Tag Archives: ITIL

Certification Bazaar: The Ugly Side

~

The certification bazaar has  taken off in the Indian IT industry. Courses range from PMI’s PMP, OGC’s PRINCE2 and ITIL, COBIT, TOGAF and BPM.

Purveyors of these courses charge you an arm and a leg; certification and their maintenance will in all probability cost you another arm and a leg.Do you wish to put down that kind of money with the possibility of little or no returns on your investment?

Horror stories of how folks are certified but have no opportunity to practise abound, but at least in some cases, employers are willing to foot the bill to retain the certified hordes. Yet others do not have the said luxury. Would you re-certify yourself if you had to pay from your own pocket?

Marketing emails  sniff out an inkling of a need or a requirement. The tactics could be termed innovative or (if you wish to be critical) , they  smack of desperation.

Courses and their faculty seem to be  disjoint and disparate from the industry and reality.

It’s a chicken and egg situation. Should you  certify and then gain experience on the same? Or gain experience first and then have yourself certified?

What do you think?

_______________________________________________________

The other bugbear in the Indian IT industry is not sexism, as you would like to believe, but ageism.

Lack of seasoned professionals in the industry and pre-dominance of young professionals is the cause of this malaise.

Churlish behaviour of the young ‘uns only reinforces the impression.

Just another ugly facet of the celebrated success story.

__________________________________________________________

Quote of the day:
Whatever you do will be insignificant, but it is very important that you do it. – Mahatma Gandhi

Top Posts

~

Home page
2,795

IceBreaker Speech at Mumbai ToastMasters
180

The Women’s Reservation Bill
130

About
109

Web Services, SOA, BPM, and Cloud Computing VII
89

Overstock.Com OSTK
76

Tennis, AITA, Mumbai University & Kalina Campus
56

True Search for Humor! Oh, how sach!
53

The Balanced Scorecard & Project Management
45

Emceeing a ToastMaster Meet!
43

ITIL V3 – A Brief
40

Web Services, SOA, BPM, and Cloud Computing V
35

The Sum Of All Parts
35

We’re too self-absorbed!
33

So why do Indians cheat?
31

Disruptive Innovations
30

Portfolio Management & Corporate Strategy
29

Now, That’s Incredible!
29

Disclosure
29

Bollywood – Actresses – II
26

Web Services, SOA, BPM, and Cloud Computing IX
26

Ethos,Pathos,Logos
26

How Proza(i)c : Happiness in a Pill?
25

Web Services, SOA, BPM, and Cloud Computing VIII
25

Of Words, Poetry and Bad Grammar!
25

Bollywood – Actors – I
25

Poetry
25

T-Commerce – Teeing Off
24

Gods of Clay!
22

Snapshots on OOP
21

Quick Tips for ToastMaster(s) of the Day
20

Microfinance and you
19

IPL’s ‘Twittergate’!
19

ITIL – Next!
17

For the cricket fans!
17

Bad Hiring Practices & Google
17

Toastmasters
16

Tennis comes into its own!
16

Harsha Bhogle: The importance of the IPL
16

Capitalism: Its Two Variants
16

Trojan Horses
16

Web Services, SOA, BPM, and Cloud Computing I
16

RESUME
15

IT Project Management Quotes – These are not original
15

Web Services, SOA, BPM, and Cloud Computing II
15

Life and Program Management
15

Doosra: The life and times of an Indian
15

Architecture – Understanding the criteria – II

~
Principle of a public key infrastructure. Roug...

Image via Wikipedia

Continuing with Understanding the criteria….

Security:

When we refer to IT security, we usually look at access management i.e. authentication and authorization.

Authentication simply means you are who you say you are. It is also referred to as identity management.

Authorization means are you authorized to use the given service / application / system i.e. are you allowed access? Do you have the rights to use the resource? Authorization is usually a group / role specific policy. Rarely is authorization set at the individual level. Authorization can be also implemented , in a charging system, as do you have credits to be allowed to use the resource? This, of course, would be at the level of the individual or an entity such as an organization. Examples of this would be encountered in a utility computing model say cloud computing or even for mobile phone services. In the latter, the services are degraded once the credit limit is reached and are restored once the customer tops up his account with the required minimum amount. Authorization is also referred to as access management.

A robust access management system includes verifying identity and entitlement, granting access to services, logging and tracking access, and removing or modifying rights when status or roles change.

ITIL talks about information security as being effectively managed if

  • information is available and usable when required (availability)
  • information is observed by or disclosed to only those who have a right to know (confidentiality)
  • information is complete, accurate and protected against unauthorized modification (integrity)
  • business transactions, as well as information exchanges, can be trusted (authenticity and non-repudiation).

In cases where information is to be protected , use of cryptography and methods such as symmetric encryption, Public Key Infrastructure (PKI) (asymmetric encryption algorithms) and digital signatures (ensures non-repudiation). For more, read http://en.wikipedia.org/wiki/Public_key_encryption

A strategy referred to as ‘defense in depth’ is used to secure computer systems from outsider attack. Here, the premise is that even if the outer wall is breached, the inner sanctum is still secure and it is also time-consuming for the attacker, by which time, a breach may be detected and flagged by a good audit trail system.

You may be more familiar with this when building systems that access the internet and are accessible from it. Here, a De-militiarized Zone (DMZ) adds another layer of security to the firm’s LAN. For more see http://en.wikipedia.org/wiki/DMZ_(computing)

 Usability:

This is the most overlooked aspect of a solution / application. However clever your system may be, however ingenious the engineers developing the system, if the user does not find the application easy to use, then you have a hit a brick wall. Resistance from the users can sound the death knell of any application. A good application should be intuitive to use and leverage existing habits of users. Forcing users to change their ingrained habits is always difficult. Especially with reference to transactional systems and customer facing applications, where responsiveness is key, a non-intuitive interface coupled with inadequate training on a new system can lead to frustrated users. In my experience, at British Telecom, when a GUI was introduced to the customer service representatives replacing the old mainframe UI, the sluggish responsiveness of the new UI led to experienced users switching over to the old system so that they could finish their quota of calls to be attended to. CSRs are very stressed individuals and you do not want a system to add to their discomfort.

These , in my opinion , are the most relevant criterion in evaluating an architecture. Their importance may vary from system to system. But a good and simple way of evaluating a software architecture to assign weights to each criteria and a range of values from 1 – 10 for each criteria. This will give you a rough and ready estimate as to how well your architecture stands up to scrutiny.

Have a good day!

To be continued ……

Share this post :

Reblog this post [with Zemanta]