IT from Cost Center to Revenue Generator

January 11, 2011 · Posted in Information Systems · Comment 

I have been schooled in the paradigm that IT is more of a necessary cost-center for the organization. The generally-accepted idea in essence is that we bought a computer for the same reason we bought the computer desk and chair. They are a necessity to do business, but they are an expense and do not directly affect the outcome of my revenue. This is still the common view today. That is why there is the so-called computer upgrade lifecycle and IT expenditures are one of the first take a hit when the organization faces tough times.

There is an alternative view to this generally-accepted idea. The alternative is not an easy sell and it does not have a manual or boiler-plate procedures, however if done right via a well-defined strategic vision and proper execution can transform the IT department from a necessary cost-center, into a valuable resource for revenue generation. Read more

Tags: <, , , , , , >

IT / InfoSec Management through the A.R.M. Framework (no arm twisting necessary)

January 10, 2011 · Posted in Information Security, Information Systems, Information Technology · Comment 

I will post a more detailed entry on this framework at a later date. A.R.M. stands for Assess-Resolve-Manage. It was a little simplified concept that I put together back in 2004 as part of my MBA thesis on Information Security for Small Businesses. The framework is actually adaptive enough that it can be implemented for effective IT management or any other form of management for that matter. Read more

Tags: <, , , , , , , , >

Simple Principles for Effective IT Management

December 28, 2010 · Posted in Information Systems, Information Technology, Project Management · Comment 

50-30-20 Principle

  • IT is about 50% people, 30% process and 20% product (technology)
  • Success of any IT department depends upon the people within the department and the people it supports. There has to be buy-in to IT initiatives and that the department offers value to its customer base
  • Processes (Procedures, Guidelines, Standards and Policies) should be aligned with overall business objectives to ensure that IT is not simply a cost center for the organization but also a value-add and integral part of overall revenue stream of the company. A key factor to ensure that there is alignment between IT and Business and that these processes support the objectives is buy-in from all the stakeholders within the organization Read more

Tags: <, , , , >

Should have been posted yesterday | Let’s Read the Geek Mail

November 20, 2009 · Posted in Geek Mail · Comment 

I’ve been playing some catch-up all morning. Yesterday had a hectic day working on a couple of client requirements. Spent most of the morning today trying to figure out how to install a CAPTCHA feature in one of my sites. If I don’t get sidetracked or I don’t forget, I’ll talk about this very important feature especially if you have a site that allows for registration and other stuff.

Yesterday, I wanted to introduce another section of the site that I plan to do every Thursday, I call it “Geek Mail”. I subscribe to a whole bunch of mailing lists that has something to do with Technology, Security and a whole bunch of other stuff that is essentially the overall theme of this blog. Sometimes I get to read some of them, but most of the time they languish in my mailbox as “clutter”.

So I figured, I post some of them here (at least the intro and the link to the actual article, don’t wanna get dinged on some weird copyright infringement thingamajig)… I see this as having three benefits: (1) it’ll force me to read more, since I’ll try not to post anything that don’t make any sense to me;  (2) hopefully some of you will get some valuable nuggets out of these articles; (3) If the links don’t get outdated, it’ll help create my own personal knowledgebase just in case I am researching something, which you can use as well.

A quick disclaimer: Some of the links will require you to subscribe to their newsletter or whatever else they are offering. Please read and use your common sense. I have nothing to do with these people, I am much of a browser of their sites as you are and I am not getting paid on any of this stuff (If ever I am paid for anything I write – you will know). It is for your information and if you find value on the info, it is your job and your responsibility to take the necessary steps to get and properly use the info.

So without further ado, Let’s Read Geek Mail: Read more

Tags: <, , , , , , , >

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    February 2012
    M T W T F S S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    272829  

  • RSS From the National Vulnerability Database

    • CVE-2012-1034 (episerver_cms) February 7, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2011-5076 (hdwiki) February 6, 2012
      SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. […]
      nvd@nist.gov
    • CVE-2012-1021 (4images) February 6, 2012
      Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. […]
      nvd@nist.gov
    • CVE-2012-1031 (episerver_cms) February 6, 2012
      Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. […]
      nvd@nist.gov
    • CVE-2012-1008 (officesip_server) February 6, 2012
      OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. […]
      nvd@nist.gov
    • CVE-2012-0992 (openemr) February 6, 2012
      interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. […]
      nvd@nist.gov
    • CVE-2012-1004 (foswiki) February 6, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephon […]
      nvd@nist.gov
    • CVE-2012-1019 (xwiki_enterprise) February 6, 2012
      Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/D […]
      nvd@nist.gov
    • CVE-2012-1002 (openconf) February 6, 2012
      Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown impact and attack vectors. […]
      nvd@nist.gov
    • CVE-2012-1029 (tube_ace) February 6, 2012
      SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes