December 23, 2014

CIO interview: Catherine Doran, CIO, Royal Mail
According to Doran, one main concern during the recruitment exercise was avoiding a "scattergun approach". Given that it was an extended campaign, the last thing the CIO wanted was seeing job applications dwindle because of a possible impression that something was wrong. The solution to that risk was driving targeted campaigns to different communities using LinkedIn. "LinkedIn was a big deal for us, to be honest. When we were looking for architects we would target that community, do a campaign with them for a bit, then we wouldn’t do anything with them for a while. Then we’d release a set of jobs to, for example, testing professionals, then programme and project management people and so on," Doran says.


Using the Open FAIR Body of Knowledge with Other Open Group Standards
The Open FAIR Body of Knowledge provides a model with which to decompose, analyze, and measure risk. Risk analysis and management is a horizontal enterprise capability that is common to many aspects of running a business. Risk management in most organizations exists at a high level as Enterprise Risk Management, and it exists in specialized parts of the business such as project risk management and IT security risk management. Because the proper analysis of risk is a fundamental requirement for different areas of Enterprise Architecture (EA), and for IT system operation, the Open FAIR Body of Knowledge can be used to support several other Open Group standards and frameworks.


Conflict and Resolution in the Agile World
Collaboration means conflict: Any time more than one person works on a problem, there will be disagreements about how to solve it. Whether you disagree over methodology, philosophy, tools, technology, personality or even the basic understanding of the problem, you will have to work through your disagreements to get to a solution. The more people that work together, the harder it is to get consensus. Transparency means conflict: Agile practices place a premium on transparency. Transparency allows problems to surface and be squashed. Without transparency, problems can fester, grow and ultimately become insurmountable. But with the good comes the bad. With increased transparency, there is also an opportunity for more disagreements, and conflict within the team and with external stakeholders.


Success of Health IT Rests With Business Alignment
Some in the medical community suggest that EHRs and other health IT systems would be most effective if they were to fade into the background and minimize the interaction required with the care provider. Kavita Patel, managing director of clinical transformation at the Engelberg Center for Healthcare Reform, says that practitioners would welcome technologies like motion-capture gesturing systems that would "do away with the computer in the room." "Any of these workarounds or kind of 'life hacks' that I think we can do in clinical medicine are probably something that every physician or every clinician who sees patients would want millions of," she says. "So there's an entrepreneurial mission waiting to happen."


Getting Your Data House in Order
When we talk about getting our houses in order, sometimes we mean our financials, relationships, or our actual house. What about an organization’s data house? I see many correlations between data problems and companies’ lack of organization. When I talk about getting our data house in order, I am talking about the nitty-gritty of solid data governance practice. Much has been written and discussed on the principles and frameworks of data governance, but sometimes the mechanics of making data decisions are overlooked. To me, it is a matter of embedded organization practice.



The Power of Cloud Computing
“Arguably the most essential aspect of the Cloud is its ability to provide an integration of nearly limitless numbers of data sources involving structured, semi-structured, and unstructured data,” Dataversity’s Jelani Harper writes. “Such integration spans geographic location and includes both on-premise and Cloud sources, and is frequently typified by a speed of access that comes in real time or close to real time.” Obviously, that’s not something that would be cheap or easy or maybe even possible with traditional data management tools, she adds. The article includes three sample use cases that show off cloud computing’s mad data integration skills.


5 things you should know about DDoS attacks, outages, SSL, and web performance
Last week at Radware, we released our annual Global and Network Security Report. This report is based on data gathered from a survey of 330 organizations worldwide. The survey was designed to collect objective, vendor-neutral information about the issues organizations face when preparing for and fighting against cyberattacks. The report gives a comprehensive and objective review of the past year’s cyberattacks from both a business and a technical perspective. It also offers best practice advice for organizations when planning for cyberattacks in 2015. But my favourite aspect of this report is the fascinating play-by-play insight into how today’s sophisticated attacks take place.


20 Netstat Commands for Linux Network Management
netstat (network statistics) is a command line tool for monitoring network connections both incoming and outgoing as well as viewing routing tables, interface statistics etc. netstat is available on all Unix-like Operating Systems and also available on Windows OS as well. It is very useful in terms of network troubleshooting and performance measurement. netstat is one of the most basic network service debugging tools, telling you what ports are open and whether any programs are listening on ports.


2015: The Year of the Compliance-Created Cyber Confidence Collapse?
The biggest security risk now faced by employers is not outside hackers. It is compliance experts who stay just long enough to help you tick the latest regulatory boxes, having acquired the necesary understanding of your systems and security credentials necessary to do so. The drive by the European Commission to address supposed "data protection" problems, supported by the US obsession with "Data Breach Notification", could not have done a better job in opening up opportunities for serious fraud (both high value and mass market) if they had been actively planned by organised crime.


Charlatans: The new wave of privacy profiteers
Within two days the Kickstarter project, which began at $7500, blew up into a $600,000 funding sensation. It also drew enough attention to Germar's dangerously false promises that Germar's con unraveled, fast. Within a week of all the great PR, funders began withdrawing their dollars in droves, and public outcry pushed Kickstarter to suspend Anonabox's funding campaign. But not before things got quite ridiculous -- in large part due tothis blistering Reddit thread. As it turned out, Germar's custom open source hardware product wasn't custom, or open source. Thanks to infosec community chatter on Twitter and the Reddit thread, funders and observers discovered Anonabox's entire hardware package was actually an off-the-shelf Chinese router.



Quote for the day:

“You will never see an eagle of distinction flying low with pigeons of mediocrity.” -- Onyi Anyado