Conclusion: In 20-30 years time Generation Y will be running not only IT departments (in whatever form that takes) but they will also be running other business units, and in fact entire organisations. How we engage with them, train them, empower them, and become mentors to them; will sculpt their ability to make decisions. It is vital that the hard-earned knowledge of the last 50 years of IT is not lost from lack of mentoring and succession planning by the retiring Baby Boomers. This research note looks past the immediate skills shortage and into the area of lost industry knowledge.
Conclusion: Data leakage prevention (DLP) it is an information management tool, not a threat mitigation tool like anti-virus or intrusion prevention. The DLP market is still very immature, and the products are not integrated with other related technologies, such as: enterprise content management (ECM), enterprise rights management (ERM), and identity management systems. When the vendors who specialise in information management have integrated DLP into their existing suites, then the story will be compelling. We’re not there yet.
Conclusion: Privacy is now a public issue. Consequently, many of the recommendations for the Australian Privacy Act will likely be accepted because they reflect good practice, and are in harmony with international data privacy trends. However, these amendments to the Privacy Act will introduce added complexity and expense to the management of personal data.
The danger right now is that organisations may try to dodge the cost of compliance by doing as little preparation as possible. Widespread, legally mandated, disclosures of data breaches would wreak havoc with consumer confidence in online transactions. Australian organisations, both large and small, cannot afford that loss of faith.
Conclusion: The combination of new requirements for quality control in software development and the looming skills crisis in Asia will drive multiple initiatives in the software industry. These initiatives include: vendor consolidation (particularly in platforms); a fundamental shift in the role of internal IT organisations; and an explosion of innovative and pragmatic mini-applications that are developed and owned by the business unit rather than traditional IT departments. Because these mini-apps are driven and owned by the business unit, they are more aligned to business needs than the current wave of mismatched ‘collaborative Web 2.0’ applications.
Conclusions: Microsoft’s new BitLocker feature, available in select versions of Vista, offers easy access to ‘whole disk’ encryption, which benefits several areas including; identity management, data security, and asset management.
While BitLocker is a workable and well-integrated security feature, it is not a complete solution to data protection requirements. Whole disk encryption products have limitations and must be viewed as a part of a wider security initiative.
BitLocker’s benefits and limitations must be evaluated and factored into Vista migration plans, especially for organisations looking towards virtualisation and mobility.
Conclusion: Dedicated IT security people are too expensive for SMB organisations. The market trend is towards outsourcing security tasks, and the SMB market must embrace this. Large organisations (500+ people) should make internal security people the managers of internal security programs, and managers of the relationship with managed security service providers (MSSPs) and outsourcers. Security is an operational responsibility which should be shared by everybody in an organisation.
Conclusion: Effective and responsible management of IT security should concern executives at the highest levels of management. Leading practice suggests, but does not mandate, separation of the IT security function from the IT management function. One of the ways that this can be achieved is with the appointment of a Chief Information Security Officer (CISO) with total accountability for all IT security matters within the organisation. A pro forma Position Description for the CISO role is provided herein.
Conclusion: Last month I wrote advising IT practitioners to learn the language of risk management, particularly in the context of ANZ/NZS 4360:2004. The article also contained advice to ensure that IT has a place at the decision-making table when considering the implementation of corporate risk management software.
An assumption was made in the article that in your organisation some corporate risk management initiatives were already under consideration. However, suppose this is not the case. How can the IT practitioner pitch a case for an Enterprise Risk Management (ERM) project as a strategic system? This article provides a guide for doing so, allowing the IT practitioner to assert leadership in a burgeoning area of corporate practice.