A Logical Approach to Requirements Gathering

By Chris Alexion, Consultant, Service Delivery on Aug. 15, 2017 View Comments

Requirements gathering is a critical, foundational step in all software development. It will either set the project on a course to great success if done well or doom it to failure if done poorly. As Janet Leon pointed out in her blog, The True Cost of a Software Bug, the earlier you catch a bug in the software development life cycle, the less costly the bug will be. So it should be our goal to get the requirements 100% correct in order to eliminate bugs. With the stakes high and the challenges many, here are a few items to consider during requirements gathering that will ensure your project charts a successful course.

Read More

5 Steps to Improve your IT Security with Vulnerability Management

By Logan Biely, Project Manager on Oct. 18, 2016 View Comments

2016 has seen a rash of high profile security breaches that have impacted businesses and their customers alike. Yahoo recently reported the largest such breach in history, revealing that some 500 million customers’ data had been stolen. It is no longer enough to serve your customers, you must protect them as well. Having your information security team scanning and monitoring your network is a start, but installing a formal vulnerability management process will go much further in lowering your IT risk. Vulnerability scanning will help you to identify your risk while vulnerability management will help you to understand and mitigate these risks.

Read More

IT Security: If It's Not A Board-Level Topic, Your Business Is At Risk

By Celerity on Aug. 25, 2015 View Comments

The biggest data breach of 2014 can be credited to the one that got the best of Sony Pictures Entertainment. The attackers infiltrated the Sony Corporation and exposed a company executive’s emails, which contained movie project details that had not yet been made public. By the time 2014 came to a close, approximately 1,500 breaches worldwide had exposed nearly 1 billion records total, according to The Wall Street Journal.

As we know, IT security will remain a hot topic with the recent activities occurring across business lines. Board-level strategies are a must and processes and procedures need to be implemented to protect the reputation and reduce the regulatory risks of these companies. Here are some crucial information security tips:

Read More

Privileged Access: The Root of Your Next Breach?

By Sean Stanton, Senior Security Analyst on Mar. 24, 2015 View Comments

The recent cybersecurity breach at Anthem, Inc. has been classified as one of the largest breaches ever of customer information. Despite Anthem’s status as a healthcare powerhouse with over $2.6 billion in revenue last year, it only took one privileged account to introduce a security breach that affected 80 million customers.

Read More

The Reality of Intellectual Property (IP) Data Protection: 3 Ways to Combat Everyday Risks

By Kishen Sridharan, Managing BPM Consultant on Jun. 2, 2014 View Comments

The Reality of Intellectual Property (IP) Data Protection: 3 Ways to Combat Everyday Risks

In a landmark case last week, the U.S. Justice Department charged five Chinese officials with hacking into the networks of the U.S. Steel Corporation and Westinghouse Electric. Unfortunately, the theft of corporate secretsfrom what is estimated to be more than 3,000 American companies in one report circulated last yearis nothing new. Intellectual property (IP), which contains proprietary information such as treasured trade secrets, research, or publications that are pending copyright, is one of the most prominent targets of hacker attacksand yet, it’s one of the most weakly guarded.

Read More

How to stop the bleeding: 5 survival tips to manage vulnerabilities

By Ellen Ozderman, Director of Information Security & IT Risk Management on May. 5, 2014 View Comments

Ok, so you survived the Heartbleed bug, a critical vulnerability that affected all internet applications using OpenSSL. But Heartbleed isn’t the last you’ll hear of widespread internet risk—just last week, Homeland Security issued an advisory against using Internet Explorer due to a flaw in the browser that puts it at serious risk.

While it'd be ideal to encrypt all internet communication, we all know that won’t happen any time soon. So in addition to frantic patching and changing passwords, what are other remedies that can help stop the bleeding instead of relying on a band-aid solution?

Read More

'Heartbleed' Bug Exposes Millions of Sites to Security Risks

By Joshua "jag" Ginsberg, Principal Technology Architect on Apr. 23, 2014 View Comments

'Heartbleed' Bug Exposes Millions of Sites to Security Risks

Security researchers from Codenomicon and Google unveiled on Monday the existence of a bug in certain versions of OpenSSL, the library that encrypts and secures web transactions as well as many other network services.

Bugs are discovered in software all the time, but this one has generated far more attention and panic. Why? Some estimate OpenSSL secures almost 2/3 of the entire web. Furthermore, this bug allows exactly what a security library is meant not to do: allow attackers to get decrypted versions of encrypted traffic. This bug is really bad. As the bug is in the "heartbeat" feature of TLS and it bleeds secure information to attackers, the security community has dubbed this bug HeartBleed.

Read More

Configuring Intranet Security Within Ektron’s CMS, Part 2

By Ken McAndrew, Senior Technology Consultant on Mar. 18, 2014 View Comments

In part one, we discussed how to determine how best to set up users in Ektron™. In this part, we’ll be diving a little deeper into intranet authentication methodologies.

How to Authenticate Intranet Users with LDAP

For one of our recent intranet clients, we were required to use LDAP for authenticating users for both front- and back-end access. LDAP had to be connected to the CMS author accounts, and we also had to account for non-LDAP users needing front-end access only. This would cause conflict between CMS author usernames and membership account usernames. Also, because membership users are not linkable to LDAP, their network passwords would not be maintainable in Ektron.

Read More

Configuring Intranet Security Within Ektron’s CMS, Part 1

By Ken McAndrew, Senior Technology Consultant on Mar. 17, 2014 View Comments

When developing an intranet, one of the items to consider straight out of the gate is security. A content management system will help you get started, but there are still a number of things to think about. This two-part blog series will explore how to securely configure user setup with an intranet powered by Ektron™.

Read More

The Big Risks behind Big Data, and How to Prevent Them

By Ellen Ozderman, Director of Information Security & IT Risk Management on Feb. 4, 2014 View Comments

As we demand more access to data to improve decision-making and optimize business performance, super-sized data stores and large data sets are becoming more and more common—and vulnerable. Business leaders should liken this practice to stowing all of their treasures in a bank vault—they want to keep that data secure, since any loss can potentially be catastrophic to a business.

Read More

Is Cross-Selling at a Crossroads for Financial Services?

By Jason Foster, BPM Delivery Director on Dec. 17, 2013 View Comments

Any good executive knows the value of a successful cross-sell program. Cross-selling is the practice of selling an additional product or service to an existing customer, and it’s one of the simplest strategies an organization can undertake to substantially increase revenue. Not only does cross-selling allow an organization to take advantage of the known risk associated with a current customer (versus taking on the unknown risk of a new customer), it allows the organization to gain valuable customer information such as buying patterns, preferences and willingness to try suggested products and services. Some organizations report as high as 35% of their revenue comes from cross-selling activities.

Read More

Managing The Human Factor in Cyber Defense

By Ellen Ozderman, Director of Information Security; and Roman Edmond, Information Security Consultant on Nov. 7, 2013 View Comments

A workforce that includes employees, contractors, vendors and partners can be an organization’s most valued asset in generating revenue—but can also be its biggest threat. A 2013 study conducted by the Ponemon Institute reveals that 69% of data security breaches are a result of insider-related actions such as negligence or mishandling, while only 16% of major data leaks are associated with hackers or outside perpetrators. Human error and omission are often at the root of these data breaches. For example, industry research reports that the most popular stolen passwords posted by hackers are "password.” In many cases there is no technical defense that would have prevented the breaches.

Read More

Is Your Business Process Ready for the Cloud?

By Theresa Mial, Managing Consultant, Business Process Management on Aug. 27, 2013 View Comments

You’ve decided your business processes need to be automated and you’re ready to move forward with a Business Process Management System or Suite (BPMS). Your first step will be to conduct an exhaustive review of BPMS vendors to determine which one is right for your organization.

A key consideration in your vendor selection process will likely be the option of the BPMS vendor providing a hosted solution. Today, there’s a lot of buzz and excitement around the cloud, and a BPMS cloud solution can alleviate many of your hosting headaches. But before you get hooked on the cloud, you’ll want to ask your vendors critical questions about data security, redundancy, connectivity and scalability provided. These key questions will help you determine if you’re really ready for a cloud-hosted BPMS solution.

Read More