Thursday, February 07, 2002
In yesterday's entry I ended by sharing a process improvement manual that I made available for download. That manual is valuable as a standalone asset, but when combined with Continuous Improvement: A way of life (a 36-page essay by P. R Balakrishnan), you'll be armed with enough material to place process improvement into the context that is right for your organization.
There is much ado about security these days. I've frequently written about it here and in Notes from the Field, and will continue to do so because it's an important topic from operational and software engineering points of view. One interesting resource is Generally Accepted System Security Principles (GASSP). This page contains the principles in HTML and MS Word format. The approach used is to cast security principles in the same manner as generally accepted accounting principles (GAAP). Given the fact that accounting and auditing, and core security practices are closely related, the GASSP approach makes sense. Bear in mind that this is no real standard outside of MIT, which developed it, but it does reflect best practices from which you may want to borrow. Final notes about security in this entry: Security Focus is a repository of resources, including a fairly complete library of security documents that is worth checking into. If you're working on e-commerce or Internet projects you'll want to read A Parametric Approach for Security Testing of Internet Applications to make sure the test and release phases of your project cover key aspects. That's what due diligence is all about.
If you haven't guessed, I subscribe to the adage that if you can't measure it it doesn't exist. It's finding what needs measuring that's the challenge. An article from Baseline Magazine titled A Dozen Smart Metrics, To Go provides twelve useful indicators that you should be measuring, including:Before ending I want to share a new weblog I discovered today: VoidStar, which is Julian Bond's creative outlet for his valuable thoughts and ideas. Mr. Bond has much to say about a wide range of subjects and topics related to IT operations, software engineering and anything that falls on the periphery or in between. I spent a few hours earlier today reading, absorbing and assimilating. I'm impressed.