Overheard - FACTA Red Flags Rule

Compliance with the Red Flag rules must take a risk-based approach. Organizations are not given a specific set of items to implement; there is no detailed checklist. Compliance is principle-based focused on the outcome — avoiding identity theft — and not on specific requirements. Michael Rasmussen, Red Flag Rules compliance demands a risk-based approach

Today’s WhatIs.com Word of the Day is Red Flags Rule.

Overheard - Enterprise document management

Compliance is a hamster wheel of pain. Are we in compliance? -> Hire Consultant -> The Consultant Says No -> Scurry and spend -> Repeat. Alex Hutton, The Cult Of Compliance

Today’s WhatIs.com Word of the Day is enterprise document management.

Overheard - Bank Secrecy Act

FinCEN is now seeking to engage smaller to moderate size depository institutions who are working to implement the four pillars of theBank Secrecy Act regulatory regime: (1) policies, procedures and internal controls; (2) designation of a compliance officer; (3) ongoing training; and (4) independent testing. Bryan Cave Law Firm, October 2009 Client Alerts

Today’s WhatIs.com Word of the Day is Bank Secrecy Act.

Overheard - Shared Assessments Program

“One of the big issues everyone faced, especially on the service provider side was the inconsistency in the level of questions and controls clients looked at. This sets the standard and a baseline so everyone is looking at pretty much the same types of controls…You remove inconsistency and raise the overall bar of information security.” Charlie Miller, as quoted in Shared Assessments aims to ease third-party security evaluations

Today’s WhatIs.com Word of the Day is Shared Assessments Program.

Overheard - FISMA and ICE

“The new FISMA requirements call for government agencies and DoD contractors to comply with a set of prioritized controls that reflect their ability to detect and stop cyberattacks.” Alexander B. Howard, ICE Act would restructure cybersecurity rule, create White House post

Today’s WhatIs.com Word of the Day is FISMA.

Overheard - Soft skills

“Soft skills are usually identified by phrases such as ‘must be able to work well under pressure’ or ‘must work well in a team environment.’ While many applicants consider such statements to be nothing more than an indication of the work environment, it is in fact a statement of the soft skills being sought.” Will Smith, Skills employers seek in job candidates

Today’s WhatIs.com Word of the Day is soft skills.

Overheard - PCI compliance

“In our view, if you peel off all the layers around the PCI Data Security Standards, you will see it for what it is in significant part, a tool to shift risk off the banks’ and credit card companies’ balance sheets and place it on others.” Dave Hogan, as quoted in Cybersecurity hearing highlights inadequacy of PCI DSS

Today’s WhatIs.com Word of the Day is PCI compliance.

Overheard - Web self-service

“More and more organizations are finding that, while a dedicated customer service staff is still an integral part of any company, customers can do a fine job answering questions and service issues for themselves and for one another.” Barney Beal, SaaS CRM vendors get serious about Web self-service features

Today’s WhatIs.com Word of the Day is Web self-service.

Overheard - Defining parameters for data encryption

From 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH / Definitions section

“Encrypted,” transformation of data through the use of a 128-bit or higher algorithmic process, or other means or process approved by the office of consumer affairs and business regulation that is at least as secure as such algorithmic process, into a form in which there is a low probability of assigning meaning without use of a confidential process or key.

Release management - the IT equivalent of herding cats

Studies have shown us that a large majority of IT projects fail either in part or outright for non-technical reasons that could have been prevented with proper planning. George Spafford, Release policies set standards for rollouts

Today’s WhatIs.com Word of the Day is release management.

As part of a webcast on Understanding the ITIL Trinity of Configuration Change and Release Management, George says that:

• 29% of projects deliver on-time with expected features
• 53% are challenged (are delivered on-time without expected features)
• 18% outright fail outright

It’s not surprising that George attributes these dismal numbers to non-technical factors, including lack of project planning, poor requirements definition, not getting the right stakeholders involved,  poor communication and insufficient management oversight.

I’m frankly surprised that the number of projects that deliver on-time with expected features is so high.  I would have guessed…3%.