Books and Papers

These are authored, or co-authored, by George Spafford

Green IT Series

New Green IT Book:  Greening the Data Center: A Pocket Guide
This is a new pocket guide I wrote that is intended to give managers an overview of technical areas to look at to reduce power consumption in a data center.  The book has been published and is now ready for ordering.
Soft cover edition:  http://www.itgovernanceusa.com/product/1907.aspx
Download edition:  http://www.itgovernanceusa.com/product/1908.aspx

The Governance of Green IT Pocket Guide

“George Spafford's Governance of Green IT is a concise and easy to read summary of the key processes required to operate a resource efficient data center.” -- James Hamilton, VP and Distinguished engineer

“The economy and environment have combined to create quite a challenge. On one hand, there is a push to reduce capital investment and operating expenses. On the other, organizations are implementing green strategies to reduce the environmental impacts. Within this context, information technology is struggling to provide services that support the organization. To sustain support, IT must implement processes to ensure proper value creation and protection of organizational goals. To this end, this book sets forth the Green IT process that will enable value creation and protection in the areas of data center power and cooling.”
Order it at: http://www.itgovernance.co.uk/products/2106
Note: An overview of the Green IT process was given in a webinar at Jupitermedia on July 2, 2008. Please visit the webinars page.

Visible Ops Series

The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps

"Since 2000, we have met with hundreds of IT organizations and identified eight high-performing IT groups with the highest service levels, best security and best efficiencies. What was most amazing about them was that they shared the following attributes: a culture of change management, a culture of causality and a culture that fundamentally valued effective and auditable controls, promoting fact-based management. Visible Ops reflects the lessons learned about how these organizations work and describes a control-based entry point into the world of ITIL that others can leverage to springboard their own process improvement efforts."

• If you are tired of ‘management by hair on fire,’ read this book and consider it carefully. --Stephen Northcutt, Director of Training and Certification, The SANS Institute, May 2004
• The easy mapping between the Visible Ops phases and any maturity model validates the compelling logic of the book. --Jan Vromant, ITSM Consultant, May 2004
• Visible Ops creates a logical starting point and details the key ‘issues and indicators’. --Henry E. Wojcik, Network Data Systems, May 2004

Order it or post reviews on Amazon at by clicking here.

June 8, 2009: Visible Ops is now available for the Kindle! Click here to order it.

June 19, 2008 - It's been a humbling experience to see the popularity of this book, meet and talk with readers. It was launched June of 2004 and has now sold over 100,000 copies. My deepest thanks to all the readers out there who have reached out and told me their stories.

Visible Ops Security: Achieving Common Security and IT Operations Objectives in 4 Practical Steps

"Visible Ops Security builds upon the methodology presented in the original Visible Ops Handbook. It guides information security professionals in strengthening relationships with IT operations and development groups to advance IT objectives and business goals. It addresses the people side of IT, empowering security to work with operations teams to achieve closely aligned objectives and with development and release teams to integrate security requirements into preproduction work. The Visible Ops Security methodology helps IT organizations move beyond a focus on technology to address the core operational aspects of security. It complements publications that focus on securing the network, access, and data, including COBIT (Control Objectives for Information and related Technology), ISO 27001:2005 (International Standards Organization), and ITIL® (IT Infrastructure Library) manuals. It promotes effective teamwork, which helps security professionals ensure that security is built into key development and production processes. This effort positions the IT organization to meet business needs by delivering highly available, cost-effective, and secure services."

• This is an excellent guide to building a successful IT infrastructure from a security perspective. The authors have masterfully articulated the methodologies used successfully by many of us in security and risk management and I can personally validate their findings. The four phases outlined here provide the framework to stabilize, secure, manage, and improve the security of your IT infrastructure. --Peter Perfetti, Director, IT Security and Risk Management
• The book examines what IT security organizations do well and their common struggles. A must read for those in security and audit who seek improvement, but also important and informative for those who work closely with security in business processes, accounting, auditing, development, and operations. The authors understand the problems that keep many IT security organizations from reaching effectiveness or potential, and disarm perceptions that hold these organizations back by offering clear steps to move out of the trenches to the top of their games. --James Bohem, CISSP, Enterprise Security Solutions Architect, MIS Systems Integrators
• As an auditor and an IT practitioner, I have repeatedly seen solution-oriented behaviors transform technologists into business partners. Visible Ops Security provides a realistic approach to converting information security from a technical function into a business function. --A.J. Schwab, Senior IT Audit Manager

Order it or post reviews on Amazon by clicking here.

Other Books and Papers

How to Leverage Metrics to Support ITIL Processes

This free eBook discusses issues surrounding metric section, design and reporting. It's intent is to provide the reader with practical considerations regarding the use of metrics.
http://solutions.internet.com/3851_metricsITIL

Change Management IT Audit Checklist

Authored for the IT Compliance Institute
http://www.itcinstitute.com/wp/logWprequest.aspx?productId=187

Operational Excellence: Linking Your Business, Compliance, Operations and Security

The book has chapters authored by Paul Reymann, George Spafford, Dan Swanson, Barak Engel and Susan Orr. The book provides insights into Compliance, Information Security, IT Governance and Operations. George's chapter is on IT Operations issues. Free copies can be requested from Tripwire.
http://www.tripwire.com/guide/index.cfm

Risk Mitigation Considerations for Backup and Restoration Processes

"Many organizations, both large and small, rely on their information technology systems to the extent that their loss can be devastating. To alleviate risks, many have invested in data backup systems in the hope that by simply performing backups their data is safe. Unfortunately, as many groups have painfully learned, the truth can be that they have little to no protection at all due to an inability to recover as planned. The purpose of this executive briefing is to set forth strategies for mitigating the risks surround the backup and restoration of data."

http://www.spaffordconsulting.com/Risk Mitigation Considerations for Data Backup Processes_gs_050606_v1d.pdf