Enterprise:Management

Contents 1 Navigation 2 Categories 2.1 Project Management methodology 2.2 Project Management topics in Information Technology 2.3 Management topics in Information Technology Operations 2.4 Outsourcing in Information Technology operations 2.5 IT security standards of relevance for outsourcing agreements

Navigation

Categories

The Management Wiki pages in the Enterprise section focus on topics of interest in the Information Technology industry. However almost all the concepts and resources you will find here equally apply to other industries.

Project Management methodology

Since the mid-70's the Project Management practice has been in constant evolution and most probably it played an essential role in the remarkable advancement in all areas of economic activity and technological innovation. Many things have changed since Fred Brooks wrote his "Mythical man-month" essay and advanced Project Management methodologies are being applied in all industries. However, it is undeniable that many of these PM methodologies appeared as a direct result of the advancements in Information Technology. Here are a few of them:

• Tom Gilb's Evolutionary Project Management (EVO), essentially a lighter CMM framework and the bedrock of the Agile philosophy
• The Rational Unified Process, a holistic view of project life-cycle encompassing the management, engineering, process and support tools
• The Enterprise Unified Process (EUP), a RUP extension aimed at managing enterprise project-portfolios
• The Earned Value Management PM methodology was first introduced in the 60's
• The Project Management Office (PMO), essentially an organizational strategy for optimizing resource usage and fostering inter-project synergies
• The Critical Chain Project Management (CCPM), relying on Eli Goldratt's Theory of Constraints (TOC)
• The Project Portfolio Management, sometimes called Enterprise Project Management (EPM), essentially based on the CCPM methodology

New Product Development relies on specific methodologies and practices, consisting of:

• Requirements Engineering and Management, covered by the fields of Business Analysis and Systems Analysis and supported by specialized tools like Telelogic DOORS or IBM/Rational Clearquest
• Software Process Assessment, formalized by standard ISO/IEC 15504 and relying on Software Requirements Analysis (SRA) process in order to insure the overall capability of the Software Engineering Process
• Managing inter-project and design dependencies, as addressed by the Design Structure Matrix (DSM) methodology
• Enterprise-wide knowledge management processes

All these methodologies aim at improving the Time to Market (TTM), avoid firefighting and foster cooperation end productivity.

Project Management topics in Information Technology

Specific management methodologies and business models have been developed in order to deal with projects and operations in the Information Technology domain. Although these methodologies start to spill-over in other industries, they are still focused on familiar issues for the Information Technology professionals.

• The Ten-Step methodology, similar as approach and broadly based on PMI's PMBOK principles, the TenStep methodology is much less abstract and offers best practices and support materials
• The Construx CxOne methodology, although based on PMI's PMBOK, is also based in great part on Steve McConnel's works and on real-life project experience, putting more emphasis on real-world deliverables rather than theoretical process details
• The Personal and Team Software Processe (PSP/TSP), created by Watts S. Humphrey and complementing the Capability Maturity Model (CMM) by addressing the "micro"-level, i.e. the behavior of the software engineers themselves and of the teams they were part of
• The Capability Maturity Model Integration (CMMI), a process improvement methodology that can be used at all levels of an organization and complemented by the Standard CMMI Appraisal Method for Process Improvement (SCAMPI)
• Cleanroom Software Engineering, both an engineering methodology and management process, aims at delivering zero-defect, certified reliability products by applying principles put forward by the Software Engineering Body of Knowledge (SWEBOK)
• Release Management, a suite of best practices, governing the mission-critical, extremely controlled and systematic process of coordinating and managing the activities by which all releases to a live environment are planned, tested, and implemented while maximizing the realization of business objectives and minimizing risks on information processing environments
• Agile Project Management, a fast-track methodology quite popular today in the small-scale software development community and aiming at reducing technical risk by iterative software development, using timeboxing on short cycles, frequent testing and reduced overhead
• Tiger teams, a project-management practice describing an autonomous, temporary, high-capability team or task-force, usually reporting to the highest echelon in the organization, responsible of providing a rapid-response to an urgent, special situation that otherwise would amount to firefighting and crisis
• The DMR Fujitsu P+/Macroscope methodology, a formalized project

Management topics in Information Technology Operations

Managing information-intensive operations such as data-processing centers or network control centers involves specific processes and methodologies ensuring the integrity, availability, capacity and security of these environments. The need for such efficient and reliable management methodologies and processes becomes paramount in the case of outsourcing engagements, where a service provider is legally bound by Service Level Agreements (SLA), usually containing punitive clauses, to guarantee the delivery of services to a client. Also, a service provider can gain a competitive edge by formally assessing its compliance to an operations management framework.There are many different frameworks that can be used for managing the delivery of cost-effective IT services and, among these, a widely popular one is the Information Technology Infrastructure Library (ITIL), a series of practices and procedures intended to support efficiency and quality in IT operations. The IT Service Management elements of ITIL are also covered by the ISO/IEC 20000 standard. The Service Level Management is an essential process area of the "Service Delivery" ITIL discipline, providing for continual identification, monitoring and review of the levels of IT services specified in the Service Level Agreements (SLAs). The Microsoft Operations Framework (MOF) and Microsoft Solution Framework (MSF) are loosely based on ITIL but go to deeper technical detail on best management practices in computing environments based on Microsoft technology. As more and more software companies start offering their software products as services, on a lease basis, they started realizing the extra benefit of bundling into their offers Service Level Management agreements, thus increasing their appeal to their enterprise clients. Examples are

• Microsoft Solution for Hosted Messaging and Collaboration, aimed at SMBs and consists of Exchange 2007, SharePoint, and Office Live Communications Server 2005
• Microsoft Dynamics CRM based on Microsoft CRM software suite
• Microsoft System Center Remote Managed Services, aimed at service providers managing Microsoft-based infrastructure and applications
• Sun Managed Operations aimed at enterprises using Sun-based infrastructures
• Symantec managed security services
• Oracle Managed Security Services (MSS)

Outsourcing in Information Technology operations

The practice of outsourcing covers a variety of services, from software development to HR and telecommunications. In a form or another the same questions are asked in all these outsourcing deals, namely cost and security, boiling down to build or buy decisions, humorously described by David Carney, a senior SEI member, in his maoist-style Little Red Book essay, using glimpses of ancient Chinese wisdom. Very popular and with a market value expected to grow as fast as 65% annually, are the managed IP Telephony service offers, like:

• SBC PremierSERV VoIP managed service
• NEC SecurePlus IP Telephony remote monitoring service
• Cisco NetSolve ProWatch Remote IPT management services

Next come the Managed Security Services (MSS) with an expected annual growth rate of 28% and already offered by different large players in the managed services market:

• Cisco's Managed Security Services [1]
• Symantec managed security services [2]
• McAfee's Managed Intrusion Detection and Intrusion Protection (IDS/IPS) services [3]
• Microsoft's Forefront Online, a hosted suite of Managed Security Services (MSS) to the enterprise
• Oracle's Managed Security Services (MSS)

IT security standards of relevance for outsourcing agreements

Large companies that outsource their Network or Information Technology operations to Managed Service Providers should be very concerned about the security risks created by such outsourcing deals. This is especially true for large financial institutions subjected to the rigors of the Sarbanex Oxley legal framework. Outsourcers should comply to security assessment standards against which their clients are audited or assessed:

• ISO/IEC 15443 - a framework for IT security assurance covering TCSEC, Common Criteria, ISO/IEC 17799 and other methodologies
• ISO/IEC 15408 refer also to Common Criteria, a set of best assessment practices and evaluation levels for Information Technology systems
• ISO/IEC 17799:2005 - Code of practice for information security management
• NIST 800 Series, contains both issue-specific (firewalls, IDS, PKI) and general standards.
• Control Objectives for Information and related Technology (CobiT), an open framework for IT controls
• AICPA's Statement on Auditing Standards Number 70 (SAS70) for Service Organizations
• The Financial Institution Shared Assessments Program (FISAP) for IT outsourcer assessment
• CERT recommended security practices
• Corporate Governance resources courtesy of University of Washington
• The CEO/CFO certification - an overview from Deloitte-Touche and a primer