Tag: best practices

  • Preparing for a Security Audit

    Preparing for a Security Audit

    The topic of security comes up a lot in IT circles. We see headlines every day about breaches and fear that our company could be next. Ok, that may not be exactly our response. However, hackers are real and a threat to every business that is online. That makes the idea of a security audit attractive to many managers and business owners. They want to be comfortable with where they stand and any associated risks. This may even be a requirement as part of due diligence for an acquisition or investor.

    A Security Audit is Not Scary

    The word “audit” seems to strike fear in the hearts of many. I get it and feel the same trepidation every time I hear it. We seem to think an audit always points to our flaws, and that is a bad thing. To the contrary, an audit of this sort provides a way for us to get better. Yes, it points out flaws and weaknesses. However, it also provides feedback on how to eliminate or overcome those shortcomings. That means that we will be better off, more secure, once we go through an audit and learn from it. It also helps to go into an audit, knowing that imperfections will be highlighted. No system is perfect, so all we can do is look for ways to get better.

    Get Your Ducks In A Row

    The first step to take before a security audit is to clean up the flaws you already know about. This action will make the process more valuable. Less time will be spent on going over the “things you already know.” That means your time and money will be better spent. Why would you pay someone to tell you what you already know. There is another side effect of taking this action. Sometimes weaknesses or flaws are masked by another problem upstream. Think about a dirty window that blocks a view of a dirty room. You will not know about the room until you clean the window. Similarly, clean up the issues you know about, so there is less chance of hiding those flaws you need to understand. Security is a prime area of this sort of environment. By its nature, most IT security is built in layers or walls. Thus, it is by design that a flaw in one level may be masked or even corrected at another level.

    Ask The Experts

    We are not all security masters. That is not a problem. There are plenty of resources available on the Internet to guide us implementing best practices for security no matter what environment we have built. You can bring in security consultants, but you can save a lot of money by hitting some of the cornerstone security sites. One of the best sources of this information is the OWASP site. You can find white papers that cover overall security concerns as well as detailed tutorials for hardening your systems. Many of this documentation is source material for security audit procedures and processes. Therefore, you will be able to educate yourself about these measures while getting a head start on how the security audit will expect your environment to look.

    Yes, It Is That Simple

    You may be amazed at how short this article is. However, the details that you will find in those security tutorials can take hours or days (or more) to implement. The plan is simple. It is the execution that can be a challenge. Nevertheless, there are a lot of security recommendations that are quick and easy to implement. Even a little investment of time can make your security audit experience enjoyable and educational. That statement may seem laughable but do not take my word for it. Give it a shot and see how much more secure your systems are as your confidence about them soars.

  • Setting Expectations and Project Success – Three Easy Steps for Improvement

    Setting Expectations and Project Success – Three Easy Steps for Improvement

    We all can use more ways to achieve project success or at least increase its likelihood.  Of course, there are many steps we can take in this effort.  However, few provide the impact of setting expectations and managing them throughout the process.  Here are some ways to help you do precisely that in your next project.

    Concrete Over Vision

    The most significant variance in expectations in my experience comes down to vision.  The end product you envision is not what your customer sees.  Since both of these visions are in someone’s head, we need to get those out and compare notes.  Guessing and assumptions are prime culprits in expectations that are out of sync.

    This is why prototypes, wireframes, and user stories are so important in project success.  These tools give us a way to put down on paper the vision in our heads and resolve any differences.  It can seem redundant to write down something all parties appear to agree on, but that does help avoid assumptions and other communication issues.  I have found that we do not always have the clarification of communication that we think we do.  Putting thought into concrete form helps to alleviate that weakness.

    The Devil in the Details

    I once heard it suggested that software architects get in the habit of asking “and then what?”  This is an excellent approach to drilling down to the required level of detail for setting expectations.  The step to put our vision in a concrete form can lead us to think we have more detail than we do.  I have come across far too many customers that point to a page or application and say that is what they want.  However, as we dig into that example, we find that there are features they want that are not on the screen or assumptions made that are not stated.

    An example of this sort of error is easily seen in the assumptions about how a page works.  There will be menu items and other controls that imply action.  When the result is not adequately shown and defined, then it can lead to mismatched expectations.  The “make it look like this” is a good start.  However, it is only a start.  This starting point needs to be followed up with questions to clarify how every piece of the screen works.  This includes menu items, buttons, tab orders, notifications, validations, and more.  A picture is worth a thousand words and may also hide a thousand function points.

    Avoid Drift

    The third item we need to address is potential drift from our starting point.  A well thought out and thorough design up front can help us set and maintain expectations.  Nevertheless, there are surprises and holes that become apparent in any implementation that can impact that initial design.  These bumps can cause drift and even derail the direction that implementation is headed in.

    This problem is easily solved with regular meetings and updates.  Progress and bumps are addressed in each session along with discussions of variance from the original design.  The end product of this process is that expectations are “tweaked” along the way in concert with design adjustments.  Although there are other reasons to take this approach, I think managing expectations provides the most substantial payoff.

    There are thousands (or more) variables that go into project success.  Fortunately, a lot of what determines that success is how the solution is perceived.  Therefore, the better we are at setting and managing expectations the more likely our odds of success.

  • Catching Up On Documentation and Overdue Tasks During a Lull

    Catching Up On Documentation and Overdue Tasks During a Lull

    Summer can be a frustrating time.  Much like the end of the year, there are a lot of vacations to work around, and your team varies from week to week.  That makes this an excellent time to take your vacation as well.  However, when you find yourself at work with limited staff or tasks waiting for people to return, there is an opportunity for catching up.  Those secondary and less important tasks that never seem to get done are excellent targets during these slow times.

    Getting Ahead

    One of the areas where it is easy to get behind is planning.  You know the Fall and wrap up of the year will be busy.  It almost always is.  Thus, this is a perfect time to look ahead to those hectic months and search for tasks you can start or even complete in this slow time.  It can be a time to lay down plans for the push and create documentation outlines where possible.  The work may not be such that it can be completed and off your plate.  However, any steps you take now will be less time to spend during that rush.  This is also a time to set things in motion if you are going to need vendor buy-in, customer sign-offs, or other administrative tasks that can often drag out the completion of a project.

    Catching Up On Overdue Tasks

    Planning takes some thought and forecasting.  Overdue tasks do not suffer from these restrictions.  You know what needs to be done.  Many of these tasks are the kind that languishes on your to-do list for weeks or months.  Why not remove those headaches and stress by knocking out some of your “productivity debt?”  When you take action your days will move along quickly and you will be thankful in the months ahead that you did.