Agile is a key trend. Interest in and demand for Agile approaches for an increasingly wide range of projects and initiatives has never been higher.
However there is a myth commonly attributed to Agile which continues to persist, after much discussion and debate, that often discourages individuals and organisations from even considering, let alone adopting, Agile project management. The myth says that Agile is only suitable for software and IT development projects.
In some ways it’s understandable that this misconception exists; after all, the whole concept of Agile was born in the IT and software development arena.
However, it’s simply not true, and it’s a myth that needs busting once and for all.
Posted in Agile, AgilePM, Project Mgmt.
– May 25, 2016
Remember in my last blog I mentioned distancing by involved 3rd parties? Well, things have moved on a bit since the heist with people realising that anyone in the value chain can contribute to a disaster. Bad things happen because of:
- an internal problem, or
- because someone else in the value chain has a problem, or
- someone else does the right thing based on the incorrect assumption that the rest of the value chain is working correctly.
“Cyber is not an event. It is a conduit for events to occur.” This is probably the most important thing to know when looking at threat management. Not my words but those of TheCityUK in their May 2016 report on ‘Cyber and the City’. It is a worthwhile read for all industries as the points on page 6, the recommendations on page 8, the checklist on page 16 and the Action Plan on page 29 apply to all firms, regardless of sector.
Posted in COBIT 5, IT Service Mgmt.
– May 18, 2016
Sourced from Andy Taylor, cyber security expert and APMG International lead assessor.
One of the greatest challenges for organisations attempting to address cyber security risks is the number of fundamental security myths that cause organisations to incorrectly assess threats, misallocate resources, and set inappropriate goals. Dispelling those myths is key to developing a sophisticated, appropriate approach to information security.
This piece gives the background to these popular Cyber Security myths and sets out why there is more than meets the eye.
Posted in Cyber Security.
– May 12, 2016
Hello and thanks for reading.
I’ve been asked to write this blog by APMG International after speaking at their Taking Charge of Change 2016 event on April 8th in London.
As Learning Tree International’s Lead Instructor for Change Management and Author of Achieving APMG Change Management Practitioner Certification course, I would like to start by a bit of “myth-busting”: there is no ‘silver bullet solution’ for building capability and confidence in effectively managing change!
Now, on the upside, there are many approaches, tools, techniques and lessons learned available to facilitate building the required confidence and capability.
Posted in Change Management, Qualifications.
– May 4, 2016
We know it but do we do it? “Cyber must stop being treated as the domain of the IT department and should be a boardroom priority”. This quote of the 3rd March 2016 comes from the Institute of Directors (IoD). I refer to the IoD’s findings towards the end too, because what happened to Bangladesh’s central bank, Bangladesh Bank, may be happening to us.
Two months on and the investigation into the cyber-heist at Bangladesh Bank is just about over. The speed in reaching a conclusion is less about efficient investigating but having too little to investigate.
The reason? The central bank had no IT security, no audit trails so no trace of the criminal footprint. (But please feel free to fess-up if it was you.) Computing has a good article.
Officially, the Philippines, whose central bank were unwitting partners in settling some fraudulent payments, has said the hackers were Chinese, deflecting responsibility elsewhere. See The Star’s article.
Officially SWIFT, the financial sector’s mechanism of choice for transferring funds globally, “can recommend internal security measures” to its banks but does not provide “specific measures to be uniformly adopted by financial institutions to secure their networks” (see Canadian Cybersecurity Law’s article)
Posted in Certification, COBIT 5, Cyber Security.
– April 28, 2016
ISO/IEC 20000 series revision
All standards are reviewed every 5 years to assess if they remain relevant and need any improvement. After this process, some standards will be retired, some will remain as they are and some will be updated to a new edition. The series is also reviewed for the need for any new parts in the series.
It can take several years to create a new standard or to update a standard. But why does it take so long?
The creation or update of international standards needs to allow the views of all member countries to be taken into account. Standards are used for many years and impact individuals and organisations so it is important that time is taken to get them right. International standards are created or updated within an ISO or ISO/IEC committee. Member countries have mirror committees (national bodies). In the UK these are BSI committees. Members of committees are technical experts in the field of the committee. Representatives from the national bodies attend the international committees.
Posted in ISO Schemes, ISO/IEC 20000.
– April 27, 2016
Sukces przedsięwzięć podejmowanych w ramach organizacji w dużej mierze zdeterminowany jest zaangażowaniem i stylem pracy zespołów biorących w nich udział. Wiedzę o tym fakcie posiada każdy menedżer, nie każdy jednak wie o tym, jak ważny jest to czynnik. Prowadzenie projektów w sposób przemyślany i adaptacyjny do nowo powstających wymagań jest podstawą do osiągnięcia założonych celów i pozostawania liderem na rynku konkurencji.
O tym, co warto wiedzieć o metodykach zwinnych i wdrażaniu metod zarządzania projektowego agile, w ramach struktur swojej organizacji, opowie nam Mirosław Dąbrowski, Agile coach, który na co dzień doradza kadrze menedżerskiej, w jaki sposób pracować zwinnie, oraz przeprowadza transformację organizacji w stronę zwinności.
Posted in Agile, AgilePM, Certification, Project Mgmt, Qualifications.
– April 19, 2016
This is the summary of my recent presentation at the Project Challenge expo in Birmingham. The subject was the role of the Change Manager.
Who are Change Managers?
I began by explaining that Change Manager is a developing role, with a wide interpretation. A quick search of the members list of the Change Management Institute UK came up with the following job titles that our members, all change professionals, are known by at work:
- Communications Manager
- Director of People
- Employee Engagement Manager
- Relationship Manager
- Project Manager
- Line Manager
- Programme Manager
- Customer Experience Lead
- Business Analyst
- Business Transformation Manager
- Team Leader
- Head of PMO
I am lucky because I was given my favourite ever job title recently – Chief Persuasion Officer – which I think sums up the role beautifully!
Posted in Change Management, Project Mgmt, Qualifications.
– April 5, 2016
As well as making and implementing policy, central banks run various payment and settlement systems. The flow of funds include central bank money, the nation’s foreign exchange reserves, commercial bank transactions and government payments. This amounts to billions of dollars every day. A hack on a central bank is unthinkable because it is disastrous for the nation.
February 2016 saw the unthinkable happen. The largest known hack on a central bank, in this case the Central Bank of Bangladesh, took place. $81 million dollars were stolen – it could have been far worse as the attempt was for $951 million – but for one of the poorest counties in the world, it was still very, very bad.
Posted in COBIT 5, Cyber Security.
– April 1, 2016
ISO/IEC 27013 – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 was 1st published in 2012 based on ISO/IEC 27001:2005 and ISO/IEC 20000-1:2011.
ISO/IEC 27013 was revised and republished late in 2015 to reflect the updated ISO/IEC 27001:2013 standard, information security management system requirements and the updated ISO/IEC 27000:2014, overview and vocabulary.
ISO/IEC 27001 has been updated into the revised high level structure for management system standards in line with many other standards such as ISO 9001, ISO 14001 and ISO/IEC 22301. ISO/IEC 20000-1 is currently being revised into this new structure and is due for republication in 2018.
What is ISO/IEC 27013?
ISO/IEC 27013 has the title Information technology — Security Techniques – Guidance on the integrated implementation of ISO/IEC 27001and ISO/IEC 20000-1.
The guidance is useful for organizations who are implementing the two standards together or those who have implemented one and now wish to implement the other using an integrated management system. The standard does not contain the text of other standards and needs to be read in conjunction with ISO/IEC 27001 and ISO/IEC 20000-1.
The body of the document is 15 pages with 23 pages of annexes containing reference tables. The annexes have been considerably extended from the 12 pages of the previous edition. This is largely due to annex B, the comparison of terms, because ISO/IEC 27000 now has many more terms defined than previously.
Posted in Certification, Cyber Security, ISO Schemes, ISO/IEC 20000, IT Service Mgmt.
– March 9, 2016