We mentioned PISO – Process Improvement for Strategic Objectives – in the first ‘IAP News’ in VSJ and followed up with a detailed article by David Deeks, FIAP in November last year. Things have moved on since then as David reports below. David is Director of the PISO Project at Sunderland University, an IAP Partner Organisation.

The articles in previous issues created considerable interest in the PISO method. An introductory ‘seminar for systems professionals’ was therefore held in February – primarily attended by IAP members. Discussions on the day and subsequent feedback from delegates was extremely positive and it is hoped that another such seminar will be offered for those who could not be accommodated at the first one. In the meantime, PISO continues to chalk up successful projects undertaken by undergraduate and postgraduate students for their employers. Examples from the 350 or so undertaken so far include organisations as wide-ranging as Co-operative Bank, Ikeda Hoover, Tallent Engineering, William Hill, Dell, Nike, World View Travel, Hull Social Services, Modrec International, Nissan, Grundfos Pumps, City of Sunderland Economic Dept, Teachers Assurance, Corning and the Benefits Agency.

In response to requests from organisations that wish their employees to learn and apply the PISO method without needing to undertake a full-blown programme of study, two course modes are now offered. The first delivers five 90-minute seminars over a five-week period, with delegates undertaking live PISO projects as the course progresses. This mode was piloted at South Tyneside Health Authority at the end of last year and came up with radical improvements for patient care. As a result of this success, use of the approach at South Tyneside will steadily widen. PISO has also been adopted for major restructuring of the University’s own administration systems, with the project team responsible for this development recently completing the course.

The alternative one-week intensive mode suits those clients who prefer their employees to have the opportunity to learn and apply the PISO method without the distractions of the normal working day – again with concurrent development of ‘live’ projects. An extremely large organisation currently undergoing major restructuring has been the first to book one of these.

PISO is a solidly researched and developed University of Sunderland initiative and each delegate can seek formal certification as a ‘PISO Accredited Practitioner’. Formal collaboration agreements between the University and organisations are also offered.

Marketing continues alongside research, with PISO becoming established as a Business Unit of the University. The slogan ‘Workplace Creativity Driven by Strategy’ has been adopted for promotional material. The piso.org.uk web site is being completed by HND students and should be accessible before you read this. The update to ‘An Introduction to Systems Analysis Techniques’ (Lejk & Deeks, Pearsons Publishing) will include aspects of the PISO method and should be available by the beginning of 2002.

PISO is not rocket science, nor does it involve the sprinkling of magic dust! Neither is it a CASE tool, although ways of developing such a tool are currently under discussion with third parties. It is simply a method – used by normal employees for re-engineering processes to meet strategic objectives. It is extremely cost-effective and is almost invariably reported to produce a worthwhile result.

I was told recently that when Business Process Re-engineering was first published as a method it had only 12-15 successful projects behind it. Whilst I cannot confirm the accuracy of this, commonly reported statistics suggest that almost 85% of BPR projects are considered afterwards not to have been worthwhile. PISO currently has around 350 completed projects under its belt, with 92% of these so far considered useful by those undertaking the exercise. PISO is typically far cheaper and quicker to try out than BPR so these figures cannot be compared directly – but it does seem that it incorporates a useful mix of ingredients that many would find worth exploring.

For more details, contact either myself or Graeme Young at the Industry Centre on 0191 5152666 or email david.deeks@sunderland.ac.uk or graeme.young@sunderland.ac.uk.

Louise Seaton, of Computeach International Ltd (an IAP Partner Organisation), writes about the company’s response to the IT skills debate.

You don’t need to be a workstation wunderkind to know that dot-coms are increasingly timing out and multi-million pound IT projects are grinding to a halt due to a lack of investment and a shortage of people with the skills to manage them. Last year advertisers looked to recruit around 100,000 IT professionals but lack of expertise in the market meant that many of these positions are likely to have remained vacant.

The gap in the market exists because career development training programmes, carried out with the blessing of massive but misguided government grants, are badly targeted. Increasing workloads mean that time to take sabbaticals or to focus on better vocational training is diminishing. So how can the right skills be honed to allow industry professionals to progress to some of the most prestigious and highly paid careers in IT?

Computeach has studied the ramifications of the skills gap. Since its launch in 1964 as a computer training college, it has kept pace with every advance in technology, innovative methods of learning and career development techniques in an industry that is constantly upgrading. The company’s Chairman and founder, George Parkinson, has been at the forefront in observing the trends within IT throughout the key decades that have shaped the industry. There are few others in his field with such a clear perspective of the roles within IT.

“Our aim is to ensure that the course of learning chosen is one that makes best use of existing skills and is tailored towards achieving the most rewarding and fulfilling career,” said Parkinson.

Employing the latest analysis tools and translating them into distance learning format, Computeach has added what could well prove to be the most advanced training system of its kind to its product range. The company’s collaboration with NCC Education, a world leader in independent IT and education programmes, has produced a unique career development system. The new Options Scheme offers the opportunity to learn new skills that widen participants’ range of career opportunities. It leads to one of two unique NCC Education status track awards – Senior IT Developer and Master IT Developer.

The scheme is designed so that it can be completed in the student’s own time and the structure and content can be adapted to suit changing circumstances.

Contact Computeach’s Information Helpline, 0800 657657 or University House, Jews Lane, Gornal, Dudley, West Midlands, DY3 2AH, for details.

Interesting project or development? Let us know at eo@iap.org.uk!

o ed� �e
�@d entertain. Today the BBC is a content provider as well as a broadcaster. It looks to additional revenues with BBC Broadcast and BBC Worldwide. Its goals include building public value and creating an inclusive digital Britain.

Hugh showed several videos demonstrating how fantastic HDTV is. Some of the footage looked like 3D and it almost felt like you were actually there, seeing the scenes in real life, rather than watching a recording.

Britons now spend an average 164 minutes per day online compared to 140 minutes watching television. People expect quality, so by 2010 all programmes will be in HDTV. Among other selected programmes, ‘Planet Earth’ was made in HDTV. This will be the subject of a trial HD broadcast later this year.

Although the cost of HDTV is decreasing, the whole infrastructure must be modernised to accommodate it. Therefore early HDTV output has to be limited, good dramas and events of historical importance being prime candidates. There is also a need for training and co-operation. The BBC is working with Europe to influence worldwide HDTV development and to share lessons and techniques.

One of the video presentations was particularly awe-inspiring. It showed a shark catching a seal, recorded at 1000 fps, so that it could be played in slow motion. After seeing the excellence of which HDTV is capable, one felt that having all broadcasts at this brilliant quality will be a great step forward.

Jonathan Harris CBE spoke about Continuing Professional Development. He explained that 25 years ago his professional body, the RICS, had introduced a membership requirement for 20 hours of CPD per year. This led him to form the Continuing Professional Development Foundation and later, the Institute of Continuing Professional Development.

Professionals like to keep up-to-date so that they can earn their living. Other drivers include the fear factor and having extra post-nominal letters.

Professional bodies have differing requirements to prove that their members are up-to-date. For example, Chartered Accountants need 150 points of CPD, while members of the Law Society require 16 points. Also the tasks that can be deemed to qualify for CPD differ. Reading a journal may not be able to be counted, but reading books may, as well as training courses and seminars. However, becoming a member of the ICPD demonstrates your commitment to staying at the peak of your profession.

To become a member, your main professional body must assess you on an annual basis to ensure that you have carried out 50% more CPD than the specified minimum. The main professional body carries out the approval and assessment process. Naturally, there has to be a formal arrangement between the ICPD and a given professional body for this to happen effectively.

Jonathan listed the organisations currently having such arrangements. These include the General Council of the Bar, the Army, the Chartered Institute of Building, the Government Economic Service and, most recently, the IAP.

Tim Benest FIAP described managing an offshore client base. He runs a software house in Jersey, mainly supporting clients in the offshore financial community. This fits his lifestyle, as he is passionate about technology and travel.

The software is written in Delphi and uses a Paradox backend, but he also uses Firebird, Python, Kinterbas DB and Reportlab PDF components. It has been deployed globally and is especially popular in the Far East.

Tim feels communication is extremely important. You need to build relationships with people and use techniques such as mind mapping, but also white boards and pictures. Awareness of differences in language (even between English speakers) is very important. He also uses NLP (neuro-linguistic programming) techniques.

He likes to keep things simple, limiting unnecessary complexity and questioning why something is done or needed. His tip was to “eat the dog food”, meaning that, if you write software, you should use it yourself. If a component gets on your nerves, your customers are likely to feel the same. Robustness is also important, so try hard to second-guess the user and develop a hacker (not a cracker) mindset.

He always prepares well in advance of any trip abroad and takes things such as category 5 cabling and assorted widgets with him, as these are nearly always required, but may be difficult to acquire in exotic locations. He highly values remote access, security and the command line, using SSH and SCP. Tim considers both psychology and technology to be key to running such a business.

Ian Walker FIAP spoke about e-Crime, which he defined as ‘any crime committed using a computer, a network or hardware device as an agent, facilitator or target of the crime’. He went on to consider phreaking, malware, spyware, phishing, pharming, embezzlement, fraud, theft, industrial espionage, ID theft, unauthorised access, skimming and denial of service.

There are two categories of e-criminal, internal and external. External culprits include organised criminal gangs, people spread across the globe exploiting poorly protected systems. Internally, there are former or disaffected employees, who take advantage of poor IT security policies.

Malicious code is a very big threat at present, with bots being used to infect computers, often as part of a combined attack. Worms account for 90% of malicious code, with more than 21,000 new (or modified) threats launched in 2005.

Ian then gave a number of interesting facts. Spam email accounts for 60% of all messages sent, over 5% being phishing attempts. Last year, Symantec Corporation blocked 2.54 billion phishing attempts. 32% of Spam is health related.

He then demonstrated a phishing site. This was identical to the real Barclays Bank site. Indeed, some phishing sites are better than the real sites.

Much e-Crime is committed because criminals target money – where money is, criminals are not far behind. Worldwide, Internet trade is valued at $8 trillion. UK trading in the period up to Christmas 2005 was £5 billion and annual turnover is £19 billion. Only 1 in 8 e-crimes is reported in the UK.

Criminals target the maximum amount of money with the minimum effort and chance of capture. The hottest targets include personal bank accounts (35%), SMEs (31%), IT (9%), Education (5%) and Financial Services (4.5%). In 2005 the UK accounted for 27% of bot-infected computers, with the US having 22.5% and China 8%.

The average time between discovery and exploitation of a vulnerability is 6.8 days, the fastest being less than a day. However, the average time for a patch to be issued is 49 days, thus giving criminals a massive window of opportunity. To make things worse, there was a 40% increase in vulnerabilities in 2005 over 2004, with 13,900 documented spybots. To put this in perspective, there are 11,000 new Internet connections per day in the UK. The cost is estimated at £2.44 billion for large UK corporations with £1.77 billion due to ID theft.

What can be done about this? e-Crime Wales action plan was launched last year, the first in Europe. There is a National High Tech Crime Unit (NHTCU) and there was an e-Crime congress in London in March. Look at the security page of your O/S on the Web for further ideas. At home, avoid unsupervised access to the Internet for children and ensure you have good Internet security software, firewall, anti virus, anti spyware and anti Spam software. It is always worth thinking about the physical security of your PC, such as not leaving it next to the front window of your house, where passers by can clearly see it. Keep Internet security and O/S software up to date and continually question why personal information is being requested. Avoid leaving notebook computers in your car and if you do, turn off all radio devices, as criminals can detect them.

Ian said that this type of security must be taught at school as part of the IT curriculum. Other areas that need to be considered include establishing an IT security policy, using hard and soft firewall protection and having a good disaster recovery system in place. Issues include 1 dimensional security, using 2D and 3D security for sensitive systems and using personal data storage devices in sensitive areas (you can now get biometric encrypted data sticks). Invest in hardware systems to protect sensitive data, such as the Lenovo Systems range of notebook PCs. Consider how to handle disaffected employees and their access to your systems. Report all incidents to the police and the NHTCU.

During software development, test to the extreme to ensure your software provides the right balance between functionality, performance and security. Consider the use of external testers and simplify software design to make it easier to detect problems.

Ian summarised by saying, “be aware, be safe and be in business”.

The final speaker was Ed Gibson, Microsoft’s UK Chief Security Advisor who was previously a FBI agent assigned to the US embassy in London. He gave a short talk on the back of Ian’s presentation and his main tip to improve security was to harden the environment.

Finally, after a few words from IAP President Jim Bates, we retired to the Piano and Pitcher to debate topics that came out of a thoroughly enjoyable day.