The UK’s world class “Track & Trace” application “lost” 16,000 cases for over a week, as reported in the Register. Plenty of people have decided to comment and so I thought I’d join in and posted my thoughts in a linkedin blog, although I start this post with a quote from the Register, including the fabulous phrase, "Ridicule and despair, those shagged-out nags of our Johnsonian apocalypse, once again trudged exhaustedly across the plaguelands of England". For more see below/overleaf ...
There’s no divorce in Bitcoin
I attended a presentation hosted by the BCS, and given by Ron Ballard, based on his article in IT Now, “Blockchain: the facts and the fiction”. What he said inspired some thoughts and reminded me of others, some of which I have previously published on my blog. I wrote an article, called Learnings of Bitcoin, which was meant to be a spoof on the Borat film title and posted it on my linkedin blog, The article looks at the tight coupling of Bitcoin, and its consensus mechanism, the proof of work, together with its costs and vulnerabilities. It examines the goal of eliminating trust authorities and its questionable ability to meet the necessary roles of money as a means of exchange and a store of wealth. In the comment pushing it, I say, "This might be a bit basic for some, but you can't have a coinless immutable blockchain, at least not one based on 'proof of work'.", at which point you need to consider if there are better data storage platforms for your use case. I use more words to explore these issues below/overleaf ....
On Record Management
As part of my series on devising systems to create logs to protect an organisation and its staff against charges of criminality, I posted an article on my linkedin blog called “Doing Record Management well”. It doesn’t surprise me that there is an ISO Standard (ISO 15489) on the subject, but it does surprise me that I hadn’t heard of it until I started to research some of the articles in this series.
I have a research note on my wiki, which links to the Bank of England policy and also quotes Deutsche Bank’s policy, which is available because they post it on internet. I quote it here,
Deutsche Bank’s code of conduct, see page 25, says, among other things,
…“Maintaining accurate books and records is fundamental to meeting our legal, regulatory and business requirements. You are responsible for maintaining accurate and complete records and for complying with all the controls and policies our bank has in place. You should never falsify any book, record or account that relates to the business of our bank, its customers, employees (including your own activities within our bank) or suppliers. You must never dispose of records or information that may be relevant to pending or threatened litigation or a regulatory proceeding unless you are authorised to do so by the Legal Department. You must also comply with applicable record retention policies.”
DB Code of Conduct
Knowledge Graphs
I attended a Capco/Semantic Web Company webinar, on Knowledge Graphs which provoked these thoughts, on how far we’ve come, new solutions to old problems and the social inhibitors to new technology adoption. The complexity of the data administration problem is why specialist tools have been developed and matured to the point that Gartner produce a Magic Quadrant on Meta Data Management tools, in which the Semantic Web company’s Pool Party appears as a visionary. The MQ report is currently being distributed, as is normal, by one of the “Leaders”, Informatica.
Andreas Blumaur, who was one of the speakers, repeated his suggestion, start small with committed users and that possibly the best 1st solution is a semantic search. (I thinl I’ll have another look at implementing something on my wiki.)
I have felt for a while that semantic web technology could be used to match work to resource in the cloud, with cloud entities advertising their capability using XML, it shouldnn’t be a stretch and with Azure, these systems are being defined in XML. The other application that interests me is if the XML/RDF models can be used to create a model of the person in the enterprise, maybe implemented in SQL; my current researches have not been fruitful. …
Can’t make it up
A note on LinkedIn on why managements need IT usage policies to prove their compliance and to act legally and fairly towards their employees. I suggest that ISO27001 is useful as a technical standard and COBIT as an organisational one.
This was written in the light of a couple of cases I had to deal with as an accompanying rep. or as an advisor.
You can’t claim that users are not performing if you can’t prove the IT systems work as documented. You can’t pursue a conduct disciplinary against people operating a policy. You can’t fulfil FOI or SAR requests if the data retention policy is suspect. You can’t be sure that corruption has not occurred if there is inadequate segregation of duties.
Having policy will help the organisation answer the following questions. Is our software supported? Why and how was that data deleted? What should be logged? Who has permission to read, amend and run these programs and/or this data? Are our vendors signed up to our IT security goals? Why do you not know this?
This is all defined in these standards, and the GDPR makes certification to good practice evidence of good will. ISO27001 and COBIT are the big boys in town to prove technical and organisational protection.
You can’t make it up anymore. …
Some IT technology & economics history
I have finally installed a version of CA-Superproject under W98/Virtualbox and the experience reminded me of a couple of things, about the software, about its final custodian, Computer Associates (CA) and also some critical software project management issues. I have written a more formal note on Linkedin and this is my mirror/pointer to that; the rest of this article précises that article. For more, see overleaf/below. … …
Technology lessons
It seems the police have found insufficient evidence to prosecute Boris Johnson for misconduct in a public office with respect to his alleged relationship with Jennifer Arcuri and decisions taken by the Mayor's Office to support her business. His day-time visits to her home, presumably during working hours, were, it seems, for 'technology lessons'. It seems that some emails seem to be unavailable, possibly in contravention of the Mayor's statutory record keeping rules and duties. The rest of this blog looks at alternative legal approaches to investigating if wrong doing has occurred. It looks at how good good IT Security controls are needed to allow essential audit questions to be answered.
Fighting Corruption
Sadly I have been looking to see what’s being said about Corruption and Anti-Corruption. I made a wiki post which includes some links on management strategy, which includes an article from McKinsey’s Journal which offers a brief taxonomy of corrupt practices, this is augmented by Transparency International’s tool kit, to which I link. TI also note that, “The UK Bribery Act, which was passed in 2010, introduces an offence of corporate failure to prevent bribery.”. There are also some specific action plans inc. current advice from the MoJ. Interestingly, to me, the action plans share many ideas from risk management practices and IT Security controls that I have been working with for many years, and that having a robust programme of controls is the only defence against the aforementioned corporate crime.
Construct a taxonomy, develop controls, measure the effectiveness of the controls and fix those that are broken.
This costs money and time, and companies may lose business because of it. No-one says it’s easy.
I have now made a post on my linkedin blog, which while repeating some of that I say here, looks at the MOJ Guidance and their six principles and offers some important definitions of pertaining to bribery. I highlight the concept of ‘improper behaviour’ from within the legislation. …
Theory matters!
I have just posted a blog on linkedin about business and IT strategy. I say a bit more here! This was provoked because I was doing some research for a job application which involves IT strategy. I was considering the alignment of business strategy with that of the IT department and what I might say. I outlined three models, although they were all developed a while ago, I think they all have relevance today. The three models address business strategy, software portfolio management and architectural pattern selection. Business strategy should drive portfolio and project management choices. While business strategy will outline how to do what must be done, it also defines what will not be done. Portfolio management determines the allocation of development funding, priority, maintenance funding, project risk appetite, people skills, project governance and software sourcing policy and as result of choices made, one can select the appropriate platform super architectures, of which you may need more than one. I conclude that theory matters. See more below/overleaf … …
Why Zoom?
I have posted a blog on Why Zoom? has become so popular in terms of getting consumer mind share.
I wonder if it’s based on Microsoft forgetting its history. I am sure the ultra low cost of using Zoom helps but Microsoft’s entry cost for Skype is the same and at the end, someone has to pay for the server room cycles.
…Perhaps in the hypergrowth stage best of breed works but I suspect that an integrated offering will win out in the end.