The Community for Technology Leaders


Pages: pp. 46-52

IT Management

Real-Time Business



Becoming a Real-Time Enterprise, Tabrizi, Behnam. Real-time enterprise (RTE) refers to the seamless fusion of IT and business operations to foster event-driven marketing, process automation, just-intime provisioning, and readily available business intelligence.

By ensuring that the right information flows to the right people at the right time, RTE allows companies superior efficiency and quicker response time to both problems and opportunities. Drawing on five years of research at more than 30 leading companies, this book brings RTE down to earth for business readers and provides a blueprint for achieving real-time status.

The author is a consulting professor at Stanford University's Department of Management Science and Engineering and has served as a senior consultant to Hewlett-Packard, IBM, Motorola, Nokia, Oracle, GAP, Intel, Cisco.

Wiley; ISBN 0470095210; 512 pp.; $47.25.




The Search: How Google and its Rivals Rewrote the Rules of Business and Transformed Our Culture, John Battelle. In this corporate history, a business journalist reveals the secrets behind the phenomenally successful company Google, whose search engines are the gold standard for Internet users, and whose billionaire-generating stock has made Wall Street almost forget the now-old dotcom crash.

Through interviews with, among others, co-founders Sergey Brin and Larry Page, the author describes the entrepreneurial vision, technical magic, and marketing strategies that drove the phenomenon to the top, placing his story within the larger context of the competitively hot mix of smart and aggressive people working toward the same goal, all rivals and sometimes partners. The author also explains how search engines work. Google has changed the way people look things up and it has certainly changed business.

Penguin USA; ISBN 1591840880; 311 pp.; $14.71.


The itmWEB Site, founded in 1996, is an independent collection of tools, news, features, and resources built for information technology professionals.

These range from systems development and programming content, to methodology and project management papers, to news sources and technology links. The site is also home to the monthly eZine known as the itmWEB Information Technology Report.

Along the left-hand side of the main page are a collection of hyperlinks under the "Tools" section. These links include AITP Resources, Astronomy, Benchmarks, CASE Tools, Chat Room, Conferences, Contracts, Downloads, eCommerce, Features, Forums, Guru List, Job Listings, IT Links, Japan IT, KnowledgeBase, ListServs, News Blog, News Groups, Newsletter, OO Resources, Policies, Research, Security, Toolboxes, Top Picks, and White Papers.

The CASE Tools link contains a selection of CASE Tool sites, file downloads, demo software, and indexes. The Benchmarks section, titled "CIO Resources: IT Metrics and Benchmarks," contains metrics and benchmarks that have been collected and summarized from sources that the Web site considers to be reliable. They are being posted as a general reference for MIS executives and are periodically revised as additional data becomes available.

Cutter Consortium Summit 2007

29 April – 2 May 2007

Cambridge, Mass.

The summit's format encourages personal interaction and debate and provides an atmosphere that facilitates knowledge sharing and learning. The informal setting of this intimate gathering provides both attendees and speakers an opportunity to discuss the challenges they face, from technical concerns and strategies they're considering, to trends they're seeing in their own organization, to techniques to overcome political roadblocks in their enterprise

The Summit is packed with opportunities for one-to-one interaction with speakers (most of whom stay for all three days) and colleagues from around the world, as well as time to deliberate on the issues as a group. The conference sessions are designed to maximize participation and interaction. Each day's 1 ? hour lunch buffet provides plenty of time to table hop, or to fill a plate and participate in a hands-on lunch session.

International Conference on Information Technology and Management

3–5 January 2007

Hong Kong

The First International Conference of Information Technology and Management (ICITM2007), sponsored by the Institute for Systems Management of the Hong Kong Polytechnic University, features research on the concepts and development of information systems, industrial applications, business management, and e-business education.

Part of the Institute of Systems Management's mission is to facilitate information technology application in industrial enterprises.

The conference will explore information systems concepts and development: IS architectures and platforms, IS tools and standards, information system management, decision support systems, artificial intelligence, data mining, and data warehousing. Sessions and tracks will discuss business management, e-business strategies, business process engineering, organization culture and change management, IS adoption and strategies, enterprise resource planning, customer relationship management, supply chain management, business intelligence, and knowledge management. icitm2006/

Big-Picture Guide



The Executive's Guide to Information Technology, John Baschab and Jon Piot. This book, set for publication in March 2007, is a roadmap for IT professionals and consultants on running an IT department. Readers will find advice on managing the department, leadership roles, IT effectiveness, human resource issues, sourcing, costs and budgeting, vendors, technical direction, and more. An accompanying CD-ROM includes customizable tools, techniques, checklists, and spreadsheets.

The book focuses on practical advice, giving managers guidance for IT management function—from application management to vendor management.

The authors provide techniques for IT managers and executives to assess their current operations, offering a step-by-step improvement plan designed to raise productivity and service levels while reducing costs. The authors begin by examining the symptoms and causes of waste, inefficiency, and underperformance in typical IT departments before analyzing operational areas of IT management.

The book is organized into stand-alone chapters that provide quick access to information. Also, spreadsheets, documents, and checklists that help aid planning and decision-making are accessible on the included CD-ROM.

The Executive's Guide covers topics such as managing departments, establishing leadership roles, assessing the organization, cost management, project-demand management, technical standards setting, investment evaluation, and productivity and quality measurement programs.

This book helps IT managers identify waste sources in their departments, identify major management issues, learn and implement steps for improvement, and manage more effectively. The book can help managers improve their performance and stature within their organizations by providing tips and tools to overcome typical areas of friction and miscommunication between IT departments and other business functions.

Wiley; ISBN 0470095210; 512 pp.; $47.25.


Since 1968, the Society for Information Management—a community of thought leaders who explore future IT direction—has provided resources and information for IT leaders. Many senior-level IT professionals provide daily strategic and tactical direction for the various issues plaguing IT departments, and this site provides a repository of related information for site members.

SIM organizes meetings and networking opportunities where IT professionals can share experiences and intellectual capital. SIMposium, Advance Practices Council meetings, Regional Leadership Forums, chapter meetings, and CIO roundtables bring members face-to-face with other industry executives.

Online tools included on the members-only site include on-demand webinars and archived webcasts, an online library featuring nearly 50 whitepapers, working group deliverables, and past conference presentations.

Publications include SIM News, a compilation of association news, as well as articles of interest, interviews, and industry insights. Also featured is MIS Quarterly Executive (MISQE), a quarterly online publication dedicated to publishing high quality articles, case studies, and research reports.

Educause Management Program 2007

4–8 February 2007

Tempe, Ariz.

The Management Program focuses on developing participants' organizational management skills, particularly those related to managing interactions on campus and working collaboratively. It provides a skill foundation, and benefits those who manage functions within central campus information resources organizations, who are relatively new to management, who aspire to an increasing leadership role, and who may be relatively new to higher education.

Some researchers believe that although IQ has been a good predictor of academic success, many exceptionally bright people remain remarkably ineffective and unproductive in their professional lives. The "Balanced Leadership—The Role of Emotional Intelligence" session introduces the concept and key components of emotional intelligence (EI), provides an assessment of individual EI competencies, and illustrates EI's impact on successful leadership.

Every organization has a unique culture. In an effective organization, a positive culture can be a source of inspiration, dedication, and energy, creating a cooperative environment where workers build upon each others' success. The session, "Developing a Positive Organizational Culture Using Appreciative Inquiry," looks at ways to improve an existing culture, and examines tools and leadership behaviors that help promote productivity.

ID Management 2007

7–8 March 2007

Sydney, Australia

The ID Management Summit 2007 aims at bringing together ID management solutions and technology users and suppliers to discuss business and government initiatives, trends and developments, large-scale deployments, partnerships and alliances, standards development, new applications, new business opportunities, and future direction. The Summit is organized in partnership with the Identity Management Network and is endorsed by the Information Systems Security Association. The conference chair is Guy Lupo, who manages the Identity Management Network and represents ISSA in Australia.

Senior speakers will discuss advances in ID solutions for government, banking, transport, education, defense, retail, and health. There is a special focus on ID fraud/theft prevention, federated identity management, trusted computing and rights management, secure payments, identity privacy and policy, identification and authentication, biometrics, and more.

Attendees will include CIOs, CSOs, CTOs, senior ID specialists, and IT project managers from some of Australia's largest organizations. The audience will be encouraged to ask questions and join the panel session debates.

Survival as a CIO



CIO Survival Guide: The Roles and Responsibilities of the Chief Information Officer, Karl Schubert. This book fashions itself as a leadership manual for the CIO role. CIOs will find support, guidance, and practice for acquiring and enhancing technical skills and leadership abilities.

Compiling the success stories of IT professionals at all levels—especially senior IT operations and product development executives and managers—the author integrates experiences, observations, discussions, and research to identify obstacles. The book also offers concrete advice on overcoming common job challenges, the changing role of the CIO, and IT function planning.

Written to help current and aspiring CIOs bolster their skills, and to help managers determine what they should expect from their CIOs, the author examines topics such as

  • what CEOs really want from their CIOs,
  • how to develop positive working relationships with other key executives,
  • 10 questions the CIO must ask the CEO,
  • how to create the IT internal partnership network,
  • evolving CIO expectations,
  • 10 questions the CIO should ask outsourced service providers,
  • the language of the industry,
  • enterprise-wide strategic planning,
  • CIO risk profile assessment, and
  • decisions a CIO should never make alone.

Wiley; ISBN 0471457930; 304 pp.; $44.20.

International Conference on Management of Technology 2007

13–17 May 2007

Miami Beach, Fla.

IAMOT 2007 provides an international technical forum where experts from industry and academia will exchange ideas and present research results in the tracks listed below.

Conference tracks will cover topics such as knowledge management, green technologies, social impact of technology development, MOT education and research, corporate universities, national and regional systems of innovation, small-and medium-sized enterprises, emerging technologies, technology transfer, marketing and commercialization, technology foresight and forecasting, information and communication, and technology management.

Organizers also expect to hold discussions on the integration of technology and business strategies, R&D management, project and program management, industrial and manufacturing system technologies and supply chain management, new organizational forms, management of technology in developing countries, technological alliances, mergers and acquisitions, theory of technology, technology incubation, management of technology for the service economy, and innovation and technological development and productivity. conference/index.php?cf=11

IT Management

Part of Earthweb's network (under the Jupiter-Networks group umbrella), this site provides information directed at IT managers.

Subjects along the left column of the main page include links to separate sub-directories, covering topics such as career/staffing, corporate technology news, DRM, enterprise applications, enterprise resource planning, mobile/wireless, network and systems management, open source, network security, and data storage. Each of these links hooks to sections that organize news links for major news stories, articles, and guides, as well as a section that offers top subject headlines and major subject-specific headlines.

The main page also includes an IT management blog, and another sidebar grouping of links to different features including columns, executive tech, definitions, forums, products, IT Management trends, and IT management editorial staff.


Securing the Enterprise



Enterprise Security: IT Security Solutions: Concepts, Practical Experiences, Technologies, Walter Fumy and Jörg Sauerbrey. Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book covers security issues affecting corporations and organizations, and presents concepts and trends for securing an enterprise.

Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart-card based solutions and biometrics), and security certification. The authors review technologies and standards including cryptographic techniques, intelligent tokens, public key infrastructures, and IAM technologies. The book also discusses experiences in various sectors including the automotive industry, financial services, e-health, and e-government.

Enterprise Security begins with an editors' introduction laying out what they view as three areas driving enterprise security: new business opportunities, security threats, and regulatory compliance. The editors argue for industry change in the areas of information security requirements, legal liability for poor security practices, creating a security-aware culture, and security against insider threats.

From there, the book delves into concepts and trends, practical experiences, and technologies and standards. The Practical Experience section explores four case studies.

Sams; ISBN 0672329123; 448 pp.; $26.39.

Cohesive Security Game Plan



A Practical Guide to Managing Information Security, Steve Pursor. This book helps readers with information security management, concentrating on recognizing and resolving issues concerning the development and implementation of enterprise IT security.

The author focuses on the need to align the information security process as a whole with the requirements of the modern enterprise. This involves helping business managers manage information security-related risk. The book emphasizes using risk management as a decision-making tool.

Readers will learn how to understand the difference between more theoretical treatments of information security and operational reality, measure and manage information security risk, define and execute an information security strategy design and implement a security architecture, and ensure that limited resources are used optimally.

Artech House; ISBN 1580537022; 280 pp.; $70.55.

IT Security

IT Security is a news and information publication covering the IT security marketplace. It was recently acquired by Tippit Inc. and has been re-launched as an IT security information source.

The site's original content covers viruses, vulnerabilities, news, events, and background information on the market. It leverages strong relationships with members of the IT Security community and is rapidly building a unique, high-quality community of users and vendors.

The front page offers articles, resources, and white papers, and the Resource Centers section on the main page's left side offers links to intrusion detection systems, security audit, and email security pages. A Stay Current section on the main page offers links to news, features, blogs, press releases, virus warnings, and vulnerabilities. The site also contains a dictionary, FAQs, and a vendor directory.

Center for Education and Research in Information Assurance and Security

The Center for Education and Research in Information Assurance and Security focuses on protecting computing and communication infrastructure. From purely technical issues (such as intrusion detection and network security) to ethical, legal, educational, communication, linguistic, and economic issues, CERIAS takes a multidisciplinary approach to security problems in an effort to understand the subtle interactions and dependencies among them.

CERIAS's research is conducted by faculty in more than twenty departments from six different colleges. Studies include risk management, policies, and laws; trusted social and human interactions; security awareness, education, and training; assurable software and architectures; enclave and network security; incident detection, response, and investigation; identification, authentication, and privacy; and cryptology and rights management.

Security Professionals Conference

10–12 April 2007

Denver, Colo.

Security Professionals Conference 2007 topics focus on information security and privacy issues for institutions of higher education, with presentations addressing the different unique environments of small colleges, two-year and community colleges, institutions with medical schools or health sciences programs, and other professional schools.

Speakers will explore the technology, management, operations, policy, and legal aspects of information security and privacy, with content arranged from introductory to more advanced, and from operational to more strategic. Program sessions will last 60 minutes, including Q&A, with a limited number of 90-minute sessions offered to accommodate panel presentations.

Forensics and Incident Handling tracks will examine computer forensics, conducting investigations, current exploits, developing and maintaining incident-response capability, how to tell if you've been hacked, incident-handling tools and techniques, interinstitutional information sharing, maintaining a chain of evidence, malware trends, outsourcing investigations, and other effective practices and solutions.

The conference also offers police, law, and compliance tracks that will explore

  • building a policy framework;
  • CALEA: how will it apply to colleges and universities;
  • ensuring appropriate security requirements for strategic partners and vendors;
  • establishing information security program governance;
  • incident handling: response protocols and notification of affected individuals;
  • implementing HIPAA security and privacy standards;
  • information security program metrics and accountability;
  • legal considerations associated with spyware and adware;
  • model policies or guidelines to empower CIOs and CIOs;
  • negligent security and emerging standards of liability;
  • overcoming resistance and getting buy-in for security policies;
  • the role of acceptable use policy and other security policies;
  • the payment card industry data security standard (PCIDSS) in higher education;
  • the privacy-security relationship;
  • working with law enforcement;
  • writing, implementing, and enforcing security policies; and
  • laws and regulations that govern security and privacy.

Got Sarbanes-Oxley Compliance



Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools, Christian Lahti, Roderick Peterson, and Steve Lanza. Many workers for publicly traded or pre-IPO companies, as well as IT consultants, are familiar with the task of complying with the Sarbanes-Oxley Act. This book provides information and open source tools to achieve IT SOX compliance, and also helps readers learn the penalties associated with noncompliance resulting from both intentional and unintentional inaccurate certification filing.

The Live CD shows how to streamline IT SOX compliance, and the bootable Linux CD features tools to automate and manage workflow, disseminate information, track projects, and manage groups. Readers can learn to write, implement, and enforce an IT compliance policy that will be supported by both users and management.

The book also discusses how to deploy COBIT standards and best-known methods (BKMs), and how to master COBIT's six components: executive summary, framework, control objective, control practices, management guidelines, and audit guidelines.

Other topics include

  • cost-reduction and security-improvement applications throughout the enterprise,
  • developing strategic IT plans that support business objectives,
  • skills and tools to implement, test, certify, and maintain both existing and newly developed systems,
  • ensuring that new systems perform as expected upon implementation,
  • continual performance in accordance with established expectations, and
  • how to use service level agreements (SLAs) or established baselines to quantify performance against expectations and troubleshoot problems.

Syngress Publishing; ISBN 1597490369; 356 pp.; $32. 79.

Web Applications

Overall Security Approach



Information Security: A Strategic Approach, Vincent LeVeque. This book is a reflection of the author's information security consultant experience working for private and public sector clients.

Readers can discover how to improve their organization's management practices to develop and implement an information security plan.

The book starts with an overview of strategic planning, information technology strategy, and information security strategy concepts. A guide to defining an information security strategy covers the "nuts and bolts" of defining long-term information security goals that effectively protect information resources. Separate chapters covering technology strategy and management strategy show that both help protect information.

Following the practical introduction to strategy development, subsequent chapters cover the theoretical foundation of an information security strategy, including examination of enterprise planning models that correspond to different information uses and different information-securing strategies; review of information economics, a link between information security strategy and business strategy; and how risk influences building an information security strategy

Two case studies help readers understand how the development and implementation of information security strategies can work within their own organizations.

This book targets information security managers, information technology executives, and consultants. The book is also recommended for nontechnical executives who need to protect the value and security of their organization's information.

Wiley/IEEE CS Press; ISBN 0471736120; 272 pp.; $57.66.

Network Resource Security



AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility, Madjid Nakhjiri and Mahsa Nakhjiri. AAA (authentication, authorization, accounting) describes a framework for controlling access to network resources, enforcing policies, and providing the information necessary to bill for services.

This book serves as a guide to the AAA concepts and framework, and introduces AAA's protocols Diameter and Radius. Diameter is an AAA protocol designed to meet reliability, security, and robustness requirements. The text also explores and explains RADIUS (remote authentication dial-in user services) and its latest extensions: EAP (extensible authentication protocol)—including a protocol overview—and EAP-XXX authentication methods; IP mobility protocols, including IP level mobility management, security, and optimizations; and IETF seamless mobility protocols.

The authors provide an overview of secure mobile network access standards while providing basic design concepts and motivations. Additionally, the book covers trust, authentication, and security key management for fixed and mobile users, and discusses various approaches to trust establishment and public key infrastructures. Readers will find practical tips on certificates management, and there is a chapter on mobile IP and AAA interaction that illustrates Diameter-Mobile IP applications, and the CDMA2000 process.

Academic and industry researchers, network security engineers, managers, developers and planners, and graduate students will benefit from AAA and Network Security's accessible explanation of secure mobile access standards.

Wiley; ISBN 0470011947; 318 pp.; $102.

RSA Conference 2007, Cryptographers' Track

5–7 February 2007

San Francisco

The RSA Conference is a computer security event, and the Cryptographers' Track (CT-RSA) is a research conference within the RSA Conference.

Original research papers will cover different aspects of cryptography. Coverage will include applications, techniques, theory, and practical experience on topics including public-key encryption, symmetric-key encryption, digital signatures, hash functions, cryptographic protocols, tamper-resistance, fast implementations, elliptic-curve cryptography, quantum cryptography, formal security models, network security, and e-commerce.

Conference tracks and sessions will also explore directed transitive signature scheme, practical and tightly secure signature scheme without hash function, cryptanalysis of reduced variants of the FORK-256 hash function, second preimages for SMASH, identity-based multi-signatures from RSA, and improved efficiency for private stable matching. rsalabs/node.asp?id=3076

60 ms
(Ver 3.x)