Tech Answer Blog

As more of Information Technology is automated away from manual processes, the manual follow-up has now become mandatory.  Many of the messages generated by automated processes get ignored, and thus system administrators may have to condone false negatives in order to get something done during their day besides browsing through tons of automated messages.  Until intelligent software can appropriately route these messages, users must know to follow up any ticket or automated request with a manual contact i.e. at least a manual e-mail and probably also a manual phone call.  This puts the item(s) back on the appropriate administrators’ radar screens.

The only impenetrable security is that which at a minimum prevents any use whatsoever.  Systems that allow any access are susceptible to at least one form of intrusion: falsified access credentials.

The purpose of information security is to slow down a break-in or use of stolen information to the point where the perpetrator can be captured in the act.  In the case of falsified access credentials, security systems slow down the perpetrator from generating fake access credentials as fast as if the security were not present.

Thus, hackers attempt to find any faster way to generate falsified credentials.  Even if their method is just a tiny bit faster, exploting this speed difference vs. the assumed speed to compromise credentials can buy the savvy hacker time to get away with their crime.

Information Technology security professionals must remain aware of the time necessary to break security, especially in the case when a new form of instant access is discovered (0-day exploits, for example).  Instant access means that a hack attempt would most likely go entirely unnoticed until at least some time after the important data/etc was stolen, and depending on the intrusion method, the most severe of exploit-based intrusions may be entirely undetectable.

Technology project timeline estimation is the lifeblood of all information technology and related consulting efforts.  However, several buried assumptions invisibly affect the estimation process and can cause projects to miss timelines and go over budget.  Being aware of these buried assumptions allows padding for the respective risks, but nothing will prevent the risks from existing.

The most dangerous buried assumptions occur in the following loop:

1.  Changing project requirements at any time after the estimate is made will not cause an overage.  This is the most obvious assumption and yet it remains buried to most customers because of the second most dangerous buried assumption.changes.

2.  Customers or clients develop a false sense of security about the severity or processes necessary to implement change requests.  Without spreading FUD, information technology directors and management must make efforts to give customers accurate information about how long certain changes may take, and the authentic impact expected to the schedule as a result.  Attempting to cover up for slips in the schedule from events in #1 will only increase the effect of any actual timeline slippage on customer retention and satisfaction.

3.  The false sense of security from the customer’s side reinforces the creation of new project requirements outside of the original estimation.  As customers become more confident that their needs can be met at any time, they continue to pile onto everyone’s now unrealistic expectations with more fuel for the fire in the form of additional changes.  These additional changes cause the timeline buried assumptions to loop again starting at #1.

Without a hardline approach that may cost some initial customer satisfaction, the long-term outcome of this loop is to geometrically grow the cost and delays involved in future projects until the point of repeated project delivery failures (once funds and time are exhausted).