Click on a book cover for more information or to order.
SAVE 20% AND GET FREE SHIPPING when you order these or any book online! Simply enter this code--813DA--when you checkout.
IT Performance Improvement: What's in the May Issue
In latest edition of IT Performance Improvement: "Finding Power In?uencers" by Amy Baugh. "Reducing Security Risks in Information Technology Contracts: Best Practices and Guiding Principles" by Michael R. Overly and Matthew A. Karlyn. "Envisioning Intelligent Cities" by Pethuru Ray and Anupama C. Raman. Nancy Settle-Murphy's "Just Because You’re Silent, You May Not Be Really Listening."
Security Countermeasure Selection and Budgeting Tools
This chapter from the second edition of Risk Analysis and Security Countermeasure Selection explains what makes a security countermeasure effective or ineffective, the functions of security countermeasures, infiltration and attack scenarios, attack objectives, criminal offender types, criminal offender countermeasures, how to develop countermeasure effectiveness metrics, and how to develop a Decision Matrix to help decision makers reach consensus on a specific countermeasure when there are many points of view to consider.
Protests or Profiteering: The Hack Remains in Same
Whether it's cyber terrorism, hacktivism, or just another set of hackers trying to get famous by jumping on the media's hot topic, the key to fighting back is threat intelligence. Staying ahead of future attacks requires a proper investment in intelligence groups who have the proper tools, people and processes to deliver up-to-date intelligence.
Multilevel Modeling of Secure Systems in QoP-ML
This book introduces the Bogdan Ksiezopolski's quality of protection modeling language (QoP-ML), which provides the multilevel modeling language for making abstraction of security systems that put emphasis on the details concerning quality of protection. The analysis of the secure systems can be performed automatically by means of an automated quality of protection analysis tool. Based on the multilevel analysis, the foundations of the new decision support system can be introduced. The book includes a number of examples and case studies that illustrate the QoP analysis process by the QoP-ML.
Call for Chapters: Information Security Management Handbook, Seventh Edition
The new edition of the handbook is following the National Cybersecurity Workforce Framework.
Just Because You're Silent, You May Not Be Really Listening
Most communications skills courses tend to focus on making people more articulate, effective and expressive through writing, speaking and presenting. Listening is rarely a focus. In this article from Communiqué, Nancy Settle-Murphy offers some practical tips for making you a better listener.
Agile Stakeholder Engagement
This chapter from Agile for Project Managers discusses the importance of stakeholder engagement on the agile project. This is an essential practice that ensures a successful product delivery. The chapter concentrates on important concepts such as getting the right stakeholders for the project, cementing stakeholder involvement, and managing the interests of stakeholders.
Provide Leadership Across All Levels
The nature and level of leadership on a program designed and launched to transform the entire business or significant parts of the business are primary determinants of the program being successful by achieving the intended business goals. Given organizational matrices, work complexities, and corporate politics, the program management team personnel rely heavily on their leadership traits to deftly guide issues and manage risks through multiple organizational levels and across functions. As this excerpt from Transforming Business with Program Management explains, leaders can model the behavioral changes needed to embrace the changes the program is driving.
Leveraging Stakeholders to Prepare Your Organization for Change
This excerpt from Stakeholder Engagement: The Game Changer for Program Management focuses first on change management theory to help drive in change management concepts and the importance of change management. It then introduces a simple change management model to incorporate change management activities into your program plans. After learning the foundational elements of change management and reviewing a change management model, the focus shifts to how to implement the change management elements for each of the four stakeholder quadrants.
Emerging Technologies in Healthcare
Connecting millions of patients with caregivers like never before, mobile health (mhealth) technologies are changing healthcare for good. Emerging Technologies in Healthcare by Suzanne Moss Richins provides detailed descriptions of the latest mhealth technologies. It outlines the role of mhealth for self-care and remote care and describes the differences between telemedicine, telehealth, and telecare. The book justifies the use of mhealth technologies for meeting regulatory standards of care and explains how analytics and social media are being used to improve healthcare delivery. It addresses healthcare reform, risk management, and future directions for healthcare technologies.
Call for Book Chapters: Vehicular Social Networks
Selected topics that are covered in this book are related to social networking techniques, social-based routing techniques applied to vehicular networks, data dissemination in VSNs, architectures for VSNs, as well as novel trends and challenges in VSNs. The book aims to provide significant technical and practical insights in different aspects, starting from a basic background on social networking, the inter-related technologies and applications to vehicular ad-hoc networks, the technical challenges, implementation and future trends.
Operational Models of Corporate Security Intelligence
This excerpt from Corporate Security Intelligence and Strategic Decision Making discusses why it is useful to have a model of intelligence to help guide structures, processes, and the deployment of resources. It then introduces a simple security intelligence model, applicable to any scale of deployment. Finally, it discuss aspects of a common dedicated countercrime model (the National Intelligence Model).
Turn 9 Common Virtual Meeting Misconceptions Inside Out
The basic premise: Successful virtual meetings require a thoughtful discipline that demonstrates a deep sense of respect for all participants, enabling them to be full and equal participants in the conversation. We also believe that any kind of meeting should be held only when discussions are needed. (If content review is required, let people do that somewhere else.) This article by Nancy M. Settle-Murphy refutes nine of the most popular misconceptions people hold about virtual meetings, and offer some practical tips that can help transform virtual meetings from mediocre to memorable. Nancy M. Settle-Murphy is author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results.
Call for Chapter Proposals: 5G Radio Access Network (RAN) - Centralized RAN, Cloud-RAN and Virtualization of Small Cells
Being at a very nascent stage, C-RAN and virtualized Small Cell technology poses several major research challenges. This book aims to provide a deeper insight into the next generation RAN architecture; especially in the presence of virtualization and cloud environment. The book will present a survey of the coexistence of SDN, C-RAN and Small Cells solutions proposed in the literature at different levels; e.g., physical characteristics, open access, dynamic resource allocation, technology-neutrality, coverage obligations, minimization of the interference problems, etc.
Healthcare Analytics Use in Population Health
Data collection and aggregation provide an opportunity to look for patterns and based on these patterns to make decisions to improve quality and decrease costs. The driver of this change comes from the payment shift from volume to value inherent in the Patient Protection and Affordable Care Act (PPACA). It augments the Health Information Technology for Economic and Clinical Health (HITECH) Act, which requires the implementation of electronic medical records (EMR).
Requirements Generation in ERP Planning
This excerpt from Directing the ERP Implementation: A Best Practice Guide to Avoiding Program Failure Traps While Tuning System Performance discusses the requirements generation process. It defines, in detail, the system functionality as well as the engineered process changes essential for an order of magnitude improvement in operational performance. The attributes of requirements definition include categories such as "mission critical," "essential," and "nice to have," which then establishes the baseline for a traceability matrix that flows through the project phases including design, prototyping, customization, testing, piloting, and delivery.
Flip Your (Virtual) Meetings - Learning from Our Best Teachers
To stave off boredom and stimulate learning that lasts longer than a class period, my kids' teachers are experimenting with "flipped classrooms." Rather than lecturing at kids with a bunch of PowerPoints during the precious classroom time, the teachers assign the content in advance. This way, sutdents come to class ready to debate ideas and apply what they've learned in ways that make the topics come alive. Let's take a page from teachers who have seen great results by flipping their classrooms. Here are a few steps to get you started.
Privacy Threats Come from All Corners
The types of personal information crooks, marketers, surveillors and others are after varies greatly. You can see it in the kinds of organizations under attack from black-market entreprenuers, just-because-I-can hackers, and even Chinese computer manufacturers. Increasingly, consumers must practice diligent privacy practices with every entity they allow access to their personal information. Read on for tips on doing exactly that.
Introduction to Human-Computer Interaction (HCI)
This excerpt Human-Computer Interaction: Fundamentals and Practice by Gerard Jounghyun Kim introduces HCI as a cross-disciplinary area that deals with the theory, design, implementation, and evaluation of the ways that humans use and interact with computing devices.
Genesis of Personal Communications
This is an excerpt from Mobile Evolution: Insights on Connectivity and Service by Sebastian Thalanany. The book presents insights, interpretations, concepts, and interdependent views--in the landscape of mobile connectivity and service--that emphasize the significance of a harmonious interplay, cooperation, and coalescing of a variety of interdisciplinary domains of science and art. The author explores the forward-looking and enabling capabilities of mobile connectivity and service in the context of long term evolution (LTE) systems and multimedia services, as viewed through a lens of human experience. It provides information and guidelines pertaining to the strategies and technologies associated with the next-generation mobile ecosystem.
Definition and Evaluation of IT Human Factors
This chapter from Modeling, Evaluating, and Predicting IT Human Resources Performance adopts the "Big Five" theory, widely used in the recruitment and personnel selection process, in order to evaluate human factors of software development team members and to find the connection with individual performance.
Onslaught of New Ransomware Strains
Ransomware is now a common term in our vocabulary, but it continues to evolve. The release below warns of an onslaught of new flavors and how they can be found and averted. The tactics range from using help files to infect along with phishing emails. Games are also now being targeted, bad news for those with teenagers in the house.
Reliability and Availability
The concepts of reliability and availability are talked about, written about, equated with each other, and given star status but, in the main, remain somewhat one-dimensional concepts. In this chapter, and throughout High Availability IT Services, Terry Critchley shows that these concepts, particularly availability, have other dimensions and interpretations as well.
Big Data: Architecture and Its Enablement
The concept of big data not a database or data architecture but is more the solutions that leverage any and all data, wherever they come from. In health care, the concepts of big data are enabled only in organizations that focus on data--capture, management, and usage. Health care data is extremely broad, deep, and complex, yet the needs for data access are even greater and ever evolving. To meet such needs, effective data architecture must be intertwined with a formal data governance program. This combination unlocks analytics and begins to leverage big data.
Planning Meetings: The Risk Management Plan
Planning meetings are conducted to ensure the organization has a consistent vision in terms of the project's risk methodology, roles and responsibilities, timing, thresholds, reporting formats, and approaches to tracking. Planning meetings focus on bringing together key stakeholders on risk to determine the risk practices to be pursued and the approach to be used in pursuing them.
Introduction to Customer Relationship Management (CRM) Systems
What is a Customer Relationship Management (CRM) system? Not only is there little agreement on what it really stands for, there is even less agreement on what constitutes a CRM system, how it should be used, the potential of profitability gain, the impact on customer loyalty, the costs involved, the personnel needed, and the training needed for the CRM personnel. CRM system characteristics are not limited to the CRM products and tools that are currently available in the market, and CRM is certainly not a technique or methodology.
Ten Tips to Avoid Massive Data Breaches. Don’t Be the Next Sony!
With Sony recently setting aside $15M to investigate the reasons for and remediate the damage caused by last year's data breach, many organizations—from large enterprises to small business—are wondering what they need to do make sure they aren’t the next big data breach headline. The good news is that most data breaches can be prevented by a common sense approach, coupled with some key IT security adjustments.
Creating the Requirements Management Plan and Requirements Traceability Matrix
The requirements management plan (RMP) is a document that describes how requirements will be analyzed, documented, and managed throughout the project. It is frequently published in conjunction with the requirements traceability matrix (RTM). Both the RMP and RTM are supposed to be created along with the requirements specifications, and all three documents act as key inputs in the creation of the project plan document. This excerpt from Project Scope Management: A Practical Guide to Requirements for Engineering, Product, Construction, IT and Enterprise Projects discusses creating the RMP and the RTM.
Overarching Topics in Managing the PSTN Transformation
This chapter from Managing the PSTN Transformation: A Blueprint for a Successful Migration to IP-Based Networks provides an overview of major organizational overarching topics, for example, the project structure with roles and responsibilities, the PSTN migration process, as well as a checklist of the main questions and risks that should be considered during the project.
The Smart Grid and Privacy
This chapter from Data Privacy for the Smart Grid discusses the emerging privacy risk and the need for privacy policies, reviews relevant privacy laws, regulations, and standards, and outlines privacy-enhancing technologies and new privacy challenges.
Critical Infrastructure Executives Complacent about Internet of Things Security
Tripwire, Inc. recently announced the results of an extensive study conducted by Atomik Research on the security of the "Enterprise of Things" in critical infrastructure industries. The study examined the impact that emerging security threats connected with the Internet of Things (IoT) have on enterprise security. Study respondents included 404 IT professionals and 302 executives from retail, energy and financial services organizations in the U.S. and U.K.
The Lean Leader: A Personal Journey of Transformation
In The Lean Leader, Robert B. Camp uses a compelling novel format to tackle the nuts and bolts of leading a Lean transformation. You'll follow along as the characters face real crises and what seem to be unreasonable deadlines. After reading this book, you'll know how to shed the decision-making tasks that have cluttered their days and delegate those decisions to employees who are closer to the action. You'll also learn how to look over the horizon to define and communicate a new course of action and compel others to follow. Click here to read Chapter 1.
How to Create a 12-Month Plan in Just Two Hours
There's something about the blank slate of a brand new year that makes it a perfect time to get your group together and lay down plans for the next 12 months. Sounds like a good idea in theory, but it can be near impossible to persuade people to hunker down in a meeting room for a couple of days when their 'day jobs' are so demanding. In this article Nancy Settle-Murphy describes how (and why) a processed called the Magic Wall works in a face-to-face (FTF) setting, and explores how some of these concepts might be played out virtually.
In this chapter from Techniques and Sample Outputs that Drive Business Excellence, H. James Harrington and Chuck Mignosa discuss brainstorming (creative brainstorming), a technique used by a group to quickly generate large lists of ideas, problems, or issues. The emphasis is on quantity of ideas, not quality.
The Digital Divide and the Global Post-2015 Development Debate
In this chapter from Digital Divides: The New Challenges and Opportunities of e-Inclusion, Jeremy Millard provides a global overview to put digital divides into perspective with a view toward the future. He argues that ICTs have a critical role to play in the proposed Sustainable Development Goals (SDGs), which will replace the Millennium Development Goals (MDGs) after they expire in 2015, but that stark digital divides, both between and within countries, could limit their potential effect.
Privacy Predictions 2025!
After posting their IT predictions for next year, Varonis decided to assign themselves an even more challenging task. Using recent headlines from the tech press as a baseline, they tried to extrapolate ahead to the year 2025. Where might today's stories about technology and privacy lead to in ten years if we don't change how we manage IT security today?
What Was, What Is, and What Should Never Be: A Look at Security 2014, 2015 and Beyond
In this insightful article, Stephen Coty, Chief Security Evangelist at Alert Logic, takes a retrospective look at some of the industries hardest hit by data breaches and vulnerabilities and looks to 2015 and beyond to discuss new and emerging malware.
McAfee Labs Threats Report: November 2014
Key topics in the November 2014 issue of the McAfee® Labs Threats Report and the significant impact of the recently-discovered BERserk vulnerability in RSA signature verification software and how cybercriminals exploit the trust we place in devices and websites. It also discusses some of the threat trends they expect to see in 2015.
Widespread Employee Access to Sensitive Files Puts Critical Data at Risk
It's been 18 months since Snowden demonstrated the inability of the Puzzle Palace to identify and mitigate internal threats. Now, a new survey suggests--not surprisingly--that most organizations are having difficulty balancing the need for improved security with employee productivity demands. Employees with needlessly excessive data access privileges represent a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.
2014-2015 Security Surprises, Challenges and Predictions
As 2014 comes to a close, it is time to cast 2015 security predictions and look back at 2014 predictions to see what we got right, what we got wrong, and what surprised us. Here TK Keanini, Lancope CTO, takes retrospective look at his 2014 predictions, and projects 2015.
7 Ways to Keep Stakeholders Close in a Virtual World
Even though our intentions may be similar when working face-to-face and virtually, how we go about initiating and cultivating stakeholder relationships can be very different. Here are a few tips from Nancy Settle-Murphy, author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, for engaging stakeholders virtually for projects that really matter.
Four Questions to Consider When Building a Security Platform
While most security professionals have come to grips with the fact that at some point they will fall victim to a compromise, the approach to security by and large still revolves around responding after something bad has occurred. Now this is by no means the fault of the security professional alone. The tools they have at their disposal, most of which offer a siloed view into their security posture, many times restrict their capabilities. To truly make the shift towards Continuous Advanced Threat Protection, security professionals need to evaluate tools and processes with a fresh set of eyes. This article outlines the four things to consider when making this necessary shift in security approach.
Breaking the Wall of Silence in a Virtual World
If you have ever led a virtual meeting, this scenario is familiar: You pose a brilliant provocative question, hoping to trigger a flurry of insightful responses. And instead, you hear ... Nothing. Nada. Zippo. Zilch. So what’s your next step? There are many techniques for generating more active participation in the virtual world. But first, you have to try to figure out the reasons for the silence. If you guess wrong, you might drive people further away from the virtual table. In this article from Communique, Nancy Settle-Murphy, author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, explores some of the typical causes for a lack of participation, and will offer some remedies to help break through that painful wall of silence.
Basic Concepts of Multilevel Database Security
Mandatory access control (MAC) is a method of restricting unauthorized users from accessing objects that contain some sensitive information. An implementation of MAC is multilevel security (MLS), which has been developed mainly for computer and database systems at highly sensitive government organizations such as the intelligence community or the U.S. Department of Defense. This chapter from Multilevel Security for Relational Databases introduces the basic concepts of multilevel database security.
McAfee Report Reveals Organizations Choose Network Performance Over Advanced Security Features
McAfee today published a new report titled Network Performance and Security, exploring the challenges organizations face in deploying security protections while still maintaining an optimally performing network infrastructure. The report uncovered that an alarming number of organizations are now disabling advanced firewall features in order to avoid significant network performance degradation.
Android Malware Evolution
The evolution of Android malware, while mapping closely to the desktop trends, is often viewed at an accelerated pace. Malware and botnets have had time to grow and trial different methods of infections and potential uses, and the authors of the mobile counterparts are definitely applying these learned lessons. As explained in the chapter from Android Malware and Analysis, there are clear indicators that these are often the same groups working toward extending their list of infected machines to the Android world.
Introducing the Crowd
Crowdsourcing existed long before the term gained popularity and visibility among the masses. They were all practical problems that needed to be solved to create value to the general public or studies that were taken up to prove the power of the crowd. This chapter from Leveraging the Wisdom of the Crowd in Software Testing discusses how this benefits software development.
UTF-8 for PHP and MySQL
Overview of Mobile Platforms
This excerpt from Mobile Social Networking and Computing: A Multidisciplinary Integrated Perspective gives an overview of mobile devices (hardware) and mobile operating systems (software), and discusses MSN development architecture.
8 Ways to Stop Interruptions from Derailing Your Next Virtual Meeting
In this edition of Communique, Nancy Settle-Murphy explores practical steps that virtual meeting leaders can take to anticipate and effectively handle interruptions and other types of disruptions that may throw virtual meetings off-course.
New F-Secure Threat Report: Ransomware Rising, Even on Android
The first half 2014 saw an increase in online attacks that lock up user data and hold it for ransom -- even on mobile devices. According to F-Secure Labs' brand new 1H 2014 Threat Report, rising numbers of attacks from malicious software known as ransomware underscore the importance of data security for home, enterprise and government users. To find out the top countries for Android malware, the safest online market for mobile apps, and for more details about all the threats to PC, Mac and mobile, check out the full 1H 2014 Threat Report.
Survey of Secure Computing
Secure computing spans a wide spectrum of areas, including protocol-based security issues, denial of service, web and cloud, mobile, database, and social- and multimedia-related security issues, just to name a few. Even as threats present themselves, active mechanisms and good preparation can help to minimize incidents and losses arising from them, but it is also to be noted that security in computing is still a long way from complete. This chapter from Case Studies in Secure Computing: Achievements and Trends presents a survey of common issues in security attacks and defenses in computing through the application of cryptography and the aid of security models for securing systems.
Beyond PCI Compliance
An organization begins a journey when it achieves PCI compliance. It is usually a starting point for a continuing path to information security and assurance. It is very important for the organization to understand the potential challenges and effectively address them after they achieve successful PCI compliance. This excerpt from PCI Compliance: The Definitive Guide briefly discuss the challenges and success factors that the organization must be aware of to maintain compliance and achieve optimum information security for the enterprise.
Maintenance in the Digital World
This excerpt from Buying, Supporting, Maintaining Software and Equipment: An IT Manager's Guide to Controlling the Product Lifecycle deals with contracting for maintenance for both hardware and software purposes in the initial negotiation.
The Oracle Cloud
Read this chapter on "Oracle Cloud" from Jessica Keyes' The CIO's Guide to Oracle Products and Solutions.
Don't Leave Remote Participants Hanging: 8 Tips for a Meeting of Equals
Let's face it: It's almost impossible to make remote callers feel like they're on equal footing with people who are gathered in the conference room for the big meeting. But with some thoughtful planning, you can come pretty close. Taking the perspective of a frustrated remote participant, Nancy Settle-Murphy, author of Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results, offers eight tips for people who plan and run "hybrid" meetings, consisting of people who are gathered face-to-face and those who join from afar. Here she assumes that the meeting planners are using WebEx and phone conferencing, but these tips can apply with almost any kind of virtual meeting set-up.
Enterprise architecture is a term that has been broadly defined and used by both academics and practitioners. This excerpt from Enterprise Integration and Information Architecture: A Systems Perspective on Industrial Information Integration provides a clearer understanding of enterprise architecture.
Stream vs. Batch Processing: Which One Is Better for Operational Intelligence?
Many organizations across industries leverage "real-time" analytics to monitor and improve operational performance. Essentially this means that they are capturing and collecting data in lots from various systems and analyzing it in batches through periodic on-demand queries. By contrast, companies that are leveraging "streaming analytics" are continuously collecting and analyzing data and automatically course-correcting as events unfold, when there's still an opportunity to positively impact the outcome.
Team Building for a Strategic Initiative
This excerpt from Agile Strategy Management: Techniques for Continuous Alignment and Improvement focuses on getting a strategic initiative off to a good start.
Accountability Is Why Technology Should Shift to the Business from IT
In the May 2003 edition of the Harvard Business Review, Nicholas Carr wrote an article that ignited a firestorm. In "IT Doesn’t Matter," later expanded to a book, he argues that IT is a commodity and doesn't provide competitive advantage. In this article, Ryan Ward suggests that "To meet business efficiency and growth requirements, Information Technology departments need to adopt a mindset of building processes and solutions where the Business is ultimately accountable for their desired solutions and information." What do you think? Another firestorm?
Before You Take Your Next Trip
I don't know if you've ever read Stratfor's guidance on personal security, such as "Taming Chaos with a Personal Plan," but this new book, Personal Security: A Guide for International Travelers, provides a comprehensive approach to personal security and safety when travelling, or even while at home. To support your pre-trip preparations, this chapter, "Before You Go," maps out expert advice and lessons from real life cases to give you insights into basic planning questions.