Winning Strategies for Project Management book is now available.
Project Management is not easy, but with the methodologies developed and explained in this book, it is easier to accomplish your goals and deliver real value to all concerned. Too often projects involving technology do not create as much value nor help as much as they should. Adopting new systems can be particularly painful. After you finish this book, you are unlikely to look at business and project management the same way again. Enjoy the voyage!
Latest Blog -- the Basic Rules of Disaster Recovery
This is a topic that is likely here to stay as long as computers are relied on for productivity. The key is the restoration of functuality.
Disaster Recovery is a large topic. Unfortunately, most people think of this topic in terms of information systems recovery, which is a very important part of the picture, yet there is so much more information that is vital. Our discussion will start with information systems recovery and then in later blogs I will address some of the other factors.
After forty plus years in Information Technology and being involved at various levels of IT and management I defined some basic rules regarding disaster recovery that anyone would be wise to be familiar with.
- The capability to back up data in and of itself is useless. Backups of data are often useless or nearly so.
Backups of data are even dangerous ...
Click HERE for the complete solution.
A word on Computer Security
This is a topic that is likely here to stay as long as we use networked computers in business and government.
Today computers are woven into almost everyone's life and computer security or the lack of it is woven right in too.
Various Types of Malware
There are various general categories of Malware - some of the most advanced malware has elements of each. Here is a brief description and summary.
- Virus - A form of malware that does something destructive to a computer or data
- Worm - A form of malware that duplicates itself from computer to computer
- Trojans - A form of malware that delivers something else (some other form of malware into your system - such as a Spyware)
- Spyware - Something that tracks your actions and delivers this info to other systems
- Root Kit - A technically advanced form of malware. Difficult to find and relatively dangerous. Thankfully this is somewhat hard to implement.
- "Drive by Exploit" - This particular breed of malware that makes your computer execute instructions when you visit a website. What's particularly nasty about this one is that when it executes, it executes as though it is YOU executing it. In other words with your log-in ID, security, etc.!
Computer security is a tough topic. It is not unusual for people to just mentally run away from the topic. A certain mental toughness seems to be essential to work in this area. In addition, a substantial amount of knowledge is required to effectively deal with many computer security matters.
There are millions of attacks on computers every single day. Many of these attacks are themselves conducted by teams of computers that have been compromised and used to accomplish destructive purposes without the slightest knowledge of the computer's owner. Unfortunately, breaking into computers and using them for malicious purposes is a billion dollar industry today.
Attackers steal information and use it in fraudulent financial transactions. Or gain other business and technical advantages they never earned.
Fortunately, today, after years of dealing with computer and information security related issues, solutions are becoming available that can make it very difficult and expensive to break into systems. Contact me and we can discuss some of them.
There are tools publicly available that can help bring commercial systems up to Defense Department Standards. The National Institute of Standards and Technology provides excellent guidance on computer security matters in their 800 series of documents. There are standards for education of administrators of Department of Defense systems known as the 8570 series. However, it is still the end user of a computer that can make or break its security. User’s actions are frequently part of major security problems. Education of users is a critical step toward information security.
What types of actions and resources are required to address information and computer related security issues?
The most important thing it takes is the decision to do so. Then it takes the right people with the right background and some financial investment. The amount of the investment required varies with each situation. A small investment can create a significant improvement in security.
What is the ideal background for a computer security professional?
The ideal professionals have:
- Experience in business so they understand that there are issues beyond technology involved in information security.
- A great depth of technical knowledge so they can understand the technologies involved. Preferably this knowledge has been certified by industry standard tests such as CompTIA's Security+, or the ISSC2 Certified Information Systems Security Professional exam.
- The ability to communicate these sometimes ultra-technical, ultra-sensitive topics in a way that laymen can understand. User education is generally considered one of the cornerstones of an effective computer security program.
Potent action can be taken against computer related security threats. It is not necessarily expensive. It does require the decision to do so and to stick with it until a real security defense is in place for your organization.