Link: http://erikhaahr.com

Link: http://www.ecademy.com/account.php?id=88529&xref=88529&p=blackstar

Feed: Erik Haahr's blog at Ecademy

• Why join Toastmasters | 25-02-2011

  Because Communication isn't Optional
  
  That's a slogan for Toastmasters International. And most people can agree with that. In fact most people believe communication is becoming increasingly more important.
  
  According to the book of lists, the fear of speaking in public is the #1 fear of all fears. The fear of dying is #7! Over 41% of people have some fear or anxiety dealing with speaking in front of groups. People who have this fear can experience all kinds of symptoms: Sweaty palms, accelerated heart rate, memory loss and even difficulty in breathing.
  

• Access Governance - a step towards better information security | 12-01-2011

  Could your documents have turned up on WikiLeaks? If you do not have complete control over user access rights, the answer is YES.
  
  With just 500 users, 100 systems and 100 folders there are potentially a quarter million user access rights to keep track of.
  

• Do you know which of these rights provide access to critical information?


• Do you know who authorized the individual rights?


• Will irrelevant rights be removed when an employee changes responsibilities?


• Will new employees get all relevant rights without undue delay?

Much of the WikiLeaks documents were published by a dissatisfied employee with access to unnecessary amounts of very critical information.

The most frequent source of information security breaches is employees (perhaps unconscious) misuse of information and rights and not external hackers or phishing.

To effectively manage all these rights, it is necessary to move towards role based access control.

• Access Governance - a step towards better information security | 12-01-2011

  Could your documents have turned up on WikiLeaks? If you do not have complete control over user access rights, the answer is YES.
  
  With just 500 users, 100 systems and 100 folders there are potentially a quarter million user access rights to keep track of.
  

• Do you know which of these rights provide access to critical information?


• Do you know who authorized the individual rights?


• Will irrelevant rights be removed when an employee changes responsibilities?


• Will new employees get all relevant rights without undue delay?

Much of the WikiLeaks documents were published by a dissatisfied employee with access to unnecessary amounts of very critical information.

The most frequent source of information security breaches is employees (perhaps unconscious) misuse of information and rights and not external hackers or phishing.

To effectively manage all these rights, it is necessary to move towards role based access control.

• I have a dream | 03-11-2010

  I have a dream of a society where people focus on relations and innovation - and leaves administration to systems.

  
  The human being is very good at imagining things, an ability completely absent in automated systems.

  
  Human beings, on the other hand, are in general not very good at keeping track of many details. Why not leave that to systems - that is in fact a strong side of automated systems.

  
  Until now focus has been on building systems to help people with their administrative tasks. The technology is there to take systems a great step forward to liberate people from their administrative tasks.

  
  There are many obstacles on the road to liberation. The systems of today are not designed to liberate people; they are still designed to assist the user. And frankly many people will be quite scared of the idea of being liberated from their administrative tasks.

• IT - not just a cost | 09-09-2010

  Many mistakenly consider the entire IT budget as a cost.
  
  This is by no means the case! A very large proportion of IT spending should be viewed as investments, even if it for taxation purposes is considered as expenses.
  
  The cost base could be subject to cuttings and optimization initiatives. Investments should be subject to prioritization based partly on value contribution and partly on risk assessment. These are two very different ways of looking at the spending and the underlying activities.
  
  Operations, support and error corrections are costs. One can discuss whether it applies to all kinds of errors. The correction of minor errors that do not have practical importance for the functionality is hardly a cost but can be an investment in usability and hence in employee or customer satisfaction.
  
  Preventive maintenance, development of new systems and new infrastructure, by contrast are investments. These kinds of tasks are also characterized by having project nature.
  

• IT Governance for Mergers & Acquisitions | 14-08-2010

  The first and probably most important prerequisite for a successful merger or acquisition is that you have a complete and well-defined future brand and value proposition for the resulting company. Next, you should perform a thorough due diligence process, not only looking at financial and contractual obligations, but also at the enterprise architecture focusing on business processes and the application portfolio, maybe with even more scrutiny.
  
  The strategic benefit of a merger or acquisition does seldom come from a bigger turnover, but from economies of scale within administration and other support processes as well as from synergies between technologies or product development.
  

• Digital natives entering the job market - What will happen? | 03-06-2010

  Digital natives, a term coined by Marc Prensky [thanks to Anna Kirah for the correction] for the generation that has grown up using all sorts of IT devices from a very young age (probably before the age of 2).
  
  The digital natives are now entering businesses. This will change a lot.
  
  Digital natives don't believe in authorities. They don't like to be constrained to corporate standards for IT devices. They want to choose devices that suit their personal way of working.
  
  Digital natives don't believe in working 9-to-5 they are the always-on generation mixing social life and work life. They don't like to be constrained as to which websites they are allowed to visit during work hours.
  

• Will CobiT help me with cloud-computing? | 12-05-2010

  Yes, certainly CobiT can help with cloud-computing.
  
  CobiT is an IT governance framework and particularly two processes "Define a Strategic IT Plan (PO1)" and "Manage Third-party Services (DS2)" will give guidance on what you should do before and after selecting a cloud solution, how you could measure and monitor the value you gain as well as your risk exposure and who should be responsible, accountable, consulted and informed during the effort.
  
  

  Would I really need CobiT to use cloud-computing?

  
  No, not necessarily - but CobiT do provide a maturity model which you could use to assess your current maturity with these processes. If your current non-CobiT-based processes are sufficiently mature you don't have to change them.
  
  If the maturity is not at an acceptable level you will together with CobiT find guidance on how to implement relevant CobiT processes as well as guidance on how to assure that they are implemented and used.
  

• All systems in the cloud | 09-02-2010

  Cloud computing is hot!

  
  

  A lot of companies are now investigating how to place software in the cloud i.e. outsource it.

  
  

  Before I tell you what I think of this let me just describe the reason for having software in the first place.

  
  

  The reason for having software

  
  

  There are three reasons for having software:
  

  To automate a business process

  
  

  To collect data during a business process

  
  

  To provide information as decision support during a business process

  
  

  
  

  In todays business climate you have to be unique - i.e. have at least one unique product or business process. And you need to maintain that uniqueness either by keeping ahead of competition in your unique field or by making it difficult or unattractive to imitate your product or process.

  
  

  Things to put in the cloud

• Business People vs. IT decisions | 14-12-2005

  In my opinion!

  
  Business people must take responsibility for the requirements related to the business processes they want supported by an IT solution, the information flowing into/out from the solution, and the information to be stored by the solution.
  
  BUT
  
  They should leave the desicions related to technical issues as well as vendor selection to the IT people with the background and knowledge to make informed decisions on those issues.
  
  Unfortunately - Today many business people have learned the name of a vendor or product by heart, and writes requirements specifications that can only point to that premade decision. This leaves out important objections like other solutions might better fulfil their needs, other solutions might be cheaper to acquire, other solutions might be easier to deploy and maintain, etc.
  
  Do you agree?
  Do you have a solution?
  
  Please talk back.