Are your wireless networks at risk?

As the speed and reliability of wireless technology has increased, so too has business reliance on virtual networks and wireless connection tools. 

Today, many organisations are specifically investing in smart devices for their workforce, so that employees can remain connected and collaborative at all times while on the job. 

However, while wireless networks can offer a number of benefits in terms of improved mobility, greater productivity and streamlined collaboration, they can also create new cybersecurity risks. 

Modern cybercriminals are more advanced and sophisticated than ever before, and often look to target inadequately secured wireless networks when attempting to access confidential data. 

Wireless networks without the proper level of access protection can also leave your business open to internal threats, such as employees who may utilise the network in an insecure way. 

With such a wide variety of wireless network threats out there – from spyware to DDoS attacks, viruses, worms and trojans – it can be difficult for those without proper security education to achieve comprehensive network security. 

Fortunately, there are IT security training courses available that are specifically designed to provide information and advice about securing wireless networks in order to minimise the chance of a breach. 

A wireless network security in-house presentation could be the perfect option for you business, as it will ensure all relevant network users understand the variety of threats present when using a wireless network. 

Such a presentation encompasses a wide variety of wireless and mobile network options, including WPANs, WLANs and Bluetooth, and can be catered to the unique needs and requirements of your organisation. 

Due to the in-depth, practical nature of this course, participants will have full confidence in their ability to access and utilise networks in a safe and productive manner. And because they will have access to a trained and experienced tutor, any questions or concerns they may have will be answered on the spot. 

Is an ISO/IEC 27001 understanding necessary?

There's currently shortage of choice for IT security courses, but choosing the correct standards and frameworks can be difficult.

ISO/IEC 27001 deserves consideration from professionals, as it covers a number of areas. This article will explore exactly what it is can how it can be utilised.

What is ISO/IEC 27001?

ISO/IEC 27001 is the pre-eminent global standard for information security management systems (essentially a set of policies designed to handle information security).

The most recent update was published in October 2013, bringing much of the framework up to date with other certifications and standards. It now covers organisational context and stakeholders, how to best plan a security management system implementation, and how to make the system operational.

Sections are also dedicated to reviewing system performance and putting corrective actions in place where and when required.

Organisational uses

As security is such a high priority for modern enterprises, it's important that up to date standards are used at all stages of a security system implementation.

Several stages have been outlined below, with uses of the ISO/IEC 27001 standard explained. These uses can be applied to a number of different security scenarios.

It's easy to see how the ISO/IEC 27001 standard can be utilised to great effect across a wide range of security applications. If you'd like more information on ISO/IEC 27001, or want to take part in a course to gain certification, speak to ALC training today. 

Gartner: Agile development needed for mobile apps

Enterprises often depend on a suite of applications tailored to the functions of the organisation. These applications have traditionally been confined to desktops, but now mobile requires attention.

According to research organisation Gartner, this isn't likely to be a simple undertaking without the correct processes. Companies needing to transition to mobile application development will have to consider that traditional development practices may not work for mobile.

"Enterprise application development teams use traditional practices to define and develop desktop applications; however, most don't work with mobile app development," explained research VP at Gartner Van Baker.

He went on to outline how the large range of devices, network connectivity differences and additional mobile considerations could cause issues. While a change in development practice could be difficult, failure to do so could result in set backs in mobile application deployment.

"Application development managers should use functional, performance, load and user experience testing, as well as agile development practices."

Development issues are likely to arise due to a number of reasons, but a large factor could be the difference in screen size of mobile devices. Unlike spacious desktop screens, enterprises will have to ensure a strong user experience in far smaller spaces – likely an issue for many.

Issues with the development process itself could be another factor for companies, but it's one that should be easier to mitigate with the correct practices.

When enterprises begin mobile application development, it's important projects are managed correctly from the outset. Often, this can mean utilising a capable framework such as COBIT 5.

This framework, when implemented correctly via COBIT 5 training courses, ensures control requirements for the project are met, technical issues are avoided and business risks are mitigated. The value of such frameworks also extends beyond individual projects, and can be applied to a number of efforts within an organisation.

Speaking to ALC Training is the best course of action to ensure IT projects are implemented correctly.

Gartner: Organisations should plan now for Windows 7 EOL

Operating systems (OSs) are the platforms on which businesses conduct a significant portion of their operations, and as such it's essential that proper frameworks are in place for managing OS end of life (EOL). Failing to ensure a proper OS transition can lead to the possibility of security breaches and other issues.

Research organisation Gartner has recently published a report detailing the necessity of planning for the end of Windows 7, the current mainstay of organisations. Even though the end of support is planned for 2020, the date is fast approaching. Most recently, businesses struggled to leave Windows XP by the end of support deadline, leaving many stuck on the unsecured platform.

"Nearly a quarter of PCs in organisations were still running Windows XP after support ended, leaving IT to figure out how to secure Windows XP and/or find funding to do so," the release stated.

Nothing can be as important during an OS transition as the proper IT training and frameworks. Control Objectives for Information and Related Technology (COBIT), for example, is able to ensure proper control objectives are in place and in use by various managers and IT staff within the organisation.

A number of factors require consideration during an OS transition, especially with the large amount of data that needs to be carried over. When the move to a new OS is undertaken, COBIT is able to ensure confidentiality and availability of data are maintained. 

Gartner has outlined a set of basic options for enterprises assessing a move to a new operating system, which have been outlined below.

In any transition case, having the staff trained in the correct certification will be invaluable.

Effectively handling organisational change

There's no escaping change within the business environment, and it's something that needs to be dealt with by both the organisation and the individual employees within the larger structure. The sooner change can be effectively managed, the easier it is to address evolving areas of a company and deal with transitions.

Although many areas of focus are required (such as IT governance) change management is essential.

Throughout the life of a business, it's essential that a strong culture of change management is established and reinforced. By doing so, the company will be in the best possible position throughout future endeavours.

This article will explore where exactly change has an impact within organisations, and the benefits of appropriate training in change management for both companies as a whole and individuals.

Change impacts

Change can affect a number of areas within an organisation. This makes it difficult to deal with, especially in larger company structures.

Individuals, teams and the organisation as a whole need to be capable of dealing with change, and that's why specific change management certifications exist. These are designed to explain the theories of how change impacts organisations.

When attempting to develop strong change management, it's important to consider sensitive planning and implementation in all areas.

Involving every layer is key here, as transformation is something that constantly adapts and progresses. For example, if a company is seeking major change, it's going to need to progress through every layer of the company and across every team.

Below, the benefits of a change management certification for both individuals and organisations will explored.

Benefits of change management training for individuals

Individuals within an organisation can be essential to any change management efforts, and certification here focuses on several key areas.

Firstly, individuals will gain an enhanced ability to manage reactions and develop an understanding of change. This is accomplished through identifying impacts that various initiatives can have and understanding how to address them.

Change theories are also dealt with, and individuals are taught how to apply appropriate theories to the specific needs of an organisation. In addition, individuals also learn how people react to change and how to use this reaction knowledge to lead them through businesses transformation.

Leading effectively is key during a transformation, and that's why certification also focuses on helping the individual to react to change, so they're better able to take others through the process.

Throughout this process, individuals will enhance their understanding of change, and become better equipped to embrace any future transformations. They'll also be able to build personal change management processes.

Benefits of change management training for organisations

Organisational certification can be equally as helpful as individuation change management certification. When it's coupled with a process like PRINCE2, an interconnected view of change can be established.

This can prove invaluable as further changes are introduced to the business, as the processes can frequently be utilised. These unique change management processes are developed and based specifically on the needs of the organisation.

Reducing risk is another key area of concern for companies, especially during transformation periods. It's during these times that issues are likely to escalate, becoming more difficult to handle than they need to be.

Being able to deal with change at the organisational level can be an extremely useful tool for companies, and as such certification courses need to be considered.

Undertaking an appropriate training course

Training is one of the best ways to deal with change management, as experienced professionals are able to pass along the various effective concepts and processes. Comprehensive training can establish a strong change management understanding within a company.

Consider the value of an ALC Training course, such as one that focuses on PRINCE2 certification.

IDC: Global IT market showing positive 2014 outlook

The global IT market is showing signs of improvement, with recent volatility slowly giving way to a more positive outlook. This is according to a new report from the International Data Corporation (IDC), which found mature economics to now be heading in the right direction.

Factors such as a commercial PC refresh and a moderate infrastructure upgrade cycle will lead to improvements in business confidence over the next 12-18 months. What's more, investments in both software and services are also predicted to begin accelerating.

Markets such as the United States are estimated to be at the centre of the spending resurgence, with both services and hardware contributing to market improvement.

"[…] The U.S. economic outlook has already brightened and this will drive a period of moderate but long-awaited investment in mission-critical infrastructure over the next year," said Stephen Minton, a vice president at the IDC.

Spending is predicted to increase by 4.5 per cent over the remainder of this year, consistently being driven by smartphone growth. Data analytics, management, and collaborative application software will also be a strong contributor to continued spending and growth.

"Total worldwide IT spending will reach almost $2.1 trillion in 2014. Including telecommunications services, the worldwide ICT market will increase by 4 per cent to $3.7 trillion," the IDC report stated.

A key focus of IT spending should be on effective project management, with courses such as PRINCE2 offering the best methodologies. PRINCE2 covers high level management, control and project organisation – key for a modern business.

By investing in the necessary frameworks and methodologies now, businesses will be able to effectively prepare for IT infrastructure changes over the next few years.

Failure to understand how these new frameworks can benefit your organisation could be a mistake, leading to slow uptake of new IT technologies and services.

Is TOGAF a necessary certification?

Managing enterprise information architecture is often one of the more difficult tasks IT professionals will face, especially as networks become increasingly complex. A number of frameworks are available, however, which can assist with planning, implementation and governance.

By understanding these frameworks, enterprise information architecture becomes less difficult to deal with. The Open Group Architecture Framework (TOGAF) is one of these frameworks and can be highly valuable for organisations.

What is TOGAF?

TOGAF is an enterprise architecture methodology and framework, designed to improve business efficiency by giving software architects and IT professionals a structured approach for organising and governing enterprise information architecture.

It can deliver benefits at all levels, including the important design phase and during ongoing development maintenance. It can be used by any organisation professional desiring an effective enterprise architecture.

TOGAF can be especially useful when comprehensive IT integration is required. For example, two companies may merge, and bring two different sets of billing software and accounting systems. When these need to be merged, difficulties can arise.

With a framework like TOGAF​, it's relatively simple to undertake large-scale system integrations.

Is it necessary?

For IT professionals or organisations requiring a comprehensive framework, TOGAF is a highly capable option. The high level approach given to design across business, application data and technology is extremely useful, and can be utilised on a regular basis.

If system integrations are ever required, there's often little to no issue, as TOGAF can be implemented.

Gaining the certification

Before TOGAF can be successfully implemented, it's necessary to gain an appropriate certification. Becoming certified in TOGAF 9 is one of the best approaches, and focuses on the practical application of the methodology. With the course from ALC, a large focus is applied to realistic enterprise architecture scenarios.

TOGAF, like other methodology and framework certifications such as ITIl, can be extremely useful for businesses.

An overview of the SABSA programs

Little else has impacted enterprise operations like the emergence of IT, but many organisations are still lagging behind when it comes to effect management and development.

Risk management, information assurance, governance and continuity management are all areas that enterprises need to address in order to assure control over IT operations, as failing to do so can mean new technologies and trends are never fully utilised.

There are a number of frameworks and methodologies that can support enterprises in these areas, and all deserve consideration.

This article will explore one of these frameworks, SABSA, the necessary certification programs to ensure effective use, and a breakdown of exactly what it is

What is SABSA

SABSA, like ITIL, is a framework that has been proven through extensive development, and is currently used to great effect around the globe. It's largely utilised by enterprises to meet a variety of needs, including risk management, information assurance, IT governance and continuity management.

It's currently the world's leading open security architecture framework, and for good reason. SABSA is a top-to-bottom framework and methodology designed specifically to manage security in a business driven model.

By handling the process from when it's conceived, through to conceptualisation, design and implementation, security is assured.

Following inception in 1995, organisations across a variety of sectors and industries have adopted SABSA as the framework of choice. Through integration, SABSA ensure that enterprise needs are fully met, and security services are designed, delivered and supported as part of the business.

Organisations need to consider how frameworks like SABSA can advance and secure operations, and undertake the necessary training and courses to educate personnel. Following an understanding of SABSA, enterprises can move forward with a higher level of security, risk management and IT governance.

The SABSA roadmap

A certification program is the best way for an enterprise to take advantage of SABSA, and it's important to understand how the program works. The ALC Training program, for example, is structured into three areas, outlined below.

Architectural design

For those within the business who want to take SABSA certification further, the Advanced courses are the best approach. The chartered architect programme is a certification awarded by the SABSA Institute, and can help to further the knowledge of those who have already undertaken Foundation training and developed field experience.

The SABSA Module A3 course focuses on group discussions, personal research and even practical workshops, as opposed to teaching new materials. This isn't a technology course, however, as it's designed to teach SABSA process application to architecture development and design for businesses.

Risk, Assurance and Governance

Once a groundwork of SABSA knowledge has been laid, developed and tested, enterprises can begin to develop and demonstrate confidence of SABSA with the advanced risk assurance and governance modules. 

These are designed to achieve valuable results for both the benefit of the business and the individual. This module is able to provide employers and peers with confidence that a successful SABSA candidate has demonstrated capability in a number of areas.

Candidates should effectively be able to analyse and assess business problems and business requirements, and apply their skills under the pressure of examinations.

SABSA training needs to be considered by enterprises, and training given to staff in order to effectively ensure risk management and governance.

The top cyber security threats facing businesses today

Cyber security is a rapidly evolving concern within the IT sector, constantly presenting new risks for businesses. As the threats are constantly changing, it’s absolutely essential that both the latest possible future threats are understood. Failing to ensure adequate IT security practices could result in substantial damages, including data breaches and even financial loss.

It’s essential that businesses begin to put the appropriate measures in place to minimise cyber security risk, and understand how various threats can come about.

In many cases, one of the best ongoing preventative measures is an extensive IT training program designed to educate staff on the best practices for IT security.

An outline of cyber security

Cyber security is a broad term, encompassing many different threats. Over recent years, as businesses have grown their technology use, risks have only increased. Now, a significant portion of highly sensitive business information is stored on digital systems.

This can be anything from customer information, including payment data and addresses, to financial records of the company that have been stored for easy access.

While the advantages of digital systems cannot be ignored, security needs to become a top priority.

Here are the top four IT security risks that businesses and IT leaders need to be aware of. It’s also important that even lower level staff understand where risks can come from, and the best preventative actions.

​1. Hacktivists

Hacktivism presents a real danger to businesses, as there’s often no reward sought – financial or otherwise. In most cases of hacking, the attacker is after sensitive data either for government purposes or to sell on to a buyer. Protest is a large factor of hacktivism, and attackers often seek to take down websites or other services that conflict with the group’s ideals.

Government websites are often a common target, following unfavourable legislation or policy changes.

To ensure protection, businesses need to be aware of how their actions can provoke an outside response. IT security systems are often the best measure of protection.

​2. Malware

Although it is a threat that dates back decades, malware remains a constant issue for both businesses and private users. Essentially an attack designed to disrupt or damage a network or system, businesses affected by malware can often be required to take systems or services offline, in order to ensure greater protective measures are in place.

3. Internal threats

Staff can present as big of an issue as outside attackers, whether or not intentions are malicious. An accidental security breach can occur when malware is unwittingly installed, or outside access is given to a crucial business system.

On the other hand, staff may willingly seek to steal information or disrupt systems for personal gain.

Preventative actions here include education at all levels of what actions can cause a breach, and only giving access to key systems to required staff.

4. BYOD

The final security for businesses is bring-your-own-device (BYOD), a trend which has seen considerable growth in recent years due to the cost and productivity benefits.

With this process, staff use their own mobile devices such as phones and tablets as well as laptops within the office. Obviously, the security risks here centre around unknown and potentially malicious software making its way from staff devices to business networks.

Effective IT policies are required that outline where and when BYOD can be used, and for what purpose.

Growing a culture of IT security

IT security education can be one of the best ways to grow an IT security culture, as it gives both business leaders and staff an insight into what exactly causes IT risks, and where they’re likely to come from.

Given the growing prevalence of IT security risks, it’s going to be essential to ensure that a culture of IT security is fostered over the next few years, as it involves nearly every level of staff. Failure to ensure IT security can often have disastrous consequences, and should never become an issue.

Growing smartphone market highlights necessity of proper management

Few technologies have had such a profound impact as smartphones, being used to great effect by both consumers and businesses as tools to effectively communicate and collaborate without the need for cumbersome technologies.

As a result, use of these devices has skyrocketed in the past decade, along with heavy advancement in the handsets themselves. It's now common to find a smartphone with a full suite of email, document production and remote accessing capabilities, not to mention the ability to video conference with other devices and traditional computers.

The market has seen continued growth throughout 2014, and it's a certainty the devices will increasingly be taken on by companies across the globe.

This article will outline the continued growth of smartphones, along with the necessary measures to ensure the devices are effectively utilised within the structure of any company.

A look at smartphone growth

Smartphones are experiencing substantial growth around the world, with the market seeing shipments reach 295.3 million units in the second quarter of 2014. This represents year-over-year growth of 23.1 per cent, according to a recently released report from the International Data Corporation (IDC).

Growth was fuelled primarily by demand for mobile computing, along with an increasing number of low-cost smartphones, utilising cheaper components and instead relying of capable software in order to bring costs down. This dual combination of factors is expected to result in shipments surpassing 300 million units – the first time such a number has ever been reached.

"A record second quarter proves that the smartphone market has plenty of opportunity and momentum," said IDC Program Director Ryan Reith, who works with the worldwide quarterly mobile phone tracker.

A number of smartphone vendors are behind this growth, each offering devices with a range of different functionalities and feature sets. Android phones often offer larger screens and more choice when it comes to hardware, along with flexible software. Apple devices have the benefit of increased security, along with the added weight of the recent IBM deal to create specific enterprise level apps for businesses.

"As the death of the feature phone approaches more rapidly than before, it is the Chinese vendors that are ready to usher emerging market consumers into smartphones," said Senior Research Manager Melissa Chau, who also works with the mobile tracker.

Feature phones are devices with an extremely limited functionality set, often only reaching as high as basic email or internet browsing. In the modern business environment, feature phones can offer little in the way of improving organisation efficiency.

Smartphones are certainly where the IT market is positioned over the next few years, and it's essential that appropriate considerations are leant to how the devices can benefit organisations.

Ensuring effective governance

The underlying key to an effective smartphone strategy is IT governance – the overarching term used as a subset of corporate governance. IT governance can be broken down as the processes that ensure the effective and efficient use of IT in enabling a business to reach necessary goals. In this case, smartphones are the tool that need governing.

This can start with the establishment of clear and transparent smartphone policies that outline the specific uses for the devices, such as where they can be used and for what purpose.

Thereafter, IT governance training becomes the second most important consideration, establishing practices that can teach staff not just how to use the devices, but how to do so effectively. After all, there's no use in a business taking on expensive portable computing devices with the goal of simply using them to take calls.

With smartphones having a clearly defined role within the IT organisational structure, it's far easier for the business to see tangible value through adoption of the devices.

As smartphones see increasing shipments, it's only going to become more important to understand how these devices can benefit a business.

5 benefits of in-house IT training courses

If your business is looking to improve the IT skills of workers across the organisation, then training courses are a popular choice.

Whether it's extensive COBIT 5 training or brushing up on PRINCE2 project management methodology, there are many options available for organisations hoping to boost employees' knowledge.

A common way to complete courses is through in-house training, allowing you to select a site of your choosing where practitioners will come to you. But what are the advantages of opting for this method?

1. Customised training

One key benefit of in-house training is that the course can be tailored to your specific company needs.

Participants can even highlight real-life examples and case studies that can be discussed in depth, ensuring the focus is always on relevant industry-specific situations.

2.  Convenience

It is not always possible to have multiple members of staff away from the office for training, making in-house courses much more convenient.

Select a location and time that is suitable for all employees and you can typically benefit from minimal travel and a reduced impact on productivity.

3. Discuss sensitive issues

Attendees are free to talk about information that might otherwise be considered confidential or damaging if discussed with strangers.

In-house training provides a collaborative environment where these sensitive topics can be considered among employees from within a single organisation.

4. Cost-effective

The typical cost per attendee for on-site training can be considerably lower, particularly for larger groups.

Sending employees on external courses often means putting aside travel and food expenses or even accommodation if the training spans over several days.

5. Teambuilding

An in-house training session is a great opportunity to bring personnel from all corners of the business together in one room.

This gives employees a better understanding of the processes, challenges and projects occurring outside of their department.

Building an awareness of the data lake fallacy

Businesses can often find new trends and processes difficult to resist in the information technology environment, especially when they promise to offer lower operating costs and increased efficiencies.

It's important to be aware, however, that certain new trends and processes can actually fail to drive innovation. One of these new trends, data lakes, needs to be understood by IT leaders within businesses.

Analytical organisation Gartner recently released a report detailing the 'data lake fallacy', so-called because of the gaps in the concept and precautions surrounding it. Research found that several vendors are marketing data lakes as a component able to help Big Data initiatives, specifically by allowing businesses to capitalise on opportunities.

"The need for increased agility and accessibility for data analysis is the primary driver for data lakes," said Andrew White, vice president and distinguished analyst at Gartner.

"Nevertheless, while it is certainly true that data lakes can provide value to various parts of the organisation, the proposition of enterprise wide data management has yet to be realised."

What are data lakes?

A data lake is essentially a large storage repository, designed to hold a vast quantity of raw data until it's needed by personnel within the organisation. The lake can keep this data in its native format, through use of flat architecture. Traditional hierarchical data warehouses store the same information in files and folders.

Once a data element has been added to the lake, it's assigned a unique identifier and tagged with metadata. When information needs to be accessed by someone searching within the organisation, all they need to do is query the entire data lake through use of the tags and identifiers.

The data lake is subsequently able to feed back any relevant data that it finds in storage.

While data lakes can be passed off as simply buzzwords for large companies, it's increasingly being used to describe any large data storage medium where the requirements remain undefined until a query is actually sent out.

"In broad terms, data lakes are marketed as enterprise wide data management platforms for analysing disparate sources of data in its native format," said Nick Heudecker, research director at Gartner.

"This eliminates the upfront costs of data ingestion, like transformation. Once data is placed into the lake, it's available for analysis by everyone in the organisation."

By storing disparate data and essentially ignoring how it's used, it's hoped that independently managed data collections can be replaced with the larger 'lake'.

What do businesses need to be aware of?

Gartner warns that data lakes don't solve the data issue for businesses, as they only offer a way to better store information. While technology could possibly be used to handle getting value out of the lake, it's always going to fall back to the responsibility of the business.

"Without at least some semblance of information governance, the lake will end up being a collection of disconnected data pools or information silos all in one place," said Andrew White, vice president at Gartner.

What's more, performance is also likely to remain an issue for businesses.

The various tools and data interfaces commonly used by businesses are often deployed to handle optimised and purpose-built data infrastructure, and this is where they're most effective.

By using these same tools on general-purpose storage infrastructure such as a data lake, it's likely businesses won't see the same returns.

Ensuring governance with the correct training

To guarantee a strong level of IT governance within an organisation, it's often essential to undertake various levels of training. Specialised IT governance courses can ensure that governance is given the necessary consideration.