This page is powered by Blogger.





Contacting Us
Mike Tarrani
Linda Zarate
Kate Hartshorn

Who We Are
TEAM Zarate-Tarrani

Our main weblog
Notes from the Field

Our other pages
Mike's home page
Linda's home page
Kate's home page

Simpatico [we]blogs
Dan Gilmore
Robert X. Cringely
Jakob Nielsen
Julian Bond
Deborah Branscum
Lisa Rein
Ed Yourdon


Monday, October 05, 2020


Product links in this blog use an Amazon affiliate tag. Clicking them costs you nothing, but does generate a small amount of revenue.

Saturday, March 07, 2009


I have moved to Process Notes, which is a forum. I may be adding content here from time to time, but the forum is a more interactive vehicle.

Wednesday, May 22, 2002


Back to Business. If you're exploring the feasibility of employing m-commerce or wireless-enabled systems I recommend reading Mobile Business Strategies: Understanding the Technologies and Opportunities. It's not overly technical, so if you are not up-to-speed in the technology (which is constantly and rapidly evolving) it will allow you to quickly learn the fundamentals. It's written to provide a basic, but complete, introduction to mobile commerce from a business strategy point of view. It helps you answer some fundamental questions, such as:
  • Does mobile commerce make sense as a part of our business strategy?
  • What does it take to implement it?
  • What have other done to be successful?
From the above the most suitable audience consists of upper management on the business side, marketing and IT/IS management. Upper levels of business management who are exploring how to integrate mobile commerce into the value chain, or develop a strategy for competitive advantage that taps into the proliferation of mobile devices (cell phones and PDAs) are going to benefit most from the following chapters: (2) Partnerships—the way to Success in the Mobile Era and (4) Corporate Applications: Aligning Mobile Commerce with your Business Goals.

Marketing will get the most from chapters (3) Consumer Mobile Commerce—Mass Market Solutions with Segmentation and (6) Portals—A Single Plate for Various Dishes. Another book that will serve marketing well is The Mobile Internet: How Japan Dialled up and the West Disconnected by Jeffrey Lee Funk because it provides deep insights into marketing issues, as well as how Japan's NTT DoCoMo became an international success story.

Both business managers and marketing will also gain keen insights from the case studies and scenarios that are used throughout the book to illustrate key points and show how others have successfully employed m-commerce solutions for strategic advantage or as service offerings.

IT/IS management will get a high level overview of the technical underpinnings, issues and factors associated with developing, deploying and maintaining m-commerce systems. The technical details are not deep, but are sufficient to gain a rough understanding of the scope and complexity of implementing and supporting m-commerce enabled systems.

If you are seeking in-depth technical details you will be disappointed. However, if you are among the target audience or have the goals I cited above you'll find this book to be one of the best in its genre for introducing the business and strategic issues surrounding mobile commerce.

If you are pursuing an M-commerce project and need to quickly get your staff trained, but lack the budget, see today's entry in Notes from the Field for an alternative that may meet your training and budget requirements. Also see my 12 May entry there for related resources.

Tuesday, May 21, 2002


Square Peg in a Round Hole? I usually discuss software engineering topics in Notes from the Field, reserving this weblog for IT management issues. This entry falls into a grey area. I recently evaluated Webgain Studio to determine how viable it is as a development environment. Since product evaluation and cost/benefit are topics that fit here I am going to summarize my findings because I was impressed with the package and its parts.

Webgain Studio is an ideal development environment for start-ups and small organizations that want to cost-effectively implement an entire development environment for Java development and web services. There are a few issues and factors that need to be considered, however, when considering Webgain Studio:

  • If you are not planning to align the many tools (more about them below) to a software engineering process, you'll probably not benefit from this package. This is because the components that ship with it are designed to work together as a process-oriented environment.
  • Some of the components come with single-seat licenses, and the database that ships with it (PointBase) is only licensed for internal use (you have to negotiate separate licenses with PointBase if you want to use it with your product, either for internal end users or external customers.
  • The learning curve is steep because this is really a bundle of tools, many of which come from other vendors.
This bundle includes:
  • Visual Cafe (enterprise edition), which is a J2EE-compliant development environment that supports JSP, EJB and servlet development for multi-platform targets. It also has integrated UML modeling, JSP debugging and code optimizers. It also comes bundled with TurboXML and Dreamweaver Ultradev, rounding out the development environment with all of the major tools for developing web services and large-scale applications. See below for more about Visual Cafe.
  • StructureBuilder, which allows you to model and generate code using UML. It is very tightly integrated into the Visual Cafe suite.
  • Business Designer. This is one of the best features of the Webgain Studio bundle and the one that requires a mature software engineering process in order to realize the full benefits from the bundle. The main purpose is to manage requirements and team collaboration. I've discussed Business Designer 2.0 in more detail below.
  • Quality Analyzer. This is a software auditing and quality assurance tool that collects and analyzes life cycle metrics. It is not an automated test suite, so you are going to need to add those tools to your environment (i.e., WinRunner, etc.). It will do whitebox testing to examine code coverage and has over 50 pre-defined rules for error checking.
  • Bea WebLogic, which has become a standard J2EE execution platform. While the version that ships with this bundle almost self installs, it comes with a steep learning curve. You also get only a single developer seat license. On the value side of the equation, though, if your development plans include WebLogic this feature alone will save you a substantial amount if you invest in Webgain Studio.
Overall, this bundle puts a full-scale, process-oriented development environment within the reach of small companies that are budget constrained. In many ways it compares favorably to IBM's WebSphere and the Rational suite of tools, and certainly gives developers everything they need to be productive. What I like is the fact that Webgain has not just thrown together a collection of tools, many of which are from third parties, but has paid close attention to integrating them. In that respect the whole is greater than the sum of its parts. It supports the Rational Unified Process and other iterative development life cycle approaches, and also provides the tools to support CMM Level 2 key process areas. These reflect how well Webgain thought through the workflow integration as well as the technical integration of the tools.

Key Parts. Visual Cafe 4.5.2 Expert Suite is a full-featured development environment that is the core of Webgain's Studio suite (see that product for more details).

It contains a complete, open J2EE development environment, with debugging tools and VM support for JDK 1.3, 1.2.2 and 1.1.7a. It also comes bundled with TurboXML and Macromedia Dreamweaver Ultradev, which rounds out the development environment.

While Dreamweaver Ultradev is sufficiently well known, TurboXML (by Tibco) is not and merits a description of features. It includes three modules, XML Authority, XML Instance, and XML Console, which combine to provide a standards-compliant development environment for creating and validating schemas and DTDs. In short, it's a complete workbench for XML development and validation, and also supports document conversion.

Visual Cafe also ships with a relational database from PointBase. This is a relatively full-featured rdbms, but you need to be aware that it is only licensed for the Visual Cafe development environment. You will need to negotiate separate licensing directly from the PointBase vendor if you intend to deploy it with end user internal applications or products intended for external customers.

This expert edition of the product allows you to develop J2EE applications and web services. It's suitable for single developers and consultants. The Enterprise edition adds a single-seat license for Bea WebLogic, and an additional product called StructureBuilder, which allows you to model and generate code using UML. However, if you are looking for scalability and a more robust development environment I recommend bypassing the Enterprise Edition and looking instead at Webgain Studio, which contains these added components and much more.

Business Designer is a standalone product that is also bundled with Webgain Studio. It's designed to be a team-oriented requirements management package, as well as an integral part of a process-oriented software engineering approach that can align to the Rational Unified Process or similar iterative development life cycles.

What makes this program shine is the fact that it will integrate with Rational's ClearCase SCM product, as well as CVS and Microsoft's SourceSafe. Moreover, it can be configured to support project and development methodologies and team management. I especially like the role-based access control feature for managing content and code, because this adds a level of security that I have not seen in similar products (Rational's Requisite Pro, for example). The benefit is that you can keep company-sensitive information contained to only those who have a need to know. Considering the fact that many development projects employ consultants and contractors, many of whom are added to the team without extensive background checks, I think this feature sets Business Designer apart from the very few applications in its class.

I especially like the UML based workflow diagrams for business logic, which produce swimlane diagrams and the fact that you can attach files and annotations to them. This is a powerful feature that makes this a team-based requirements tool that captures and displays requirements based on business processes. More importantly, the swimlane diagrams mean something to business users who are major stakeholders, where the UML diagrams will be more meaningful to the developers. This separation of views, which caters to major stakeholder groups, is a major plus in my opinion. The fact that you can also capture business logic means that you can use this tool for business rules management.

Final Note. What I have not thoroughly investigated is the level of support that Webgain provides for the entire package, and that needs to be factored into your purchasing decision. From the features, and especially from the process-oriented design, Webgain Studio does appear to be a viable alternative to WebSphere and even Rational's suite of tools. This is especially the case for small shops or organizations that want to pilot J2EE development and web services projects.

Monday, May 20, 2002


I just pre-ordered a book called Building Operational Excellence that may be of interest to readers. Amazon has little information about it, but the Addison-Wesley description (including a sample chapter) sold me. Right now Amazon is selling it at 30% below cover price, so if this is a topic that interests you, the risk of pre-ordering sight unseen is mitigated by the cost savings.

Sunday, May 19, 2002


IT Quality. The recent theme in our sister weblog, Notes from the Field is centered around software testing and test process improvement, and will be addressing software quality assurance and reliability in the next few entries. Notes from the Field is aimed more at the software engineering community, while this weblog is slanted towards project management and service delivery. However, there is inevitable cross-over, which is underscored in a book titled Customer Oriented Software Quality Assurance. I won't go into details here because they are amply given in my 26 January 2001 and Linda's 8 April 2001 reviews on Amazon.

Back to Business. In my last entry I listed resources that enable those of us in IT to better understand what is important to our business customers. Sometimes we have to take the path less traveled with respect to seeking knowledge from books. That path sometimes rewards us by coming full circle back to issues with which we struggle, and we benefit by understanding business issues as well as learning techniques that can be directly applied to IT.

Two such books are:

  1. Integrated Logistics Support Handbook.
  2. Sales Quality Audit.
While it may be immediately obvious how these books will help understand business processes, their value to internal IT may not be as apparent at first glance. To prove that I've not gone completely daft I'll explain.

My motivation for reading Integrated Logistics Support Handbook came from my extensive experience with material maintenance management during my 22 year career in the navy, and subsequent experience with integrated logistics in Department of Defense contracting. I used the first edition of this book as a reference when I was on a proposal team for a DoD contract, and found it to be one of the best references available because it distilled tens of thousands of pages of directives, instructions and related material into less than 500 pages. It covered the topic in sufficient detail to serve as an authoritative reference as well as to get other members of the team up-to-speed in ILS.

During subsequent consulting engagements for commercial clients I used many of the concepts and methods detailed in this book to outline requirements for automated materials and maintenance management systems. In particular, any commercial business domain, such as refinery maintenance or maintenance data collection and analysis are candidates for applying parts of ILS to commercial uses. This book then becomes more valuable to a wider audience than DoD contractors.

A second use for the concepts is the structured and proven approach to an encompassing systems maintenance management initiative within IT. For example, the use of logistics support analysis is a sound approach to planning enterprise-wide maintenance from a cost management perspective. Moreover, using a modified (and shortened) form of logistics support analysis records is a good foundation for enterprise asset management, as well as developing a reliability baseline.

I've been a consultant, both as an employee and an independent, since 1988. Considering the time that consultants spend in the pre- and post-sales portions of the sales cycle the book titled Sales Quality Audit seems like a sensible investment. In just 94 information-packed pages this book manages to not only cover the key points of auditing the sales process, but also gives excellent advice on the act of selling itself. My role was always in support of a professional business development manager, and before I read this book I came to believe that sales was an art and the best sales professionals were born into it. That may have some truth, but an across-the-board improvement in the sales process can be achieved if this book is followed.

The approach itself is straightforward:

  • Perform an "As-Is" analysis.
  • Develop performance standards
  • .
  • Conduct a quality audit
  • .
  • Use audit results to refine and improve.
The book gives critical success factors for sales quality assurance and also provides sales quality guidelines. It's a quick read, which should appeal to busy sales managers and especially the sales staff who probably spend much of their spare reading time trying to keep up with product specifications and industry directions (among other things).

However, this book is equally valuable to the IT professional who is involved with defining or implementing a sales force automation (SFA) system. The clear description of the sales cycle and critical success factors (audit points) are a good baseline for SFA requirements and workflow design. More important, the general sales information in this book will give the IT analyst keen insights into the sales business process area.

Follow the step-by-step procedures in this book and the entire sales organization will benefit - the naturals will not have their creativity or talents stifled, and the average performers will have valid performance standards and a well designed process to aid them in achieving higher sales. A key benefit from the approach is consistent customer satisfaction and ability to deliver as promised.

The moral is that valuable information and knowledge can be found in surprising places - all you have to do is think outside of the box when you find it.

Saturday, May 18, 2002


Business As Usual. In my 16 May entry I provided links to topics that span the IT and business domains, and are excellent resources for business systems analysts for understanding their business process owner constituents. One of the resources was a PowerPoint presentation on TQM, lean methods and 6-sigma. If that presentation piqued your interest you'll love iSixSigma, which is a portal devoted to 6-sigma. If the term has you scratching your head, you can check the short definition or a longer description.

One of the portal's highlights is the collection of articles that cover every industry and topic. For example, if you're a software engineer or project manager, the article titled Is Software Inspection Value Added? will be of interest. If you're more concerned with business or technical process improvement, the article titled DMAIC Versus DMADV gives insights as to which approach to take. DMAIC stands for Define, Measure, Analyze, Improve and Control. DMADV stands for Define, Measure, Analyze, Design and Verify. While they seem to be nearly identical there are major differences and the article explains them and gives situations in which to use one over the other.

Other interesting resources that business systems analysts, other IT professionals and project managers will find useful include:

The truth is out there. Enjoy the weekend.

Friday, May 17, 2002


Service and Strategy. I have once again fallen into that vortex of competing priorities swirling around and a negative time warp where I seem to be moving backwards in time with respect to the things I need to accomplish. The good news is this is going to be a terse entry that provides presentations and documents, but little commentary.

Service. The three presentations on service level management vary in depth and quality, but each is worth downloading and reading:

  1. Service Level Management.
  2. Making SLAs Work.
  3. Customer Service Management Architecture for the Internet.
Since my last entry opened the door to business-to-IT alignment, the following three presentations fit that topic area:
  1. Shangrila of ROI.
  2. Performance Measures for IT.
  3. Linkage of Performance to Business.
Good things do come in three's. Enjoy your weekend.

Thursday, May 16, 2002


First Things First. I've been searching for a Visio diagram that depicts the PRINCE2 Process flow and finally found it. Unfortunately, I do not know the name of the author who took the time to create this excellent resource, and who had the goodness of heart to share it. If you are the author, please let me know so I can give proper credit. I also have a WBS Reference Guide that shows how to develop work breakdown structures, which should be the foundation of any project plan.

More About ERP. Actually, the following presentations and documents are only loosely related to ERP, but are excellent resources for business systems analysts and will bridge that chasm between IT and business by providing insights into the processes with which the business side is concerned:

I sincerely hope that you find this material useful and it promotes closer business-to-IT alignment.

Wednesday, May 15, 2002


I've written more than a few entries about project management in the past two weeks. This entry is going to combine project management with ERP, and is appropriate because too many ERP projects either fail or cost far more than anticipated. The dependent variable in many cases is project management.

Allen Web's ERP Project Management Basics is a good starting point. He also has an informative page on planning ERP projects and a step-by-step recipe for succeeding in ERP projects. I also like his discussion about project failures and how to avoid them. Overall, the site is filled with general information that anyone who is implementing an ERP system will appreciate. If you're involved in a SAP R/3 implementation you'll want to carefully read his article on SAP R/3 Implementation Concerns.

If ERP architectures interest you the Purdue Enterprise Reference Architecture page is a discussion of the basic concepts for design and execution of enterprise and related systems of all types.

There are a few books that I highly recommend. They cover ERP in general, with no particular bias towards any of the systems on the market. My recommendations are:

Tuesday, May 14, 2002


I found three excellent project management resources while following up on some of the links that Mike provided last week:
  1. 9 Essential Project Management Success Factors.
  2. Project Management KnowledgeBank.
  3., which has online courses, articles and links that are interesting and worth investigating.

Monday, May 13, 2002


Mike has been covering a wide range of topics lately, but his 11 May entry inspired me to give my thoughts about a few of the books he mentioned.

One, CyberRegs, is a complete primer on intellectual property and its value to the enterprise. Key issues that are addressed include:

  • Digital Millennium Copyright Act (DMCA)- this is probably the most important discussion in the book because it continues to be controversial.
  • Complete discussions of all aspects of intellectual property law as it pertains to cyberspace. The clarification of the protections afforded to patent holders that are not given to trademark holders is invaluable. In addition, I learned much about the value of patents and how a business model can be developed around patents alone. I particularly liked the discussion of patent ownership (employee inventor vs. company to which the patent was assigned). This alone makes the book worth reading.
  • Case studies - many of the case studies which are used throughout the book focused on pending court cases when the book was published. Many have now been resolved, the resolution of which open more questions and further cloud issues. I'd like to see an update or second edition that provides closure.
  • Excellent introduction to technical issues. The author has a knack for reducing the key elements into easy-to-understand chunks of information that teach non-technical readers quite a lot about technology.
If you buy one book on intellectual property law from a cyber-business perspective, this is the one to get.

Probably the most influential book, and the one that covers the widest range of topics is Bruce Schneier's classic, Secrets and Lies. This book introduces security and privacy to technical and non-technical readers alike. What I especially like are:

  • Social aspects of security and privacy are addressed using the motives of attackers and broad profiles of attacker types, analysis of threats and countermeasures, and what it all means from legal and social perspectives.
  • Easy introduction to security infrastructures. The author imparts a good deal of technical knowledge without overwhelming non-technical readers.
This book may initially disappoint technical readers who have read Mr. Schneier's earlier book (Applied Cryptography), but I can assure you that the technical underpinnings are only part of the picture. This book gives a complete view of all aspects of security, and is invaluable because it raises awareness of all issues. It's all the more valuable because it can be read and understood by a broad audience. There are two other books that I recommend in addition to this one:
  1. Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (Mr. Schneier wrote the preface to this book, which Mike reviewed on 11 April 2002 on Amazon).
  2. Richard Hunter's World Without Secrets: Business, Crime and Privacy in the Age of Ubiquitous Computing, which I reviewed on 21 April on Amazon.

Additional material that is related to these books include:

In closing I want to echo Mike's sentiments: we miss you Kate!


Random Thoughts. This entry has two fuzzy objectives: (1) a warm-up exercise for some work that I need to get done, and (2) fill in missing pieces from the previous entries.

As-Is and To-Be. One mistake I see in one project after another is the quest to document existing systems before defining its replacement. Here are some rules-of-thumb that I use to determine whether or not the 'as-is' analysis needs to be performed. If:

  • The new system (or business process) represents a revolutionary approach (completely toss out the old for something radically different), the 'as-is analysis is wasted effort. Reason: If conditions and requirements have so changed that a revolutionary approach makes sense the last thing you want to do is replicate old methods and processes in the new system. A better approach is to elicit and prioritize requirements for the new system, and these requirements should reflect business functions and imperatives that are driving the need for a revolutionary approach. In other words, approach the requirements phase within the context of business rules and features/functions that are required. If you approach it this way you'll be getting a fresh perspective and making a clean break from the past. Of course, there are technical aspects that need to be analyzed, such as system interdependencies, data structures, operational requirements and the such because rarely will an old system be tossed out and a new one magically take its place. Therefore, the 'as-is' analysis will support requirements for data conversion, batch job synchronization and comparing resource requirements between the old and new system (impact on network, service levels and up- and down-stream systems that will remain).
  • The new system (or business process) is evolutionary (i.e., process improvement, upgrade, etc.), then the 'as-is' analysis does need to be performed to determine how to best improve processes and the way upgrades will require changes in processes or infrastructure.
Considering that many projects are revolutionary in nature time, resources and money are wasted documenting something that is being replaced.

Another fallacy is to document the status quo in preparation for a brand new system or business process. Don't waste your time - it only provides revenue for consultants. The time and money are better spent on tracing requirements to business imperatives and going forward from there.

One other fallacy is to spend time developing documentation for systems when commercial documentation is available. During one engagement I was tasked with writing database administration policies and procedures. At my billing rate the final product ran into the tens of thousands of dollars. Aside from the fact that the document shortly became shelfware, the client could have purchased any of a number of excellent books in the $40-60.00 price range, and decreed that the procedures contained within were to be followed as a matter of policy. Selecting and recommending the best book from the many that were in a local book store would have saved a significant amount of money. Even better would have been to ask the DBAs to agree on the best commercially-available book and use it. The sorry fact is that, as I write this, there are consultants who are developing UNIX, Oracle and [pick your favorite application, database or operating system] documentation when excellent books may already be available.

Learning to Think. The point to the above is that thinking is required. Not problem solving - thinking in a critical manner. Question the status quo and don't be misled by misdirection, fallacious arguments that have logical flaws or appeal to emotion. Perform a mental sanity check on approaches that are normal practices, but waste resources and shareholder value. A few months ago I read a book titled Turning Numbers Into Knowledge: Mastering the Art of Problem Solving. I was expecting a book about quantitative methods and advanced problem solving techniques. What I got, instead, was a book that didn't even discuss numbers until page 111 of a 221 page book, and it was lite on problem solving techniques. Although it was not what I expected it turned out to be one of those rare books that deeply influences and provides fresh perspectives. The book led me on a journey that broke the process of critical thinking into manageable steps. Among the things I learned were:

  • Examine key factors, such as information, attention and action within the context of a cycle of actions that begins with goals, and moves through execution, how events in the external world influence the meeting of those goals, an evaluation and refinement of goals. Then the process starts anew.
  • Structured methods for getting organized. The techniques given are simple, yet powerful.
  • How to collect and critically analyze data and information, common fallacies and how to spot them. Two of my favorite parts that reinforce these are then single-page chart titled "What Scientists Say, and What They Mean", and Chapter 20 (Uncertainty Principle and the Mass Media).
  • The straightforward process of numerical analysis, using relatively simple math techniques to make sense of numbers and turn them into knowledge, is priceless. What makes this part of the book valuable is that the author integrates the preceding chapters that lead you to a critical thinking mindset with common sense and techniques that are within the grasp of high school students. It looks easy, but is testimony to the author's exceptional ability to communicate and inspire.
Overall this book is one of my personal favorites and one that I recommend to colleagues. Another book that complements this one nicely is Systems Thinking: Managing Chaos and Complexity. See Kate's 22 March entry for details about this book.

On that note I am officially starting my workweek. Best regards from Tustin, California.

Sunday, May 12, 2002


More Project Management Resources. In response to my 9 May entry a few readers recommended the following books, none of which I've read:I have read and reviewed the following books, which I think are important:Late Note 09:06 12 May. For work breakdown structures, as well as general functional decomposition an inexpensive product called B-Liner will simplify what is an onerous task. The web site for this application also has interesting tutorials about work breakdown structure development and project scheduling, as well as how B-Liner can be effectively used.


Kate's Influence. Although Kate Hartshorn is engaged in other endeavors at the moment and won't be contributing her insights, her influence here has been significant. I am going to attempt to address topics that are in her expertise domain, but more importantly, want to assure everyone that she's doing exceptionally well. If you enjoyed her contributions here and want to show it, you can always surprise her with something from her wish list. Who knows, it may hasten her return.

Among Kate's areas of expertise are copyrights, trademarks and intellectual property. I've collected a number of books and software applications that either explain these important topics or assist in the management of the underlying processes, or both. For background material for the following software applications I strongly recommend that you read CyberRegs: A Business Guide to Web Property, Privacy, and Patents by Bill Zoellick (see Kate's 8 November 2001 review on Amazon for why this book is important) and Cyberlaw and E-Commerce by J. Carl Poindexter and David L. Baumer (see my 18 April 2002 Amazon review for details). These two books will give you the fundamentals of copyright and trademark law in particular, and the much larger picture of intellectual property in general. If copyrights or patents are topics of interest, then you'll want to consider one or both of the following software applications:

  • Official Copyright Software 1.53 by Official Software, LLC. This application makes applying for copyrights as painless as possible (the process will still be painful regardless, but at least you'll be avoiding a large portion of it). This package shields you from the legal mumbo jumbo and leads you through an interactive process of applying for a copyright. It does this using an interviewing process and assists with the completion of the following forms: PA, PA/S, TX, TX/S, VA, VA/S and Form SR, all of which are important and all of which can be completed interactively on your system. You also get Form CA for Corrections & Amplifications, and Form CON Continuation Sheet in the package.
    It also gives key information from Copyright Office circulars to assist you when filling in the form fields, and this is why your finished forms should be checked by an attorney before submission. The value of this program is that you can save many hours of expensive attorney time by doing the up-front work, which will minimize the legal costs of preparing and submitting a copyright application. As an added bonus this program also provides advice about how to use the copyright. The publisher also has specific online forms that can be used with this package that cover everything from music to architecture.
    It also covers copyrights for online works & websites.
  • Official Trademark Software 1.0, also by Official Software, LLC. It uses an interactive interviewing function to step you through the trademark process. The function selects the correct forms that you need, and identifies the classification under which you need to file and lets you know what needs to be included in the submission package.
    It also comes with editable forms from the USPTO, and advice (also from USPTO) for filling in the forms. As you fill in the forms using the interactive interview process you'll be building your submission package. The program also does online searches to ensure that your trademark is available.
If you're interested in both copyrights and patents, you can save by purchasing Official Intellectual Property Suite, which is both of the above programs bundled together. I want to add a caveat - these products allow you to do a lot of the groundwork yourself, but do not replace professional advice of an attorney (I am NOT an attorney, but certainly know better than to wade into shark infested waters without the benefit of legal advice).

If you do web or software development, or contract for these services, you'll greatly benefit from Web and Software Development: A Legal Guide. This book/CD ROM combination covers intellectual property from a developer's (and buyer's) perspective. It is both a tutorial in the basics and is filled with useful advice about all relevant issues, including employee and contractor agreements, trade secret protection, copyright rights (assignment, ownership and related issues), and how to protect all parties in a fair and equitable manner.

It covers contemporary issues such as domain names, web content and multimedia, making it especially useful to technical and non-technical readers.

In addition to clear explanations of complex topics and sound advice, this book comes with a CD ROM with a wealth of forms in RTF format (which can be edited in Microsoft Word and most other word processing programs). These 30 forms cover employee and contractor agreements, software and web development agreements, nondisclosure agreements, copyright assignments and license agreements and how to handle publicity releases and promotional materials in multimedia format. The latter is particularly challenging because not only are names involved, but photos and often voice and video files for which you need permission to use if you don't own it or it becomes a privacy issue. If you perform or contract for web or software development, including content, then you need this book.

If you're only doing software development, a better book is Copyright Your Software because it focuses solely on what you need to know about software copyrights and how to go about obtaining one. In addition to covering the basics of copyrights, you're shown how to sell copyrights, what to do in the event of infringement, and the limits of protection that a copyright affords you. Note that patents offer much stronger protection. This book comes with the following forms:

  • Copyright Application for Software (Forms PA, VA and CA, Request for Special Handling, continuation forms, search request forms and cover sheets that are explained in the book and are required to file for a copyright.
  • Eight sample forms in electronic format that are covered in the book.
The book is up-to-date (published in late 2001), easy to read, especially considering the thorny legal issues involved, and is complete enough to assure some degree of due diligence when researching copyright issues and making business decisions based on that research.

It's not enough to know how to protect your own work, you also need to know how to get permission to use the work of others, which is increasingly important in view of the issues surrounding deep linking and related challenges in a world where a simple HTML tag to someone else's work can bring legal problems. Getting Permission: How to License and Clear Copyrighted Materials Online and Off provides expert guidance that covers how to obtain permission, copyright research, what constitutes fair use, and how to legally use trademarks.

The book also clarifies the definition of "public domain" and what needs to be in a license agreement.

What makes this book especially valuable is that it comes with 32 forms that range from standard photo use and test use permission to linking agreements, interview releases, art for hire and more.

The other side of obtaining permission is controlling permission. We've all signed a nondisclosure agreement at one time or another, but did we understand what we were signing? Another gap is making presentations or providing information that discloses trade secrets, or business-sensitive information that you should be protecting with a nondisclosure agreement. Nondisclosure Agreements: Protect Your Trade Secrets and More covers the topic of NDAs as they are affectionately called in detail. This book explains how to protect you from both employees and competitors, as well as from potential business alliances (contractor/subcontractor, suitors in a merger or acquisition to whom you expose sensitive information, and clients to whom you make presentations and reveal processes and other sensitive information).

Key topics of importance that this book covers include:

  • How much protection an NDA affords you.
  • Remedies available to you in the NDA is violated.
  • Alternatives to NDAs.
It also covers non-compete agreements and their limitations, especially in certain states, and gives example NDAs for specific situations such as beta testing, customer data, etc. The accompanying CD ROM provides fifteen sample forms that can be used with little or no modification (although I recommend that all be checked by an attorney who specializes in intellectual property law and is familiar with nuances of the law in your state).

We're almost coming full circle with NDAs, because the next natural topic is privacy. Kate reviewed Secrets and Lies: Digital Security in a Networked World in 8 November 2001 that I thought was far more cogent and insightful than the 3 January 2001 review that I wrote. If you want to read a book that examples the technical and human aspects of security, this is the best there is. It certainly addresses privacy issues, but that isn't the main theme of the book. A better book on threats to privacy is World Without Secrets: Business, Crime and Privacy in the Age of Ubiquitous Computing, which Linda reviewed on Amazon on 21 April 2002. Where Secrets and Lies covered the social and technical issues, and took a threat identification and risk management approach, World Without Secrets is more focused on social issues surrounding privacy.

Matt Curtin is the author of a book titled Developing Trust: Online Privacy and Security that blends the best of Secrets and Lies and World Without Secrets. This book examines the social, legal and technical issues surrounding online privacy. Not only is the consumer side of privacy examined, but the business side from a marketing point of view is also discussed to present a balanced view of the key issues from both sides of the equation.

Mr. Curtin is an expert in privacy and security issues, as well as cryptography and security technology. The approach he takes in the book is to explain both the theory and concepts of privacy in social and legal contexts, and to examine the threats and exposures. From there he leads you through the design of a solution that starts with principles, then a thorough examination of the underlying online technologies and how they work for and against you. An obvious example of one technical element that works for and against is the 'cookie' which can provide a major convenience (it remembers you and your preferences) and an invasion of your privacy (it remembers you and your preferences - and can also 'stalk' you in a manner of speaking). How to best balance the strengths and weaknesses of not only the technology, but the business imperatives driving commercial uses of the internet are addressed.

This is an important book and earns a solid place alongside the popular Secrets and Lies, and the newer World Without Secrets.

Kate, we miss you.

Friday, May 10, 2002


PRINCE2. Because I believe in the superiority of PRINCE2 over the PMI approach discussed in my last entry I want to provide a few links to educate readers who are not familiar with the UK standard for project management. As mentioned in my last entry, Linda and I reviewed a book titled Prince 2: A Practical Handbook in which we both discussed how PRINCE2 compares to the PMBOK.

In addition to the official source of PRINCE2 and the PRINCE2 user group given in the last entry, the following are resources which will reveal the inner workings of the method:

The last resource has many interesting documents, including an excellent PRINCE2 Briefing Document available for free download, and a clear description of PRINCE2. You can also purchase Understanding PRINCE2 by Ken Bradley, which is one of the best books I've read on the subject.

A quick overview of PRINCE2 is shown in the following illustrations:

You'll also find information about PRINCE2 on the old Project Management Newsletter page that we haven't updated in ages, but keep around because of the traffic it receives.

Thursday, May 09, 2002


Project Management: Getting a Handle on Learning How. This entry is going to be long because it's a culmination of answers to frequently asked questions about what should be a straightforward subject.

The Basics. Although we've addressed this topic in many previous entries there are a few basics. First, project management has three elements (PMBOK processes notwithstanding):

  1. Planning - defining scope, developing work breakdown structures, analyzing activities, identifying risks, estimating costs and resources, and identifying stages.
  2. Scheduling - who does what when, ensuring that there are no resource conflicts, and assigning resources in the most efficient manner.
  3. Control - managing cost and schedule against the baselines (planned vs. actuals), resolving issues, managing identified and emergent risks, reporting status and managing quality, deliverable turnover and stage completions.
There are two internationally recognized approaches to project management:
  1. The Project Management Institute's (PMI) Project Management Body of Knowledge (PMBOK) that is described in the Guide to the Project Management Body of Knowledge, which is the American National Standard classified as ANSI/PMI 99-001-2000. Linda and I both reviewed the PMBOK 2000 on Amazon. To an extent the 1996 version remains valid (it remains the Institute of Electrical and Electronic Engineers (IEEE) standard 1490-1998).
  2. PRINCE2, which is the UK standard and, in my opinion, a more effective approach than what is set forth in the PMBOK. Two sources of PRINCE2 information are Official PRINCE2 page that is maintained by the British Government, and the PRINCE2 User Group. If you want a quick summary and to also see how PRINCE2 stacks up against the PMBOK read my and Linda's reviews of Prince 2: A Practical Handbook that we posted on Amazon on 29 and 30 June respectively. In the next few days I will write an entry that is focused solely on PRINCE2.
What Project Management Entails. I won't rehash it here because I wrote a fairly lengthly piece about project management in my Friday, February 22, 2002 entry here.

Resources. The best software and books on project management depend on the types of projects that you manage and your present level of expertise. If you're managing simple projects, such as relocations, upgrades and other common infrastructure projects, you'll find the approach set forth in Getting Started in Project Management by Paula K. Martin and Karen Tate. See Linda's 15 December 2001 or my 17 December 2001 review to see why we so highly recommend this book, especially to occasional project managers. It does not bog you down in unnecessary details or overly complicate project management. Your most effective tools are an Excel spreadsheet and checklists for those kinds of projects. One of the best project management programs for small, uncomplicated projects is CAN-PLAN, which was developed by William McMillan. The software is free, but is commercial quality.

If you're managing complex projects you'll definitely want to read Visualizing Project Management by Kevin Forsberg, Howard Cotterman and Hal Mooz. This is the book that Linda and I recommend to beginners and experienced project managers alike, and is, in our opinions, the best book ever written on the subject. See Linda's 16 March 2001 review (well worth reading) and my 7 December 2000 review for details. Our preferred tool is Project Control Panel, used in conjunction with SureTrak Project Manager. If you're managing complex projects that span the enterprise, or multiple projects, the best tool is Niku Workbench, formerly ABT Project Workbench, and part of a more comprehensive suite of enterprise-strength project and program management applications called Niku Portfolio Manager. This suite is used in IT departments of all of the top international companies and many of the top consulting firms, and is to IT project Management what Primavera's P3 is to the construction industry - the de facto standard.

If you are a seasoned project manager seeking advanced skills I recommend Total Project Control by Stephen A. Devaux. This book extends beyond control to encompass three important areas that begins with project selection, and adds to how projects are planned and scheduled. These areas are:

  1. Set of tools and approach for governance and program management.
  2. Adds profitability as a dimension to project management.
  3. Proves that critical path method (CPM) is not an anachronistic technique - merely one that's misunderstood.
Governance and program management tools that the author introduces are powerful and ensure that project selection is based on profitability and business goals. While there is an entire body of knowledge on project selection techniques, what sets Mr. Devaux's approach apart is his tools are incorporated into the project management process as opposed to merely initiating it. The tools are:
  • [Devaux's] Index of Project Performance (DIPP), which is one of the most powerful project selection and prioritization techniques I've encountered. DIPP is especially applicable to product-based projects because it computes the cost of lost opportunity and the impact of being late to market. For internal projects it provides a clear link to business imperatives, which can bridge the gap between IT and the business.
  • [Devaux's] Removed Activity Gage (DRAG). Overlook the fact that the author loves to name techniques after himself because this is an advanced technique that accurately computes the amount of time an activity adds to a project (or can save if the activity is removed). This technique is a powerful addition to the project manager's array of tools for schedule compression and resource management.
  • Doubled Resource Estimated Duration (DRED) is a measure of resource elasticity; in other words, some activity cannot be shortened by adding resources and others can. DRED allows you to determine the best use of your resources.
  • Cost of Leveling with Unresolved Bottlenecks (CLUB), which is another advanced technique for schedule management, and, used in conjunction with Resource Availability Drag (RAD) and DRAG, give credence to Devaux's argument that the critical path method is a powerful element of project management.
This book also has much to offer to anyone who has just been placed in charge of a program management office (PMO). One note: Devaux is given to hyperbole at times. He makes claims that traditional project management techniques, such as earned value project management are flawed, yet he bases his approach on them. Look beyond this because his approach is powerful and works in practice.

Software Project Management: A Unified Framework by Walker Royce is another source of advanced project management techniques, especially for software project management. If you aren't versed in advanced project management techniques this book will be overwhelming. More important you may pick up misleading information. However, if you are a battle-scared veteran of software development projects and have a full understanding of earned value project management, estimating techniques and development life cycles you'll learn much from this book.

The highlights are:

  • A project life cycle and process framework that is [obviously] closely aligned to the Rational Unified Process (RUP), and can be fitted to any rapid development or iterative approach.
  • An excellent tutorial on effective project controls, with an emphasis on earned value project management.
  • In-depth coverage of estimating techniques, with a lot of material on the constructive cost model (CoCoMo), and current gaps in estimating techniques and to where the craft and science of estimating and software economics needs to evolve in the discussion of next-generation cost models. I especially like his distinction between the use of source lines of code metrics for size and function points for scale. There is middle ground.
  • The treasure trove of metrics, including core project metrics, and the change metrics that are given in Appendix C.
There is one glaring flaw in this book and an experienced project manager will quickly spot it: the proposed approach to basing work breakdown structures on project phases instead of the decomposition of the system to be delivered will not work. Using Royce's approach there is no clear way of integrating the work breakdown structure with the organizational breakdown structure. Using earned value techniques (which is well covered elsewhere in the book) Royce's approach will not align control accounts (sometimes called cost accounts), making his recommendations contrived and unworkable.

This book is better suited for an architecture-centric approach to project management, which means that it's more applicable to product development instead of internal IT projects. See A Practical Guide to Feature-Driven Development for an approach that is better suited for internal projects. That said, I think that this is one of the best books on software project management and one that every seasoned PM should read.

There are two final books that are essential to organizations that are either project-driven or have program management offices:

  1. Strategic Planning for Project Management Using a Project Management Maturity Model by Harold Kerzner. Linda's 15 August 2001 review on Amazon says it all.
  2. Project Management Scorecard by Jack J. Phillips, Timothy W. Bothell and G. Lynne Snead. This book is ROI-focused and integrates the people and process elements of project management with a balanced scorecard approach. One of the authors, Jack J. Phillips, has extensive experience and a large published body of knowledge in the domains of HR, ROI and scorecard development. This book has his touch, and covers the essentials of a mature project organization, what to measure and how to measure it.

    The approach is as follows:

    1. Measure:
      • reaction and satisfaction
      • skill and knowledge churn during the project
      • implementation and progress metrics throughout the project
    2. From the metrics capture:
      • business impact data
      • ROI
    3. Identify both tangible and intangible benefits and apply them to an aggregate 'true cost'
    The book also shows how to translate business metrics to dollar values, build a business case, and communicate status, based on the scorecard, to clients and stakeholders.

    Where Next? We have a number of resources about project management that you're welcome to use. Among the best are a special project management page, the old Project Management Newsletter that Linda and I used to publish, and a project management discussion forum that we established (but doesn't seem to attract much discussion). You should also surf through the other pages that we maintain via our main site. Nearly every one of the single-topic pages has some project management material.

Wednesday, May 08, 2002


Availability. Linda and I are now available for consulting assignments, either as a team or individually. Marcia Hopkins will be available in early June. A summary of our experience and qualifications is available on the TEAM Zarate-Tarrani page.


Temporary Absence. Kate Hartshorn will be conspicuously absent for an indefinite period while she is engaged elsewhere. Kate's contributions here were interesting and well-written, and will be sorely missed. I'm looking forward to her return as a constant and permanent addition.

Choices? I read an interesting article by Jason Brooks in the 6 May issue of eWeek titled Serious Suite Alternative. It appears that Sun's StarOffice has an open source sibling called OpenOffice and it's growing into a serious alternative to Microsoft's Office suite of applications.

IT Audit and Security Resources. The following links lead to sites that make available a wealth of material on IT auditing, security, governance and related subjects:

Compass America is another source of whitepapers that I've had bookmarked for a long time. The range of topics is wide and the papers will be appreciated by anyone who is interested in IT process improvement.

Tuesday, May 07, 2002


One often overlooked aspect of IT security and service delivery is the importance of facilities management. From an IT security point of view the physical security of facilities is as important as the logical security and administrative measures that are the heart of most security strategies. In the service delivery domain facilities play a large role in reliability, which in turn directly affects availability.

Linda's 19 March 2002 Amazon review of Enterprise Data Center Design and Methodology by Rob Snevely touched upon both aspects. A few years ago she and I wrote facilities management policies and procedures for a CLEC (competitive local exchange carrier) and we both wish this book had been available at the time.

Fortunately we did save our research notes, and equally fortunate is the fact that our next assignment together was developing a recovery management whitepaper, which tied many of the pieces together. Linda was the lead consultant for the whitepaper, but she and I jointly did a storyboard, which led to another idea that took the form of survival level objectives, which led to an unfinished idea called BASIS. Along the way we also became interested in reliability and maintainability and the related failure mode effects analysis techniques.

The Odyssey brought us back to facilities, and we have maintained an acute awareness of its importance. To that end there are two documents that will get you up to speed with the complexities, issues and factors associated with data center facilities management:

  1. Building a web site (also available in PDF format). This document covers logical and physical aspects of the data center and associated infrastructure.
  2. Data Center Planning Guide from Sun. This document covers the physical aspects and does into detail about site selection, building characteristics, power, environmental controls and other factors that need to be considered.
As you dig deeper into facilities management you'll encounter the acronym, RCDD, which stands for Registered Communications Distribution Designer. The RCDD certification program is sponsored and governed by BICSI, a not-for-profit telecommunications association that is internationally recognized. If you explore BICSI's site you'll find conference proceedings and presentations, a resource library and links to related sites. If you work in IT security, operations, business continuity planning or infrastructure the material on this site is valuable.

Monday, May 06, 2002


Sanity and Scaling Back. When I recommended Information Security Policies Made Easy in my 4 May entry someone asked me if I had lost my mind for recommending a $595.00 book. The answer is no, and if I did it's no problem because I have it backed up and stored in secure off-site storage. Seriously, the book will save a significant amount of time and will quickly pay for itself.

However, one can go broke saving money, especially if there are more important priorities that should be funded first. An alternative is to purchase a copy of Writing Information Security Policies by Scott Barman. This $34.99 USD book is a fraction of the price and will give you the information and approach that will assure well-written security policies. Of course you'll have to write them from scratch, but the book's accompanying web site contains a wealth of support material.

Another book that shows the big picture is Thomas R. Peltier's Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. We've mentioned Mr. Peltier in earlier entries, and this book is one that every security professional should own.

I'll end on that note because I have a scheduled back-up to perform.


Princely Artifacts. I've discussed the UK project management standard called PRINCE2 in previous entries, and have a large number of PRINCE2 documents on my old Project Management Newsletter page. I've recently come across sample PRINCE2 foundation exam questions and the answers, and sample PRINCE2 practitioner exam questions and the answers that will be useful to anyone who is pursuing certification in PRINCE2. There are good reasons to do so if you're doing business or consulting internationally because PRINCE2 is recognized in countries where the Project Management Institute's Project Management Professional certification is given less weight. In addition I have a glossary of PRINCE2 terms that will prove useful. This Zip archive contains the MS Word glossaries in Arabic, Dutch, English, German, Italian, Japanese, Mandarin and Spanish. Enjoy.

Saturday, May 04, 2002


Risk management is a much discussed topic here, and one of the better books on this topic that I've recently read is Effective Risk Management: Some Keys to Success. This book is for risk management professionals, or those who work with risk management (project managers, IT security and business continuity professionals and engineers) who want or need to master advanced risk management techniques based on real world issues and factors. Although the book is focused on risk management from a DoD contracting perspective, the material is applicable to commercial organizations as well. The author provides an appendix that compare DoD contracting and commercial environments to ensure that this book has a wide appeal (A Comparison of Risk Management for Commercial and Defense Programs). Obviously if you work in the DoD contracting industry this book is going to be more applicable.

The book begins with an introduction that discusses risk management, why it's needed and what it is. I felt that this material was too basic for an advanced book, but the subsequent chapters quickly got to the heart of the subject by providing the details for an implementation life cycle of an effective risk management process that consists of:

  1. Implementation
  2. Planning
  3. Identification
  4. Analysis
  5. Managing risks
  6. Monitoring
What makes this book valuable for real world practitioners are the pragmatic advice for developing a risk management process that is based on the lessons learned by the author and best practices. In fact, there are over 250 such lessons learned. These alone make the book worthwhile for even the most experienced practitioner because there are sure to be many that you may not have considered. In addition to the best practices, the author provides pitfalls common to risk management and how to avoid them.

Another aspect of this book that adds value is the use of readily available tools, such as Microsoft Excel, and popular simulation software (CrystalBall) to reinforce the techniques that are described in the book. Overall this is one of the best books on risk management that I own because it goes into deep detail and coves advanced topics. It also is practical instead of theoretical, which sets it apart from most risk management books. See my 3 May entry in Notes from the Field for descriptions of tools that you will find useful with the probability computations that are required to effectively compute risks.


Essential Security Resources. If you develop security policies and procedures you need to seriously consider investing in a copy of Information Security Policies Made Easy. The 1175 policies contained in this book are also provided in soft copy on the accompanying CD ROM, making this one of the most valuable resources to companies that need to cost-effectively develop and implement policies. This book is also particularly valuable for consultants, although the licensing appears to restrict the use of the policies if they are used verbatim. However, each of the policies are too generic to be used as is, so for consultants their value if the key elements and discussion of each.

Unlike other collections of security policies that I've purchased, this collection is up-to-date and address contemporary requirements. Among the specific policies in this collection are those that address:

  • HIPAA (Health Insurance Portability and Accountability Act), which is a high priority requirement in the health care industry
  • Gramm, Leach, Bliley Act for US federal government organizations
  • European Union Data Protection Directive, which makes this book as applicable to European readers as it does to US audiences
In addition, the policy collection addresses issues such as social engineering, digital signatures and public key infrastructures, which show the breadth of topics covered. It also addresses credit card fraud, internet use policies (another hot topic) and network and internet security.

What I like is the fact that the book is much more than a collection of policies - it also discusses implementation and enforcement issues, contains checklists for developing (or tailoring) and implementation of the policies.

On the topic of value: this book contains 18 core policies that should be in place regardless of company type. These alone would take between 150 and 200 hours to develop. Using the fully loaded rate by in-house experts it's easy to make a business case for buying this book because these 18 policies alone would cost more to develop from scratch than the cost of the book. If you are using consultants the cost savings will be dramatic. In addition to this book I recommend investing in the author's other book, Information Security Roles & Responsibilities Made Easy, which completes the picture for developing an effective security organization and posture.

This book, Information Security Roles & Responsibilities Made Easy is the other half of Information Security Policies Made Easy discussed above. What makes this book complement the policy book is that once the policies are written they are useless without defined roles and responsibilities assigned to manage and enforce them.

Included in this book (and in soft copy on the accompanying CD ROM) are organizational mission statements that form the framework for policies, job descriptions for major security role players, and organizational structures with reporting relationships.

The book does not merely present the roles and responsibilities - it goes into the hows and whys, and steps you through the definition and development of a security function in which the roles and responsibilities are defined. More important, the author does not use a canned approach, but provides alternative structures that will allow you to develop and implement the organization that is best aligned to your company. This is one of the most practical and flexible approaches I've seen, and shows the author's extensive experience and realistic attitude. Equally important is the fact that small companies are also addressed, making this book valuable to organizations of all sizes.

You're stepped through the process of identifying your requirements, tailoring the documents provided on the CD ROM to reflect those requirements, and given an idea of the time and resources needed to implement them. In addition to the documented roles and responsibilities and organizational structures provided, this book also covers (and the CD ROM provides) pamphlets to promote security awareness, memos, forms, action plans, a sample security manual and standards, and other documents that will be needed to effectively implement a security organization.

The chapter on common mistakes is worth its weight in gold, as are the appendices, which cover staffing levels, qualifications (this is valuable to HR), and IS security metrics.

Regardless of company size or scope of your security organization, this book will save literally hundreds of hours of research, document development and planning. Even for a small company of 25-100 employees this book will pay for itself many times over, and for a large company the value that this book (and the companion book I mentioned above) represents can run into the tens of thousands of dollars.

Friday, May 03, 2002


I've been discussing process improvement and business value. I found a book that combines the two in a neat, coherent package: Software Process Improvement: Concepts and Practices. The value of this book is that it examines software process improvement from the perspective of business value instead of why it makes sense from a software engineering process point of view. I found this refreshing because too many books on this topic are focused on the technical advantages and give lip service to business benefits, if they are mentioned at all.

Another interesting aspect of this book is the chapter on using the Capability Maturity Model with small projects and/or in small organizations. The discussion shows how a heavy process improvement approach can be effectively used to good advantage in scaled-down environments. Considering how many large organizations are struggling with implementing the CMM this chapter alone makes buying this book worthwhile because it shows how to get a handle on the daunting task of implementing the CMM.

Parts of the book that I especially like are: Communicating Project Drift Through Cost/Benefit Scenarios and Linking Strategies To Organizational Goals. Another strong chapter is Technical Infrastructure for Process Support, which provides clear direction for implementing a process-based paradigm.

This book is not a primary text on the subject and is probably not the first that someone new to SPI should turn to (I recommend Successful Software Process Improvement by Robert B. Grady as an introductory text), but is full of practical ideas for someone who works with SPI.

Thursday, May 02, 2002


The newest issue of CrossTalk is out. Although I normally post new issue announcements for this excellent magazine in Notes from the Field, the May issue is more in line with recent discussions here. The top articles in the May 2002 issue are:
  1. Best Practices
  2. Software Engineering
There is also an Open Forum article of interest titled Information Security System Rating and Ranking by Dr. Rayford B. Vaughn Jr., Ambareen Sira, and Dr. David A. Dampier. You can download this article for off-line reading.

Wednesday, May 01, 2002


It seems that I make an entry and it turns into a series. The MS Word document titled A Business Goal-Based Approach to Achieving Systems and Software Engineering Capability Maturity neatly connects the dots between business processes and software engineering.

Related to process and the earlier series on project management, Measurement Based Guidance for Software Projects adds metrics and process to project management. Measuring Process Improvement is a more general document that is applicable to both IT and business. However, in order to improve processes you must first understand the process being analyzed as a candidate for improvement. One characteristic that most processes share, and one of the more common improvement drivers, is cycle time - how long it takes to complete the process. Time is, indeed, money. The Cycle Time Improvement Guidebook is about engineering process improvement. While it is not strictly a business- or IT-specific guidebook it contains all of the essential information and a strategy for identifying improvement opportunities and how to exploit them.

Tuesday, April 30, 2002


More on Process. I place process above all else. Tools without processes frequently turn into shelfware and are a monument to poor management practices, abysmal leadership and the major disconnect between IT and business imperatives. Once processes are in place they cannot remain static, or they will soon become monuments themselves - monuments to lethargy, not invented here syndrome and source material for Dilbert cartoons.

There are books, articles and philosophies devoted to process improvement. Pick one. However, if you are sincerely searching for a workable approach The Purpose Driven Process Improvement Guidebook may have what you're seeking. I was impressed with the approach and found the PowerPoint presentation on purpose-driven process improvement to be a quick-start introduction. Another excellent view of process improvement is the 5-step approach by the same authors who created the Purpose Driven Process Improvement Guidebook. Highly recommended.

Monday, April 29, 2002


Linda and Kate covered service delivery in their recent entries while I addressed project management and metrics. The following documents will, in many ways, tie together these disciplines:

Sunday, April 28, 2002


My entry on 25 April wrapped up thoughts and associated documents on project management. This entry's theme is metrics. There is a direct relationship between software project management and metrics, as well as between service delivery and metrics. A good place to start is Practical Approach to Software Metrics, which is a primer. Also see previous metrics entries because this is a recurring topic.

Metrics need to be placed within a context of the development life cycle. An interesting approach to life cycles is the hybrid process model that combines the spiral and waterfall life cycles. This is but one example and certainly not the only viable model. However, you have to credit the authors for creativity and some excellent ideas. Armed with a primer and one model that incorporates two common life cycles into a hybrid, the next step is to survey metrics practices. This document presents best practices that you can learn from to develop (or improve) your metrics program. If you want to assess your metrics posture the Excel metrics self-evaluation tool will give you a baseline and the basis for launching a process improvement initiative.

Saturday, April 27, 2002


I've dredged up more documents that apply to service delivery in one or more ways. Each is from the GartnerGroup and each is short and focused:

Friday, April 26, 2002


Kate's entry caused me to remember that I have recent ITIL resources to share. ITIL Tools to Manage IT is collection of links that all service delivery professionals will find valuable, but are particularly applicable to ITIL practitioners. I also like the way that ITIL-compliant service processes are depicted in the well designed IT services page. It you're a help desk professional you'll probably relate to the article titled Managing IT Rage (Help for the Help Desk). Besides the loud ring of truth, this article combines advice for maintaining composure while delivering the high quality support services that are intended by the ITIL.

Thursday, April 25, 2002


In my entry in Notes from the Field today I discussed privacy as it related to presence and availability management. If you read my 25 April entry there you'll see initiatives sponsored by IETF IMPP Working Group and the Presence and Availability Management Forum. Those are not the only two groups that have emerged with privacy-related initiatives and proposed standards. An article titled Implementing privacy/preference policies with P3P introduces the W3C standard titled Platform for Privacy Preferences (P3P). This is an XML standard that describes the privacy and/or user preference policies for a Web site. Personally I applaud the recent activity by these groups to establish standards to assure privacy - something that may be sorely missed if the Liberty and Passport factions proceed unchecked.

Mike and Linda frequently write about the ITIL, service delivery and related topics. Until I joined TEAM Zarate-Tarrani my career path was a straight line in the knowledge management and competitive intelligence areas. Since joining the team I've been more involved in the service delivery domain, and it turns out to be a natural fit. Two documents that gave me the points of reference I needed to change direction are Delivering High Quality Service, which explains the goals of the International Service Management Forum, and a PowerPoint presentation on the ITIL essentials. Where my skill base allows me to fit in and to grow as a service delivery professional are the direct connection between managing knowledge and providing support services, and the process analysis and reporting that service level management requires. The latter is similar to competitive intelligence, with the difference being my information gathering and assessment activities will be directed inward towards the service delivery process. In addition, my competitive intelligence background will serve me well in benchmarking to best practices and the security knowledge areas of the ITIL.

An example of how competitive intelligence relates to service delivery is shown in eShopper Modeling and Simulation. This paper is a classic example of the grey area between competitive and business intelligence, but is also an approach that a skilled service delivery professional would take in establishing business patterns that can be used as the basis for service level objectives. Another example is a typical source document that a competitive intelligence specialist would use: Understanding Web Performance. Yet another competitive intelligence source document that is as applicable to service delivery as it is to surveying best practices and trends is Strategy for Exploiting Improvement. The bottom line is that it's not a great leap between the skills and experience I've accured and those that I'll need to perform effectively as a service delivery professional.


Ending Notes: Project Management. My last two entries covered various aspects of software project management. I'll end the series (which didn't start out as a series, but managed to become one anyway) with these documents:One of the best books, in my opinion, on software project management is Software Project Management: Unified Approach by Walker Royce. This book is especially valuable if you're using the Rational Unified Process, but will be applicable to any software development project regardless of methodology. My only complaint about the book is the way it addresses work breakdown structures, but I'll go into that particular issue in a future entry in the form of a book review.