This page is powered by Blogger.


 
  corner   



HOME

ARCHIVES

SEARCH

Contacting Us
Recommendations
Mike Tarrani
Linda Zarate
Kate Hartshorn

Who We Are
TEAM Zarate-Tarrani

Our main weblog
Notes from the Field

Our other pages
Mike's home page
Linda's home page
Kate's home page

Forums
Simpatico [we]blogs
Dan Gilmore
Robert X. Cringely
Jakob Nielsen
Julian Bond
Deborah Branscum
Lisa Rein
CamWorld
Ed Yourdon

 

Tuesday, April 30, 2002

 

More on Process. I place process above all else. Tools without processes frequently turn into shelfware and are a monument to poor management practices, abysmal leadership and the major disconnect between IT and business imperatives. Once processes are in place they cannot remain static, or they will soon become monuments themselves - monuments to lethargy, not invented here syndrome and source material for Dilbert cartoons.

There are books, articles and philosophies devoted to process improvement. Pick one. However, if you are sincerely searching for a workable approach The Purpose Driven Process Improvement Guidebook may have what you're seeking. I was impressed with the approach and found the PowerPoint presentation on purpose-driven process improvement to be a quick-start introduction. Another excellent view of process improvement is the 5-step approach by the same authors who created the Purpose Driven Process Improvement Guidebook. Highly recommended.



Monday, April 29, 2002

 

Linda and Kate covered service delivery in their recent entries while I addressed project management and metrics. The following documents will, in many ways, tie together these disciplines:



Sunday, April 28, 2002

 

My entry on 25 April wrapped up thoughts and associated documents on project management. This entry's theme is metrics. There is a direct relationship between software project management and metrics, as well as between service delivery and metrics. A good place to start is Practical Approach to Software Metrics, which is a primer. Also see previous metrics entries because this is a recurring topic.

Metrics need to be placed within a context of the development life cycle. An interesting approach to life cycles is the hybrid process model that combines the spiral and waterfall life cycles. This is but one example and certainly not the only viable model. However, you have to credit the authors for creativity and some excellent ideas. Armed with a primer and one model that incorporates two common life cycles into a hybrid, the next step is to survey metrics practices. This document presents best practices that you can learn from to develop (or improve) your metrics program. If you want to assess your metrics posture the Excel metrics self-evaluation tool will give you a baseline and the basis for launching a process improvement initiative.



Thursday, April 25, 2002

 

In my entry in Notes from the Field today I discussed privacy as it related to presence and availability management. If you read my 25 April entry there you'll see initiatives sponsored by IETF IMPP Working Group and the Presence and Availability Management Forum. Those are not the only two groups that have emerged with privacy-related initiatives and proposed standards. An article titled Implementing privacy/preference policies with P3P introduces the W3C standard titled Platform for Privacy Preferences (P3P). This is an XML standard that describes the privacy and/or user preference policies for a Web site. Personally I applaud the recent activity by these groups to establish standards to assure privacy - something that may be sorely missed if the Liberty and Passport factions proceed unchecked.

Mike and Linda frequently write about the ITIL, service delivery and related topics. Until I joined TEAM Zarate-Tarrani my career path was a straight line in the knowledge management and competitive intelligence areas. Since joining the team I've been more involved in the service delivery domain, and it turns out to be a natural fit. Two documents that gave me the points of reference I needed to change direction are Delivering High Quality Service, which explains the goals of the International Service Management Forum, and a PowerPoint presentation on the ITIL essentials. Where my skill base allows me to fit in and to grow as a service delivery professional are the direct connection between managing knowledge and providing support services, and the process analysis and reporting that service level management requires. The latter is similar to competitive intelligence, with the difference being my information gathering and assessment activities will be directed inward towards the service delivery process. In addition, my competitive intelligence background will serve me well in benchmarking to best practices and the security knowledge areas of the ITIL.

An example of how competitive intelligence relates to service delivery is shown in eShopper Modeling and Simulation. This paper is a classic example of the grey area between competitive and business intelligence, but is also an approach that a skilled service delivery professional would take in establishing business patterns that can be used as the basis for service level objectives. Another example is a typical source document that a competitive intelligence specialist would use: Understanding Web Performance. Yet another competitive intelligence source document that is as applicable to service delivery as it is to surveying best practices and trends is Strategy for Exploiting Improvement. The bottom line is that it's not a great leap between the skills and experience I've accured and those that I'll need to perform effectively as a service delivery professional.

 

Ending Notes: Project Management. My last two entries covered various aspects of software project management. I'll end the series (which didn't start out as a series, but managed to become one anyway) with these documents:One of the best books, in my opinion, on software project management is Software Project Management: Unified Approach by Walker Royce. This book is especially valuable if you're using the Rational Unified Process, but will be applicable to any software development project regardless of methodology. My only complaint about the book is the way it addresses work breakdown structures, but I'll go into that particular issue in a future entry in the form of a book review.



Wednesday, April 24, 2002

 

More on Project Management. In my last entry I shared documents that will pave the way to sound software project risk management techniques. In this entry I have documents to share that will further strengthen the foundation of software project management. The context for software projects can be captured in software development rules of thumb and software project success factors. These two documents can effectively serve as primary guidelines for all software projects, and if followed will increase your awareness of what does and does not work. Another document that every project manager should read is Prevent Software Project Surprises. This document ties back to my previous entry about project risk management. Forewarned is forearmed.

A good article on the basics of estimating is Unreasonable project estimates: Find the cause, effect a cure by Kurt Linberg (he has authored other project management articles that are well written and hit the mark).

Project management consists of planning (includes estimating), scheduling and control. Success is measured, and for scheduling the document on team-driven scheduling metrics provides sound advice on what needs to be measured. Additional resources on risk, scheduling and control can be found on our old project management newsletter site. This page is no longer updated, but contains a wealth of valuable information.



Tuesday, April 23, 2002

 

Project Risk. Managing software project risks is often discussed, but too often misunderstood. One of the unfortunate problems is that IT professionals side-step the math and assign arbirtary ratings that have no basis in reality. The net result is miscalculated risks with no quantifiable impacts. A starting point is to brush up on probability, and Simple Measures of Success will step you through the basics. This Word document not only covers the fundamentals of probability, but also covers statistical process control charts.

After you get up to speed with the relatively simple math, What is Software Risk Management? will nudge you towards applying it in a practical way. The finishing touch is the theme of Software Project Risk Management Practices. These documents will give you the foundation, and are also consistent with project risk management processes that are set forth in the Project Management Body of Knowledge for those who are either certified as a Project Management Professional or pursuing that certification. The material is also consistent with practices used in the UK project management standard, PRINCE2, in addition to suporting requirements of the Capability Maturity Model.

 

Wrap-up. I'm going to wrap the security thread with a PDF presentation on risk analysis. The author of this presentation is Thomas R. Peltier who wrote Information Security Risk Analysis. Linda reviewed this excellent book on Amazon on 25 September 2001, and I reviewed it on 22 April 2001. Read what we had to say - if you're interested in risk analysis from a security perspective this book is worth reading.

Shifting Gears. I have two documents that address software project management and software quality management. They're short, to the point and worth sharing with colleagues.



Sunday, April 21, 2002

 

Back to Security. I'm going to sidestep Linda's challenge to continue the ISO thread and refocus on security. I have documents to share that cover two important topics:
  1. Access Controls
  2. Assurance and Metrics



Friday, April 19, 2002

 

Security (again!). Security is a recurring theme here and in Notes from the Field, and it's time for another installment. One excellent resource for IT security is Ben Rothke's web page. Ben is a columnist for Information Security Magazine, among other things, and his home page contains a wealth of information. The real gems are:



Thursday, April 18, 2002

 

ITIL, ITSMF and Service Level Management. Linda's 14 April entry was on the mark. With established international standards we do not need another methodology, and we definitely don't need proprietary methodologies. She and I have over 50 years of IT operations, service delivery and production support experience between us. We've seen the methodology of the month, silver bullets and all of the other panaceas, and none are a total solution. Are the ITSMF's best practices perfect? No, but they do reflect the experience of IT professionals the world over.

One of the problems with the ITSMF's core documents, the IT Infrastructure Library, is the books are expensive. This is, in my opinion, a barrier to adoption. I am going to chip away at that barrier by sharing ITSMF files that I've collected with the goal of creating awareness. I'm going to start with a PowerPoint presentation that gives an overview of the ITIL: Why ITIL? Since the ITSMF uses the ITIL this presentation is important. The following files, which address various ITIL and ITSMF domains, will show the inner workings:



Wednesday, April 17, 2002

 

Preparations. One of the projects in which I'll be engaging is to develop reference data for issue management. I'm currently reading Managing Reference Data in Enterprise Databases to get ideas about how to build a taxonomy, populate it and manage the data. Although the project is in support of service level management, the role I have is squarely in the knowledge management domain.

Knowledge Sharing. Since I'll be working with peers who may not be fully conversant with knowledge management I'm gathering artifacts that will explain the basics. One such artifact is a PowerPoint presentation titled KM Tour. It's a brief overview and should help me to fit my role into the project objectives. Another artifact is a PDF document titled Assessing Knowledge Assets. This document goes beyond the scope of my role, but it does place knowledge management into a practical context.

Nice to Know. If you have an interest in knowledge management or leveraging human capital (two different, but related topics), the following documents will be of interest:



Tuesday, April 16, 2002

 

Privacy is a hot topic, but hotter still is the thorny issues surrounding how to best protect it. Linda reviewed a chilling book titled World Without Secrets in her 17 April entry in Notes from the Field. This book, and its associated web page, paint a bleak picture of privacy. One of my main sources of information on the topic is Lisa Rein's weblog. I also do a considerable amount of research from other sources because privacy issues are main concerns of my specialities, knowledge management and competitive intelligence.

One solution that is being hotly debated is the concept of a national ID card. The key issues are contained in a Gartner research note titled Establishing a National ID Card: Definition and Debate. However, this issue is international in scope. Smart ID Cards in Europe: Different Views, Uncertain Future gives the perspective from Europe, while we can learn from Hong Kong’s Multiapplication Smart ID Card.

At the state level the Gartner research note titled Can the Smart State Implement a Smart Driver’s License? asks valid questions. Interestingly, another Gartner research note asserts that The Global Economy Already Has IDs.

At some point, though, it will behoove you to understand the underlying technology and the strengths and weaknesses of smartcards. Mike and Linda steered me to Get Smart : The Emergence of Smart Cards in the United States and their Pivotal Role in Internet Commerce as a well written introduction to the business and technical issues, and I join them in highly recommending it if you need to quickly learn about smartcards.

 

Security & Contracts. I've been posting book reviews and other security-related information here and in Notes from the Field since the inception of these weblogs. Contracting is another recurring topic. A recent eWeek security series titled Contracts Getting Tough on Security ties the two topics together. If you write RFPs and evaluate vendors you'll find best practices. If you write proposals you'll find compelling reasons to start developing a set of security processes and strategy to use as a response to RFP requirements.

I canot resist a shameless commercial plug here: TEAM Zarate-Tarrani develops security strategies and processes that will prepare you for responding to RFPs.

 

Friends don't let friends use MS Project. If you want a project management application that correctly levels resources, can correctly compute earned value, and is made by a company that understands project management you should look at SureTrak Project Manager 3.0 (see Linda's 27 May 2001 review on Amazon).

I just finished reviewing an outstanding book on how to use this powerful program: Planning Using Primavera SureTrak Project Manager Version 3.0 by Paul E. Harris .

Although SureTrak Project Manager 3.0 ships with adequate documentation and the program is intuitive, there are three good reasons to buy this book:

  1. The product documentation covers every feature - the information about planning and managing projects using this powerful tool is scattered throughout, making it difficult to tap into SureTrak's power without wading through an overwhelming amount of nice-to-know, but non-essential detail.
  2. Although anyone who has used Microsoft's ubiquitous MS Project will have no problem getting started with SureTrak, they will miss the true project management features of SureTrak that are not present (or don't correctly work) in MS Project. This book identifies those features and shows how to use them effectively.
  3. The author goes beyond merely describing how to use SureTrak by showing you how to use effective project management techniques, many of which take years of managing projects to discover.
The book is structured as a series of 20 lessons (called workshops) that are designed to step you through setting up a project, and planning and scheduling it. If you follow them in sequence you will be able to not only set up a project using SureTrak's rich feature set, but will also pick up general project management techniques along the way. An example of one such technique is how the author classifies projects into four levels for planning and controlling. These levels are based on project complexity, with Level 1 being the simplest and suitable for short projects, to Level 4 for complex, high-value projects. You are given the planning and tracking criteria for each project type, which allows you to tailor your approach as well as ensure that you don't over-manage simple projects or under-manage the complex ones.

You are also shown how to use the more powerful features, such as the many project views (work breakdown structure, activity or resource), managing the sophisticated calendaring functions, and effectively using the resource profiles and reporting features. I particularly like the way earned value is treated. The author shows how to use SureTrak's facilities for managing to earned value, as well as explaining this essential technique (which, by the way, is now a part of the Project Management Institute's PMBOK 2000 version). Another bonus is the way scheduling is explained by walking through adding logic to activities. You'll not only be shown how to perform this task, but given reasons why you should use one approach from among four possibilities to establish relationships. In this example the choices are start-to-start, finish-to-start, start-to-finish and finish-to-finish.

The book is clear, concise and heavily illustrated with screenshots from SureTrak. The tutorial style and the way the lessons are sequenced will get you quickly up-to-speed with SureTrak and give you the knowledge and skills necessary to employ it with minimum reference to the manuals that come with the software.

If you're more interested in Primavera's high-end product, P3, please refer to my Amazon review of Planning Using Primavera Project Planner P3 Ver 3.0 by the same author.

As an end note I've gathered links to websites that may be of interest:

Our weblogs also contain a wealth of information - use the search feature to find information about earned value, WBS, PMBOK, PRINCE2 and other topics that you may be researching.



Monday, April 15, 2002

 

Administrative Note. Over the next few days my ISP will be doing maintenance. Most of the documents we provide here reside on the server that hosts tarrani.net. You may experience Document not found errors during the next 48 hours. If there are any documents that you absolutely need during this period let me know and I'll e-mail them to you.



Sunday, April 14, 2002

 

I just finished reading Computer Forensics: Incident Response Essentials by Warren G. Kruse and Jay G. Heiser. The authors, both of whom have impeccable credentials, have managed to distill a complex subject into a book that can be understood by anyone with intermediate-level computer skills. More importantly, computer forensics is a relatively new sub discipline of IT security, making this book important in that there are few books on the topic.

I'll start with the beginning and end of the book, each of which are focused on legal aspects of forensics. The book begins by explaining what forensics is, and giving a three-step process that covers the essentials at a high level:

  1. Acquire evidence
  2. Authenticate it
  3. Analyze it
Although this process is presented at a high level, important details, such as the importance of establishing and maintaining a chain of custody, how to collect and document evidence and key issues to consider when presenting the evidence in court are covered. This discussion is picked up again in Chapter 12, Introduction to the Criminal Justice System, in which applicable laws, advice on dealing with law enforcement agencies, and the distinction between criminal and civil cases are discussed. There is sufficient detail and pointers to put sources of information to arm you with the bare essentials.

Between the opening chapter and Chapter 12 described above are chapters devoted to basic techniques and procedures for tracing email, specific operating system issues (the book deals with UNIX and Windows), encryption, codes and compression and other common challenges an investigator will face. The material is not overly technical, and is presented in easy-to-understand prose. Anyone who works as a network or system administrator, provides desktop support, or is an advanced end user will have no problems following the techniques that are presented or the underlying technical details. If you're seeking an advanced text this book will probably disappoint you, although there is sure to be some new trick or fact that you'll learn. For example, I have over 25 years of IT experience and was fascinated by the discussion of steganography (an information hiding technique). There were other chapters that I quickly skimmed because I was well-versed in the subject matter.

What I like about the book is the easy approach, which makes it easy to develop the fundamental skills necessary to perform forensics. The few other papers and books on the subject are far more advanced and the learning curve is a barrier. This book will give the new security investigator a foothold in the topic upon which he or she can build. I especially liked the appendices, which provide an excellent framework for incident response. One of the best features is the detailed roles and responsibilities, which are well thought out and reinforce the axiom that security is everyone's business. Another outstanding feature is the flowcharts for various incident types, such as denial of service, hostile code, etc. These can be used verbatim in a security policies and procedures manual, as can the incident response form provided in Appendix B. I also liked the valuable URLs provided throughout the book. I knew of many, but was surprised to find invaluable resources that I didn't know about.

Even though much of this book presented information I already knew, I still enjoyed reading it because I picked up facts that I didn't previously know, and was reminded of legal aspects of forensics and security that I'd forgotten. The appendices alone make this worthwhile to even advanced readers, and the fact that it provides an entry point into forensics for new practitioners makes this book invaluable as a training tool and vehicle for professional growth.



Saturday, April 13, 2002

 

Good News. Microsoft postpones .NET My services, which means that the convicted monopoly is meeting with resistance. I, for one, applaud this turn of events. Why? I don't have confidence in their ability to secure my personal information, and I don't trust their corporate motives. Will I ever trust them? It depends on how effective they are with their security initiatives, and if they can manage to actually ship a product that is reliable; i.e., no memory leaks requiring therapeutic reboots, doesn't invite malicious code, and is designed to protect data and processes. In my opinion they have a long way to go.

Sobering News. If you develop commercial or business-critical products under the GPL, be aware that the Free Software Foundation is taking a proactive role in enforcing the GPL. See FSF ask Lindows: 'Where's the Source?' for details.



Thursday, April 11, 2002

 

New Discoveries. I'm not-so-patiently awaiting the June publication of The Weblog Handbook by Rebecca Blood. Although weblogs have some major drawbacks as knowledge management tools, such as the difficulty in organizing and cross-referencing information for near-transparent retrieval, they do have a place in the knowledge ecology. Ms. Blood's weblog, Rebecca's Pocket shows that she is an articulate writer and socially-aware thinker who understands technology and its uses. She was also the subject of a recent Fast Company article by Anni Layne Rodgers titled Targeted Serendipity. The article piqued my interest in the book and got me thinking about how weblogs fit within the overall scheme of knowledge management. The jury [of my mind] is still out on this one.

Opportunity. Winston Churchill is quoted as saying, The pessimist sees difficulty in every opportunity. The optimist sees the opportunity in every difficulty. This goes to the heart of knowledge management, as well as competitive and business intelligence. It is also the clear message in the 14-page paper titled Identifying Web-Based Opportunities. Churchill was a great wartime leader during World War II, but the master of warfare, Sun Tzu, has been a major influence for over 2000 years. Here is a quote from his timeless The Art of War that applies to the unbloody battlefields of business as much as it does to the killing fields of military conflict: If you know the enemy and know yourself you need not fear the results of a hundred battles.. Knowing your enemy, and your competitor is your enemy, will give you advantage - assuming that you also understand your own strengths and weaknesses.

Internet Integration in Business Marketing Tactics is a step in the right direction for leveraging intelligence. Of course, it's all about survival, making Strategic "Morphing" and the Survivability Of E-Commerce Firms a good source of tactical and strategic ideas. Remember, though, that you need to know yourself as well as your competitor. In that respect it's about measuring your performance, and A Framework for Developing E-Business Metrics Through Functionality Interaction provides viable approaches.

Back to the Future. We are still impacted by a large list of action items and a shortening timeframe. Mike and I are trying to clear the highest priority items before we leave for a short project in Kuwait, and we are also preparing for a pending project in India. That makes for an exciting life, but also for a hectic schedule. In the coming weeks our entries here will be short, so bear with us - we're juggling many balls at the moment.

 

Security and Information Warfare. I just finished reading a book titled Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community. In it, the authors extensively document their honeypot project, which was designed to deflect attackers away from real systems and data assets by using decoys. The project evolved into something much more, which is chronicled in the book.

The first part of the book deals with technical issues and how and why the project was initiated. As the chronicle of the project proceeds the authors begin adding a new dimension to information security: psychological profiling. This is where the book becomes fascinating, and where reading the book becomes tedious.

The fascination stems from the methods used to identify, classify and profile their attackers. The tedium in reading the book is that you have to carefully read through logs of chats (Chapter 11, In their Own Words). This is not the stuff of casual reading - but is worth the time, effort and pain it takes to wade through this chapter.

Part of the tedium, aside from having to read raw (but annotated) logs is that profiling attackers requires an understanding of cultural issues, psychological motivations and risks associated with each attacker profile.

The accompanying CD ROM contains tools and supporting material for each of the chapters. The tools are the ones the project uses in building, maintaining, and using a Honeynet environment, and includes source code, precompiled binaries, and documentation. The supporting material consists of source code, network captures, and other information related to specific chapters.

The sophisticated profiling methods described his book are more suited for large corporations, organizations that support unpopular social causes (commercial and non-commercial) and targets of information warfare attacks. I personally believe that the book adds a new dimension to IT security, making it an important contribution to the security body of knowledge.

I'm giving the book to Kate to read and review because her background will allow her to gain insights that I missed. I'm looking forward to her review here as soon as she has time to finish the book and write her thoughts.

On a more mundane note I just received an e-mail notification reporting Microsoft Warns of 10 IIS Flaws. Are such reports news anymore? Yawn.



Wednesday, April 10, 2002

 

Measure Twice, Code Once. I've been posting material and book reviews about metrics in Notes from the Field, and have related documents that I will share here:Both of these documents touch upon architecture. They also cover issues and factors that Linda has recently addressed. The PDF document titled Architecture Engagement Process spans both topics and fills in gaps left by our discussions and associated documents that we've recently posted.



Tuesday, April 09, 2002

 

WAP, Banks and Business. I recently reviewed The Mobile Internet: How Japan Dialled up and the West Disconnected and came away insights I never imagined before I read the book. I've also worked closely with Unmesh Laddha and his team at Thinking Minds, Inc. on defining one of their products which extends the reach of Oracle-based applications, PeopleSoft and SAP R/3 to wireless PDAs and SMS-enabled cell phones. The document titled, WAP-Enabled Banking is an exciting look at practical uses of the Thinking Minds tool, as well as the business possibilities of WAP in general.

The key word is business use - as IT professionals our first thought was to use this tool to instrument systems to alert support staff if certain parameters, such as file system high water marks, excessive resource usage or outages occurred. The true value of this tool is to instrument business events and report them to business process owners. Only then will the investment pay off.

If you're interested in the Thinking Minds WAP tool please contact Unmesh Laddha for information.



Monday, April 08, 2002

 

I've been covering performance and scalability, and other metrics in Notes from the Field, and want to extend that discussion to this weblog. One excellent online paper I've recently read is SPI and Measurement, which is a wide survey of software and system engineering metrics.

Another related document is Web Site Analysis Using Soft System Methods. A final document, not closely related to metrics, is a PowerPoint presentation titled Business Case Analysis in Software Engineering. While this does cover metrics, it is more applicable to Kate's and Linda's recent entries.

 

Insights and Truths. Robert Frost once said, "Half the world is composed of people who have something to say and can't, and the other half who have nothing to say and keep on saying it." His observation is both witty and astute. It was also written before the advent of weblogs, knowledge management and the underlying social and psychological theories and realities that define our world. I'm going to let the poet laureate's quip guide my entry today, which has a goal of supporting Linda's recent entry.

Linda and Mike have developed a model that supports the management of information technology, with an emphasis on people, process and technology. As Linda stated, one of the influences of the model is the capture, transformation and presentation of data and information. That process is in my area of expertise, which has given me an opportunity to contribute to how the model evolves - and evolve it does.

At the organizational level that Linda is currently discussing there are factors that will significantly enhance the organizational effectiveness. The following papers expose some of the major factors:

In addition, there are fine points to be put on the application delivery process, which is discussed in Knowledge Creation for Improving Software Organizations. Creating knowledge can have drawbacks. Knowledge, like everything, comes in varying degrees of value. In order to determine the value of knowledge it must be assessed and evaluated, and a value assigned. Integrated Knowledge Assessment provides guidelines for accomplishing this.

The collection of best practices is an aspect of knowledge management, which gives a recursive quality to the document titled Best Practices in Knowledge Based Innovation. A final document that fits and supports Linda's current topic is Task/Technology Fit and Information Technology Choices in Knowledge Work. This paper is more applicable to the service and applications delivery functions in the Tarrani-Zarate Model, but also influences the foundation layer.

I'll end this with of my favorite Robert Frost poems:

We dance round in a ring and suppose.
But the Secret sits in the middle and knows.
I marvel at how these two simple, elegant verses say more about what knowledge management is than the pile of books I have on the subject.



Sunday, April 07, 2002

 

Due Diligence, Quality and Strategy. Since writing extensively about RFPs, contracts and related topics during the past two weeks I continue to discover material that is too good to keep to the team. One collection of such gems is a GartnerGroup series on IT Service Contracts.

If quality and strategy are foremost on your agenda, the collection of PowerPoint presentations and Word documents that address IS Quality Strategies will be useful. The ideas, concepts and practical approaches in this collection make downloading this Zip archive time well spent.

Closely related is a PDF document titled, IS Project Scorecard. This document is not only for project managers, but also contains information about governance, SQA and organizational processes. It also ties to Linda's recent and ongoing discussions here.



Saturday, April 06, 2002

 

Notes & Miscellany. Kate's announcement regarding our documentation products we'll soon be offering represents a major step forward for TEAM Zarate-Tarrani. Offering these products has been an oft discussed goal and a source of procrastination. Kate stepped forward and the project is taking on a life of its own. Our timing may not be optimum because we are scheduled to be in Kuwait for a project, and there is a second project in the pipeline.

Web Project Support Material. I came across three interesting documents that I want to share:

  1. Integrating User-Perceived Quality into Web Server Design.
  2. Analyzing Factors That Influence End-to-End Web Performance.
  3. Web Modeling Language (WebML): A modeling language for designing Web sites.
I haven't fully absorbed these documents, although I did a quick read. If you're involved in any type of web or portal project you may find them interesting, valuable or both.



Friday, April 05, 2002

 

Much Ado About Much. This has been a busy week. First I became a grandmother, joining Mike and Linda in that milestone event in life where one must confront the march of time. I assure you that I'll not go gently into that role if it means growing up. Second, I've been given editorial control over a collection of documents that Mike and Linda have produced over the past two years. My task is to take policy, process and procedures, project plans and related artifacts and turn them into generic, fill-in-the-blanks templates for change control, issue management and service level management processes.

Value Proposition. The documents will be offered at an attractive price by TEAM Zarate-Tarrani. The value will be as follows:

  1. Documents will be in Microsoft Word and Excel formats, and all graphics will be in Visio. We have decided that Office 97 and Visio 5 are the best formats because most companies have upgraded to those products or beyond. The value in this approach is that the documents can be easily tailored to meet an organization's specific requirements and reflect the current situation with respect to process maturity.
  2. See before you buy. Samples of each of the documents will be provided, in their entirety, in Adobe PDF format. We'll lock the documents to prevent printing, selecting and copying text, or making modifications to protect our intellectual property, but potential customers can see exactly what they'll be getting before risking a penny.
  3. Pricing: $49.95 is the standard price per document. We chose this price because it's a compromise between outright giving the documents away (something that we considered) and recognizing that people do not value what is freely given regardless of the intrinsic value of the artifact.
If you are interested please let us know.

More About Value and Tools. Refocusing on my technical specialities (my skills are much more than technical editing), I want to share an article about the relative value of project management and related articles that address KM tools and their real and perceived value, and the maturing and convergence of portals and KM as reported in Portal/KM Mix Gains Mind Share.

Ending Note. Although I consider myself to be a sophisticated consumer of IT services, I find myself with one foot in the IT profession, and the other foot is almost in that domain. I now find articles, such as Standards to Drive Services to be essential to my job, which indicates the increasing shades of grey that distinguish the boundaries between IT and business. Another indication is my recent reading list, which includes Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (an outstanding book that adds personality and psychological profiling to IS security), e-Data: Turning Data into Information with Data Warehousing (see Mike's 28 June 2001 and Linda's 30 June 2001 reviews), and The CRM Handbook: A Business Guide to Customer Relationship Management. I'll know into what I'm being transformed when the moon is next in its full phase. Until then I'll classify myself as a grandmother who refuses to morph into an adult.

 

Dutch - Language of Service Management? Most of our research focused on service management leads to the Netherlands, and many of the documents are in Dutch - a language that none of the members of TEAM Zarate-Tarrani read or speak.

The IT Service CMM initiative is under the aegis of the Software Engineering Research Centre (Netherlands). The other interesting initiative, the Application Services Library, a framework for application management, is also an innovation that comes from the Netherlands.

Although the entire Application Services Library web site, and most of the documents, are in Dutch, I've managed to find a few documents in English. The approach is mature, especially if you're familiar with the support hierarchy using application support analysts, business systems analysts and business systems managers. The documents are:

There is sufficient information in these documents to reverse-engineer the processes and methods that comprise the Application Services Library. I can only hope that the full suite of documents will one day be available in English.

The key point, other than sharing information and trends that we've noted, is that if you're a service level management practitioner you will do well to watch that the Dutch are doing because they appear to be doing world-class work. Learning Dutch is optional.



Thursday, April 04, 2002

 

Service Management. More background material and primary reading for anyone who is developing, implementing and/or managing a service delivery strategy. First, Introduction to IT Service Management places service management within the context of the IT Infrastructure Library (ITIL)approach. Linda and I have both discussed the ITIL in previous entries, and we both closely follow news related to the ITIL.

Another excellent introductory resource is the May 2000 issue of the IT Service Management Journal. Although the issue is comprised of only four pages, the discussion manages to nicely frame a value proposition for service management.

Closely related to service management, and to Linda's forthcoming entries about core processes and organizational support, is a GartnerGroup presentation titled TCO — The Framework for Optimizing Business and IT Management Decisions.



Wednesday, April 03, 2002

 

A Little Help for my Friends. Linda has graciously accepted the task of continuing the description of the Tarrani-Zarate Model for core processes and organization. She has been busy working on her Oracle Certified Professional training, among other things, and will get to it when her increasingly busy schedule permits.

While she's structuring her description I'm going to contribute more background material. Please note that when she and I first developed the model it was a rough cut, and the model has evolved. We're now forced to think it through, and that takes time, thought and energy.

Background material that pertains are:

  • Assessing the Organizational Impact of IT Infrastructure Capabilities. This 53-page PDF document is the findings from a survey of 236 firms regarding the he organizational impact of IT. The conclusion is that IT infrastructure capabilities have little business value. The paper goes on the claim that investments in IT infrastructure will be seriously undervalued if they are assessed only in terms of its direct link to organizational performance. IT infrastructure is of strategic importance to an organization because it either enables or inhibits IT applications and business processes.
  • Organization without Accountability = Sure Failure. This single-page PDF document is an exercise for provoking thinking - I think it succeeds.
  • The Role of Trust in Managing the Information Systems Enterprise. The author of this seven page paper goes to the core of organizational effectiveness. The paper is a cogent discussion of the keystone: trust and credibility.



Tuesday, April 02, 2002

 

Legal Issues and Other Matters. I've been bouncing among knowledge management, legal issues and competitive intelligence in recent entries here and in Notes from the Field. One important topic that touches everything we do is law. In particular, the legal aspects of intellectual property. See my earlier entry today in Notes from the Field for more information and breaking news.

K8 ... Q8? Insh'Allah! That cryptic lead-in is a cute way of announcing that, God willing, I will be in Kuwait working with Mike on a project. I'm sure you immediately picked up on K8 as Kate and, maybe, Q8 as Kuwait. However, unless you're Muslim or speak Arabic you probably didn't know that Insh'Allah means God Willing. At any rate, I'm excited about the professional opportunities that this holds, as well as the personal opportunity to see a part of the world that I've only heard and read about.