e-Management brings commitment, expertise and proven success to every opportunity.
Solutions

Archive for July, 2010

If You Like Taking a Vacation, You’ll Just Love CPIC!

Thursday, July 29th, 2010

by Peter Dimov, e-Management

I remember the times when information technology (IT) was competing for admiration with NASA and IT folks were practically “magicians” or “wizards.” Oh, the good ole days. Since those prehistoric times, we have gone through the “Golden Age of IT,” the 90s. In fact, hundreds of thousands, if not millions of IT systems, have been created in all kinds and sizes, then re-created, patched, and upgraded. It all looked like a hot techno mess that wouldn’t ever stop. Alas, it has. And IT has become so pervasive that it is no longer an exotic advancement, but rather a work horse.

The Party’s Over—Enter CPIC!
As soon as IT became widespread, large corporations and the federal government started to talk about “efficiency and effectiveness” and we knew the party was over. Senators pushed forth the Clinger-Cohen Act of 1996, and declared “each Federal agency design and implement a disciplined Capital Planning and Investment Control (CPIC) process” to clean up your house and put everything in order. Soon after, the Office of Management and Budget (OMB) issued the legendary Circular A-11 and that’s how we’ve ended up here.

CPIC brings government closer to success.

CPIC brings government closer to success.

So What’s So Great About CPIC?
Simply put, CPIC is responsible IT spending by federal agencies. It is a two step process that aims to stop the “we need this” culture of IT spending, and transform it to “why we need this.” It asks meaningful questions as well as poses uncomfortable questions such as: What will it take to make it? Is this the best solution? What are the benefits of having this system? What are the risks?

First, OMB Circular A-11, Exhibit 300 requires a business case motivating the investment in a comprehensive form that tracks an investment over the years. Although executing the CPIC process is not a picnic, it does have some resemblance to our family vacation plans. When planning a vacation, many of us are faced with limited resources including time, money and options. Similarly, an agency faces confined resources, budget, and time.

What Are Our Options?
The first step to planning a great vacation is to draft a list of all the options we have, where to go, what to do, who to see, and who to avoid. We need to assess each option for time, cost, and fun value. Likewise, agencies should prepare an IT wish list, as well as assess each IT investment for cost, benefits, time, risk, and other technical factors.

What Can We Afford?
The second step is to decide what vacation options we can afford and which are out of reach. What’s the intersection between time, money, and fun? The choices that don’t fit those criteria are put on the future wish list. If the resulting list is longer than one page, you need to do a little bit more work. You need to re-examine the fun value of each qualified choice, or as you probably guessed it, the investment proposals are ranked in terms of their contribution to the organizational goals. One major difference between federal and commercial projects is that government does not aim to make money, but to serve the citizens.

CPIC is also like planning the perfect family getaway that fits your budget.

CPIC is also like planning the perfect family getaway that fits your budget.

A Word of Caution
Some investments just have to be done! Even though their contribution to the organizational goals may seem open to discussion, the impact of not picking them could have dire consequences. For instance, think of something like upgrading databases when the previous version is no longer supported, or not stopping to see Grandma when passing through Ohio. You’ll hear about these “missed” opportunities for years to come!

Your Wish List is Complete!
Whatever is left standing on the wish list after this soul searching and fits the budget of time and money, will be executed. Of course, we are on a budget and we need to watch it. CPIC asks us to use the same Exhibit 300 form to record what happened and to remind us what we have promised. This process aims to ensure that each individual investment is backed by solid needs and will improve the agency operations in some way.

It does not, however, require the linking of the agency’s vision with the IT investment. Additionally, it does not help create a coherent, non-redundant IT environment because it treats each IT investment piecemeal and does not promote an interrelation among the agencies’ systems. OMB recognized this deficiency and issued a directive for the development of enterprise architecture with the purpose to standardize, relate, and provide integrity of the IT environment. After all, IT has become like electricity, a must have infrastructure without which no organization can function.

CPIC is about Moderation
CPIC’s goal is to ensure that the IT environment is calibrated for the needs of the agency and to soak up no more and no less than the necessary funds. Today’s enterprise, private or government, employs hundreds of thousands of people; managing them does not leave any room for daydreaming. This is why OMB has started giving birth to more and more siblings to the CPIC process, such as strategic planning, enterprise management office, portfolio management, balanced score cards, and other processes aiming to close the loop on managing the IT assets acquired at the clip of $66B a year.

Your Turn…
Why do you think CPIC is important for federal agencies? Do you think following the advent of CPIC in the federal government that things have gotten better or worse? Finally, do you think adopting CPIC best practices will help you and your family plan better, more cost-effective vacations?

iPhone, BlackBerry, and Android. Oh My!

Tuesday, July 13th, 2010

By Dennis Powell, e-Management

Before I purchased my Android smartphone, I could live definitely without smartphones. Today, not sure so much. What would I do without my movie show time app, my GoogleMap app, GPS, YouTube, Gmail, touch screen…and you know I could go on; but, I will spare you my app-obsession.

What would happen to your personal data if you lost your mobile phone?

What would happen to your personal data if you lost your mobile phone?

Whether you like it or not, smartphones are everywhere. The fascination with these convenient devices isn’t limited to my fixation. Remember the long lines for the release of the iPhone 4? Not surprising if you consider CommScore’s most recent estimates that more than 234 million Americans (ages 13 and older) are mobile subscribers. Among that number, more than 42.7 million people own smartphones.

Meet the Jetsons
Smartphones such as the iPhone, Android, Palm, or BlackBerry offer 21st Century convenience reminiscent of the classic TV show, The Jetsons. (Personally, I have never seen this show since I just celebrated my 21st birthday again for the 20th time. :-) ) But seriously, as a kid growing up, I never thought I would be able to use a futuristic device to get or store phone numbers, birthdays, or find my way to the closest dry cleaner or novelty shop in a city I have never visited. And yet, here we are—a future not much different from the videophones of The Jetsons.

Technology is great. Right? And, no one doubts if smartphones are good for us. But, if used improperly, they can easily become liabilities. Here are a few security tips that should keep you and your organizations safe from smartphone predators.

Don’t Lose It
A few months ago, I lost my mobile phone and I totally lost my mind. I panicked because so much of my life was housed in the phone. Lucky for me it was in the seat of my best friend’s SUV. Plus, I didn’t have sensitive data connecting me to work or home. Personally, I avoid having my social security number, credit card digits, notes regarding passwords, or financial data on my mobile device. Along with those best practices, be sure to back up data on your home computer, authorized and approved work computer, or in the cloud (online data storage services)—just in case you’re “unlucky” like me when it comes to mobiles devices. (Click here to read a link to Gizmodo that provides easy ways to back up your smartphone).

Keep in Mind Passwords Are Your BFF
So let’s say you are “unlucky” and lose your phone. What then? Well, you may be better protected if you have a password in place that allows access to your device’s information. Seriously, passwords are your best friends forever (BFF). Some smartphones use alphanumeric codes to grant access to users. Others, such as touch screen devices, may require patterns to unlock smartphones. Be sure to have a strong password or code to gain access to your phone. For alphanumeric best practices, check out Doug Pitcher’s blog posting that addresses creating strong passwords.

There’s a Scam for That!
All of the security issues you have with your laptop and/or desktop are relevant when it comes to your BFF…oops, I mean your smartphone. And while there are fun commercials claiming that “there’s an app for that,” buyer beware. If you plan to download apps, be sure to use the same caution you would with your personal computers. Specifically, avoid unfamiliar third party apps—especially the free ones from anonymous developers. These rogue apps could be spyware or malware that have the power to steal valuable personal information or even hack into your work network. Similarly, avoid clicking links included in text messages to unknown sites, or coming from strange sources. The Internet is loaded with con artists trying to take over your identity or steal your organization’s or company’s intellectual property, secrets, or workers. And yes, there truly is a scam app for that!

Have Your Smartphone Validated by Your Office Security/IT Team
Even company and government agencies are trying to figure out how to secure their sensitive data with smartphones, which are essentially minicomputers connected to IP networks. To reduce the risk of compromising your work network, be sure to have your smartphone approved by your organization if you plan to access its network. At the very least, you should use secure connections (e.g., VPN) to access company resources. Ask your security/IT team about using encryption technology to safeguard sensitive, confidential, or proprietary data.

Don’t Even Think About Jailbreaking
Some iPhone users aren’t happy with their exclusive mobile carrier. (True story.) So, they “jailbreak” or hack their own phones in order to take advantage of another mobile network. Unless you are a credentialed cyber security professional, jailbreaking may open your smartphone up to serious security issues. We advise you to find another smartphone that works on your network of choice. Hacking your phone is “not a good look.”

Time for you to chime in…
We want to hear from you. Have you ever lost your smartphone? If so, how did it affect you? Are smartphones overpriced toys? What smartphone is the best for security? Why? Do you have any smartphone security tips you would like to share?

Feel free to comment and/or share this blog thread with your social networks (e.g., Twitter, Facebook, Digg, Google, MySpace, LinkedIn).