Sunday, December 27, 2009

Moving to the Cloud

There seems little doubt that the nexus of computing is moving to the cloud. Over the past few years, this has been the most prominent trend in the world of information systems. There is absolutely no reason why this should not be a dominant trend in the next decade.

Cloud computing offers up high end computing power with minimal investment. It takes some, perhaps a lot of the cost of an information system off the balance sheet. It offers up computing power far in excess of that which any companies can afford. This will be critical in the new era of data management, when more and more data will be freely available for analysis in advanced form and using advanced tools.

In short, the economics of cloud computing will drive systems in that direction. For more on this point, please refer to this article.

Monday, December 21, 2009

The 10 Greatest Risks Facing Business

Ernst & Young released a publication earlier in the year outlining the 10 greatest risks businesses would face in 2009.

The top 10 risks identified (2008 rankings in parentheses) were:
  1. The credit crunch (2)
  2. Regulation and compliance (1)
  3. Deepening recession (New)
  4. Radical greening (9)
  5. Non-traditional entrants (16)
  6. Cost cutting (8)
  7. Managing talent (11)
  8. Executing alliance and transactions (7)
  9. Business model redundancy (New)
  10. Reputation risks (22)
Now that we are at the end of the year, it is interesting to look back and see how close they were. Was the deepening recession one of the major risks? Was the credit crunch number one? How serious is radical greening?

One thing is clear. Regardless of the specific ranking, all of the items on the list were indeed major sisks during the year AND are relevant to 2010 as well, albeit not necessarily in the same order.

The actual report is a good read and is available for free download from the E&Y site.

Wednesday, December 16, 2009

The Relationship Between IT and Business

Deloitte has recently released its 2009 survey related to the balance between IT and Business. There are several findings, but one of the most interesting is the opportunity that the recession has presented for IT to makes its presence felt in the boardroom. Some IT departments are taking advantage of this opportunity. See the report at this site.

Monday, December 14, 2009

Mobile Security

Mobile devices have become such an integral part of many systems that they must be taken into account in planning a security and control strategy for the company. But the security infrastructure for mobile devices is often elementary and untried, creating a serious issue for IT managers. CIO Magazine has a thorough article on this issue, worth checking out.

Friday, December 11, 2009

Ethics and Information Systems Development

Volume 10, Issue 11 of the Journal of the Association for Information Systems is a special issue on Ethics. The following article is of particular interest to the IS auditor:

Ethical Information Systems Development: A Baumanian Postmodernist Perspective
Sutirtha Chatterjee, Suprateek Sarker, and Mark Fuller

The abstract reads as follows:

"The paper offers a critique of traditional methodical approaches to Information Systems Development (ISD), arguing that a number of assumptions (for example, universality and rationality) underlying these approaches lead to incomplete ontological and epistemological considerations, and thereby contribute to IS failures in many cases. The paper proposes that ethical analysis undertaken in conjunction with traditional ISD approaches may be a way to address some of the limitations experienced during traditional ISD. Drawing upon ideas from postmodern ethics formulated by Zygmunt Bauman, the paper argues that increased focus on the moral responsibility of key ISD players (such as the team of analysts) may improve the ISD process. Finally, this paper suggests how, consistent with the postmodern stance, such moral responsibility can be implemented in the context of ISD. The paper concludes with the contributions and future implications of this research."

The paper can be downloaded here.

Wednesday, December 9, 2009

Security Can't be Discounted
Published November-17-09 by Deloitte

Deloitte has published the first in a planned series of global studies on security. This first publication, came out of a study of security practices followed by Consumer business organizations around the world. The inaugural study reveals that:
  • "Information security is still considered primarily a technology infrastructure issue – 51 percent of respondents identify their top security initiative for 2009 as security infrastructure improvement.
  • Respondents acknowledge that their people (including third parties) are the weakest link yet there is little focus on security awareness or training. Managing insider threats received a low 10 percent ranking when respondents were asked about their organization’s top security initiatives for 2009.
  • Business continuity and disaster recovery, neglected in the past, are now moving to the forefront. Disaster recovery is the second most mentioned security initiative for 2009.
  • Consumer business organizations have a “last one to adopt” approach when it comes to security technology. When asked which category best describes their organization’s adoption of security technology, 52 percent of respondents state that they are “late majority”, meaning that they are content to use technology that is “proven”.
  • Security budgets took a hit. In 2009, “lack of sufficient budget” is the barrier most mentioned by 54 percent of respondents, and 26 percent of respondents had their security budgets reduced."
Not surprisingly,the study found a high degree of pressure to reduce costs in these recessionary times. A large number of security budgets have been reduced. The companies seemed to ignore the dictum that recessionary times are actually when security must be made stronger and smarter because of a higher number of disgruntled employees.

The study can be downloaded from the Deloitte site.

Thursday, December 3, 2009

Implementing and Continually Improving IT Governance

Implementing and Continually Improving IT Governance enhances, expands and improves on the content of the prior ISACA IT Governance Implementation Guide Using COBIT® and Val IT™, 2nd Edition publication. It incorporates valuable references to cutting edge research from the recent ISACA publications The Val IT™ Framework 2.0 and The Risk IT Framework, as well as from the recently issued ISO/IEC 38500 standard on IT governance.
This guide provides an approach for implementing IT governance in such a way that the implementation team can get started in an effective and efficient manner. The objective is to provide a good practice approach for implementing and maintaining effective IT governance based on a continual improvement life cycle that should be tailored to suit the enterprise’s specific needs. Subjects covered in the guide include: More at the ISACA site.

Tuesday, December 1, 2009

Social Networks and Scamming

Social networks have been cause for concern from a security and privacy viewpoint since their beginnings. Now those concerns are being reignited and heightened because of the emergence of tools that were designed for finding information on various networks, but in fact are useful to scammers for finding the users of the various sites. They can use this information to focus their phishing expeditions for the"most effective" results. Its an unintended consequence. An article in Computerworld describes this issue in more detail and also discusses some of the tools that are out there for free download.