minggu Kirim ke : [email protected] Uraian Tugas : Tetapkan 1 jenis org/perusahaan Setiap mhs tdk boleh org yg sama Buat WSF-nya : WSF Institusi WSF Unit/Sub min 2 sub/unit Diketik menggunakan tools tertentu

79 Materi UTS 1. MRT 2. IT IL 3. ITSM+CMMI 4. WSF 5. Open or Close : surprise!