Your shout
- Posted:
- 15:38 26 Nov 2004
- Topics:
- Viruses & Virus Protection
Have your say at computerweekly.com
On leadership in project management
In response to Tim Westbrock's article on the need to appoint
an enterprise architecture champion (Computer Weekly, 9
November)
The crucial role of a leader in delivering IT project success rings
true across almost any technology implementation or project.
Leadership can play a make or break factor in IT project success.
As the article suggested, a crucial leadership function is to
ensure that everyone is engaged in the IT programme with a clear
focus on short-, medium- and long-term goals. These must be
constantly communicated throughout the programme or project to
ensure this focus on results is maintained.
A focus on delivery, rather than activity, is paramount and part of
the leader's role is to gain buy-in from everyone involved in the
project - from internal teams to third-party suppliers - rather
than just taking a top-down management approach to IT.
The champion of IT champions may still fail to lead a company to IT
success if the rest of the company is not made to feel a true part
of the project.
Ed Haysler, solutions director, ITNet
Day zero attacks need to be stopped at source
In response to Paul King's view that desktop anti-virus
products used in isolation have had their day (Computer Weekly, 16
November)
Malicious code has advanced at a rapid rate, but reactive,
signature-based anti-virus software relies on the same model as it
did 20 years ago. Recent research has shown that the average window
of vulnerability or signature delay time is 10 hours.
I agree that companies need to re-assess how to combat these
attacks, and King's suggestion that a multi-layered approach to
security "beginning at the network and finishing at the desktop"
has some merit.
However, there is a more effective way of countering day zero
security attacks.
The answer lies where the problem originates - at the internet
level. Protection should be deployed here, before the malicious
code gets anywhere near the network. Using internet level
protection allows companies to take advantage of proactive services
deployed on a global scale.
Organisations need to ensure that the products they rely on to
protect critical assets are as developed as the threat itself.
First generation, software-based products have failed to achieve
this, and are no longer adequate in their own right.
Alex Shipp, senior anti-virus technologist, MessageLabs
Deadlines will hit SMEs supplying government
In response to the news item on e-government deadlines
(Computer Weekly, 16 November)
It is not just councils who need to ensure they are compliant by
January 2005, but the 800,000 businesses which supply goods and
services to the government must also ensure they can trade
electronically with local authorities from next year.
Of the total number of businesses selling goods to the government a
large percentage do not have an online presence and are therefore
not able to transact or apply for tenders electronically.
A large percentage of these organisations are SMEs and there are a
number of reasons why they have not yet made the step to trading
electronically. These include the perceived cost associated with
having an online presence, a lack of education among the SME
community, and a lack of suppliers able to provide the right
package.
Meeting the deadline does not need to involve a huge change in the
way businesses are run but a change in mindset about the use of
technology.
Small businesses need to think beyond using technology just to
manage the contact database but to interact with customers to
improve not only the speed of communication but also the quality of
service.
Alan Moody, UK managing director, Mamut
LETTERS
Why the stakes are so high with ID cards
David Blunkett's recent comparison of ID cards with loyalty cards
is completely off track. He is wrong to compare the two when the
underlying premise of loyalty cards is the choice to opt-in for
tangible benefits in return.
An SAS survey into customer loyalty cards earlier this year
identified that 56% of people believe that the loyalty card
information held is non-intrusive - this is in complete contrast to
the ID card which is being likened to Big Brother on a grand
scale.
As always, the devil is in the detail. It is not collecting and
holding high level data that is the issue - it is the potential
ramifications on civil liberties if details about what people do
and where they go are stored.
People are concerned that, in the extreme, ID cards could be used
to monitor and highlight their personal behaviour.
However from a practical perspective, it is normal for
organisations to look at millions of loyalty card transactions in
one go to identify patterns of behaviour, clustering groups of
people with similar characteristics - but not looking at specific
individuals.
The bottom line is that if data is held at a highly detailed level
on all individuals, it would be possible to drill down to what an
individual has been doing. Given the potential for such
information, the requirements of the ID card programme have to be
as near 100% perfect as possible.
Incorrect ID card data may lead to an individual being flagged as a
potential terrorist. With loyalty cards the worst thing that could
happen is that you might get someone else's reward points.
Jason Goodwin, SAS UK
Multiple systems make best route for the NHS
It is becoming increasingly obvious that the new Cultural
Revolutionary NHS will not be an overall success, as indicated by
the possible GPs' boycott of the appointments system (Computer
Weekly, 23 November). Some parts of it will be but most will
not.
I stick to my view (Computer Weekly, 13 January) that the regional
IT structure should be left to the local authorities and only the
common links should be on a national scale.
A standard XML procedure and broadband system would give all those
concerned the interaction they would require. Local systems do not
have to be the same, they only have to look the same. An XML
request would appear similar whatever its source. Regional centres
could choose their own system and organically the best would
gravitate to the top.
It would be in everybody's interest to move towards this system
when it proved itself and expenditure would be spread over a larger
time scale.
Some would argue that multiple systems are hard to support and not
cost effective, but this does not allow for the fact that many
authorities and suppliers have vast knowledge already and this is
being ditched. The one-for-all approach means that a failure will
affect everybody and the experiment will not be repeated.
New system design is basically simple. Find out what is really
required. Is it possible? Can the present system cope with it and
if not, can it be changed? Most of all why do you want to change it
in the first place?
The advantages should always outweigh the disadvantages but this
balance can be in the eye of the beholder. The greatest of all
design attributes is common sense, this is usually the first
attribute that goes out of the window.
Maldwyn Palmer
How responsibility is shared for NHS IT
I read with interest the article "Programme gets a new joint head"
(Computer Weekly, 16 November) and would like to clarify one
point.
As your story states, Alan Burns has been appointed to a new role
leading the service implementation of the National Programme for IT
into the NHS. But I would like to emphasise that Richard Granger is
the senior responsible owner for the National Programme.
A formal announcement on Burns' appointment will be made in due
course, which will include more details about his plans.
James Herbert, National Programme for IT
To keep or not to keep... that is the question
Maxine Holt's article warning about how e-mails may be used in
evidence (Computer Weekly, 16 November) highlights a growing
dilemma facing businesses today - to keep or not to keep.
With an estimated 50% of the largest global companies having no
e-mail retention and deletion policy in place, it is an issue which
needs to be addressed to ensure compliance with a raft of new
legislation while not clogging up servers with useless
information.
The article offered three approaches to e-mail archiving to ensure
compliance with new regulatory pressures but did not stress the
importance of having a sophisticated records management system in
place which will help to store e-mails based on defined retention
rules, rather than just archiving everything.
When it comes to a data retention policy it can be as much of a
risk to the business to keep as not to keep, and it is often
unnecessary to keep everything. The best approach is for the IT
manager to work with other organisational staff such as the records
manager to set up policies which dictate what should be kept,
deleted or stored off-site and when it should be destroyed.
This will ensure that servers are not full of useless information,
help prepare the business for the inevitable exponential increase
in data volumes in the future and ensure the business is safe from
litigation.
Liz Maloney, Hummingbird UK
