Computer Weekly readers' have their say
Professionalism is all a part of growing up
I read with interest the letter written by Stuart Learmonth
(Computer Weekly, 4 April) regarding his membership of the BCS. I
fail to see his argument. MBCS stands for "member of the British
Computer Society". If he stops paying his membership, then he is no
longer a member so why would he think that he should still be able
to advertise that he is?
I also find fault with his argument that people quote membership
of the BCS as some form of recognition of their professional
capabilities, technical knowledge and industrial experience. By
being a member of the BCS, one can only assume that a person has an
approved degree or equivalent in a relevant subject; I would argue
that this demonstrates one's professional capabilities.
Once a person becomes a CITP (certified IT professional) or
chartered engineer (which the BCS can grant as an affiliate of the
Engineering Council), a prospective employer or customer can deduce
that that person has an approved degree (or equivalent) and has had
their IT experience examined and ratified by an independent,
professional body. Can you deduce the same if a person is only
supplier qualified?
If I were looking for someone to technically lead a significant
IT project, I would want to ensure that they are CITP or a
chartered engineer and have the relevant supplier qualifications.
That way, I would know this person is a degree-qualified
professional with independently assessed experience, committed to
continued personal development and is a member of a professional
organisation which is not linked to their current employer.
This is the case for civil engineering, doctors, solicitors,
architects and so on. A change is happening in the IT sector - the
IT industry is growing up and some people don't like it.
Andrew Padley, MBCS
Take time to build your outsourcing
relationship
On reading your Friends Provident case study (Computer Weekly,
28 March) I was relieved to see that companies really are starting
to learn to develop best practice in outsourcing. All too often we
hear of outsourcing disasters and it is encouraging to realise that
some companies at least are taking the experience of others and
learning from it.
Friends Provident was very savvy in developing a relationship
with Wipro gradually; giving them more responsibility as trust was
built. Because as capable as a company seems on paper, that is not
always the case, which some end-users have learnt to their
detriment.
Also for each company to learn how the other works and the
culture etc. is something that can take time, but is something that
is well worth doing when you are in a long-term partnership. Many
companies jump in at the deep end with massive outsourcing deals
and a supplier they have not worked with before - for this to work
takes a lot of preparation and is a much bigger risk. With this
gradual outsourcing style possibly proving more successful I am
sure we'll see more companies taking this shrewd approach to
outsourcing.
Martyn Hart, chairman, National Outsourcing
Association
Data theft is all too easy in the age of the
iPod
I read your article about the legal implications of business
information theft with great interest (Computer Weekly, 28 March).
What companies must wake up to is that with the explosion in
low-cost, portable storage devices, from the memory stick to the
iPod, there is a great deal to be done to increase security
measures and prevent theft of data from within the organisation.
The proliferation of such devices is revealing dangerous flaws in
security policies, and leaving organisations wide open to the loss
of vital corporate information and compliance failure.
The dangers posed by the employee have always been significant,
but the new generation of mobile storage devices has transformed
the ease with which information can be stolen. These devices are
small, simple to use, easy to conceal and capable of systematically
removing vital business and customer information from the
organisation in a way that is completely untraced and
untraceable.
Organisations need to implement technologies that can enforce
control over the use of mobile devices. Actions could include
imposing copy limits per device, scheduling access and taking audit
copies every time a mobile device is used.
Under the Data Protection Act, organisations must take
reasonable measures to protect personal information. Combining the
audit trail with a copy of what has been taken also provides
organisations with more than enough proof to demonstrate to
auditors or regulators that effective mechanisms have been put in
place to support compliance requirements.
Ian McGurk, head of security consulting, Plan-Net
Services
Banks feeding apathy towards identity fraud
In response to the story on the reluctance amongst banks to
follow the lead on two-factor authentication (Computer Weekly, 28
March), this may not be down to the cost of adopting an extra
security measure, but rather the need to first educate the consumer
before security attacks happen.
At the moment UK consumers appear to be happy to continue
banking blindly, regardless of the threat of identity theft. This
attitude not only encourages increasingly audacious and
industrial-scale fraud, but also translates into millions of pounds
being written off each year. At the moment consumer self interest
and the interest of the banks are not aligned, as the financial
risk largely rests with the financial institutions feeding this
apathy.
The real challenge and opportunity is for the banks to better
combat fraud before it happens through improved fraud detection
technology. At the same time, there needs to be a renewed
commitment to effective consumer security education, with the
financial institutions potentially incentivising consumers to join
the fight against fraud.
Unfortunately many financial institutions' fraud systems are
unprepared to address sophisticated forms of identity theft. Whilst
fraud detection systems are good, today there is a need for banks
to integrate knowledge and information across all channels -
branch, online, telephone, etc - to create a fraud monitoring
"ecosystem" that holistically addresses the problem. Only with
stronger, more coordinated systems can banks continue to safeguard
the trust customers put in their brand.
Nigel Moden, retail banking partner, Unisys
Answer back
Do you disagree with someone's opinion on this page? Or do you
have something to say about a Computer Weekly article? If so, we
want to hear from you. E-mail :
computer.weekly@rbi.co.uk
Please include a daytime telephone number.