Best IT Blog

Application Fix Suggestions

Posted in Application (380),Business (600),Security (1500) by Guest on the March 29th, 2010

Create or modify standardized processes or procedures for:

Business requirements
Project Management
eCommerce Services
Web Design (CSS)
Interdependent transactions
Use cases
Acceptance processes
Pre-production security scans and remediation

Dependencies should be:

Accurate Asset Management
Accurate IP Control
Reliable Network infrastructure
Policies, Standard and Procedures
Business processes
Upstream / Downstream Dependencies:
Application Development / testing
Data demographics
Interdependent data flows
Development Test Lab environments
Development knowledgebase

Comments Off on Application Fix Suggestions

Asset Management fix suggestions

Leverage asset technologies such as:

Asset discovery / management


Reliable IP Controls
Gold Standard system and releases
ITIL Change controls
Corporate overall governance


Comments Off on Asset Management fix suggestions

Patch Management Dependencies

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the March 29th, 2010

Technology and Business dependencies:

eCommerce requirements
Business processes
Data Demographics
Data Flows
Application Development / testing
Policies, procedures, standards

Technology dependencies:

Active Directory (policies)
Accurate DNS
Accurate DHCP
Accurate Asset Management
Accurate IP Control
Reliable Network infrastructure


Comments Off on Patch Management Dependencies

RFP Considerations for Acquisitions and Technology Dependencies

Posted in Application (380),Compliances (1300),Policies - Standards (600) by Guest on the March 29th, 2010

The needs that lead to a consideration of new acquisitions arise from an organization’s day-to-day Business objectives and business operations. Investment and work process analyses articulate these needs and may recommend process changes, procurement of a new system, or both. If procurement of a new system is an option, the organization enters Pre-Systems Acquisition.

Analysis of system needs:

Business objectives, Business, or Enterprise Investment Analysis.


Review key Business objectives or business processes (collectively, work processes), changes in the operational environment, and gaps in capability to determine the need for a new system.

Typical Artifacts:

Investment/work process analysis report documenting business environment, work flows, data and. participants, and work environment or threat environment, operations (and description of missing capabilities); plan for an alternatives and other activities to identify and refine potential solutions; initial security risk assessment related to investment analysis report.

Software Security Actions:

Identify and document threats, given the information in the investment/work process analysis report.

Consider how threats may evolve over the life of the system, including potential vulnerabilities in the work processes that could be exploited.

Identify high-priority risks and establish security evaluation criteria to support a high-level assessment of Business objectives and work process alternatives and risk mitigation options as these processes are refined.

Identify organizations that may influence security requirements and processes, and establish points of contact.

Pre-Systems Acquisition

The goal of Pre-Systems Acquisition is to mature a system solution concept to the degree that.

A suitable acquisition strategy can be developed.

Capability need and solution constraints can be adequately expressed in a Request for Proposal (RFP), such that the offerors can scope and estimate the cost and schedule for the necessary work tasks.

The acquirer understands enough about the solution to plan and prepare for supplier monitoring.

The degree of maturation expected in Pre-Systems Acquisition will depend on the complexity of the system to be acquired and the level of technology, cost, and schedule risk deemed acceptable.

Activities performed during Pre-Systems Acquisition include Refine Concepts, Develop and Assess Technology, Create Acquisition Documentation, Prepare for Supplier Selection, Select Supplier, Establish Contract, and Prepare for Supplier Monitoring. These activities are listed below, along with software security actions the acquirer should perform to lay the foundation for secure software development.

Pre-Systems Acquisition activities


Analyze and document (a) user demographics and needs, (b) required capabilities, quality, and performance, (c) concepts of operation, maintenance, and evolution, (d) interfaces with other systems and organizations, including interface stability, and (e) concept-related risks.

Typical Artifacts:

Operational, capabilities descriptions, market research and technology assessment, initial integrated architecture description, initial system threat assessment, technology development strategy, systems engineering plan, test and evaluation strategy.

Software Security Actions:

Establish a software security function, led by an experienced software security professional, within the program office. Prepare charter, effort, schedule, and resource requirements.

Continue to identify threats and vulnerabilities in the emerging operational environment and solution space.

Apply security evaluation criteria to concept refinement activities and artifacts.

If COTS or other non-developmental items are identified as part of candidate solutions, research the items’ current and potential security risks.

Document the approach to continuously identify, specify, and manage software security risks throughout the life cycle.

Hold technical interchange meetings with stakeholders to begin developing an understanding of potential software security issues.

Develop and Assess Technology


Develop new or unproven hardware and software technologies to an acceptable maturity level for the acquisition.

Typical Artifacts:

Technology readiness assessment, cost analysis, interoperability and supportability assessment, revised integrated architecture description, system threat assessment, SEM, SIM, and test master plan.

Software Security Actions:

Continue security activities identified for Refine Concepts.

Identify software quality attributes, including security, in candidate system architecture descriptions.

Begin to select and define security properties to monitor throughout the life cycle.

Hold technical interchange meetings with stakeholders to specify software-related system-level security requirements.

Ensure these requirements are traceable to verification activities.

Ensure cost analyses consider costs associated with building in and verifying security.

If software technology development has produced prototype or demonstration systems, ensure appropriate plans exist to “productize” the prototype (i.e., to develop robust software for the operational system) and that these plans include security.

Create Acquisition Documentation   


Develop strategy and plan for acquisition, considering key cost, schedule, and performance constraints, and risk. Also, develop and secure approval of documents required by law for the type of system to be acquired.

Typical Artifacts:

Acquisition strategy and acquisition plan; documents required for compliance with statutory and regulatory requirements; threshold and objective values for performance, quality, cost, and schedule parameters (for Corporate, these compose the Acquisition Program Baseline); acquisition risk management plan.

Software Security Actions:

Ensure that the acquisition strategy and plan accommodate security activities and resource requirements.

Review compliance with security-related statutory and regulatory requirements.

Define and incorporate security parameters into the Acquisition Program Baseline.


Prepare for Supplier Selection.


Develop Request for Proposal
(RFP) and supplier selection process.

Typical Artifacts:

RFP, with technical requirements, instructions to offerors, statement of work, requirements for contractual deliverables (management and technical), evaluation criteria, and other conditions related to the proposal; and SSP, identifying organization and responsibilities of the source selection team, evaluation criteria, and detailed procedures for proposal evaluation.

Software Security Actions:

Ensure that the RFP

Requires offerors to apply robust software engineering practices for all software regardless of origin and to demonstrate in the proposal their intent and ability to do so specifies technical and management requirements and standards for software security, expected contractor support for government-led security reviews and audits, and expected government participation in contractor-led security reviews.

Requires delivery and update of a preliminary software/ system security plan covering all offeror’s team members with software responsibility.

Specifies content and delivery schedule and media for software artifacts to be produced during System Acquisition.

Identifies government access required to contractor artifacts and facilities for security reviews requires that the offerors identify and estimate the work tasks and costs associated with interacting with government security organizations throughout the life cycle.

Ensure that the source selection team includes a software security expert who will participate in proposal evaluation to identify strengths, weaknesses, and risks associated with security-related technical and management practices and deliverables and corresponding cost and schedule estimates.

Develop a strategy and plan for evaluating, during supplier selection, the offerors’ ability and intent to meet critical security requirements.

Select Supplier           


Select the proposal that represents the best value.

Typical Artifacts: Strengths, deficiencies, significant weaknesses, and risks of each proposal as documented against the evaluation criteria defined in the RFP and per the SSP; clarification requests; cost realism analysis; ability of offerors to meet technical requirements; initial and final proposals; and source selection decision and rationale.


Software Security Actions:

Ensure software security expert reviews proposal sections with software security implications.

Before competitive range is established and as needed, prepare security-related clarification requests to be submitted to offerors.

After competitive range is established and if discussions are permitted, prepare for discussions on security deficiencies, weaknesses, or risks related to offerors’ approaches.


Establish Contract      


Finalize the contract and complete preparation for supplier monitoring.


Typical Final contract

Software Security Actions:

Review and approve contractor plans for mitigating security-related weaknesses and risks identified in the winning proposal.

Identify and plan for security-related review activities.

Prepare for Supplier Monitoring        


Document plan for supplier monitoring activities along with resource needs (quantity and area of expertise). Identify resources to be used for each activity, artifacts to be produced (e.g., review comments), and plan for approving, using, and archiving these artifacts. Identify and document known risks.

Typical Artifacts: Supplier monitoring plan and updated acquisition risk management plan.

Software Security Actions:

Include in supplier monitoring plan activities for a software security expert to review evolving artifacts and participate in relevant system and software reviews.

Ensure acquisition risk management plan incorporates software security risk.

Define approach to monitor the evolving system and operational context and manage emerging software security risks.

Conduct software kick-off workshop for security (may be included as part of an overall workshop to address quality attributes in a software context).

In defining a framework for government involvement in software security, ensure change control boards have a standing member who is a security specialist and include evaluation of software security implications and risks.

Systems Acquisition

The goal of Systems Acquisition is to design, develop, and deliver an initial system capability. As the contractor team conducts its engineering activities, the acquirer evaluates the progress and outcomes of these activities, including interim artifacts. This is especially critical for large, complex systems in which there are many variables and risks. For a non-functional attribute such as software security, it is particularly important to remain vigilant throughout Systems Acquisition, because changes in requirements, the environment, and cost and schedule constraints can overwhelm efforts related to such “invisible” attributes.


For some types of systems, especially those with complex hardware development, system-level activities may not correspond directly with software activities. For example, with iterative software development methods, some software items may complete design during early system design, while other software items may not start design until system design is complete.

Activities performed during Systems Acquisition include Monitor System Design; Monitor System Implementation, Integration, and Verification; and Monitor Delivery and Validation of Initial Capability. These activities are listed below, along with software security actions the acquirer should perform to prevent, or identify and mitigate, security issues.


Systems Acquisition activities

Monitor System Design         

Activity Description


Ensure the design for the system, including all hardware, software, interfaces, and operations and sustainment concepts, is adequate to support implementation.

Typical Artifacts: Evolving software and system artifacts (e.g., architectures, requirements, designs, software, hardware, verification and review records, plans, measures, review presentations, change requests, assurance cases and evidence).

Software Security Actions:

Review/audit software artifacts against security cr

Review security-related artifacts, e.g., use and abuse cases, assurance cases, SSP, certification and accreditation plans. Ensure these artifacts are updated and matured as the system evolves.

Conduct biweekly technical interchange meetings during system design to ensure an adequate and sustained focus on security.

Ensure adherence to security plans and modification of plans if necessary.

Continue to identify, manage, and track security risks and issues identified through contractor and government reviews. Identify risks associated with Dependencies between systems.


Multiple administrative control points

Operations for individual systems and systems of systems.

Impact of changing system states and operating environment.

Volatility (architecture, requirements, design, code, staff, plans, procedures).

For software developed using iterative approaches, ensure each iteration (increment, build, spiral) includes a security risk evaluation.

Evaluate proposed upgrades and changes to non-developmental items (e.g., COTS and reuse) for continuing suitability with respect to security criteria.

Re-evaluate security artifacts and activities as the operational context, system definition, and threat environment change.

Monitor System Implementation, Integration, and Verification.


Implement and integrate the system and verify that it is ready for production (for high-quantity systems) or build activities and integration into the operational environment.

Typical Artifacts: Evolving software and system artifacts (e.g., architectures, requirements, designs, software, hardware, instructions and procedures, verification and review records, certification and accreditation records, assurance cases and evidence, plans, measures, review presentations, change requests).


Software Security Actions:

Continue security activities initiated previously.

Monitor changes to system and software artifacts driven by requirements changes, iterative development, and deficiency reports for security impacts.

Review delivery and installation processes for security risks.

Review test plans and test equipment to ensure they will adequately address security requirements, given changes to system and software artifacts.

Review operator, user, and maintenance manuals and associated processes for security risks.

Ensure security-related configuration management and control practices are established and ready for use in the operational environment and maintenance facility, review regression testing procedures, and participate in C&A activities.


Monitor Delivery and Validation of Initial Capability          


Ensure the system (or first increment of capability) is acceptable for use in the operational environment.

Typical Artifacts: System hardware and software; installation and configuration management procedures and report; acceptance report; verification/validation records; operator, user, and maintenance manuals; system security plan; other deliverable documentation; deficiency reports; C&A report; and assurance cases and evidence.


Software Security Actions:

Review artifacts.

Monitor installation process to ensure appropriate configuration of deployed system. Document and resolve security risks and issues.

Monitor initial operations and early defect reports and change requests. Monitor change procedures, if applicable, for security risks and issues.

Ensure security-related configuration management and control practices are applied, and participate in C&A activities.

Comments Off on RFP Considerations for Acquisitions and Technology Dependencies

List of Suggested Security Awareness Raising Methods

Posted in Business (600),Compliances (1300),Security (1500) by Guest on the March 28th, 2010

The following topics are not organized in priority order; they are instead clustered by the type of communication involved.  Consider this list to be a menu from which appropriate activities may be selected.  The policy writer should not select just one or two of the following methods, but ten or twenty of them.  Repetition of information security policy ideas is essential; repetition impresses users and other audiences with the importance that management places on information security.

Provide special classroom-style training courses at convenient locations every year or so (for users, systems administrators, remote site information security coordinators, new hires, and other audiences  identified  in a needs analysis.

Deliver policy ideas and other material at new employee orientation. Send influential information systems staff to off-site information security conferences. Hold video conferences where people from various sites discuss security Stage vulnerability demonstrations (aka tiger-team attacks or penetration attacks).

Conduct risk assessments, especially when interviewing and other methods are used to engage staff in the Process:

  • Give small prizes like free lunches to exemplary staff
  • Conduct EDP audits, actually checking the extent to which compliance exists
  • Initiate an unauthorized software duplication inventory project where personal computers are checked for  Illegal software
  • Integrate security content with other face-to-face computer training materials
  • Establish and promote the existence of a management information security oversight committee
  • Establish a committee of systems administrators and other first-line staff who must deal with information security
  • Start disciplining staff for violations of information security policies, and let the reasons why disciplinary actions were used be known to others
  • Initiate strategic planning, new product development, and other initiatives which see information and information systems as a key to future competitive advantage
  • Prevent the use of certain new and desired system services (such as Internet access) until certain security projects (like a firewall) have been completed
  • Institute a new or more serious change control approval process, such as the prohibition against the establishment of new phone lines without first getting the information security manager’s approval; with the classic approach, an application does not move into production until adequate controls are installed
  • Declare an amnesty day for information security violators who wish to obtain technical or other assistance so that they may now be in compliance
  • Adopt an annual information security day on which special educational materials are presented and special events take place
  • Initiate a high-profile investigation into an information security breach and engage a large number of staff members in the investigation
  • Schedule special top management briefings where the strategic issues regarding changes in corporate culture to support information security are addressed
  • Conduct an internal survey of mid- and lower-level managers asking them what they think should be done to improve information security (thereby getting them to think about something that they probably don’t think about much)
    In Writing

Add information security questions to written performance reviews:

  • Require a signature on personal responsibility statement (indicates that employees consider compliance with policies to be a condition of continued employment)
  • Require a signature on a form verifying that a worker has received a copy of, read, and understood the information security manual
  • Require all employees to annually sign a statement saying they have read and understood the information security policy manual
  • Require users to sign a security compliance statement before they get user-IDs
  • Write security articles for in-house newspapers, newsletters, and magazines
  • Issue written policy statements, procedures, and technical standards
  • Issue pamphlets or brochures to end users describing a code of conduct
  • Issue top management memos reminding staff about security
  • Distribute relevant clippings from newspapers and technical magazines
  • Hang posters and signs to remind people (some also use stickers and decals)
  • Make up special labels for disks, tape reels, etc. indicating sensitivity, handling instructions, ownership, and the like
  • Post notices on both paper and electronic bulletin boards
  • Insert notices in pay-check envelopes, air flight ticket envelopes, etc.
  • Integrate security ideas with systems development process documentation
  • Issue information security responsibility organizational design memos
  • Prepare an information security architecture or otherwise integrate security into the organization’s technology plans
  • Issue an information security manual containing policies, contact persons, and a list of approved in-house products
  • Write detailed back-up instructions and insist that staff comply
  • Develop and test a contingency plan to deal with information
    system emergencies and disasters
  • Require that information security risk acceptance forms be signed by all managers who are in charge of units which are not in compliance and which don’t intend in the near future to come into compliance
  • Prepare non-disclosure agreements and educate staff when they should be used
  • Prepare non-complete agreements and educate staff when they should be used
  • Prepare notices to be given to all people who come into contact with trade secrets notifying them that certain information is a trade secret and that it must be handled according to special security rules (policies)

On Systems
Add security instructions to application program and system utility help-screens:

  • Purchase computer based training (CBT) software that runs on personal computers and require staff to go through it; this should ideally automatically reporting back to an information security officer’s PC just how many workers have completed the training
  • Before users gain access to certain applications or systems facilities, force them to first go through a brief on-line training program
  • Prepare a personal computer security utility software disk including encryption routines, a password access control utility, a disk scrub (zeroization) utility, and a self-assessment questionnaire
  • Employ written or automated questionnaires to gauge the (self-assessed) level of compliance
  • Use special software to check security parameters, alerting security staff that problems exist (O/S installed incorrectly, passwords easily guessed, etc.); this is sometimes called vulnerability identification software
  • Set-up an in-house intranet server and post all information security documentation to that server (including forms)
  • Establish web site blocking software at the firewall to control the sites that staff visit and then issue a memo explaining the new system and why it has been adopted
  • Require that all portable personal computers used for corporate business employ an access control software package including a boot password and screen blanker
  • Adopt a commercial encryption product as an in-house standard and internally publicize the ways that this will assist the organization with a move towards implementing PKI (public key infrastructure)
  • Establish logging systems that detect security violations as well as a formal process for (as needed) notifying users and their managers
  • Change the log-on banner to prohibit electronic trespassing, state that the system facilities are for business use only, and that all user activity is subject to monitoring
  • Change the initial invocation banners for specific applications (including e-mail) to provide application-specific security policies and/or other security instructions
  • Install regularly changing on-screen reminders, such as those which show at log-in time
  • Require users to click on a button indicating their agreement to comply with all information security polices at the time they log-in to corporate information systems or networks
  • Place a notice on log-in screens (perhaps at a firewall or dial-up modem pool) that says users should proceed no further unless they have reviewed and understand Corporate’s information security policy
  • Use software agents that remind staff to perform certain security activities such as regularly back-up their systems
  • Give all systems administrators the email address of the Computer Emergency Response Team (CERT) at

o Carnegie-Mellon University and get them to sign-up for free notices about vulnerabilities

On Other Things
Write information security messages on coffee mugs, mouse pads, glass coasters, and other trinkets:

  • Prepare video tapes that can be distributed to all remote locations (most often splicing material from previously-prepared videos)
  • Establish a hot-line with a message machine where information security problems can be reported (perhaps anonymously)
  • Cycle awareness materials on kiosks with built-in personal computers, or on closed-circuit TVs in staff-only areas like a lunch-room
Comments Off on List of Suggested Security Awareness Raising Methods

Some storage considerations







Type of connection • SCSI
• ….
• Fast Ethernet
• Fibre Channel
• Fibre Channel • Internet
Remote connection • Typically no • Yes • Possible • Yes
Type of I/O • Block  • File  • Block  • Block
Performance • High  • Limited by the network  • Higher  • Limited by the network
Data sharing • Implies NFS or CIFS  • Native  • Difficult  • Difficult
Cost reduction • No  • Yes  • Yes  • Yes
Investment separation • No  • Yes  • Yes  • Yes
Scalability • No  • Yes  • Yes • Depends on network
Centralization of management and support • Typically no  • Yes  • Yes  • Yes
Management • Traditional • SNMP  • Difficult  • Difficult
LAN-Free Backup • No • Depends on NAS  • Yes • Depends on iSCSI
Server-Free Backup • No • Depends on NAS  • Yes • Depends on iSCSI
Security • By the server • By the server • By the servers and storage network • By the servers and network
Installation • Specific to the server • Simple  • Difficult  • Difficult


Comments Off on Some storage considerations

Identity Management Solution Components

Posted in Business (600),Information Rights Management (100),Security (1500) by Guest on the March 27th, 2010

Different administration tools and operative components which support the identity management were developed completely independent to each other.

Therefore the originated systems offer a high functional overlapping. You are not able to arrange them to a complete identity management infrastructure without any troubles.
The most important solution components for identity management are:

· Directory services

The core element of identity management infrastructure as identity stores.

· Meta-directory services

They are integrated components which readout digital identities from directories and other information sources, consolidate them and put them into a target directory.

· Virtual directory services

They are lightweight alternative to meta-directory services to consolidate different directories.

· Public key infrastructure components
· Tools if strong authentications are required.
· Single sign-on tools

They provide workarounds for password forwarding so that a user has to make his login only one time to get access to all systems which are activated for his profile.

· User provisioning systems / role based access control.

They automate processes for the application, the allocation and the removal of authentications. Furthermore they provide report functions for the authentication status to secure the revision.



Federated identity management
Because of economical interactions between partners, working processes do not end at the company border. Comprehensive relationships are executed online and with direct electronic communications already. Consequentially the companies create digital identities like employees, customers or partners with their own roles and authorizations. Certainly they want to use them for company comprehensive processes.

Federated identity management describes the possibility to integrate different identity management systems with each other in that way that users only have to login once at one of the involved system. Afterwards they will be also identified against the other systems and have automatically access to IT resources according to their authorizations. Most companies already have today their own sub structures and departments which are locally separated. But the identities have to be valid companywide. The interaction has to be easy and flexible. Therefore the alternating approval of identities of autonomous independent divisions is necessary. These identities are often called federated identities.


Comments Off on Identity Management Solution Components

What have we really learned?

Posted in Business (600),Compliances (1300) by Guest on the March 25th, 2010

The Renaissance Leader, will be extremely valuable for my knowledge and development entering into a leadership position. This leadership guide will illustrate the values and lessons that are significant in striving to be a telling leader in today’s organizations. This paper is my personal leadership guide that documents my strengths and areas that I will strive to excel. Initially, this guide will discuss various classical authors and the impact of their message.  The authors that are included in this discussion are Sophocles, Chaucer, Burke, Mill, Darwin, and Miller. Next, I will highlight different leaders that were presented in class that left an impact on me.  I will then discuss my conclusions of observing various leaders within my group. Finally, my assessment of leadership strengths that I possess will be paralleled with the analysis of the personality profile and DiSC results.


The Classic Touch readings were especially enlightening. I have read all of these stories in my previous educational experiences, however, I never looked at these writings from a leadership or corporate perspective. In doing so, I found that the messages were tremendously correlating and meaningful.    

The first of these authors is Sophocles. He told two stories, one of Antigone and one of Ajax, that were especially meaningful. The story of Antigone gave the message that destruction is eminent if one goes by the rules without letting the circumstance dictate. When an individual’s pride, such as Creon’s, will not allow to be flexible, then the people of the corporation may suffer. Policies can change if people disagree with it. Creon would not listen to Antigone’s input and it was too late to change his mind. The damage was clearly done.

The second of Sophocles’ works was a story about Ajax and Achilles. The story was about the leaders of Troy not awarding Ajax with Achilles’ armor because they wanted more than just the best warrior. They wanted someone with new values and ideals, such as Odysseus. The message was that one must adapt to the needs of an organization. Ajax clearly was the most notable warrior, but the need of the organization was for one that had new values and ideals. Ajax was not able to adjust, thus lost the battle.

Chaucer’s Canterbury Tales looks at man’s virtues and vices. He made it certain with the character, “Wife Of Bath”, that stereotyping people could keep you from truly seeing the real person. Chaucer points out a paradox with this character. She was a “gaudy, lower class weaver”. She told a story that sounded as if marriage was her true occupation. She said that women should have an upperhand, while giving advice on love and sex. At this point, one would draw a conclusion that she has little credibility and would not listen to her point. However, the reader is then surprised at how the story turns into a fairy tale love story. The Wife of Bath turns into a gentle and refined woman. This is an example of a paradox and how stereotyping should be avoided.

Edmund Burke wrote Reflections on the Revolution in France which analyzed the French Revolution of 1789. He focused on the value of tradition and believed that leaders should have a good perspective on the history of the country or company. One needs to understand an organization’s past before they can successfully go in and plan for the future. This change should be incremental and consistent with the past. Radical or revolutionary change is malevolent and will work against the leader.

John Stuart Mill’s essay, “Liberty”, talked about the powers of the state. His main point was that participatory leadership is ideal. He believed the following three points should be followed closely. 1) Any idea that is not expressed will never have a chance of being true, 2) Even a wrong idea will always contain some truth, and 3) A true statement should be contested in order for it to be proven. Freedom of opinion and expression is imperative in validating people’s feelings on having an input into changes or ideas.

Charles Darwin’s, Only The Fittest Survive, shows how leaders or companies will only flourish if they are adaptable to change. This change in the market will determine how a company or leader can cope with this changing demand, giving them an opportunity to excel within the marketplace. Darwin believed that organizations, like living organisms, must adapt in a changing environment if they are to survive. An example of successfully adapting to the marketplace is Campbell’s Soup. The industry’s needs changed and Campbell’s Soup quickly adjusted their marketing plan to accommodate the demand. As a result, they were more successful than before.

The final author, Arthur Miller, wrote Death of a Salesman. The lesson that I received from this was that in order to excel at a career, one must possess these three characteristics: 1) They must be fit for the career, 2) They must not do too much of it, and 3) They must have a sense of success in doing it. They seem so simplified, but there is quite a bit of truth in his message. Leaders should recognize these characteristics  for themselves as well as their subordinates.

While listening to the presentations of various leaders, I learned some valuable lessons. These leaders have succeeded in their positions with a tremendous amount of trial and error. In looking at their journeys, it is interesting to pick up on their successful ways of leading their country, team, company, or tribe. Learning from other’s mistakes is wonderful!

Margaret Thatcher is a relentless leader. She identified the goals that she would attain and nothing would stand in her way. She was looked at as an unyielding leader, yet she was highly respected. Determining your goals and accomplishing them despite anything is a very admiral quality.

Lou Holz was a friend  and coach to the Notre Dame football team. He exemplified how positive the impact is on a team when they are shown that someone genuinely is concerned. Letting your subordinates know that someone does care about their well being will increase their commitment and productivity to the organization.

Martha Stewart’s fortuitous career gave tremendous insight on what to look out for in your quest for success. She was so ambitious and relentless, that she gave up her family in the process. Nothing is more important than family, not even the highest amount of success. What did she learn from the past?

Collin Powell had the attitude that leaders should not always go by the rules. This is a similar standpoint that Sophocles was attempting to make with Antigone. Collin Powell had a leader that did not go by the book when something happened that could have ended his career. Instead, the leader allowed him to learn from the incident that, ultimately, contributed to his success later. If a leader acknowledges that one could learn a lesson and benefit from the situation, then that may keep that person from failure down the road. Use as many opportunities to help a person grow as you can.

Dennis Bushyhead taught me to avoid being a leader for selfish reasons. People will see through to your true intentions and will stop relying on you. Dennis had selfish motives for being the leader of the Cherokee tribe, and eventually used his powers to give insider information to outside businesses. The result of that action was his demise as a respectable leader.

In my organization, I have observed extremely positive leadership qualities of both my superiors and coworkers. I also believe that MCI, as an organization, created the atmosphere that enables workers to feel non-threatened and respected. This could be perceived as Maslow’s hierarchial needs being met, the basic needs in order to accomplish higher needs and ambitions. As a company, they make sure you are treated with respect and financial reward, when deserved. This increases motivation in some workers, resulting in higher production (cause and effect loop!).

Management, Supervisors, and Team Leads in my area believe in an open door communication philosophy. Their cubicles are near ours, with few differences in style or room. This gives the message that people are equal and everyone is important. The training for many groups is exceptional. An aspect of leadership that I appreciate in my superiors is that they stand behind the employees. They trust their word and will defend the group. This improves the relationships between the employees.

Another leadership quality that my supervisors exemplify is genuine care for the employees. The Lou Holtz’s philosophy of caring for the individuals makes a difference to the workers. I feel as if they care about my progress, career path, and personal life.

The characteristics of coworkers that have leadership qualities were observed. I found these qualities parallel their work ethic. They are always on time, eager to learn, cooperative, and respectful.  Other qualities that help these leaders shine are their technical knowledge and their ability to make problem solving decisions. They are able to work independently as well as within a team atmosphere. In addition, these leaders are thorough in all aspects of their job. They present themselves as being confident yet are level-headed, giving them the ability to listen calmly during stressful situations. Reactions are minimal.

In assessing my personal leadership, my focus is to strive to recognize change in an organization or industry and adapt my leadership skills accordingly. I will pay attention to the organization. I will not solely focus on my abilities as a leader, but recognize how the organization functions. The organization is important in determining how successful leaders can strive to become as well as the effect they will have on the organization.

In the analysis of my DiSC results, I scored the highest possible in the “I” category. The “I” shows dominance in shaping the environment by influencing or persuading others.  To be more effective, I need control of time, objectivity in decision making, and priorities and deadlines. My mask or front that I portray shows that I am a promoter. Yet under pressure, I am inspirational. Overall, my graph shows that I am  “Inspirational”, being the high “I”, high “D”, and low “S” and “C”. The inspirational pattern portrays one that accepts aggression, yet tends to outwardly downplay their need for affection. Goals are controlled by the environment or audience. They judge others based on their personal strength, character, and social power. They are influenced by charm, direction, intimidation, and rewards. They are considered a “people mover”, one that initiates demands, compliments, and disciplines. Under pressure, they become manipulative, quarrelsome, and belligerent. Their fears are of being too soft or loss of social status. I would agree with most of these characteristics. I would be more effective if more genuine sensitivity was demonstrated, and if I helped others more willingly to succeed in their own personal development. Having a better understanding of my personal profile will enable me to be a more effective leader. One that is aware of my strengths and weaknesses.

The Power Perception Profile suggests that my main power bases are connection, expert, and referent power. Connection power means that I desire compliance from others because avoiding disfavor of a higher connection is sought after. The reverse is true as well. Referent power means that I am liked and admired by others because of my personality. Finally, expert power suggests that I am able to facilitate the work behavior of others. This respect leads to compliance with the leader’s wishes.

Recognizing that I show dominant tendencies for being the life of the party, or enthusiast, I need to be conscious of my weaknesses. The weaknesses that were discussed previously can be turned into strengths now that I am aware of them. Working on “C” characteristics, like my husband, may enable me to become more effective when completing tasks and in keeping a level head without reacting in emotional situations.

This guide has given me valuable tools for leadership, ones that I will always refer to in times of frustration. I believe a good leader needs to be aware of their organization, industry, workers, and their own personality traits. I have learned a tremendous amount about respectable qualities in leaders, as well as those aspects that are less than desirable. I feel as if I am leaving this class with some wonderful tools in my belt because of the leader of the class and the readings. I know that I will have many lessons to learn in my journey, but I will be a better leader as a result.


Comments Off on What have we really learned?

Leaders create companies based on these fundamentals

Posted in Business (600),Compliances (1300),Security (1500) by Guest on the March 25th, 2010



Unless there’s a compelling market-oriented reason for a decision to be made at the top, it’s delegated to the lowest level where the best information resides.


Marketing Mechanisms:

The market is the most efficient process for allocating resources. Therefore, central planning and powerful budget offices are shunned in favor of market like processes that are scarce resources flow to individuals or departments, based on profitability or risk.



Because entrepreneurial behavior is desirable, make people at all levels feel the consequences of their decisions.


Minimal Organization:

Corporate activities are limited to those few things the company does better than any outside source.


The obstacle to customer service was an organizational model replete with overlapping functional roles and overly independent geographic responsibilities. To sort this out, the company needed software to manage customer relations, software to configure the right product-pricing mix, and analytical software to manage financial performance.


The missing element was a clarification of the following decisions:

Who should deal with customers, and when?

Who should be involved in what decisions, and how?

How are priorities to be assigned?

Who gets what information when, and what is the proper use of that information (was it evaluative, analytical, or informative)?


Involving IT people early on and directly in the information gathering and analysis used to answer such questions, and also to assign decision rights, led these people to naturally redesign the planned software and make it more useful and used.


Senior execs don’t pay enough attention to IT early in the change process.


Here are the general examples:


When IT is aligned with company wide needs early in a transformation, the need for rework is minimized, and the cost and risk of schedule delays are lowered.


The process of consciously examining decision rights helps answer two basic questions about IT systems: Who will we them? And more important, why will they want to use them?


By clarifying decision rights, roles, and information requirements, need to have vs. nice to have IT capabilities become Distinguishable, producing minimal requirements and making the scope of the project more manageable.

The process clarifies which problems are rooted in IT systems, and which are in the organizational model. It separates our organizational problems that IT can’t solve but for which it’s often blamed. This point was of particular significance at company XYZ.

Comments Off on Leaders create companies based on these fundamentals

Suggested Business Communications

Posted in Business (600),Compliances (1300) by Guest on the March 25th, 2010

 There’s no mystery to creating effective business communications. Common sense tells us that careful organization, the arrangement of words, pictures, and other components, is our main goal. To help you improve the effectiveness of your business documents, keep in mind the following list of suggestions, or building blocks, as you develop your own business communications. 

Direct the Reader into Your Document. 

Your document’s composition, otherwise known as layout in the publishing world, should not call attention to itself. It should only serve as a frame within which the various elements are arranged. The trick is to organize the elements so that there is an unmistakable entry point, a single dominant element like a feature photograph or a strong headline. From there, the reader is guided through the material in a logical sequence of subordinate elements, like body text, inset photographs, or smaller graphic components. 

Graphics Should Appeal to the Reader 

Try to graphically visualize and dramatize your topic or proposition. Take into account the job description of your target audience or interest group. This should dictate the type of scene you portray. Design engineers work with drawings. Construction engineers like to see products at work. Chemical engineers are comfortable with flow charts. Managers relate to pictures of people. Keep this in mind when you consider which images to display. 

Reflect Your Company’s Character 

A company’s online and print communications represents the best opportunity to portray it’s personality. A confusing sales proposition indicates a confused management. Advertisements that brag and boast suggest your company is more interested in itself than the customer. A dull looking brochure or Web site raises the possibility that your company offers nothing to get excited about, or is behind the times. Try to reflect your company’s true character in every document you produce. 

Make Documents Easy to Read 

This principle should seem obvious, but the fact remains that typography is the least understood communications element. The Web and the business press are jammed with advertisements and other documents in which the most essential part of the message (the text type) appears in type too small to be easily read, or is printed over part of a photograph or illustration. Text type should never be smaller than 9-point in size. It should appear black against white, or at least a very light contrasting color. It should stand clear of interference from any other part of the document. Keep your column widths (in printed matter) no wider than one-half the width of the document. 

Provide Visual Magnetism 

Today, because there’s so much information available, only a small number of documents in any medium (Web, business press, direct mail, etc.) will capture the attention of any one reader. Some will be passed-by because the subject matter is of no interest. But others, even though they may have something to offer, fail to stop the reader in his scanning. Most advertisements in newspapers and magazines fail because they just lie there on the page, flat and gray, and are cluttered, noisy and hard to read. Your documents should be constructed so that a single component dominates the area, a picture, or the headline or text, but never the company name or logo. Obviously, the more compelling the picture, the more appealing the headline, the more interesting the copy appears, the better your chances are that someone will thoroughly explore your content. 

 Target the Right Audience 

Often, a Web site, editorial article or advertisement is the first meeting place of two parties looking for each other. There should be something in it that, at the reader’s first glance, will identify it as a source of information relating to his need or interest, a problem he has or an opportunity he will welcome. This is done by means either of a picture or a headline, preferably both. The document should say to him first off, “Hey, this information is just what you’ve been looking for.” 

Emphasizes the Service, Not the Source

Sometimes, clients will insist that the company name or logo be the dominant element in the document, or that the company name appears within the headline, or that it be set in bold-face wherever it appears within the body copy. A document should make the reader want to buy, or at least consider buying, before telling him where to buy it. You wouldn’t start off your sales presentation by telling the prospect what the cost was first, before telling him anything about the features and benefits. 

Promise a Reward 

Documents will get read only if the reader is given reason to expect that if he continues on, he will learn something of value. A brag-and-boast headline, a generalization, an advertising platitude will turn him off before he reads very far. The reward can be explicit or implicit. The promise should be specific. The headline “How to reduce downtime & quote; is not as effective as “How to cut downtime and increase productivity 25%.” 

Back Up the Promise 

Your documents should provide evidence that any claims you make are valid. Providing a clear description of your product’s operating characteristics may be all you need to support your claim. Comparisons with competing products can be convincing and will make the reward appear attainable. Use “They say” testimonials or case histories where possible. These can be more convincing than “We say” arguments. Whatever you do, make the promise believable.  

Talk Person To Person 

Much of the trade or industrial advertising copy I’ve read talks one company or industry to another. Copy could be more persuasive if you talk to the reader one on one, just like you were talking to a friend. Good advertising copy always uses terminology the reader will be familiar with, speaking in their business vocabulary, and not that of the writer’s or advertiser’s. Keep the writing style simple: short words, short sentences, short paragraphs, active rather than passive voice, and keep away from advertising clichés. Make frequent use of the personal pronoun “you”. A more friendly tone results when the copy refers to the reader in the first person: “we” rather than “the company name”.


Comments Off on Suggested Business Communications

Constructive Conflict Management

Posted in Business (600),Compliances (1300) by Guest on the March 25th, 2010

Include all:

1.  Develop supportive environment

2.  Agree on goal/agenda/time limits

3.  Approach conflict as a mutual problem

4.  Acknowledge and reach understanding of the other ideas

5.  State your ideas after the other person has stated ideas

6.  Think of options

7.  Reach agreement


Conflict Resolution Options:

1.  Reverse roles and discuss topics

2.  Interview person with opposing views

3.  Each person list the pros/cons of own/other’s ideas

4.  Each person develop a plan for solving

5.  Take a break when a deadlock occurs

6.  Ask people to write down positive points of opposing views

7.  Declare a period of silence

8.  Brainstorm pros/cons of all positions

9.  Use a facilitator as an objective third party

Comments Off on Constructive Conflict Management

Ingredients for Productive Team Meetings

Posted in Business (600),Compliances (1300) by Guest on the March 25th, 2010

There are simple steps which can increase the productivity level of team meetings. Check off the appropriate items as you prepare for your next meeting.

During team formation

1. Ensure that all members have a joint understanding

___ Make sure each person understands the mission

___ Define the problem

___ Set expectations

___ Allocate resources (time, people, money)

___ Document roles and responsibilities

___ Define boundaries

2. Make meeting logistical agreements

___ Start the meeting on time

___ Stop side discussion

___ Keep on track

___ Follow agreed upon roles

___ Review action items


3. Agree on behavioral issues

___ Shared leadership

___ Communication styles

___ Honesty

___ Confidentiality

___ Collaborative efforts

___ Problem solving approach

___ Appropriate interventions


1. Guidelines for productive meetings

___ Distribute agendas in advance

___ Briefly state the purpose of the meeting

___ Note who is responsible for agenda items

___ List amount of time allocated for each agenda item

___ Start actual meeting on time

___ State what needs to be accomplished

___ Encourage all to meet with the intent of solving issues

___ Record key topics and all agenda items

___ Record new topics for a future agendas

___ Honor team norms

___ Follow the agenda

___ Start a parking lot

___ Collectively determine next agenda

___ Evaluate the meeting

___ Stop on time

___ Publish minutes within 48 hours


2. Manage meeting discussions

___ Ensure that all participate

___ Avoid majority rule

___ Check for consensus

___ All participate

___ Search for areas of agreement

___ Clarify/discuss areas of agreement

___ Determine importance of disagreement

___ If significant disagreement exists,

___ Create alternate acceptable solutions

___ Discuss conflict situations

___ Stop the encounter

___ Give one person the chance to explain their position

___ Have the second person restate the position

___ Reverse the roles

___ See if new insights resolve the issue

___ If not resolved, ask the facilitator for help

___ If still not resolved, determine if all need to agree


3. Monitor meeting behavior

___ Create an open environment

___ Ask questions to clarify

___ Agree to disagree

___ Attack the problem, not the person

___ Listen, listen, listen

___ Summarize what’s been discussed

___ If the horse is dead, get off

___ Control rambling discussions

___ Find a natural break and intervene

___ Confirm your understanding of the point

___ Restate the purpose of the meeting

___ Direct a question to another member to refocus

___ Interrupt if necessary

___ Restrain dominating members

___ Remind the team that all need to give input

___ Acknowledge the speaker’s knowledge and move on

___ Ask the group for other opinions

___ Involve the non-participator

___ Ask for views based on experience

___ Arouse interest by asking for their opinion

___ Systematically ask for input from all

___ Diffuse personality clashes

___ Emphasize points of agreement

___ Draw attention to meeting objectives

___ Ask that personalities be omitted

___ Manage critical members

___ Ask for the reactions of others

___ Find some agreement, then move on

___ Talk with the person privately

___ Control the know-it-all

___ Ask for group comments before asking the “expert”

___ Request facts to verify expressed opinions

___ Don’t allow interruptions

___ Eliminate side conversations

___ Agree to have one conversation at a time

___ Have all team members enforce the agreement

___ Ask person to share input with the entire team

___ Stop the conversation



Sample Meeting Minutes

The regular meeting of the was called to order at on in by .


A.        Approval of Agenda

The agenda was unanimously approved as distributed.

B.        Approval of Minutes

The minutes of the previous meeting were unanimously approved as distributed.

C.        Open Issues

Summarize the discussion for each existing issue, state the outcome and assign any action item.

D.        New Business

Summarize the discussion for new issues, state the next steps and assign any action item.

E.        Agenda for Next Meeting

List the items to be discussed at the next meeting.

Meeting was adjourned at by .  The next general meeting will be at on in .


Minutes submitted by:           


Approved by:     

Comments Off on Ingredients for Productive Team Meetings

Goal Setting Info

Posted in Business (600),Compliances (1300) by Guest on the March 25th, 2010

Healthy organizations have goals at all levels.

Both organizations and individuals need to manage their affairs against goals




Hard, specific goals, if accepted by the individual, will lead to increased team performance.



Teams outperform individuals acting alone or in larger organizational groupings, especially when performance requires multiple skills, judgments and experiences.

By focusing on performance and team basics (size, purpose, goals, skills, approach and accountability), as opposed to trying to become a team, most small groups can deliver the performance results that require and produce team behavior.

Significant performance challenges energize teams regardless of where they are in an organization.

Real teams are deeply committed to their purpose, goals and approach.  High performance team members are also very committed to one another.

Discipline within the team creates the conditions for success

Shape a common purpose

Agree on performance goals

Define a common working approach

Develop complementary working skills

Hold themselves mutually accountable

Real teams do not develop until the people in them work hard to overcome barriers that stand in the way of collective performance.

Comments Off on Goal Setting Info

IT Workforce Performance

Posted in Compliances (1300),Security (1500) by Guest on the March 24th, 2010

Key Issues

What are the emerging, most critical 21st century IT professional skills ¾ the hot skills ¾ necessary for optimal performance?

Which issues and practices will affect the alignment of IT workers with business goals?

How are IT skill models and job roles changing to accommodate business needs?

What are the key skill and knowledge sets of best-in-class IT workers?

What are the key metrics for measuring the performance of IT workers?

Which aspects of technologies create worker performance challenges?

Which frameworks can be applied to identify and measure the business value of IT workers?

How are labor market trends influencing IT staff composition and skill sets?

What motivates IT professionals to best-in-class performance?

Which worker market forces impact the availability of in-demand skill sets?  

Scope of Coverage

Faster, better, cheaper. You hear this refrain daily ¾ and it grows in urgency. More and more, customer responsiveness, supply-chain efficiency, product quality, asset management and many other mission-critical functions all rely on the support of the highly qualified IT worker.

IT professionals ¾ whether in corporate departments or IT service organizations increasingly operate outside traditional boundaries defined by technical skills. They must:

Grasp enterprise wide business issues;

Be able to consult effectively with users in a variety of functions and;

Work effectively in cross-functional project teams.

But how many IT workers can evaluate the quality of software and also a business plan, or put together a network but don’t have a clue about how to manage the project team? Consider this and then consider the results: About 40 percent of IT projects fail, more than 70 percent come in over budget and many under deliver. Something is obviously missing. 

IT Workforce Performance provides insights, trends and guidelines for enhancing, and evaluating IT worker skill sets, developing skills and competency, increasing retention of top performers and better aligning the workforce with business and technology initiatives. Maximize your investment in IT human capital. Optimize your IT and business performance by improving your workforce performance. Understand the technical, business and interpersonal skill sets and components of each critical job role. Create competency centers within the IT organization for improved knowledge and capabilities management and deployment. Establish the best practices in your enterprise for managing the development of high-performance knowledge workers.  


Emerging Skill Models and Job Roles

IT Worker Alignment

Worker Attitudes and Motivations

Worker Issues in IT Migration

Worker Markets and Planning

Worker Metrics and Measurements

Comments Off on IT Workforce Performance

Success of your Business

Posted in Application (380),Business (600) by Guest on the March 24th, 2010

Outsourced solutions insure the success of your business

The road to profitability is paved with criteria that, if achieved successfully, can ensure your site’s success. In today’s Intranet economy, whether you are a service or content provider, you need to differentiate your offering from your competitors’ by:

· Building customer loyalty and strengthening relationships

· Identifying and acquiring profitable customers

· Personalizing the customer experience

· Cross-selling and up-selling products and services

· Reducing costs and risk by implementing an outsourced solution.

· Distribute the risk but outsourcing your business and technology needs

Another way to differentiate your company is to expand your offering into the business-to-business market. This segment is growing rapidly online and within that segment the small business market is growing even more quickly. 

Comments Off on Success of your Business

Challenges of IT Infrastructure

Posted in Business (600),Compliances (1300) by Guest on the March 24th, 2010

The development of the internet has been seen as the most significant advance in IT for many years. In essence, what it does is to allow any computer with a communication channel to offer its contents to anyone else and to get material back from any other connected computer in return. This has come about as a result of work by many excellent computer scientists and by commercial companies realising the value of this and investing in the technology.

Much of the focus in the past has concentrated on ensuring availability of the access devices, traditionally expensive personal computers. But recent technological advances have dealt with this to a large degree by incorporating internet access capability into common cheap devices like digital TV set-top boxes and games consoles.  

There is still some way to go to say that internet access devices are affordable for everyone, but it looks likely that the consumer electronics market will resolve this in nearly all cases over the next couple of years. The fact that the cheapest cost for basic access devices is likely to become affordable for nearly all households does not resolve all the problems in this area and some remain that need a policy response. 

In particular there is a concern about market dominance by a small number of large companies that may act against the consumer interest. 

This has already attracted attention in the consumer electronics sector where a small number of large multiple retailers has a firm grip on the high street. The limitation this can impose is seen in the area of digital television products. The large retailers do not offer a wide choice of devices for receiving free-to-air digital television but only have products requiring a subscription to pay television. The advent of integrated digital television sets may widen choice, but the Consumers Association has pointed to quality problems with these meaning they are not always a good deal for the consumer.

The problems of limited choice are also found in the content provision sector for digital television. If we are assuming that many people will access the internet through their digital television provider then more attention needs to be paid to way in which a small number of large companies currently control these access channels and tie customers into their own offerings.  

The other area of major concern is that of dominance in the software market. This has tended to focus on the well-known challenges to Microsoft in the personal computing sector.

The reality is that there is a tension between the competing demands of customers in the technology sector. They want to have a range of innovative products on offer at the best possible prices. They also want these products to work with each other.

The desire for common standards has created the conditions for companies to gain dominant market positions by selling enough of a product to make it the de facto standard. This creates a situation with the potential for abuse by the dominant supplier that must be of concern.

Traditional remedies for dealing with market abuse have often proved to be of limited use in this area due to the rapid pace of development and its highly technical nature. There is a requirement for public policy to respond to this by seeking new solutions.

In terms of the internet access debate generally, the focus has now shifted away from the costs of devices to what has in many ways always been the weakest link in the internet, the physical connection to the access device. The internet initially took off in universities who have invested in their own fast telecommunications links. It then expanded into the general consumer market where many people only have access to a traditional telephone line into their house, know as a PSTN (Public Service Telephony Network) line. In the UK, the vast majority of these are still in the hands of the former national monopoly supplier.

These lines have only provided fairly slow access to networks. These are good enough for sending and receiving text at speeds that match the human ability to process (i.e. read or write) the material. Recent developments have also led to the ability to transmit sound to a high standard if it is properly manipulated in software. It seems ironic that it has taken time to send sound properly over a telephone line that is designed for sound transmission. This reflects the extra burden and complexity of using a global network system like the internet rather than the limited tasks of a traditional voice telephone network, as well as the additional sound quality requirements of material like music rather than just talking voices.

There are still very serious limitations in the transmission of pictures, either complex still pictures or even more problematically moving video images. This requires lots of information to pass down the line to the receiving device in a very short space of time if the images are to keep up with the speed in which the human eye processes them (i.e. scans a still image and moves on or watches a video).

There is general acceptance that the technology used by most people currently for sending information down the telephone lines will never be good enough for visual applications like video. So, they are turning to other technologies that have been developed over recent years. These allow much more information to travel over the channel into your home or office and are know as “Broadband” to distinguish them from the older methods that are knows as “Narrowband”. They could as easily be called “high capacity” and “low capacity” with the capacity being in terms of “bandwidth”.

The market for this high capacity access to the internet is still developing very rapidly and there are a number of different channels which can be used to deliver it, such as the normal telephone line, a cable company line, satellite and mobile. Many people will use these other channels such as cable, if it is in their area, or mobile. But it does seem likely that for many people the preferred method of access will be via their ordinary (PSTN) telephone line.

This sort of access is at the heart of much of the current debate. The UK has already made historic investment in putting wires into most homes and offices in the country by. These wires can now be used to deliver broadband internet access. The questions revolve around what the best model is for doing this when the lines are currently owned by one of the companies offering this service but could potentially be used by many other companies wanting to offer a competing service.

If you going to use this, at least give us credit for writing this.


Comments Off on Challenges of IT Infrastructure

Business goals for the future

Posted in Business (600) by Guest on the March 24th, 2010

Corporate America needs to develop a clear understanding of what it will take to become profitable and build on or Extend market share. Developing tactical strategies to attain these goals should be based on short-term and strategic long-term goals.  

Reduce and Control Operating Costs

The single most important tactical reason for outsourcing is to reduce and control operating costs. Access to the outside provider’s lower cost structure, which may be the result of a greater economy of scale or some other advantage based on specialization, is clearly and simply one of the most compelling tactical reasons for outsourcing. Excellent outsourcing choices are:

  • Antivirus (Spyware, Malware)
  • Exchange (BES)
  • DDoS
  • Penetration Testing (externally)
  • Vulnerability Assessments (scheduled / unscheduled)
  • Some Application Development
  • Virtualization
  • Disaster Recovery / Hot Sites
  • Web Backups
  • Some aspects of Human Resources
  • Some Aspects of accounts
  • Contractor Management

Additionally, companies that try to do everything themselves may incur vastly higher research, development, marketing and deployment expenses — expenses that have to be passed onto the ultimate customer. Today’s customers are too sophisticated to accept the costs associated with an organization’s attempt to maintain singular control over all its resources.

Outsourcing often involves the transfer of assets from the customer to the provider. Equipment, facilities, vehicles, and licenses used in the current operations all have a value and are, in fact, sold to the vendor.

The vendor then uses these assets to provide services back to the client and, frequently, to other clients. Depending on the value of the assets involved, this sale may result in a significant cash payment to the customer.  

Make Capital Funds Available

Outsourcing is a way to reduce the need to invest capital funds in non-core business functions. Instead of acquiring the resources through capital expenditures, they are contracted for on an ‘as used,’ operational expense basis.

Outsourcing makes capital funds more available for core areas. It can also improve certain financial measurements of the firm by eliminating the need to show return on equity from capital investments in non-core areas.

There is tremendous competition within most organizations for capital funds. Deciding where to invest these funds is probably one of the most important decisions that an organization’s senior management is called upon to make.


If you going to use this, at least give us credit for writing this.


Comments Off on Business goals for the future

Business Rule Considerations

Posted in Business (600),Compliances (1300) by Guest on the March 24th, 2010

Isolate Business Rule Processing

Create “Library” of Business Rules

Create Infrastructure

Ability to “select” rules

Ability to generate a process with multiple rules

Self Documenting

Current Direction

Bridge ALL functionality using messages for bridging

Isolate Single Module for Single Function

Separate Data Layer

Establish Extensive Re-Use

Build Libraries


The customer information is kept in CORE

Establish Re-Use – Methods should always be designed with Re-Use as a primary consideration. Re-Use allows many different processes to utilize the same Business Rules, while minimizing maintenance due to the fact than only one method has been coded for the single set of rules. A library must be maintained to allow development to use these reusable methods

Establish A Common Set Of Published Documents – A common method of creating  and documenting the system will be established

“On average, 300 hours are lost per year to outages and service degradations:  37% for LANS,  29% for WANS, and 32% for networked applications .”

Comments Off on Business Rule Considerations

Bull or Bear in IT

Posted in Business (600) by Guest on the March 24th, 2010

                 Bull Market                                  Bear Market

Big spending wins eyeballs.
Smart spending wins customers.
Customer acquisition is a priority.
Smart spending wins customers.
Company merge to look big.
Customer retention is a priority.
We’ll be the next Yahoo.
Companies merge order to survive.
Free offers lure new customers.
We’re not the next Yahoo.
It’s an ad sellers market:
Reward programs benefit good customers.
You need us, we’re a portal.
It’s an ad buyers market:
Services firms take equity as a form of payment    
I’ll buy on performance metrics.
Cool Factor marketing:
Services firms take cash, thanks.
Big parties, big budgets, Super bowl ads.
Case studies, frugal budgets, email marketing.
Reactive direct marketing –
Proactive direct marketing –
Occasionally contacting registrants or members.
Using tools to figure out the right customer offer.
Partnerships help you build buzz –
Partnerships help you expand your value proposition –
You are who your partners are.
Customers get a new service.


Comments Off on Bull or Bear in IT

Help Control Your Personal Information Online

Posted in Business (600),Compliances (1300),Security (1500) by Guest on the March 23rd, 2010

Help Control Your Personal Information Online

Most of us don’t even pause before filling out a contest entry form at a shopping mall and leaving personally identifiable information in a jar. But many people feel more protective of their privacy when they go online. When you are asked to share personal information online, it’s important to know who is collecting the information, why they are collecting it and how they will use it. The following steps can help you control your personal information when you do business on the Internet.

Consider Whether You Trust the Business

In evaluating whether you can trust a business, consider its reputation. Is it a well-known brand or have you never heard of it before? Businesses that have reputations to protect may have more of a stake in following their stated policies.

Provide Only Necessary Information

Think about why the Web site needs the information it is asking you for. If you are buying online from a trusted Web site, for example, it may be necessary to provide your address and credit card information. But think twice before you give out information such as gender, age, or Social Security number. Consider taking your business elsewhere if you are not comfortable with the type of information a Web site asks you for.

Consider How Information Might Be Combined

Even if a single piece of information, such as your mother’s maiden name, seems fairly innocuous, consider how it might be used if combined with other information about you that’s available online. For example, a birth date and postal code alone might be enough to identify a person who lives in a rural area.

Check the Web Site’s Privacy Statement

Make sure you know how the information you provide will be used. Review your choices about having your information shared with other companies or organizations and opt out if you are uncomfortable with those practices. Some Web browsers, such as Microsoft® Internet Explorer.0, can be set to automatically block cookies (small text files) from Web sites with privacy statements that do not match your criteria. For more information on how privacy policies can help protect you, see:

  • Learn what to look for in a privacy policy
  • Set your privacy options in Internet Explorer  

Look for Third-Party Seals of Approval

When you see a seal displayed on a Web site, it is good practice to click the seal to verify that it is active and valid.

  • Learn more about seals of approval from independent authorities
  • Read about TRUSTe certification of’s privacy policy

Insist on Having Access to Your Personal Information

You should be able to verify and correct the personal information a business keeps about you. For example, if you have registered on or have a Microsoft .NET Passport account, Microsoft provides ways to access your personal information online.

  • Access your personal information stored at the Profile Center
  • View your .NET Passport profile

Choose Passwords and Secret Questions Carefully

When you are choosing a user ID and password, many Web sites will offer you a choice of “secret” questions that you can answer to retrieve your password when you forget it. Avoid questions that could open the door to your sensitive data, such as your mother’s maiden name. That’s a key piece of data for an unauthorized user to gain access to other information about you, such as your credit card number or your health history.

  • Learn how to create strong passwords

Share a Computer – Not Your Data

If you share a computer at work or use one in a public place, such as a library or Internet café, always sign out of any account you have accessed and close the browser before you walk away. If you don’t, the next person who uses the computer might be able to access the information you entered.

Limit the Sharing of Your Personal Profile

Some Web browsers, such as Internet Explorer, enable you to create a personal profile that includes your business address and phone number, as well as your age, gender, children’s names, group memberships, home address, and home telephone number.

To create or modify your personal profile using Profile Assistant in Internet Explorer:

  1. On the Tools menu, click Internet Options.
  2. Click the Content tab.
  3. Under Personal information, click My Profile to view and edit the information used by Profile Assistant.  

To save you the bother of retyping your address and other information, a Web site may ask your permission to tap into your personal profile. Web sites can request this information, but it is shared only if you give your consent. Before you grant permission, take a moment to consider what profile information to share with that site. Be sure to consider the reputation of the Web site and how information from your profile may be used in evaluating whether to make your profile available to a Web site and whether to allow your personal information to be shared with that Web site in the future without prompting.

By default, the Profile Assistant is enabled. This means that your browser will prompt you before sharing information with a Web site that requests user profile data. You can choose never to be asked for Profile Assistant information by changing the default settings in Internet Explorer. To do so:

  1. On the Tools menu, click Internet Options.
  2. Click the Advanced tab and scroll down to Security.
  3. Clear the Enable Profile Assistant box.

Learn More About Privacy Options in Internet Explorer

Microsoft has enhanced Internet Explorer by adding new privacy features in Internet Explorer. It is now easier for you to see what Web sites are doing with cookies, view their privacy statements, and manage cookies.

  • Use the security and privacy features in Internet Explorer
  • Learn more about the privacy features in Internet Explorer

Comments Off on Help Control Your Personal Information Online

The Cost of Not Managing Security

Posted in Business (600),Security (1500) by Guest on the March 23rd, 2010

Typical Help Desk Calls


Cost of doing nothing
Comments Off on The Cost of Not Managing Security

HIPAA Documentation

Posted in Compliances (1300) by Guest on the March 22nd, 2010

HIPAA Documentation writing provides you with professional consulting and advisory services including:

  • Management Systems Overview
  • Manual Development
  • Procedures Development
  • Procedures Implementation
  • Internal Audit Assistance
  • Corrective Action Assistance
  • Pre-assessment
  • Pre-Gap Analysis
  • Consulting During Pre-Accreditation Audits



Improved efficiency; Documents are instantly accessible and distributed right from your workstation.

Reduced costs; Labor, storage, copy and postage costs are dramatically reduced.

Better disaster recovery; Paper documents are now in electronic form and can easily be backed up.

Reclaimed office space; Space for filling cabinets are no longer needed.

  • Business Invoices
  • Financial Ledgers
  • Employee Files
  • Contracts
  • Job Files
  • Insurance Policies
  • Medical Records


Comments Off on HIPAA Documentation

The Ethical and Legal Environment of Business


Research Paper we completed, this is just an opinion as all of our material.

What is the relationship between law and justice? Law is defined as established standards or guidelines for action or behavior in a society.  Justice is defined as moral rightness. Laws establish rules to maintain social order while justice is concerned with fairness and equity. Law is objective whereas justice is subjective. At first glance, they seem to have little in common.

People make laws to provide a common standard that can be applied to all members of society. This standard allows us to judge the actions and behaviors of individuals within the society. All people are subject to the same laws. In this way, the establishment of laws is meant to develop a foundation for justice. In a perfect world all laws would be just. All people would be the same. Laws would mirror the ethical standards of society and all individuals would subscribe to the same standard. However, in the real world not all laws are just. People are different. They come from diverse backgrounds and cultures. They have differing values and ethical standards. It is this diversity that makes the establishment of laws essential. It also places a great responsibility on every individual. Each of us must ensure that the laws we make are just to all of us. Without these laws society cannot survive. 

Oliver Wendell Holmes states “We practice law, not justice.” He implies that it is the law and not justice that are important for society to function. He would have us believe that because “Justice changes with the beholder’s viewpoint”, there is no universal view of justice. But if his argument is to be accepted, we must answer this question. What happens when society accepts rules that are unjust? The holocaust is an example of the danger of such a belief. During Word War II, those who were in power in Germany legally murdered millions. The belief stated in the quotation by Oliver Wendell Holmes does not recognize that unjust laws can be made. It also ignores the cases where proposed laws intended to protect fairness and equity are not passed. This is especially true when these laws benefit those with power. In the early 1900’s child labor and mandatory working hours benefited wealthy businessman. Although these actions were legal at the time, they exploited the weak and were not just. 

Thomas Aquinas states “Where there is no consensus, there can be no law.” At first this seems a true statement. Society must agree before laws can be passed. In our society congress must have a majority vote to ratify a bill before it can become law.  But is consensus the only criteria for making laws. Our Constitution through the Bill of Rights protects the rights of the individual. These rights outline the freedoms that each of us enjoys. When laws are passed that infringe on these freedoms, our system of checks and balances help to protect our freedoms. It is clear consensus is not always required for there to be law. Individuals have rights that no society can usurp.

William Lloyd Garrison’s statement “That which is not just is not law” most closely reflects my belief about law. Unlike Oliver Wendell Holmes I believe there is a fundamental view of justice which is universal. This view is based on the Golden Rule, “Do unto others as you would have them do unto you.”  This fundamental view relies on basic beliefs of truth, fairness and equality. These beliefs are the foundation for determining what is just and what is not.  Our laws must incorporate these basic truths if they are to be accepted by society. If our laws are not just and do not reflect the values of society, individuals lose faith in the law. They lose their trust in the organizations responsible for making laws. Society begins to question the validity of the laws and the reason for abiding by them.  

Our legal system has many ways of ensuring that our laws are fair and equitable. The process for creating laws is rigorous and methodical, ensuring that laws are deliberate and have purpose. The system of checks and balances provides for the review of laws. The Supreme Court has the responsibility for reviewing and even striking down laws that violate the Constitution. The doctrine of stare decisis helps provide continuity in the law. It helps ensure that laws are interpreted in the same way for everyone in similar circumstances. The doctrine of respondeat superior helps ensure that all parties involved in committing wrongs maintain responsibility for those wrongs. Our legal system has a presumption of innocence for those who are accused of wrongs. This helps ensure that innocent people are not wrongly convicted. Our legal system also provides a mechanism for those wrongfully injured to recover damages. These are a few examples of how justice is incorporated into our laws and into the legal system.

Our laws are created to serve all people but they are not meant to provide “cookie cutter” justice. Changes in society, technology and the environment require us to review our laws in terms of our current context. Blindly following the law without challenging it may not always serve justice. The policy of ‘separate but equal’ is an example of this. In the late 1800’s the case of Plessy v. Ferguson set a precedent that “separate but equal” was both a legal and just way of separating races. This idea was a popular one at that time. However, in 1954 this judgment was challenged in the Brown v. Board of Education case. In this case the United States Supreme Court rejected the idea of “separate but equal”. This case overturned the previous ruling and set a new precedent. This change in legal judgment was a direct result of a change in society’s attitude toward segregation.

As our values change, so must our laws. As our attitude toward slavery, women’s right to vote, and polluting the environment have changed, so have our laws. These changes in attitude reflect society’s new values and a change in our sense of justice. Our laws are a reflection of our values. They can provide a framework for justice but cannot guarantee that all people are treated justly. The ultimate responsibility for ensuring that are laws are just belongs to each of us. We must rely on our conscience to guide us in determining which laws are just and which are not. We must also take responsibility for changing laws that are not just through the mechanisms provided by our legal system.       

Comments Off on The Ethical and Legal Environment of Business

Personal Identifiable Information (PII)

Today, priority must be placed on protection of new applications, current system infrastructure and data integrity in addition to the implementation of privacy practices.

New reports on unauthorized access, interruption of service, privacy invasion and denial of service, have heightened public awareness of the vulnerability of electronic data on the Internet.

As the Internet evolves, and more and more data is interchanged, security measures will have to become more stringent to ensure public privacy and data integrity.

With the amount of information available on the Internet today, choosing best practices to provide privacy and protect data is a daunting task for e-services agencies and businesses alike.

Well as, the knowledge and expertise to select and implement the appropriate security plan for a particular e-commerce solution.

When combined, the tools and knowledge create a formidable wall against breaches of privacy and security through either inadvertent or malicious attacks.

E-commerce sites use several different types of security, often simultaneously, to secure transactions and data on their sites. For example 85% use firewalls, 75% use password authentication and 55% use Secure Socket Layer (SSL) encryption.

The protection of privacy is one of the most important issues surrounding the Internet today.

The extent and amount of personal data collected is not completely know and understood today.

The public wants to know what is being done with the information that they provide. They also want to have a choice to decline from entering a web site if they privacy policies do not coincide with their own beliefs.

The government has an obligation to is customers:

. To protect and maintain the privacy of the information it collects.

. Set the expectation that transaction data will be secure from unauthorized users.

. Make sure that each transaction is authentic.. Assure customers that the information represented on the web is accurate, timely and genuine representation of the e-services entity.

Enforcing aggressive policies, paying constant attention and using technology wisely ensures that all these obligations are met.

Comments Off on Personal Identifiable Information (PII)

Adequacy of Privacy Policies

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the March 22nd, 2010

There are many different privacy policies, but all good policies share certain characteristics. A good privacy explains the responsibilities of the organization that is collecting the information and the rights of the individual who provided the personal information. A policy statement should typically, contain why an organization is collecting information, the intended use of the information, and how improper disclosures will be limited and handled.

Good privacy policies should provide meaningful information for users about web site practices and not require users to disclose personal information when browsing a site.

Not surprisingly, many users are reluctant to disclose personal information and some provide false information when asked.

Techniques to provide users with more information about privacy practices, such as branding techniques, should be encouraged. These services should provide clear and meaningful designations for privacy practices.

Good privacy policies should provide meaningful information for users about web site practices and not require user to disclose personal information when browsing a site.

Recommendations for enhancing privacy:

The challenge is to devise and implement a business plan focusing on resolving those concerns.

What information its web site collects about those who visit.

How that information is used by the web site operator.

Disclosing this information allows the individual accessing the web site to decide for themselves if they want to continue accessing the information on the web site, thus returning control or privacy to the individual not the business.

We have chosen three that are fundamental to security best practices and they are: Hardening of the operating system, maintaining web browsers and authentication.


Comments Off on Adequacy of Privacy Policies
Next Page »