New Books

Click on a book cover for more information or to order.

Privacy and Its Relation to Cloud-Based Information Systems
Cloud computing has significant implications for the privacy of personal information as well as for the confidentiality of business and governmental information. Any information stored locally on a computer can be stored in a cloud, including email, word processing documents, spreadsheets, videos, health records, photographs, tax or other financial information, business plans, PowerPoint presentations, accounting information, advertising campaigns, sales numbers, appointment calendars, address books, and more. There has been a good deal of public discussion of the technical architecture of cloud computing and the business models that could support it; however, the debate about the legal and policy issues regarding privacy and confidentiality raised by cloud computing has not kept pace.

Introducing the IT Infrastructure Library (ITIL.)
ITIL is a set of best practices built around a process model-based view of controlling and managing IT operations. ITIL is considered one set of best practices in the more general field of ITSM. It is important to remember that ITIL is truly a library of books. The "architecture" of ITIL can be thought of as the structure imposed by the titles of the books that describe the best practices. Alternatively, the architecture can be thought of as the set of practices that make up the life cycle that ITIL describes.

Building Relationships, One Conversation at a Time: Virtual Relationships Require Real Conversations
Can you build a trusting relationship when you've never had an actual conversation? (And no, IM, email, text, Twitter and blog "conversations" don't count!) While it may be possible, it's pretty unlikely. Most business conversations tend to focus on tasks and priorities, whether to review the progress of a current project, delegate actions or make decisions. To build relationships, a certain kind of conversation needs to take place that goes beyond the usual checklist review or status report. While this type of conversation requires more effort, it's almost impossible to collaborate successfully without it. This article offers guidelines to create opportunities for conversations expressly designed to build relationships.

Information Destruction Requirements and Techniques
Organizations need to keep information such as employee personnel records, financial statements, contracts and leases, and more. Given the vast amount of paper and digital media that amasses over time, effective information destruction policies and practices are now a necessary part of doing business and will likely save organizations time, effort, heartache, and legal costs as well as embarrassment and more. In today's litigious environment, there are a plethora of aggressive lawyers that would love to devour your organization for failure to take due care around document and media destruction. This article looks at the key areas to ensure that your organization does not fall prey to such lawyers when it comes to the physical destruction of documents and records.

What's Your Core IT Competency? Really?
Most everyone outsources some part of their technology operation for all sorts of good-and occasionally bad-reasons. There's a reason why the IT services industry is clipping along at well over $1B per day in the United States alone. More and more companies have discovered the benefits of outsourcing relative to the recruitment and maintenance of large internal IT staffs. In the early years, we all thought outsourcing was about saving money, but then we discovered the truth: outsourcing it not only about saving money, but it's about rerouting money from non-core to core activities.

Leveraging IT Control Frameworks for Compliance
A variety of laws and regulations have surfaced over the past decade in an attempt to strengthen the security of information stored within the companies to which the information assets are entrusted. As a result of these laws and regulations, various security control "standards" and "frameworks" have evolved and become popular means to meet the requirements of the laws. Because laws and regulations are intentionally developed at a higher, "what needs to happen" level vs. the "how to secure the information" level, the standards and control frameworks become valuable tools to ensure that security is planned, organized, implemented, tested, and monitored.

Attacking RFID Systems
Radio-frequency identification (RFID) is no different from any other technology, so the possible attacks on it should be studied in depth. The extent of an attack can vary considerably; some attacks focus on a particular part of the system, such as the tag, whereas others target the whole system. Although there are references to such attacks in a number of publications, a rigorous study has not been made of the subject until now. This chapter examines the main threats to RFID security.

Project Critical Success Factors
Quite a few things can go wrong with software development. A wide variety of management considerations, such as project scope, scheduling, risk, tracking, estimation, etc., can "make or break" a project. We usually call these considerations critical success factors. This chapter examines project critical success factors. Topics highlighted include managing people, dealing with politics, and managing for disaster.

Introduction to Cryptography
The U.S. economy fundamentally changed in the last twenty years, as manufacturing and heavy industry moved overseas, replaced by a new focus on knowledge and data. This transformation has underscored the importance of safeguarding information through encryption. This article focuses on state-of-the-art encryption techniques used pervasively to protect data, such as personal identity, medical records, financial transactions, and electronic mail, to name a few.

Wireless Sensor Networks: We Are Getting There
Wireless sensor networks (WSN) are machine-to-machine (M2M) mesh networks operating like the Internet in that they are self-organizing and self-healing, mimicking the way a message is passed through a crowd of people. This article describes and looks into the future of WSN applications.

Leading vs. Managing Remote Teams: Making the Crucial Distinction
As more organizations work virtually, managers of traditional work teams are tapped to lead geographically dispersed teams. When thrust into this unfamiliar territory, many managers flounder, especially those who rely on command-and-control tactics to get work done across locations, functions, cultures and time zones. This article presents a summary of just some of those skills that are especially important for those who lead geographically dispersed teams.

The New Intelligence: The Birth of the Knowledge Management Industry
The introduction of computers led to an unmanageable proliferation of data, which stimulated the birth of knowledge management (KM). To understand KM and all of its components; i.e., business intelligence, content management, etc., it is necessary to first discuss the precursors to KM.

Moving Beyond Pure Disaster Recovery: How to Pull Through with Business Continuity Plans
The worst term in any IT-related scenario is without a doubt, "downtime." The constant threat of impending security breaches continue to arise day after day with the potential to create mass destruction in the functioning of organizations. Therefore, it is imperative for organizations to not only have a disaster recovery plan in place for the aftermath, but to also implement a business continuity strategy to aid in the complete avoidance of these IT dangers all together.

Successful Project Risk Management
Risk management is something you either do or you dont. If you do do it, its worth doing it well. If you dont do it, well you have already experienced what that does to your blood pressure. This article focuses on how you can get off to a great start in identifying risk and features Simon Robertson's top tip for calmer project management.

The Sarbanes-Oxley Act and Its After Effects
The focused and effective management of exposure has been conspicuously absent among companies who have become embroiled in scandals and bankruptcies. This highlights the importance of the quality of corporate governance as a crucial consideration for all organizations, with management ethics, internal control, and the audit function being at the kernel of an evaluation. News items in the first years of this century highlighted the problems of poor accountability and of management malfeasance in large listed companies. However, the underlying issues are just as prevalent in smaller listed and unlisted firms. Moreover, because external auditors looked the other way in some of these scams, their role came under public scrutiny.

Creating IT Road Maps to Manage Complex IT Scenarios
With the complexity of multi-vendor hardware and software solutions, accelerated business and organizational change, and the growing number of heterogeneous technology alternatives, most companies today are facing significant challenges planning and managing their IT and making informed investment decisions. Many companies currently build a model of the current and desired future state architecture, but fail in providing support to realize the myriad intermediate states that one must transition to from here to get to there. The lack of this ability is the reason IT never seems to converge. This article discusses the importance of IT roadmaps and describe how you can implement an IT roadmap to manage your complex IT scenarios.

Enterprise Architecture: Not Just another Management Fad
Despite awareness of the concept and its importance, there's no standard definition of enterprise architecture (EA) and considerable ambiguity in the use of the term. EA should be about creating and using a shared "language" of words, graphics, and other depictions to discuss and document every important aspect of the enterprise. Without such a communication capability, optimal alignment, agility, speed, and simplicity aren't possible, nor can we hope to realize the potentialities of strategic planning, performance measurement, or process reengineering, or ensure success with security, privacy, governance, project management, innovation, and managing transformation and change.

Internet Telephony: The Evolution to a Service-Oriented Architecture
This excerpt discusses the continuing evolution of the Third-Generation Internet Multimedia Subsystem (3G IMS) Architecture and the Web Services Architecture or, in general, the Service-Oriented Architecture (SOA) as the boundary between telecommunications and computing services continues to blur. It provides a high-level architectural overview of both the telecommunications and Internet networks to provide a context for the requirements we derive for a telecommunications SOA.

Understanding Lean for IT
This excerpt discusses the key goals of a Lean system, the seven forms of waste and the three major tenets on which the development of a Lean system is based.

Symantec March 2010 State of Spam and Phishing Report
Hightlights this month's report include the Chilean Earthquake Spam with high levels of 419 and phishing scams, an automobile recall spam, online auction phishing, and spam messages with .cn URLs decrease, while .ru URLs increase. There is also a section highlighting unique international spam and phishing trends.

Assessing and Reducing Information Exposure
As someone responsible for security, you should ask yourself several questions to determine how much of your corporate information is at risk. While it may sound simple, many organizations dont take the time to examine information from all sides, including both an internal view and an external view. As information traverses networks, applications, endpoints and people, an information exposure assessment of actual data loss risk across networks, Web applications, storage and endpoints can help companies determine how exposed their information might be. Gleaning visibility into your organizations internal and external exposures provides a good view of digital and critical assets.

Cloud Security Challenges
Although virtualization and cloud computing can help your company accomplish more by breaking the physical bonds between an IT infrastructure and its users, heightened security threats must be overcome in order to benefit fully from this new computing paradigm. This is particularly true for the SaaS provider. Some security concerns are worth more discussion. For example, in the cloud, you lose control over assets in some respects, so your security model must be reassessed. Enterprise security is only as good as the least reliable partner, department, or vendor. Can you trust your data to your service provider? This excerpt discusses some issues you should consider before answering that question.

Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective Attacks on Worldwide Business
Symantec Corp. just released the findings of its global 2010 State of Enterprise Security study. The study found that 42 percent of organizations rate security their top issue. This isn't a surprise, considering that 75 percent of organizations experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of $2 million per year. Finally, organizations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010.

Mobile Enterprise Transition Goals
Mobile technologies contribute uniquely to the communications revolution by eliminating the need for physical land-based connectivity between people, processes, and entities. However, its success depends heavily on a meticulously planned and executed methodological framework. The Mobile Enterprise Transition (MET) framework provides detailed guidance based on the questions of "why, what, how, and who," thereby facilitating the strategic adoption of mobility by business. The MET framework focuses the goals of the organization on strategic and formal adoption of mobility and, at the same time, ameliorates the risks associated with the transition. This excerpt discusses the goals of Mobile Enterprise Transition and managing the expectations of the business.

Designing Backup for Recovery
The goal this article is to discuss how a backup system needs to be designed to facilitate recoveries. The purpose of a backup is to provide a mechanism to recover, and therefore it follows that the backup system must be designed to allow those recoveries to take place with as little effort or cost as possible.

The Top Trends Shaping Business Analytics
While the practice of collecting and extracting intelligence from business information is not new today's analytic requirements are evolving dramatically. Business managers need answers today or tomorrow, not next month or next year. They need to capture and make sense of massive volumes of data spanning both traditional sources, such as transactional systems, as well as an ever expanding array of data from online and mobile devices. And in an economy that's forcing everyone to do more with less, they need scalable, affordable and simple-to-use solutions. Here are the top trends shaping analytics in 2010 and beyond.

5 Ways to Increase Operational Efficiency with Alert Management
An alert management platform empowers companies to target actionable information from IT applications and systems automatically to the employee who can resolve the issue--escalating as necessary. Effective alert management provides the tools to access internal systems and address events from a mobile workbench as well as resolve issues from any web-enabled mobile device. Process acceleration and service improvements can help resolve incidents an average of 40 percent faster, saving up to millions of dollars annually. There are five ways that implementing alert management can immediately increase operational effectiveness across the enterprise--including process and efficiency improvements in incident, service, and change management--while significantly reducing costs.

Ten Steps to Sarbanes-Oxley Compliance
One problem with the implementation of SOX is that it tends to set a standard for compliance that may be inadequate. Meeting SOX standards--i.e., passing 404--does not imply that a firm or an IT department has the processes in place required to manage its business. Nor does it mean that an optimal level of control exists anymore than having a pulse signifies good health. SOX compliance is the minimum standard, not an optimum standard. Regardless of your firms current maturity level, you will need to demonstrate SOX compliance efficiently and honestly. This article describes the typical steps required to pass section 404.

Troubleshooting 10 Gbps Networks
With 10 Gbps network deployments finally taking off in 2009, the focus of network administrators is now turning to the challenge of managing 10 Gbps networks and in particular to troubleshooting these networks. Existing network management tools can provide an overview of the network, but these systems are only as good as the information provided to them. By employing proactive performance monitoring tools in the network, problems can be avoided and if a network error occurs, the cause of the error can be quickly detected by utilizing the information gathered by these tools. This article by Dan Joe Barry from Napatech looks at some of these tools outlining the benefits that they provide for network administrators.

The 'New Normal' and Its Effects on Supply Chain Management
Senior managers in many businesses are using the catchphrase "The New Normal" as if it were a prescient view of the way things will be from now on. For those managers this view is unfortunate because their perception of The New Normal suggests a sort of baleful future in which everyone will have to do with less. In the supply chain management space, the New Normal perception usually translates to "fear driven." And that usually manifests itself in one of two reactions.

Stretching the IT Budget: Look Beyond the Obvious
IT departments willing to look beyond the surface and the obvious can often eliminate apparent tradeoffs without having to choose one side or the other. When faced with a situation that appears to force a tradeoff, try to examine the problem from a different angle. Taking this fresh-thinking perspective can stretch the IT budget to achieve goals that you might otherwise forgo in an environment of severe financial constraints.

The Keys to Intergenerational Harmony
Most of what's been written about multiple generations working side by side has come from those of us who are considerably older and more experienced than our Gen X and Gen Y counterparts. In this article, Sheryl Lindsell-Roberts and Nancy Settle-Murphy sought the perspectives of some of their Gen X and Gen Y colleagues. After all, for all of the wisdom we older generations think we have to offer, the Gen X and Y folks of the world have a lot to teach us, too.