Articles & Publications

Amoxil Generic Buy Clarinex Online Neurontin Without Prescription Topamax No Prescription Soma For Sale Glucotrol Generic Buy Aricept Online Stromectol Without Prescription Lotrisone No Prescription Celexa For Sale

This page contains abstracts and links to published articles.


A Hard Look at the Organizational Implications of BPM, January 2007

There is a natural symbiotic relationship between SOA and Business process management (BPM). SOA is all about changing how both business and technology groups see the way an organization functions, focusing on the capabilities provided - the service - rather than the tools and mechanisms in daily use, and BPM is all about providing executable models of the business processes that can orchestrate those services and provide a unified view across the manual and automated parts of a process.

Not surprisingly, BPM is one of the current hot topics in the SOA world because it has the promise of delivering the ultimate business “silver bullet”: making it easy to change the business to meet an ever-changing market. However, most of the existing literature and certainly the majority of product whitepapers focus only on the cost reduction and “business agility” to be gained from adopting a BPM strategy. To gain real benefit from BPM requires more than modeling the existing business processes so that they may be automated-it requires organizational change so that the processes are optimized not to make them easier to implement, but so that they give more value to the people who depend on them.

This article examines the conceptual BPM project from the following perspectives: what is involved to deliver the project, what are the enablers of the project and what are the total costs of ownership (TCO) of the project. Organizations considering BPM as a “silver bullet” need to bear in mind that BPM is still software development, it critically depends on the proper infrastructure and services being in place, and the ultimate success of reducing the total cost of ownership of a BPM project over its entire lifecycle still depends on a disciplined approach to software implementation. Therefore, before significant investments are made in reengineering processes and deploying BPM solutions, businesses need to commit to making the organizational changes necessary to allow realization of any lasting value from BPM.


The Philosophy of Enterprise Information Security
Information Security Bulletin, Volume 10, Issue 5, June 2005

Enterprise Information Security (EIS) must consider anything that would put the enterprise’s information at risk or in danger. Unfortunately, the risks and dangers facing today’s enterprise are great indeed: spyware, spam, phishing, Internet worms, viruses, crackers, natural disasters, corporate espionage, increasing regulation, eroding customer confidence, disgruntled employees and possible criminal prosecution of executive management. These dangers are far beyond the scope of hardware or software detection and prevention tools alone.

Enterprise information includes not only the sum of all data stored transmitted by its networks and computer systems but must also include the knowledge in the minds of its employees. All this information is the lifeblood of the enterprise. This information is also the differentiator from its competitors. Therefore, it is no surprise that the scope of EIS has expanded to include physical security, non-electronic data storage, document destruction, emergency preparedness, regulatory compliance and even employee protection in both normal and abnormal circumstances. The answer to how an enterprise has any hope of successfully protecting its information lies in Weinberg’s Second Rule of Consulting: “No matter how it looks at first, it’s always a people problem.”

People are the biggest asset an enterprise has in dealing with the totality of EIS. Of course, its people can also be one of the largest causes or contributing factors to these risks and dangers as well. Only through understanding the critical role of people in the end-to-end information security can an enterprise establish security policies which will be embraced rather than be rejected as unnecessary distractions from “getting the work done.” Policies don’t provide security; people do.

Pragmatic Security: Making the Most of What You Have
Information Security Bulletin, Volume 10, Issue 9, November 2005

Security is about managing risk. These risks can affect the organization in many ways: its reputation, its information, its physical assets, its employees or its customers. However, only business decisions determine the acceptable level of risk in any situation, and each one of these decisions involves trade-offs. The only way to completely mitigate the risks to an organization is to not engage in any activity whatsoever.

Since there will always be risks, it is imperative to classify them effectively based on their potential impact to the business. It is quite easy to spend a lot of money on common security infrastructure components yet only address a small portion of the real risk to the organization. The most effective way to identify and manage the various risks is to perform a risk and business impact assessment as the first step towards implementing a comprehensive security policy.

A pragmatic approach to implementing the security policy involves prioritizing the risks and mitigating them by addressing the greatest risks with the fewest resources. Depending on the size of the organization, this approach may manifest itself in many different ways, but it allows business requirements to provide focus to security initiatives. Security policies should enable and support the business, not hinder it—whatever its size.