This page is powered by Blogger.


  
  corner   



HOME

ARCHIVES

SEARCH

Contacting Us
 Recommendations
Mike Tarrani
Linda Zarate
Kate Hartshorn

Who We Are
 TEAM Zarate-Tarrani

Our main weblog
 Notes from the Field

Our other pages
 Mike's home page
Linda's home page
Kate's home page

Forums
 Simpatico [we]blogs
 Dan Gilmore
Robert X. Cringely
Jakob Nielsen
Julian Bond
Deborah Branscum
Lisa Rein
CamWorld
Ed Yourdon

 

Saturday, March 09, 2002

 
Posted by Anonymous 2:23 PM
More Material. I've been reading Lisa Rein's weblog and am amazed by her knowledge of intellectual property law issues and related topics. When I first read about her in one of Mike's entries I assumed that she was an XML expert and a journalist. As it turns out, Ms. Rein closely follows intellectual property, civil liberties and related law, and her assessments are cogent and intelligent.

Mike sent me a copy of Laura Brown's Innovations Newsletter, in which she discusses the DMCA. The newsletter is well written and covers a wide range of topics. If you like the newsletter you may wish to subscribe and automatically receive it in your email when each issue is published. I took the time to explore her web site, and found a wealth of information. Mike cited Ms. Brown's Integration Models: Templates for Business Transformation as one of the top four books he read in 2001 (see the 4 January 2002 entry in Notes from the Field). Take my word, that's high praise. If you want to know more about the book see Mike's and Linda's Amazon reviews that were written in June 2001.



Friday, March 08, 2002

 
Posted by Anonymous 3:32 PM
Introduction. Mike's recent Zachman Framework topic touches upon my core competencies, which has inspired me to emerge from the shadows and contribute to the discussion.

Before proceeding I want to share information about my background and professional interests. I received my BA in Social Ecology from the University of California, Irvine in 1988. I've held a number of positions ranging from marketing support, to project management, to competitive intelligence specialist. I'm also an inactive (at the moment) member of Society of Competitive Intelligence Professionals (SCIP) and Special Libraries Association (SLA).

Mesh of Topics. There is a direct correlation among knowledge management, competitive intelligence and intellectual property law. The relationships are:

  • Knowledge management is a superset of competitive intelligence. The infusion of competitive intelligence into an organization's knowledge base is business intelligence.
  • Competitive intelligence has its own specialized domains. For example, technical intelligence can be gathered using patent searches, reverse engineering and competitor marketing literature. The connection between competitive intelligence in the technical domain and intellectual property law is clearly shown when patent searches are used as a gathering strategy.
  • Intellectual property (IP) law also governs reverse engineering strategies because the Digital Millennium Copyright Act (DMCA) restricts practices that were formerly completely legal. If you've been reading Mike's entries on the Uniform Computer Information and Transactions Act (UCITA), you'll see that IP laws are not the only inhibiting factor in contemporary competitive intelligence. UCITA is related to the Uniform Commercial Code (UCC), which is a set of laws that govern fair business practices. Intellectual property laws govern copyrights, trademarks and patents. Although IP law and UCC are two completely separate areas of law, they both affect competitive intelligence, and the new requirements imposed by the DMCA and proposed by UCITA need to be understood.
What Does This Mean to You? As an IT professional you may be involved in competitive intelligence gathering, either through covert methods (legal and ethical, of course) or through benchmarking. In addition, you have a responsibility to understand legal and ethical ramifications that are inherent in IT. Some examples of the inherent legal and ethical ramifications that apply specifically to IT professionals are:The above articles are all from M. E. Kabay's Network World Fusion Newsletters and each provides chilling examples of ramifications of which you need to be aware.

Knowledge management is also a foremost concern for IT professionals because you will either be called upon to develop solutions for your constituents, the business process owners, or will employ it internally to improve IT processes, or both.

Material. I've gathered material (using competitive intelligence techniques, of course) that will get you started in the basics of CI, knowledge management and IP law:

  • Competitive Intelligence. Four archives of PowerPoint presentations:
    1. CI Basics (contains six presentations covering the fundamentals)
    2. CI and the Internet (two presentations on basic Internet research techniques)
    3. Research Techniques (five presentations on topics ranging from strategic intelligence to gleaning intelligence from patents)
    4. Other CI topics (contains seven presentations covering CI benchmarking, education, strategic use of intelligence, etc.)
  • Intellectual Property. IP Law and DMCA, containing seven presentations on IP law, DCMA, Cyber Liabilities and related topics
  • Knowledge Management. Five archives of PowerPoint presentations covering:
    1. Knowledge Management Basics
    2. Knowledge Management in Practice
    3. Knowledge Management in IT
    4. Knowledge Management Processes
    5. Knowledge Management and Business Process Improvement
    Back into the Woodwork. I am going to return to my shadowy underground, providing support to Mike and Linda. I'll emerge into the sunlight again when Mike becomes inundated, which he is now. In the meantime, I hope this short piece and the materials that I've provided fill in any gaps or clarify Mike's discussion of knowledge management as it relates to the Zachman Framework. Some of this material will also be helpful when Mike begins discussing policies, processes and procedures in Notes from the Field. Best wishes from Irvine, California.



Thursday, March 07, 2002

 
Posted by Mike Tarrani 3:56 PM
Zachman Framework - Part 3. This entry is going to introduce business rules, which is a continuation of my last two entries.

What are Business Rules? A business rule, according to Barbara von Halle in Business Rules Applied: Building Better Systems Using the Business Rules Approach is defined as:

[t]he set of conditions that govern a business event so that it occurs in a way that is acceptable to the business (or customer). The business people (or customer) state rules that define all possible and permissible conditions for the business event along with those that are not permissible or are undesirable.
She goes on to state:
A useful way to divide the world of business rules involves three major categories:
  1. Terms
  2. Facts
  3. Rules
The terms and facts will be the foundation for a logical data model and physical database. The third classification ­ rules ­ is where the excitement lies in a business rules approach.

Rules are classified as five different types:

  1. Mandatory constraints
  2. Guidelines
  3. Action-enablers
  4. Computations
  5. Inferences
If you're familiar with Information Mapping, you'll see parallels between that documentation technique and business rules. You'll also notice familiar concepts if you've worked with the IDEF family of models that provide a structured approach to enterprise modeling and analysis.

Why are they Important? I became a proponent of business rules when I saw how unambiguously they express requirements, and how they easily translate into specifications and test cases. However, the most important aspect of business rules is the fact that they are from the business and reflect a genuine view of what the business needs. By expressing requirements as business rules we in IT are forced to examine enterprise policies, processes and procedures, discover the constraints imposed by policy (corporate and external, such as regulatory and legal requirements with which the business must comply), and the other elements that are provided from Ms. von Halle's definition.

Example. An example of business rules in action is the best way to illustrate their value.

  • Situation: A 1996 Congressional act mandated a statutory obligation be put into effect for the FCC and state telecommunications commissions to provide affordable telephone service to rural areas. The act allowed 15 months to establish a method for providing this service.

    To comply with this act, the FCC has begun assessing Universal Service Fund charges on all telecommunications companies. The companies in turn will pass this charge on to their customer base with two percentage based taxes, a low income USF tax on usage charges and a school, library and rural health care USF tax on usage charges.

    The federal government will send assessments to the enterprise periodically based on the prior periods' revenue.

    The percentage charges assessed to the customer base will then be determined by taking into account such factors as the size of the customer base, projected growth etc.

  • Rules: The situation obviously imposes mandatory constraints in the form of a law. Since this is an example I am going to bypass the impact analysis and legal research that the situation requires and provide business rules that are based on the findings of those skipped activities:
    1. Incorporate into the system USF percentages for
      • low income
      • school
      • library
      • rural health care
    2. The existing tax calculation routine needs to be modified to use the percentage rates required by USF when applying the USF taxes.
    3. These rates from the previous rule needs to override the statutory rates supplied by the existing taxing interface.
    4. USF taxes applied need to be written to the existing Tax Detail table.
    5. USF taxes applied need to be shown on the Tax Summary report.
To underscore the value of using the business rules approach, consider a typical requirements specification using the same situation:
The business needs the ability to establish a system parameter to be used for storing the Universal Service Fund (USF) percentage rates and the ability to assess USF taxes based on these percentages.
Look familiar? This is, unfortunately, typical of requirements that are passed to the specification developers and designers. If you carefully read the requirement you'll notice that it not only is vague, but it breaks a basic rule in expressing requirements by stating a design approach (... establish a system parameter to be used for storing ...).

Contrasting the business rules approach with the typical example yields the following assessment:

  • Efficiency - the requirements stated in the business rules are from governing source documents and business subject matter experts. The design team will not need to meet with the business subject matter experts separately to clarify details about the USF, percentages or other facts. This information was captured in the business rules.
  • Testability - the requirements specification containing business rules can be used as the basis for a test strategy because there is sufficient information from which to develop test cases (the business rules show where the USF percentages are to be applied, and they point to other subsystems such as the existing tax tables that need to be regression tested).
  • Non-ambiguity - the business logic is captured in the business rules and are expressed in a manner that can be interpreted only one way.
  • Focus - requirements are separated from specifications and design because business rules capture the what is important to the business, not how to implement a solution (revisit the statement about establishing a system parameter above to see how easy it is to mix requirements and solutions if requirements are not precisely expressed as business rules).
Resources. I'll be writing more about business rules over the next few days because this topic has a rich body of knowledge. Until my next entry you may want to explore the basics, and the best starting points are: Knowledge Partners, Inc. whitepapers, which contains some of the best business rules material available on the web. One of the principals is Barbara von Halle, who has authored many of the whitepapers on the site, and is the author of Business Rules Applied: Building Better Systems Using the Business Rules Approach.

Business Rules Community is the website for the business rules community. This site is filled with articles, news, case studies and discussions. If you adopt business rules you'll find yourself visiting this site often. Business Rules Community is sponsored by Business Rules Solutions, LLC. Although this is a commercial site the principals, Ronald G. Ross and Gladys S.W. Lam, are internationally acclaimed as the foremost experts and practitioners of business rule techniques and methodology.

End Note. In my last entry I stated that I wanted to discuss the knowledge management aspects of the Zachman Framework with Muthukumar U and Kate Hartshorn. The opportunity to engage either of these two experts has eluded me, so I am going finish the business rules topic before addressing knowledge management. However, I did find an interesting paper titled A Methodology for Knowledge Discovery and Classification. You may also want to visit Technical Communications Resources and Business and Strategic Planning Resources, which are two web pages that Linda and I maintain. Both pages contain material related to business rules, policies and procedures, and knowledge management.



Wednesday, March 06, 2002

 
Posted by Mike Tarrani 6:41 AM
Zachman Framework - Part 2. My last entry introduced the Zachman Framework and background information. This entry is going to be brief because there are two people with whom I want to collaborate before I get too deep into this topic. The first is Muthukumar U, a close friend who works as a risk management specialist at HSBC Bank Middle East in Sharjah, UAE. Muthukumar is much more than a risk management specialist - he's a deep thinker and genuine intellectual who is well versed in a number of subjects. Among his many talents is an abiding passion for knowledge management. Because the Zachman Framework is an ideal structure for developing architectures and solutions that enable knowledge management I want Muthukumar's thoughts before getting too deep into that aspect of the framework.

I also want the benefit of Kate Hartshorn's knowledge and experience. Kate has a keen understanding of knowledge management, in addition to data mining, information transformation and related topics, all of which are enabled or fostered by the Zachman Framework.

Knowledge. Although I am waiting to discuss aspects of knowledge management with Muthukumar and Kate, I do have my own ideas about aspects of the subject. Two areas in which I have professional interests are business case development and value analysis. The 20-page whitepaper (in PDF format) titled, Estimating Benefits of Knowledge Management Initiatives is an important discussion of the methods and tools used to prove the business value of knowledge management. This is especially important if you're examining the potential use of portals as a means of disseminating knowledge throughout the enterprise.

If you need to quickly get up-to-speed in portals as a technology and as a business strategy I recommend Heidi Collins' Corporate Portals: Revolutionizing Information Access to Increase Productivity and Drive the Bottom Line. I reviewed this book on Amazon on 8 April 2001. Linda also wrote an Amazon review on 24 February 2001. Ms. Collins has a new book that will be out in May titled, Enterprise Knowledge Portals: Next Generation Portal Solutions for Dynamic Information Access, Better Decision Making and Maximum Results. Since I was pleased with her first book I pre-ordered a copy of this one.

As you delve into the Zachman Framework you're going to notice that XML is a recurring topic. Discussing the many reasons for this is well beyond the scope of this entry; however, the short version is XML's ability to facilitate data exchange among disparate systems and data sources makes it an ideal technology to employ in any enterprise architecture. Extracting the data is typically done with SQL queries. XML DTDs are the templates into which the results of the SQL queries are stored, which allows you to aggregate data in ways that were not easy before XML came along. Details and techniques are provided in XML and SQL: Developing Web Applications by Daniel Appelquist.

XML and portals are also usually associated with each other. How specifically they are associated can be discerned by reading Building Corporate Portals with XML by Clive Finkelstein, Peter G. Aiken and John A. Zachman (the man himself), or my favorite book titled, Metadata Solutions: Using Metamodels, Repositories, XML, and Enterprise Portals to Generate Information on Demand, which I reviewed on 22 September 2001.

Are you starting to see a pattern? It's all about the data. It always has been.

Yellow Light. We have the standards, techniques and tools to bring to bear on initiatives and strategies that not so long ago would have required us to do a lot of inventing. Here's an example requirement that can be easily met using some of the standards and techniques I've just discussed:

  • Requirement: Realtime updating of customer account information and transactions to a central server. Customers should have access to Internet banking functions, including fund transfers, payments, status lookups, etc.
  • Situational Analysis: Current account and transaction data resides at the branch level, and is managed by different systems depending on the branch.
  • Constraints:
    1. Cost - an enterprise solution is planned with a two-year planning horizon and business goals dictate that no large investment be made in infrastructure that could be obsoleted by the enterprise solution
    2. Competitive pressures - the bank wants to achieve competitive advantage now using an interim solution that will capture and/or retain customers who want Internet banking
    3. Existing infrastructure - 290 branches are interconnected with varying connectivity options, most of which are relatively low speed (VSAT, ISDN, etc.); the solution cannot require a change to the existing infrastructure.
How to proceed? A solution that can meet stated requirements within the constraints can be achieved as follows:
  1. Task: Analyze the data structure used in each of the existing systems. Deliverable: E-R diagrams and data dictionary for each system.
  2. Task: Develop a master data dictionary using agreed upon data naming conventions. Deliverable: Master data dictionary.
  3. Task: Develop a master DTD using data naming conventions. Deliverable: Document Type Definition master template
  4. Task: Develop SQL queries for each data source. Deliverable: Tested SQL queries for each data source.
  5. Task: Develop and configure central portal to accept customer sessions, assure identity, issue transaction requests and display results. Deliverable: Design specifications, access controls, secure transmission protocol(s), user interface, application and presentation layer coding.
    6. Of course, the solution I just presented is something I quickly pulled out of thin air, and many details have been glossed over. The point is that using the alphabet soup of SQL, XML, LDAP and other standards and technologies a solution can be crafted.

    The Rub. Therein lies the rub - the solution shortly becomes an impediment to the planned system, which is two years out. It (or a more fleshed-out version) may address the immediate requirements and stay within the constraints, but it is short-sighted. The missing ingredient is a larger view of the problem, and that view should be based on a framework that serves as a blueprint for the evolving architecture. This is where the Zachman Framework's value becomes apparent. The viewpoints and focus that I discussed in my last entry not only add structure to the solution, but place it in context of the much larger domains of business strategy and enterprise architecture.

    Wrap-up. I am out of time on this entry. The foregoing will [I hope] spark ideas, and the following will provide more details about the Zachman Framework and related topics:

    End Note. I hope to introduce business rules in my next entry, and if I have an opportunity to discuss knowledge management with either Kate Hartshorn or Muthukumar U I'll summarize key findings from the discussions.



Tuesday, March 05, 2002

 
Posted by Mike Tarrani 5:23 AM
New Topic. I've been focusing on project management, security and some aspects of service delivery in recent entries here, with some cross-over in Notes from the Field. It's time to introduce a fresh topic, and the catalyst for doing so is a brief conversation between me and Thinking Minds, Inc. CEO, Unmesh Laddha.

Unmesh's company develops portal, knowledge management, and groupware solutions, among other products and services, and he has become intensely interested in the Zachman Framework. He's on the right track because Thinking Minds, Inc. solutions are a close, natural fit to the Zachman Framework.

What is the Zachman Framework? In a nutshell it's a multidimensional model that displays information systems in accordance with:

  • stakeholder viewpoints and perspectives
  • focus - What, How, When, Where, Why (the Who is captured in the stakeholder viewpoints)
A picture is worth a thousand words, and a PowerPoint presentation is worth many more, so I'm going to refer you to Overview of the Zachman Enterprise Architecture for a quick introduction (or refresher if you're already familiar with the Zachman Framework). Another document worth reading is the original 1987 article in which Mr. Zachman introduced the framework. More information can be obtained from Zachman Institute for Framework Advancement.

Anytime you research the Zachman Framework you're going to also see the term Enterprise Architecture Planning. The connection is shown in the PowerPoint presentation titled, Zachman Framework for Enterprise Architecture. The best book on the subject, in my opinion, is Enterprise Architecture Planning: Developing a Blueprint for Data, Applications and Technology by Steven H. Spewak and Steven C. Hill. My personal copy of this book dates back to 1993, and I've referred to it many times over the years. My first exposure to the Zachman Framework as a foundation for enterprise architecture planning came from this book. Linda also read the book and came away with a completely different perspective, which she documented in her 21 January 2001 review on Amazon. Where I saw a coherent approach to planning and implementing enterprise architectures, Linda saw a direct connection to service delivery. Her perspective is validated in a PowerPoint presentation that I discovered on the web titled, Service Delivery for Virtual Communities. This document ties together Linda's perspective, how one of Thinking Minds, Inc. products called ThinkingWare aligns to the Zachman Framework, and how the Zachman Framework defines an enterprise-wide architecture.

Examples. I made an earlier statement about how the Zachman Framework was a natural fit for portal, knowledge management,and groupware solutions. The following examples, most of which are PowerPoint presentations, support my statement:

Note: the last presentation is a Department of Defense initiative. C4ISR stands for Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance. The reason I chose this example is the alignment to the complex C4ISR architecture is a much more difficult undertaking than merely applying the Zachman Framework to a commercial enterprise.

End Note. I am by no means finished with this topic. Tomorrow I'll share more presentations and documents, as well as introduce business rules. While business rules are not a part of the Zachman Framework, they do align very closely with the framework.



Monday, March 04, 2002

 
Posted by Mike Tarrani 4:54 PM
Late Note. In my haste to get the last entry published I overlooked PIKT, which is an embedded scripting language and accompanying script interpreter.

What does a scripting language have to do with security? It was designed to be an embedded tool for developing monitoring and problem resolution solutions. The Introduction to PIKT fully describes the design philosophy and how to use PIKT to achieve these goals.

Other resources for PIKT include:

You can download PIKT if you feel that it may be useful to your purposes. It is compatible with AIX, Digital UNIX, FreeBSD, GNU/Linux, HP-UX, IRIX, OpenBSD, SCO OpenServer, Solaris and SunOS.

Also see related applications that work with or like PIKT.



Sunday, March 03, 2002

 
Posted by Mike Tarrani 11:07 PM
Security Tools. As promised in my last entry I am sharing sources of free security tools that will aid in security assurance initiatives:
  • Egressor, which is designed to check the configuration of their Internet point-of-presence router. The tool will help companies determine whether their routers are configured to the Help Defeat Denial of Service Attacks guidelines. This configuration of egress filtering reduces the chance that their computers can unwittingly contribute to a distributed denial of service attack.
  • Spitfire, developed as a prototype operator workstation for Network Intrusion Detection System Operators.
A complete list of UNIX host and network security tools is provided by NIST. Another list, with overlap, is published by Mitre. This list covers the wider scope of Security Information Resources, that includes tools and documents.

NIST also provides free Common Criteria tools that include the Common Criteria Toolbox and Common Criteria Profiling Knowledge Base.

End Note. Realtime Forensics and Tracking is a PowerPoint presentation on forensics that covers this aspect of security in detail. The more generic PowerPoint presentation titled Security Management Practices is useful as a memory jogger and as a training resource.