Your shout: Professionalism, outsourcing, data theft

Readers' takes on the week's news

Computer Weekly readers' have their say

Professionalism is all a part of growing up

I read with interest the letter written by Stuart Learmonth (Computer Weekly, 4 April) regarding his membership of the BCS. I fail to see his argument. MBCS stands for "member of the British Computer Society". If he stops paying his membership, then he is no longer a member so why would he think that he should still be able to advertise that he is?

I also find fault with his argument that people quote membership of the BCS as some form of recognition of their professional capabilities, technical knowledge and industrial experience. By being a member of the BCS, one can only assume that a person has an approved degree or equivalent in a relevant subject; I would argue that this demonstrates one's professional capabilities.

Once a person becomes a CITP (certified IT professional) or chartered engineer (which the BCS can grant as an affiliate of the Engineering Council), a prospective employer or customer can deduce that that person has an approved degree (or equivalent) and has had their IT experience examined and ratified by an independent, professional body. Can you deduce the same if a person is only supplier qualified?

If I were looking for someone to technically lead a significant IT project, I would want to ensure that they are CITP or a chartered engineer and have the relevant supplier qualifications. That way, I would know this person is a degree-qualified professional with independently assessed experience, committed to continued personal development and is a member of a professional organisation which is not linked to their current employer.

This is the case for civil engineering, doctors, solicitors, architects and so on. A change is happening in the IT sector - the IT industry is growing up and some people don't like it.

Andrew Padley, MBCS


Take time to build your outsourcing relationship

On reading your Friends Provident case study (Computer Weekly, 28 March) I was relieved to see that companies really are starting to learn to develop best practice in outsourcing. All too often we hear of outsourcing disasters and it is encouraging to realise that some companies at least are taking the experience of others and learning from it.

Friends Provident was very savvy in developing a relationship with Wipro gradually; giving them more responsibility as trust was built. Because as capable as a company seems on paper, that is not always the case, which some end-users have learnt to their detriment.

Also for each company to learn how the other works and the culture etc. is something that can take time, but is something that is well worth doing when you are in a long-term partnership. Many companies jump in at the deep end with massive outsourcing deals and a supplier they have not worked with before - for this to work takes a lot of preparation and is a much bigger risk. With this gradual outsourcing style possibly proving more successful I am sure we'll see more companies taking this shrewd approach to outsourcing.

Martyn Hart, chairman, National Outsourcing Association


Data theft is all too easy in the age of the iPod

I read your article about the legal implications of business information theft with great interest (Computer Weekly, 28 March). What companies must wake up to is that with the explosion in low-cost, portable storage devices, from the memory stick to the iPod, there is a great deal to be done to increase security measures and prevent theft of data from within the organisation. The proliferation of such devices is revealing dangerous flaws in security policies, and leaving organisations wide open to the loss of vital corporate information and compliance failure.

The dangers posed by the employee have always been significant, but the new generation of mobile storage devices has transformed the ease with which information can be stolen. These devices are small, simple to use, easy to conceal and capable of systematically removing vital business and customer information from the organisation in a way that is completely untraced and untraceable.

Organisations need to implement technologies that can enforce control over the use of mobile devices. Actions could include imposing copy limits per device, scheduling access and taking audit copies every time a mobile device is used.

Under the Data Protection Act, organisations must take reasonable measures to protect personal information. Combining the audit trail with a copy of what has been taken also provides organisations with more than enough proof to demonstrate to auditors or regulators that effective mechanisms have been put in place to support compliance requirements.

Ian McGurk, head of security consulting, Plan-Net Services


Banks feeding apathy towards identity fraud

In response to the story on the reluctance amongst banks to follow the lead on two-factor authentication (Computer Weekly, 28 March), this may not be down to the cost of adopting an extra security measure, but rather the need to first educate the consumer before security attacks happen.

At the moment UK consumers appear to be happy to continue banking blindly, regardless of the threat of identity theft. This attitude not only encourages increasingly audacious and industrial-scale fraud, but also translates into millions of pounds being written off each year. At the moment consumer self interest and the interest of the banks are not aligned, as the financial risk largely rests with the financial institutions feeding this apathy.

The real challenge and opportunity is for the banks to better combat fraud before it happens through improved fraud detection technology. At the same time, there needs to be a renewed commitment to effective consumer security education, with the financial institutions potentially incentivising consumers to join the fight against fraud.

Unfortunately many financial institutions' fraud systems are unprepared to address sophisticated forms of identity theft. Whilst fraud detection systems are good, today there is a need for banks to integrate knowledge and information across all channels - branch, online, telephone, etc - to create a fraud monitoring "ecosystem" that holistically addresses the problem. Only with stronger, more coordinated systems can banks continue to safeguard the trust customers put in their brand.

Nigel Moden, retail banking partner, Unisys

Answer back

Do you disagree with someone's opinion on this page? Or do you have something to say about a Computer Weekly article? If so, we want to hear from you. E-mail :

[email protected]

Please include a daytime telephone number.

Read more on IT risk management