IT WEEK • 22 NOVEMBER 2004
36 COMMENT Planning
for governance laws
36 INTERVIEW Jim Duffy of ISC2 explains why demand is
growing for IT professionals with security qualifications
MANAGEMENTWEEK
WHERE TECHNOLOGY BECOMES BUSINESS REALITY
Editor: Madeline Bennett
IT deploys for flexible work
Mark Street
MOBILE STAFF ACCESS APPS
T
Email
Databases
Calendars
Financial apps
he bulk of the UK’s leading businesses are offering flexible working options, almost a year after the
government introduced a new law to promote such practices.
New research by access infrastructure
specialist Citrix Systems found that 90 percent of companies see flexible working as
an established and accepted model, and
that half of senior directors rely on mobile
devices such as laptops and PDAs.
The poll found that the most popular
application accessed by mobile staff is the
corporate email system, with some 95 percent tapping in. Meanwhile, 80 percent can
access company databases and just under
two-thirds use corporate file sharing systems. Half of mobile staff use calendaring
tools and a quarter have the capabilities to
access financial applications.
However, a number of obstacles are
preventing wider uptake of mobile working, according to board directors.
Just over half or 55 percent of senior
managers blamed the high cost of mobile
95%
80%
50%
25%
Source: Citrix
systems for hampering wider use of mobile
systems. Slightly more than half of senior
managers said that it was too difficult to
keep pace with the emergence of new
mobile technologies, while 48 percent said
it was difficult to educate employees to use
the relevant systems.
The research found that there is no lack
of enthusiasm for the extra flexibility
offered by mobile technology and tools.
Sixty percent of senior directors and
employees said that mobile technologies
have been critical to the transformation of
their working culture while 70 percent said
that mobile tools could make a significant
difference to the performance and profitability of the company.
“It’s reassuring that both employees
and members of the board share the same
positive views about [mobile working]
Suite aims to help for less
IT Week staff
their IT operations with business objectives, thanks to a significantly upgraded
MC Software last week released verreporting system. The system includes
sion 8.0 of its Magic Service Desk
more than 20 new key management metSuite helpdesk tools with improvements to
rics to prove business value.
help align IT departments with business
Magic 8.0’s QuickViews feature can
objectives and reduce costs.
provide business and system users with
Version 8.0 increases the breadth of the
instant access to important data on service
product and makes it simpler to use, said
support, BMC added.
BMC. Magic 8.0 includes over 45 new feaThe tool is also designed to lower the
tures and updates aimed at medium-sized
cost of support, thanks to new features to
businesses, and is designed to lower the
improve usability, such as integration with
cost of support operations.
Active Directory, and an updated
The customisable, browsersearch capability to help Magic
based service management system
users quickly pinpoint informacombines best-in-class helpdesk
tion, reducing the time needed to
software with core Information
resolve problems.
Technology Infrastructure Library
Kris Brittain, vice-president
(Itil) best practices, said BMC. Itil
and research director at BMC, said
is an industry-standard framework
in a statement, “A major challenge
for IT service delivery and support.
for IT organisations is deciding
Magic 8.0 is designed to help Pegden: cost how to evolve antiquated service
medium-sized businesses to align of user support and support process models and
B
itweek.co.uk
benefits,” commented Lewis Gee, managing director of Citrix UK.
Fraser Kyne, product marketing manager of Citrix UK, said mobile working
offered productivity as well as cultural
rewards. “It’s all about showing the business benefits,” he said.“IT directors have to
make tangible the advantages such as
showing how mobile working could give
sales people an extra day on the road.”
The government introduced its Flexible Working Regulations on 6 April 2003.
Under this law, parents of children aged
under six or with disabled children aged
under 18 have the right to apply to work
flexibly and employers are obliged to consider such requests seriously. The government has also been extending and increasing maternity and paternity leave and pay.
“These rights, together with existing
rights to parental leave and time off for
dependents, provide parents with more
opportunities than ever before to balance
work and family life, whilst being compatible with, and beneficial to, business efficiency,” said a government spokesperson.
Leader, p12 Mobile strategies, p29
MAGIC SERVICE DESK 8.0
BMC Software has updated its
• Magic
helpdesk tool to bring IT
•
•
departments closer to business
aims and reduce support costs.
Magic 8.0 is designed to follow Itil
best practices for service delivery
and support in the IT industry.
Version 8.0 is also designed to be
easier to deploy, integrate and use.
the underpinning of consolidated IT service desk tools to support the development
of a greater services management architecture within IT.”
Richard Pegden, Magic product manager for Europe, said, “Magic Service Desk
8.0 underscores BMC Software’s commitment to delivering products designed
specifically for mid-sized business. It builds
on what we have heard from our customers
and our understanding of their needs.
These companies care about ease of use,
ease of implementation, enhanced security,
increased ability to meet service levels and
keeping the cost of support low.”
CONTENTS
36 COMMENT IT directors should start
preparing now to ensure their
businesses can comply with the
corporate governance rules of the
future, writes Mark Street
37 INTERVIEW Jim Duffy of IT certification body ISC2 explains why
corporate demand is growing
for IT professionals who have
achieved security qualifications
Councils to
miss targets
for e-services
Mark Street
Two-fifths of local authorities do not
believe they will meet the 2005 deadline for putting all government services online, according to a new survey.
Forty percent of senior business
managers claimed they were not confident they would meet the 2005 targets, and 66 percent said they were
seriously worried about the costs of
the new e-government systems,
according to a survey of business managers and IT directors in local authorities, commissioned by outsourcing specialist Sx3 Managed Services.
“Hitting the government’s 2005
deadline has been a topic of much
debate over the past year, and only
recently the minister for local e-government came out confidently stating
that all authorities are on track to eenable all services by the end of
2005,” said Sx3’s Andy Ross.“From
our research, we know the authorities would love to be in a position
where they could confidently state
this, but it just isn’t the case.”
The Society of Information Technology Management (Socitm), which
represents IT managers working in the
public sector, recently said the successful roll out of e-government will
rely on soft management skills more
than technology, and there is a role for
what it described as “e-champions”.
In a report entitled Delivering local
e-government, Socitm said e-champions need skills in organisational
awareness, relationship building, communicating, customer service, leadership, and influencing others.
The report suggested the echampion should promote service
transformation and in many cases set
the strategic direction, while the head
of IT should be responsible for developing the technical infrastructure and
delivering operational services.
35
MANAGEMENTWEEK
IT WEEK • 22 NOVEMBER 2004
Embrace the spirit of transparency
IT directors should lay the groundwork now to ensure their businesses will be able to
comply with the corporate governance legislation of the future, writes Mark Street
F
or a long time IT directors
have been able to ignore the
growth of corporate governance
laws, but the days of being able to
stick heads in the sand are now
drawing to a close.
Last week section 404 of the
US Sarbanes-Oxley law came into
force. This obliges US-listed companies to establish internal management controls and ensure
transparent financial reporting, all
of which has a profound impact on
IT management.
There is some debate as to how
much UK firms will be affected by
the stringent US legislation, which
has been put in place primarily to
avoid a repetition of corporate
fraud on the scale of Enron. Some
say it will affect only UK subsidiaries of US firms, while others
believe it will take its toll on UK
firms with close trading partnerships spanning the Atlantic.
In many ways, this kind of
debate is irrelevant because Sar-
banes-Oxley is very much the shape
of things to come.
In the UK, we have already experienced more than our fair share of
corporate governance legislation and
recommendations. Consider the
recent launch of the Combined
Code of Corporate Governance,
which sets out best practices for
firms wanting to deliver the best
value to shareholders, as well as mitigate the risk of their investments.
Elsewhere we are preparing for
an overhaul of UK company law,
with next year’s introduction of the
Companies Act and the related
Operating and Financial Review.
Under the changes, UK-listed firms
will have to list their risks in their
end-of-year company accounts to
ensure shareholders are aware of any
skeletons that may be lurking in the
corporate cupboard. Some observers
are already calling the move the UK’s
own version of Sarbanes-Oxley.
Meanwhile Brussels bureaucrats
are busy drafting their own version
of Sarbanes-Oxley, under the premise that anything Americans can do,
the Europeans can do better.
It is clear that even the most
staunch supporters of the free market have come to accept that listed
companies cannot be allowed to
have a totally free rein. There seems
to be agreement that firms need a
spirit of transparency, so that good
business is not only done, but is seen
to be done. And this is where IT
plays a key role as the backbone of
progressive firms’ business plans.
IT must welcome the spirit of
governance with open arms, and IT
directors should ensure they have a
strong idea not only of what legislation will affect them in the short
term, but also what is on the radar in
the mid to distant future. This may
require the creation of a new role of
IT governance and planning officer
to ensure firms are fully covered.
But above all, companies must
lay the groundwork for governance,
so that the underlying infrastructure
Should IT staff be certified?
Jim Duffy of IT certification body ISC2 explains why demand
is growing for security staff who have achieved qualifications
SECURITY INTERVIEW BY MADELINE BENNETT
IT Week: Since 2000, the number of Certified Information Systems Security Professionals (CISSPs) has leapt from 40 to more
than 1,000 in the UK, and from fewer than
3,000 to more than 27,000 globally. As
chief executive of ISC2, the body responsible for CISSP certifications, how do you
explain this sudden increase?
Jim Duffy: In the UK, the growth has been
driven by individuals wanting certification.
Two years ago, awareness of the qualification was not there, but now there’s more
interest in the certification among heads
of IT. The UK government is also enlightened about security issues and wants
more skilled, qualified people.
Duffy: safety is
a global concern
36
Does this interest in the CISSP qualification extend around the globe?
The US and Singapore governments both
support security training and certification.
There’s also a big demand for qualified
professionals in Asia. But in France there
are not yet more than 100 CISSPs.
So, does the international nature of the
certification increase its popularity?
Information security is a global concern.
Individual organisations might have their
own security certification programmes,
but the CISSP course covers most of the
requirements of organisations. Why reinvent the wheel, when you can just tailor
the top 10 percent to an individual organisation or government?
What benefits do organisations get from
hiring certified security professionals?
More certified individuals will mean improvements in IT security. Organisations
know when they hire a CISSP, they understand security. The challenge we’re facing is
to understand policy and risk management. Qualified security people understand these areas and can communicate
risk to management. It also comes down to
trust. If my company is doing business
with another company, how do I trust the
security administrator on the other end? If
they’re certified, you can trust them.
What areas of technology and threat does
the CISSP programme cover?
A lot of the fundamental, risk-mitigation
stuff is covered – internal threats, social
engineering, not leaving your door open to
casual hackers. If your organisation has an
intrusion detection system and it’s not
tuned properly, or your anti-spam system
is junking good business emails – all this
needs to be managed.
Is the status of IT security professionals
rising within organisations?
Our goal is for security to sit at a different
place in the management structure from its
current position. So IT security chiefs are
not reporting to a head of IT, but both
these roles report to a central management
is future-proofed, so it can adapt to
meet the most obscure demands of
any new regulations.
IT directors must shrug off the
tick-box mentality of audits and
regard regulatory demands as an
opportunity to provide the business
with a better service. They must also
realise that the fear of penalties can
be the most effective way to loosen
traditionally tight purse strings
when asking for a bigger IT budget.
The changing regulatory landscape means that IT departments
must go back to basics and follow
the dull but worthy IT management
disciplines that encompass the Itil,
Cobit and BS7799 standards for
best practices. ITW
[email protected]
ABOUT JIM DUFFY
Duffy is president and chief
• Jim
executive of the International
•
Information Systems Security
Certification Consortium (ISC2),
a non-profit organisation that
certifies IT security professionals.
Under Duffy’s leadership, the
number of Certified Information
Systems Security Professionals
worldwide has grown from fewer
than 3,000 to more than 27,000.
person. Otherwise, there’s a risk a product
will be pushed through by IT without
being signed off at a security level. The
future will be two roles and two functions,
working in parallel. You’ll also have a separate role for head of operational risk, but
the IT security person will feed into this
person. There’s a cost to all this, but it’s the
cost of doing business.
How does security certification for
products fit into this picture?
The end goal is for certified IT security
managers to be choosing from a range of
products that are certified for security. Businesses ought to be insisting on certain
security criteria from vendors before they
buy products, and governments should be
providing guidelines. ITW
www.isc2.org
itweek.co.uk