The UltraTech Zone

Earlier this month, I came across a provocative article in ComputerWorld that outlined some of the reasons why many organizations get inconsistent results from their Information Technology departments.  Later, this article was made the source of discussion on a LinkedIn CIO group, where many different points of view were presented. As is ...

Earlier this month, I came across a provocative article in ComputerWorld that outlined some of the reasons why many organizations get inconsistent results from their Information Technology departments.  Later, this article was made the source of...(read more)

Software as a Service, or SaaS, is seen and marketed as a way to remove or reduce the complexities and cost associated with local enterprise software deployments, especially where such software has a desktop installation facet to it. As is typical with all (relatively new) technologies – especially in recent years – there comes the inevitable ...

I experienced a wide range of emotions as I read this allegedly tech savvy article in the Wall Street Journal, written by someone who is deemed a journalist for reasons which clearly have no basis in reality.  Mostly, I was surprised, because this is not the caliber of information that I expect from a publication such as the Wall Street ...

It has long been accepted that Information Security should be implemented in layers: Defense in Depth. The idea being that you should add overlapping protection mechanisms to either stop or slow down an intruder.  To use a simple analogy, if you store valuables in your home, you’re not just going to have a safe to keep them in, but you will ...

I t has long been accepted that Information Security should be implemented in layers: Defense in Depth . The idea being that you should add overlapping protection mechanisms to either stop or slow down an intruder.  To use a simple analogy, if you...(read more)

Lately, I’ve been getting lots of good ideas for blog entries from my participation in various LinkedIn group discussions.   One recent topic was about what IT should focus on in any organization.   Another was about whether we should be working harder or smarter. The title I have selected for this post also happens to be ...

I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?”, and it highlights a common misconception about the role of auditing and auditors in the compliance process. The article is a follow-up to an interview with the CEO of Heartland Payment Systems ...

I just finished reading a provocative Computer World article about the PCI compliance process, entitled “Will the Real Enemy of Security Please Stand Up?” , and it highlights a common misconception about the role of auditing and auditors in the compliance...(read more)

There is an excellent discussion taking place on the LinkedIn group for CIO magazine under the heading of: Some thoughts on IT-Business Alignment from the Chase Zander IT Director Forum (as influenced by CIO Forum members) So far, there are over 35 responses, and many of them are really good.  A couple of them got me to thinking about where ...

There is an excellent discussion taking place on the LinkedIn group for CIO magazine under the heading of: Some thoughts on IT-Business Alignment from the Chase Zander IT Director Forum (as influenced by CIO Forum members) So far, there are over 35 responses,...(read more)

The more things change, the more they remain the same. Almost exactly two years ago, I posted an article about the general organizational obsession with regulatory (or industry) compliance, at the expense of proper information security.  Just today, I read an article on the CIOzone that asks: Does PCI Compliance Work? The point being made ...

Lately, I've been playing various medieval build/conquest games on Facebook and other places.  My favorites are Knighthood and Tribal Wars. (PLEASE NOTE: I am especially interested in getting some vassals in Knighthood, so if you're interested in playing even a little, be sure to visit my kingdom.) I don't know about you, but I don't ...

  As I think about it, the title is probably misleading, because being a Technology Manager with change-agent responsibility is not the same as being a Technology Change Agent. In my particular case, I'm not looking to change the technology, necessarily.  In fact, I'm pretty happy with the basic technology infrastructure, at least in ...

Does fulfilling your regulatory compliance requirements actually lead you to be more secure?  Will your organization automatically attain compliance by pursuing a strict regimen of security practices? In short, is the quest to be compliant complementary, unconnected or mutually exclusive with the quest to be secure? This is the heart of a ...