IT ESSENTIALS

Final Exam Preparation Paper

Chapter 14: The IT Professional

Communication Skills, Troubleshooting and Professional Behavior

Speaking directly with the customer is usually the first step in resolving the computer problem.
To troubleshoot a computer, you need to learn the details of the problem from the customer. A
relaxed customer is more likely to be able to provide the information that you need to determine
the source of the problem and then fix it.

Some guidelines to provide great customer service:

• Set and meet expectations, adhere to the agreed upon timeline, and communicate the status
with the customer
• If necessary, offer different repair or replacement options
• Provide documentation on the services provided
• Follow up with customers and users after services are rendered to verify their satisfaction

If you are talking with a customer in person, that customer can see your body language. If you
are talking with a customer over the phone, that customer can hear your tone and inflection.
Customers can also sense whether you are smiling when you are speaking with them on the
phone. Many call center technicians use a mirror at their desk to monitor their facial expressions.

A good rule for all technicians to follow is that a new customer call means a fresh start. Never
carry your frustration from one call to the next.

Working with Customer

3 common rules:
• Know - call the customer by name, ask if there’s any particular name they’d like to use
• Relate - create a one-to-one connection with the customer
• Understand - determine the customer’s level of knowledge to better communicate

To better enable you to determine the customer’s problem, practice active listening skills. Allow
the customer to tell the whole story. During the time that the customer is explaining the problem,
occasionally interject some small word or phrase, such as “I understand,” “Yes,” “I see,” or
“Okay.” This behavior lets the customer know that you are there and that you are listening.
However, a technician should not interrupt the customer to ask a question or make a statement.
This is rude, disrespectful, and creates tension.

After you have listened to the customer explain the whole problem, summarize what the
customer has said. This helps convince the customer that you have heard and understand the
situation. A good practice for clarification is to paraphrase the customer’s explanation.

After you have assured the customer that you understand the problem, you will probably have to
ask some follow-up questions. Follow-up questions should be targeted, closed-ended questions
based on the information that you have already gathered. Make sure that these questions are
pertinent. Do not ask questions that the customer has already answered while describing the
problem. Doing this only irritates the customer and shows that you were not listening.

Professional Behavior

Be positive when communicating with the customer. Tell the customer what you can do. Do not
focus on what you cannot do. Be prepared to explain alternative ways that you can help them,
such as emailing information and step-by-step instructions, or using remote control software to
solve the problem.

Here’s a list of what not to do:

• Do not minimize customer’s problems
• Do not use jargon, abbreviations, acronyms, and slang
• Do not use a negative attitude or tone of voice
• Do not argue with customers or become defensive
• Do not say culturally insensitive remarks
• Do not disclose any experiences with customers on social media
• Do not be judgmental or insulting or call the customer names
• Avoid distractions and do not interrupt when talking with customers
• Do not take personal calls when talking with customers
• Do not talk to co-workers about unrelated subjects when talking with the customer
• Avoid unnecessary holds and abrupt holds
• Do not transfer a call without explaining the purpose of the transfer and getting customer
consent
• Do not use negative remarks about other technicians to the customer
Netiquette statements:
• Be pleasant and polite
• Begin emails with an appropriate greeting, even within a thread
• Never send or forward chain letters via email
• Do not send anger filled, accusatory emails called ‘flames’. Do not reply to ‘flames’
• Check grammar and spelling before you send an email or text
• Be ethical
• Never email or text anything you wouldn’t say to someone’s face

The Customer Call

When you focus the customer on the problem, it allows you to control the call.
These practices make the best use of your and the customer’s time:
• Use proper language
• Listen and question
• Give feedback
Documentation

Different types of organizations have different operating procedures and processes that govern
business functions. Documentation is the main way of communicating these processes and
procedures to employees, customers, suppliers, and others.

Purposes for documentation include:

• Providing descriptions for how products, software, and hardware function through the use of
diagrams, descriptions, manual pages and knowledge-base articles
• Standardizing procedures and practices so that they can be repeated accurately in the future
• Establishing rules and restrictions on the use of the organization’s assets including acceptable
use policies for internet, network, and computer usage
• Reducing confusion and mistakes saving time and resources
• Complying with governmental or industry regulations
• Training new employees or customers

In general, IT documentation falls into 4 broad categories:

• Policy - acceptable use, security, regulatory and disaster recover
• Operation - project proposals, budgets, inventory management
• Project - user requests, software design, logical and physical network topology diagrams
• User documentation - end-user manuals, help desk ticket database, FAQs

Change Management

Controlling changes in an IT environment can be difficult. Changes can be as minor as replacing

a printer, or as important as upgrading all the enterprise servers to the latest operating system
version. Most larger enterprises and organizations have change management procedures in
place to ensure that installations and upgrades go smoothly.

A good change management process can prevent business functions from being negatively
impacted by the updates, upgrades, replacements, and reconfigurations that are a normally part
of IT operations.

Most change management processes include the following:

• Identification - What is the change? Why is it needed? Who are the stakeholders?
• Assessment - What business processes are impacted by this change?
• Planning - How long will this change take to implement? What is the roll back process if the
change fails?
• Approval - Who must authorize this change?
• Implementation - What are the steps to complete the change, and how will the results be
tested?
• Acceptance - What is the acceptance criteria and who is responsible for accepting the results
of the change?
• Documentation - What updates are required to change logs, implementation steps, or IT
documents because of this change?

Disaster Prevention and Recovery

In information technology, a disaster can include anything from natural disasters that affect the
network structure to malicious attacks on the network itself.

A disaster recovery plan is a comprehensive document that describes how to restore operation
quickly and keep critical IT functions running during or after a disaster occurs.

Some services may even need to be available during the disaster in order to provide information
to IT personnel and updates to others in the organization.

Services that might need to be available during or immediately after a disaster include:
• Web services and internet connectivity
• Data stores and backup files
• Directory and authentication services
• Database and application services
• Telephone, email and other communication services

In addition to having a disaster recovery plan, most organizations take steps to ensure they are
ready in case a disaster occurs. These preventive measures can ease the impact of unplanned
outages on the operation of the organization.

Even the best disaster recovery procedures cannot restore services quickly if there are no
current backups of data and operating system environments.

There are 2 types of backups:

• Image backups - record all the information stored on the computer at the time the image is
created
• File backups - store only the specific files indicated at the time the backup is run

No matter which type of backup is made, it is critical that the restore process is tested frequently
to ensure that it will function when it is needed.
Locally stored files may be accessible if communication service outages prevent accessing the
Internet. Backup files stored online, on the other hand, have the benefit of being accessible from
anywhere the Internet is available.

The 5 phases of creating a disaster recovery plan:

1. Network design recovery strategy - backup connectivity options, availability of offsite servers
or cloud providers, availability of backup network devices, location if services and devices
2. Inventory and documentation - inventory of all locations, devices, vendors, used services,
and contact names
3. Verification - prove that the disaster recovery strategy works, practice exercises
4. Approval and implementation - obtain senior management approval and develop a budget
to implement and maintain the disaster recovery plan
5. Review - keep it up to date

Ethical and Legal Considerations

When you are working with customers and their equipment, there are some general ethical
customs and legal rules that you should observe. These customs and rules often overlap.

Computers and monitors are property, but property also includes any information or data that
might be accessible, such as emails, contact lists, data on computers etc.

During the troubleshooting process, you might have gathered some private information, such as
usernames and passwords. If you document this type of private information, you must keep it
confidential. Divulging customer information to anyone else is not only unethical but might be
illegal. Legal details of customer information are usually covered under the service-level
agreement (SLA). The SLA is a contract between a customer and a service provider that
defines the service or goods the customer will receive and the standards to which the provider
must comply.

Take particular care to keep personally identifiable information (PII) confidential. PII is any data
that could potentially identify a specific individual.

Payment Card Industry (PCI) information is considered personal information that needs to be
protected.

Protected Health Information (PHI) is another form of PII that needs to be secured and
protected. PHI includes patient names, addresses, dates of visits, telephone and fax numbers,
and email addresses. With the move from paper copy records to electronic records, Electronic
Protected Health Information (ePHI) is also regulated. Penalties for breaches of PHI and ePHI
are very severe and regulated by the Health Insurance Portability and Accountability Act
(HIPAA).
Actions such as the following are considered to be illegal:

• It is not permissible to make any changes to system software or hardware configurations

without customer permission.
• It is not permissible to access a customer’s or co-worker’s accounts, private files, or email
messages without permission.
• It is not permissible to install, copy, or share digital content (including software, music, text,
images, and video) in violation of copyright and software agreements or the applicable
law. Copyright and trademark laws vary between states, countries, and regions.
• It is not permissible to use a customer’s company IT resources for commercial purposes.
• It is not permissible to make a customer’s IT resources available to unauthorized users.
• It is not permissible to knowingly use a customer’s company resources for illegal activities.
Criminal or illegal use typically includes obscenity, child pornography, threats,
harassment, copyright infringement, Internet piracy, university trademark infringement,
defamation, theft, identity theft, and unauthorized access.
• It is not permissible to share sensitive customer information. You are required to maintain
the confidentiality of this data.

You may also encounter customers that use software illegally. A software license is a contract
that outlines the legal use or redistribution of that software. It is illegal to use licensed software
without the appropriate license.

Other licenses include:

• Personal License - allow you to run a program on only one machine, e.g. End User License
Agreement (EULA)
• Enterprise License - software site license held by a company
• Open Source License - allows developers to modify and share the source code of the software
• Commercial Software License - if a person uses software to make money, that person would
pay this license, more expensive than personal
• Digital Rights Management (DRM) License - designed to prevent illegal access to digital
content and devices

Legal Procedures Overview

Data from computer systems, networks, wireless communications, and storage devices may
need to be collected and analyzed in the course of a criminal investigation. The collection and
analysis of data for this purpose is called computer forensics.
Illegal computer or network may include:
• Identity theft
• Using a computer to sell counterfeit goods
• Using pirated software on a computer or network
• Using a computer or network to create unauthorized copies of copyrighted materials, such as
movies, television programs, music, and video games
• Using a computer or network to sell unauthorized copies of copyrighted material
• Pornography

2 types of data collected during computer forensics:

• Persistent data - stored on a local drive, preserved when computer turned off
• Volatile data - RAM, cache, and registries, disappears when computer turned off

Cyber law is a term to describe the international, regional, country, and state laws that affect
computer security professionals. They explain the circumstances under which data (evidence)
can be collected from computers, data storage devices, networks, and wireless communications.
IT professionals must be aware of cyber law so that they understand their responsibility and their
liability as it relates to cybercrime.

In the US, cyber law has 3 primary elements:

• Wiretap act
• Pen/Trap and Trace Statute
• Stored electronic communication act

First response is the term used to describe the official procedures employed by those people
who are qualified to collect evidence. System administrators, like law enforcement officers, are
usually the first responders at potential crime scenes.

The documentation required by a system administrator and a computer forensics expert is

extremely detailed. They must document not only what evidence was gathered, but how it was
gathered and with which tools. Incident documentation should use consistent naming
conventions for forensic tool output.

Even if you are not a system administrator or computer forensics expert, it is a good habit to
create detailed documentation of all the work that you do.

If you discover illegal activity on a computer or network on which you are working, at a minimum,
document the following:

• Initial reason for accessing the computer or network

• Time and date
• Peripherals connected to the computer
• All network connection
• Physical location of the computer
• Illegal material found
• Illegal activity witnesses
• Procedures executed on the computer or network

To prove the chain of custody, first responders have documentation procedures in place that
track the collected evidence. These procedures also prevent evidence tampering so that the
integrity of the evidence can be ensured.

Call Centers, Level 1 and Level 2 Technicians

The typical workflow of a call center starts with calls from customers displayed on a call board.
Level one technicians answer these calls in the order that the calls arrive. If the level one
technician cannot solve the problem, it is escalated to a level two technician. In all instances, the
technician must supply the level of support that is outlined in the customer’s SLA.

The primary responsibility of a level 1 technician (aka level 1 analyst, dispatcher, incident
screener) is to collect pertinent information from the customer and accurately enter all
information into the ticket or work order.

When a problem requires the expertise of a level two technician, the level one technician must
describe a customer’s problem on a work order using a succinct sentence or two. An accurate
description is important because it helps other technicians quickly understand the situation
without having to ask the customer the same questions again.

The level 2 technician (aka product specialist, technician-support personnel) is usually more
knowledgeable and experienced. The level 2 technician receives the escalated work order with
the description of the problem and then calls the customer back to ask any additional questions
and resolve the problem. Level 2 technicians can also use remote access software to connect to
the customer’s computer to update drivers and software, access the operating system, check
the BIOS, and gather other diagnostic information to solve the problem.

Basic Scripting

A script file is a simple text file written in scripting languages to automate processes and tasks
on various operating systems. In the field, a script file might be used to automate the process of
performing a backup of a customer’s data or run a list of standard diagnostics on a broken
computer.

Often, preventing the script file from running may eliminate the problem that is occurring.

A scripting language is different than a compiled language because each line is interpreted and
then executed when the script is run. Examples of scripting languages include Windows batch
files, PowerShell, Linux shell script, VBScript, JavaScript, and Python. Compiled languages such
as C, C++, C#, and Java, need to be converted into executable code using a “compiler”.

Executable code is directly readable by the CPU while scripting languages are interpreted into
code that the CPU can read one line at a time by a command interpreter or by the operating
system.

Variables are designated places to store information on the computer. Some variables are
environmental, which means they’re used by the OS to track important stuff, like usernames,
host names, password etc.

Abbreviations

• SLA - service-level agreement

• PCI - payment card industry
• PHI - protected health information
• ePHI - electronic PHI
• HIPAA - health insurance portability and accountability act
• EULA - end-user license agreement
• DRM - digital rights management