EU CIO Guidelines

CIO Magazine says that questionnaires are being sent out to CIOs around Europe as research funded by the European Commission seeks to set out guidelines for IT best practices.  The Innovation Value Institute (IVI) at Maynooth University in Ireland was awarded €300,000 last month to conduct the project, aiming to strengthen and professionalize the role of CIO (chief information officers) and IT professionals.  As part of its research, IVI will seek to establish a European training program for IT managers to deal with an anticipated shortfall of qualified job candidates.

In many organizations globally, the IT department is still a provider of support services rather than a boardroom decision-maker.  This global problem is unsustainable for successful modern organizations.  There is a lack of an obvious career structure, no common language to describe professional skills and competencies, there is no metric for measuring these skills and no common framework to assure them.

Details are at CIO:

Cloud Security Startup Leaves Stealth Mode

Mike Lennon posts at Security Week that a new cloud security startup has emerged from “stealth mode”, unveiling solutions designed from the ground up to provide security for elastic cloud servers.  CloudPassage is looking to help companies manage their own cloud security by offering a single, purpose-built solution that delivers multiple layers of defense for cloud servers.

CloudPassage introduced its new line of server security and compliance products: Halo SVM (Server Vulnerability Management) and Halo Firewall. Read the article for all the details.

Best & Brightest Burn Out Fastest

The Globe and Mail reports that those who shine the brightest in the workplace are also those most susceptible to burning out – and that risk is growing for Canadian executives.  “A prime factor that drives people to burnout is feeling that there is too much to do and not enough time to do it,” according to psychologist Dr. Michael Leiter, director of the Centre for Organizational Research and Development at Acadia University in Wolfville, N.S.  Many executives are feeling that pressure as never before.

A survey released Tuesday by the Toronto-based Centre for Addiction and Mental Health found employees with the greatest responsibility are facing the highest levels of job stress.  In the survey of 2,737 Canadian workers, 18% reported their job was “highly stressful.”  The odds of having high stress were greatest for managers or professionals, if they thought their job performance could negatively affect others, or if they worked long or variable hours.

Chronic stress leads to burnout, and can worsen existing mental health problems or physical disability, the research warns.  “The people who report high stress are the ones most invested in their jobs.  Employers should be very concerned with keeping this population healthy. From a business perspective, it is in a company’s best interest to support these workers.  Most organizations are more lean than they were before the recession and top people have fewer staff to delegate jobs to.”

Avoiding burnout requires discussing the risks openly in the workplace and placing limits on expectations.  One of the illusions people have is that putting in more hours will make them more productive.  Doing that will tire you out and make you sick, and when you are sick, everything becomes more difficult, Dr. Leiter said.  Executives have to make a decision that there is only so much that they can do, and eliminate or delegate work.  Also, reflect on what you are accomplishing and what needs to change.

“You don’t necessarily throw out your core values, but look at reality and the opportunities you have to let go of old ways of doing things and reduce your stress.”

Honey, I’m Relocating My Office…

According to a posting on Slashdot, you too can own your own bomb-proof bunker just like Pirate Bay and WikiLeaks.

It has come on the market at the bargain price of £400,000 ($635,000), and is located several metres below the rolling hills of Scotland.  It cost £30 million to build, has space for 150 staff and includes its own BBC studio, canteen, telephone exchange and sleeping quarters.  Kewl…

Forrester’s 2011 Security Strategy Recommendations

According to CIO Magazine, most CISOs are struggling with the same technical and business issues, ranging from the changing threat landscape to supporting the increasing adoption of social technologies, employee-owned mobile devices, and cloud services.

Many senior business and IT leaders are asking CISOs to support and align with business and IT objectives, requesting more interaction and updates from security teams.  Forrester has identified recommendations for security strategies that address the broad security trends in the current market, falling into three major themes:

  1. Better governance structures;
  2. More mature security processes
  3. Improved analytics and reporting capabilities

I tend to agree with most of the commentary in this excellent CIO article.  The bulk of the recommendations tend to focus on developing metrics for measuring success.  Anyone that knows me knows that I am a metrics-man, swearing by the spreadsheet, monitoring trends and always seeking out performance indicators.  There is also some high level advice on how to support the business, making security an enabler, and producing policy to align objectives.  I do believe that this is a two-way street, however, and that the business MUST be educated about the risks inherent in activities focused on increased convenience, and in most cases, a compromise should be struck rather than disregarding security concerns.

Both the article and the report should be read, and offer food for thought.

Cisco Buying Pari

NetworkWorld reports that Cisco has announced its intent to acquire privately-held Pari Networks, a provider of network configuration, change and compliance management appliances that was founded by former Cisco engineers.

This is an interesting acquisition, bringing awesome power to Cisco’s “Smart Service” capabilities by enhancing the ability of Cisco devices to manage the health and stability of customer networks through proactive, personalized services.  This will help identify potential network problems and potentially changes and attack indicators before they can do damage, and to optimize the performance of their networks.

In my humble opinion, Cisco is on the cusp of a major turning point in network/security integration if this is handled correctly.

Intel, VALTx Developing Game-Changing Security

Justin Rattner told Computerworld on Tuesday that Intel is working on new security technology that will “stop all zero-day attacks”.  This is a pretty big claim.  While he would provide few details, he hopes the new technology will be ready for release this year.

“We’ve found a new approach that stops the most virulent attacks.  It will stop zero-day scenarios.  Even if we’ve never seen it, we can stop it dead in its tracks” .

Anyone attending last might’s TASK meeting would have heard Dennis Meharchand’s discussion of Endpoint Security, regarding a product that local Toronto firm, VALTx is promoting that claims to do the same.  I have not examined or validated any of his claims, but he did offer some compelling discussion points.