(No Ratings Yet)
Loading ...Dan Swanson’s Security Resources: #15
Project management helps to pull it all together.
If your project management experience or expertise needs strengthening this week’s resources are just what the doctor ordered. Neal’s efforts are world class, and his project management consulting advice is sought after by numerous organizations. Learning from past experiences is always recommended and the “early waning signs of IT project failure” is a classic that should be read before taking on any significant IT initiative.
Finally, last week’s column highlighted the significant benefit of strong change management. This week’s resource “feature” is ITPI – an organization dedicated to IT process improvement.
Good luck and have another great week.
Dan Swanson
Dswanson_2005@yahoo.com
1. The #1 Reason Why Project Managers Fail: TOO SOFT!
Various examples of project manager actions (or inactions) that are indicative of too-soft behavior are presented. http://www.nealwhittengroup.com/power/sn_ts.htm
2. PMI’s Library for the Project Management Profession
Located within PMI’s Global Operations Center (Newtown Square, Pennsylvania, USA), the Knowledge & Wisdom Center (K&WC) is PMI’s hub for literature and information sources in the field of project management. The K&WC is committed to helping advance project management practice and scholarship by cataloging PMI-published literature, managing PMI’s ever-expanding electronic literature collection, administering the K&WC’s Knowledgebase, and providing information retrieval assistance.
http://www.pmi.org/info/PIR_KWCOverview.asp?nav=0603
3. Early Warning Signs of IT Project Failure: The Dominant Dozen.
The postmortem examination of failed IT projects reveals that long before the failure there were significant symptoms or “early warning signs.” This article describes the top 12 people-related and project-related IT project risks, based on “early warning sign” data collected from a panel of 19 experts and a survey of 55 IT project managers.
http://www.ism-journal.com/ITToday/projectfailure.pdf
4. The IT Process Improvement Institute
The IT Process Institute (ITPI) is an independent research organization that exists to support the professional communities of IT audit, security, and operations professionals. They are dedicated to working with IT leaders to advance the science of IT management. The IT Process Institute has created a unique three-part methodology designed to create and share results-oriented prescriptive guidance with our members including: 1) Research - study top performers and identify the causal link between behavior and results; 2) Benchmarking - create tools that compare individual organizations to top performers; and 3) Prescriptive Guidance - share content written to help IT organizations become top performers. Their latest benchmarking study results are also truly “insightful” – go to the second link for free access to the “Executive Overview”.
http://www.itpi.org/home/default.php and http://www.itpi.org/home/wp_reg.php
5. Auditing IT Initiatives - Because an IT Project Failure is NOT An Option.
Key questions to consider:
* Does the proposed IT solution work & will it meet the needs of the organization?
* Does the security aspect of the IT solution work?
* Will the privacy of the organization’s information be maintained?
* Will the staff know how to perform “productively” and accurately?
* Have we done everything necessary to be prepared?
* Are we ready to implement and how do you know it’ll work?
http://www.auditnet.org/articles/DSIA200702.htm
6. The Visible Ops Handbook
Visible Ops: Starting ITIL in four practical and auditable steps – is getting rave reviews. If you need practical guidance on how to jumpstart ITIL or IT control projects – this book is for you. Get control of your infrastructure; increase security, auditability, and service levels; decrease costs.
http://www.itpi.org/home/visibleops2.php
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(2 votes, average: 10 out of 10) Loading ...BlackHat USA 2008 - Day 1 Review
Welcome to our first Security Insider posting from the BlackHat conference here in Las Vegas. My colleague Tadd Axon and I will be doing our best over the next few days to post some highlights of the conference. For those of you not familiar with the event, BlackHat takes a deep look at emerging threats and security research. If you want a good close look into the future, this is the place to be.
For the purpose of these posts in the next few days, we’ll post some high-level summaries of the talks we attend. This isn’t anything close to a full list of everything that’s going on here, just what we’ve personally attended. For a more complete wrap up of both the BlackHat and Defcon events, be sure to attend this month’s TASK event. At the TASK event, all the various TASK members here in Vegas this week will be sharing highlights in more detail. As always TASK is free, check it out. You will also be able to catch some of these speakers when they come to SecTor this year.
So today represents the first day of the conference, and therefore the day that it’s easiest to wake up early for. Tonight many vendors will host many parties making tomorrow a much more difficult day to focus. Here is what we attended.
Read the rest of this entry »
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Dan Swanson’s Security Resources: #11
Auditing information security helps identify key improvement opportunities while studying leading audit guidance provides a better understanding of what the auditors are looking for, helping make audits more productive (a true win/win).
Taking the perspective of a board director will help focus your efforts on what the board is concerned about. Board guidance also tends to be very concise (very focused), i.e. they are great reports to study closely. Finally, getting your unplanned work under control will help make your life better, full stop.
Enjoy.
Good luck and have another great week.
Management Planning Guide for Information Systems Security Auditing
Produced by the National State Auditors Association and the US General Accounting Office.
http://www.gao.gov/special.pubs/mgmtpln.pdf
Information Technology and the Board - ”An Insightful Resource”.
http://www.deloitte.com/dtt/article/0%2C1002%2Ccid%25253D152626%2C00.html
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte.com/dtt/article/0,1002,sid=36692&cid=151800,00.html
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkworld.com/whitepapers/nww/pdf/Tripwire_Unplanned_Work_Management_Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization’s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica.ca/index.cfm/ci_id/1000/la_id/1
The Federal Government of Canada (GOC) Internal Audit Guides
Audit of Information Technology Security audit guide
http://www.tbs-sct.gc.ca/Pubs_pol/dcgpubs/tb_h4/01guid01_e.asp
Audit of Security audit guide
http://www.tbs-sct.gc.ca/ia-vi/policies-politiques/gas-gvs/gas-gvs_e.asp
Various other GOC internal audit guides
http://www.tbs-sct.gc.ca/ia-vi/common/guides_e.asp
