Dibaca bila lagi senggang, bila perlu, sambil makan lenggang bakar :-) Kebanyakan sumber permasalahan adalah cara berkomunikasi!!!
http://nugon19.blogs.friendster.com/my_blog/ http://nugon19.multiply.com/journal http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1371084,00.html?track=NL-463&ad=730096&asrc=EM_NLT_9521226 IT CAREER Five things you need to know about politics in IT Kevin Beaver, CISSP 10.12.2009 Rating: -4.50- (out of 5) Corporate politics affect IT professionals as much as any other job holders in a company. And no IT shop is free of -- or immune to -- the effects of political nonsense. Encounters with a self-centered boss with his own agenda, a sales manager that lives to drive you nuts or a board of directors happy to invoke policies that create more problems than they solve are nothing out of the ordinary. I've been in the middle of all sorts of political battles, and I hear lots of great stories from my colleagues, so you're in good company. I've found that the more you understand politics -- its drivers and causes – the better prepared you'll be to handle whatever's flung your way. Here are six facts you need to know about corporate politics: All people are self-centered. In practically every personal and professional situation, people want to know "what's in it for me?" Approach your interactions with people from this perspective. See what you can do – within reason – to make them feel better about themselves and you'll get along better with everyone. You cannot (and shouldn't attempt to) please everyone. Being a person who gets results is a good thing, but being a people-pleaser is one of the best ways to become a doormat. Being at everyone's beck and call may seem to have payoffs in the short term, but eventually people will grow to disrespect and resent you for it. You cannot communicate effectively with every single person in the same way. Find out how each person you deal with regularly likes to be approached, how he or she communicates, what motivates the person, and then tweak your interactions accordingly. As long as you're not faking it or patronizing, this can be a great way to get others on your side. People are averse to change. Doing things the way we've always done them, by golly, is the way things are going to remain. This is especially true for management and people who haven't a clue about IT and information security. Present new ideas casually in passing. Experts have found that people need about 72 hours to mull over things you're trying to sell. Never push your ideas on management, your peers or your subordinates in the name of IT or security. Instead, if you talk about problems and solutions in terms of the business – and do so indifferently without pressuring others – you'll win people over more often. You don't have to master the human brain, but learning to understand behavior and relationships will be one of the most beneficial things you can do for your career in IT and will take the edge off of corporate politics. More IT career advice Which Windows skills are in demand? Understanding the politics of information security Ten sure-fire ways to derail your career in IT Kevin Beaver, is an information security consultant, keynote speaker and expert witness with Atlanta-based Principle Logic LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security on Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at [email protected]. http://searchcio-midmarket.techtarget.com/tip/0,289483,sid183_gci1370745,00.html?track=NL-1014&ad=729560&asrc=EM_USC_9517981 How to decide if changing technology vendors is worth the time, risk Linda Tucci, Senior News Writer 10.08.2009 Rating: -4.00- (out of 5) The recession has intensified some companies' need to shop around for new vendors and better deals, and in some cases is turning best practice for changing technology vendors on its head. Just ask Bill Yearous, CIO of The Seattle Times, where the IT budget has been reduced by half over the past three years. When he saw the year-over-year pricing on his Oracle Corp. database increasing at twice the rate of his two other database products, he dropped the contract, ending a decade-plus relationship with the vendor widely reputed to have the industry's premier technology. "It used to be that CIOs would joke that you don't get fired buying the Oracles, IBMs, Microsofts of the world, companies with high service levels, whose software and applications are widely accepted. They are easy choices to make," Yearous said. "It's a little bit counterintuitive that the best technology turns out the be the technology that meets your business needs at the price you can afford, as opposed to who has the purest best technology. "Across the company, as we consider vendors and products, instead of always looking for the best, we are looking for good enough. And that is a reflection of the economy," he said. The move off Oracle, of course, wasn't trivial -- the majority of the newspaper's databases were under Oracle -- and problems that "could never happen" during the migration happened, but it saved the ailing company more than $100,000. Still, how does a CIO decide when the savings are worth the risk and the time spent researching and migrating of changing technology vendors? Changing vendors is never easy, even in good times and especially for a product as "foundational" as major software, said Duncan Jones, an analyst at Cambridge, Mass.-based Forrester Research Inc. "For software products, it really depends on the product category and what is involved in migrating data, retraining users and redoing integration," Jones said. By contrast, switching service providers, or switching software resellers -- moving from CDW to Insight or vice versa, for example, to source the company's Adobe Systems Inc. software -- is less complex. Likewise, discrete niche products, such as a travel expense management program or e-sourcing, can be switched with relative ease, particularly if the software is delivered as a service. "It would take a long time to switch something such as Microsoft Office, but many companies are considering a partial switch, to run a cheaper solution in parallel without rewriting existing stuff. Either way, it's a major decision that would need a lot of planning," Jones said. Tracy Terrill, CIO of LegalZoom Inc., a fast-growing Los Angeles-based online legal documents service, said he's probably changed between 10 to 15 vendors during the past two years. The changes have been driven mainly by his company's growth, he said -- not to save costs per se, but ROI determines the decision. The tough economy has actually helped in his case, with more vendors willing to lower prices or make better deals. "It's a standard ROI. Does the cost reduction justify the amount of time taken in resources to accommodate a switch?" he said. The wisdom of making a change is predicated on qualitative and quantitative factors. "Is the change simple and straightforward? What alternatives are there besides the choice you have made? The classic MBA definition of ROI is you want to get a return that is higher than your sitting cost of capital. If, at the end of the deliberations -- and it is no science -- you feel it's more beneficial to switch, you do it," Terrill said. "Just because you're saving money doesn't mean you're doing the right thing for your company," he added. "If you're saving money and foregoing the opportunity of growth in your revenue stream, then that is just ridiculous." Still, Terrill said every vendor change comes with its own set of pitfalls that should give one pause before embarking on a switch. Even hardware, often thought to be an easy switch, turned out to be hard for him. He recently walked away from a deal from a major hardware vendor that looked great on paper because he decided his investment in Dell was too great. One sometimes overlooked cost associated with the time and personnel investment in changing a technology vendor is identifying the economic value of lost opportunities. This "opportunity cost" is based on projects that would be neglected or shelved as effort is concentrated on making a change. It is difficult to quantify but may be critical. Research is also a critical step in making a change, especially when going from the tried and true to smaller vendors with less of a track record. "There is a lot of behind-the-scenes work," agreed Yearous. "One of the things that always runs through my mind, especially when vendors are presenting a really attractive financial package, is will I really be able to realize all these savings, or is it too good to be true?" he said. With the Oracle decision, Yearous learned that in identifying risks, "There is a tendency to say, 'Oh this won't happen.' Well, it does happen and you need to be prepared if you do run into a problem how the vendor is going to respond." Probably the most difficult aspect in negotiating these types of major changes is getting those contingencies into the contract language. The salespeople he is negotiating with "are not necessarily dialed into" the legal department that crafts the contract. "You have to figure out how to put verbiage into the contract to address these issues," he said. Let us know what you think about the story; email: Linda Tucci, Senior News Writer http://itknowledgeexchange.techtarget.com/cio/the-challenge-of-managing-risk-when-it-budgets-tighten/?track=NL-973&ad=729557&asrc=EM_NLN_9506470&uid=4875345 Oct 9 2009 2:10PM GMT The challenge of managing risk when IT budgets tighten Posted by: Linda Tucci Midmarket CIO, Strategy for CIOs, Risk management I see an interesting sea change when it comes to risk: Thanks to the recession, as IT risk management is constrained by tightening IT budgets, the risk of doing business goes up. As part of my security, compliance and disaster recovery coverage this year, I’ve listened to a lot of experts talk about the how-tos of risk management, such as, how CIOs need to stop taking a checklist approach to regulatory mandates and forge a risk-based strategy for compliance. Or how security officers still taking a buy-another-gadget approach to security will lose their jobs if they don’t focus on risk management. All this sounds good, as it implies that a rational scrutiny of risk can save companies money by focusing the available dollars on the most likely scenarios. But the reality is much worse. A CIO I talked to this week has seen his IT budget cut by more than 50% over the past few years. He’s in the newspaper business, an industry whose business model has been beat up worse than most in this recession, so the necessity to cut costs is not unexpected. To help keep the company afloat, he’s dropped maintenance contracts, including on some mission critical systems. He’s walked away from a premier — albeit difficult-to-work-with — longtime database vendor to save more than $100,000 for his company. “Sometimes the gamble has paid off, and other times we have paid for it,” he said. A few months ago, he had some equipment fail. Under his higher service level agreement, the components that failed would have been replaced almost immediately, in two hours at most. In the new reality, the provider had to fly the parts in from a neighboring state. “We were down for about 12 hours, and it was mission critical,” he said. These were the internal networks for about 40% of the company. People affected couldn’t use email or store files. Risk management makes these decisions all sound so, well, manageable. As the recession shows, however, CIOs can research the IT-related risks to their enterprise, plotting out every what-if scenario in the IT playbook, and still be surprised or, worse, undone by elements unimagined and unimaginable based on past experience. That’s when the person in charge has no choice but to be a risk taker. And be brave. http://itknowledgeexchange.techtarget.com/cio/why-cybersecurity-awareness-is-everyones-responsibility/?track=NL-973&ad=729557&asrc=EM_NLN_9506472&uid=4875345 Oct 7 2009 9:00PM GMT Why cybersecurity awareness is everyone’s responsibility Posted by: Kristen Caretta Midmarket CIO, Strategy for CIOs, SMB security October is national Cyber Security Awareness month! The campaign, sponsored by the National Cyber Security Alliance, a partnership that works with the government as well as corporate sponsors, encourages online safety and best practices to protect high-value information online. And what better time to raise awareness than on the heels of the Gmail/Hotmail/email phishing scam that compromised thousands of accounts. On Oct. 6, news broke that at least 10,000 Hotmail addresses and passwords had been leaked online. The next day, it was revealed that 20,000 addresses and passwords for email accounts from Hotmail, Gmail, Yahoo, AOL, Gmail, EarthLink and Comcast had also shown up on the Web. Just barely into October, the news reinforces the theme of this year’s security awareness month, “Our Shared Responsibility,” in showing that we have to promote cybersecurity education and best practices to all users – down to the weakest links. Everyone on your network needs to understand the risks (and be aware of any warning signs) when online. The need for that education was made clear by a statistical analysis of the 10,000 leaked Hotmail accounts, which showed that the top two most commonly used passwords were 123456 and 123456789. With that in mind, here are some resources to guide you in continued online safety and security in your organization: Small to medium-sized businesses are prime targets for cybercriminals because they often don’t have the resources to update their security programs. The National Cyber Security Alliance has some information on risk assessment and security plan implementation for SMBs to protect their brands, their customers and their employees. Our recently published “10 must-have steps for an effective SMB information security program” highlights security information for small businesses from a soon-to-be-finalized guide from the National Institute of Standards and Technology. The guide includes information on steps to an effective information security program and common trouble spots to be cautious of, such as: Opening email attachments from unknown senders and responding to emails asking for sensitive information.Clicking on Web links in emails and instant messages.Clicking OK on pop-up windows and other hacker tricks. The California Office of Information Security and Privacy Protection provides information and recommendations on data security – from online privacy tips (resources on bugs, hackers and more) to information protection practices for businesses. Does the Red Flags Rule apply to your business? The Federal Trade Commission has provided some information on the fraud protection rule for businesses, including a how-to guide and a DIY template to help you identify red flags in advance and avoid data breaches. Capital One and the National Cyber Security Alliance have come up with a top five list of cybersecurity tips for SMBs. Risk assessments and employee education were among the suggestions. The National Association of State Chief Information Officers (NASCIO) has partnered with the Department of Homeland Security’s National Cybersecurity Division, the Multi-State Information Sharing and Analysis Center, and the National Cyber Security Alliance to promote cybersecurity awareness. Each organization has provided extensive awareness tools and resources, a list of which can be found on the NASCIO cyber security awareness page. Good online security should be practiced 365 days a year – but take advantage of the added awareness this month to get your employees up to speed. http://itknowledgeexchange.techtarget.com/total-cio/why-it-can-be-ok-with-users-managing-their-own-saas-services-contracts/?track=NL-973&ad=729557&asrc=EM_NLN_9506474&uid=4875345 Oct 9 2009 2:20PM GMT Why IT can be OK with users managing their own SaaS services contracts Posted by: Rachel Lebeaux SaaS, contract negotiations, outsourcing contracts, Conference coverage I just returned from Forrester Research Inc.’s Services & Sourcing Forum in Chicago. Newsflash: Chicago is a windy city! Another newsflash: The road to creating and managing IT outsourcing contracts is a long and winding one – especially when business users start procuring their own services, such as applications via Software as a Service, or SaaS. When my colleague Christina Torode covered the Burton Group’s Catalyst conference this summer, the buzz among IT executives was that business users were purchasing SaaS services without running these agreements by IT first. As Torode reported: “Business users tired of waiting for IT to provision a new application or service are tapping cloud providers and bypassing IT along the way, much as they have for many Software as a Service applications over the past few years. And cloud providers are not calling on the IT department, but rather going to department heads to pitch their wares.” But if this trend makes it harder for IT outsourcing contract professionals to oversee the company’s IT assets as a whole, there is also a flip side: When business users procure their own software, it doesn’t come out of the IT budget. During a breakout session on SaaS services and cloud computing outsourcing contracts, Forrester senior analyst Liz Herbert said that she’s heard that some IT outsourcing contract professionals would actually prefer that individual departments continue purchasing their own SaaS services for this reason. In this economy, with all budgets and spending being scrutinized so closely, why make it look like IT is doing the spending if these other departments are willing to foot the bill? To be fair, I noticed some snickers from the IT contracting professionals in the room upon hearing Herbert’s comment, so perhaps it’s not a common point of view but I thought it worthy of mention nonetheless. Certainly, it speaks to the need for governance in IT outsourcing contracts on an enterprise-wide level – a subject I’ll be delving into in the coming week. Has your IT organization surrendered oversight of SaaS services contracts procured by the business, or do you still intend to oversee all these IT outsourcing contracts throughout your organization? [Non-text portions of this message have been removed]
