The Word is Not Enough

Can you help with the following article? This article will be appearing in Education Investor. EducationInvestor provides the business intelligence and political insight that will help investors understand the sometimes baffling world of education.

Deadline for leads is 21st May 2010. Email me or leave a comment below.

Distance learning
The idea that university is going to have to change to something more like the OU model is something that's been around for a while. But what would it mean in practice and who would make money from it?

Can you help with the following article? This article will be appearing in SC Magazine. SC features on specific technologies and trends are designed to inform IT security professionals about the state of the art in that area.

Deadline for leads is 15th May 2010. Email me or leave a comment below.

Making sense of compliance and governance
The fallout from the financial crash of 2007/8 has led to more compliance and legislation demands, much of which will be hitting enterprises in the next two years or so.

This feature will look at the developments that affect those information security professionals in finance, insurance retail and related sectors.

Can you help with the following article? This article will be appearing in SC Magazine. SC features on specific technologies and trends are designed to inform IT security professionals about the state of the art in that area.

Deadline for leads is 3rd March 2010. Email me or leave a comment below.

Professional workshop
Understanding and implementing DLP in your workspace for security and business efficiency

A look at best practice for designing and deploying DLP, avoiding the mistakes and ensuring business continuity

[via]

IT qualifications: are they worth it, which ones are the ones to get if you're a CIO, and want to be better at your job or advance your career? Should you get your staff trained up in formal qualifications to make them better at their jobs or improve their morale? Or are they likely to leg it to another company if you do? Is simply training them up without any formal qualification the best way to have them skilled but retain them?

I'd like to speak to CIOs and other IT professionals, consultants, recruitment agencies, headhunters, training organisations and CIO organisations. Phone interviews to take place in the next fortnight.

Approaches by email only.

Young people entering the workplace see email as slow and have grown up with P2P and Web 2.0 applications - yet most businesses are still living in a Web 1.0 world – with security policies to match. It's already a major battle keeping email and the "vanilla" web free from attacks, malware and spam - the adoption of Web 2.0 will make the job even harder. Yet, simply closing access to unapproved tools can be short sighted as unhappy talent drifts to rival businesses with more enlightened policies.

This feature will look at ways that information security professionals can learn to "think at Web 2.0 speed", embrace the advantages of the new business tools without compromising security.

Some questions the article will answer:

• What are the business advantages of adopting web 2.0 in the workplace?
• Which types of businesses are more likely to adopt and encourage Web 2.0? What are the reasons for this? Which aren’t and why is that?
• Does the recession make it easier for companies to restrict Web 2.0 usage by taking advantage of people’s need for employment and inability to move companies? Is this likely to come back to haunt the business?
• What are the techniques that cyber criminals are using to scam employees (and consumers) via web 2.0 applications?
• Even in a recession people seem to be buying more sophisticated phones and netbooks and using them for work. More people are working from home mixing domestic and business use on the same PC or Mac. What’s the best way of dealing with these trends?

I'd like to talk to the following groups of people:

• Chief information security officers and other information security profesionals about their experiences of Web 2.0, good and bad and even some that may have been open to Web 2.0 to begin with but then changed their mind due to security concerns.
• Experts from Facebook, LinkedIn, Twitter etc who can discuss the security of their applications and others and whether they are suitable for enterprise use (or not)
• The likes of RSA, Symantec, McAfee etc.
• Consultants and analysts who can either address all the issues or address specific ones mentioned above.

As usual, I'm going to want a case study of a business that has adopted Web 2.0 and successfully integrated security both in the enterprise and remotely. I'd like to be doing phone interviews during the next two weeks (until November 13th). Approaches by email only, because I'm going to be out of the office and you'll only get my voicemail if you call!

Can you help with the following article? This article will be appearing in SC Magazine. SC features on specific technologies and trends are designed to inform IT security professionals about the state of the art in that area.

Virtualisation is being touted as the next wave in corporate computing but its advantages bring new challenges and headaches for the information security professional. You can't move these days in IT circles for people touting the advantages of VMWare and other virtualised systems - and advantages there are many, but those bring with them security pressures and risks.

Questions to consider

• What are the advantages of virtualisation?
• Is it any different from network computing?
• What are those security risks?
• How do these risks differ from those on non-virtual systems?
• Is there anything that should not, absolutely, be virtualised?
• Could a virtualised system actually offer more robust security than a non virtual system? How?
• Who are the leaders in secure virtual systems and what technologies do they use?

I'd like to speak to analysts, consultants, select vendors and the technical community for this piece.

I'm also looking for stats on how fast are UK businesses moving to virtualisation and what the reasons are.

Lastly, some companies like IBM are actively using virtual worlds like Second Life for serious business purposes like holding global sales meetings and to build communities for partners and customers. But how safe is this? Surely it's asking for trouble expecting virtual communities to be safe where you cannot be sure that anyone is who they say they are? I'd like to know if any other businesses are following IBM's lead, why they are doing it and what security steps they're putting in place.

I'd like to arrange interviews for this week and the week of the 7th - please note, I'm on holiday the week of the 31st so won't be able to answer questions, emails, etc during that week. My _absolute_ deadline for this piece is the 18th September.

HOW TO REPLY: send an email to pr@robbuckley.co.uk or leave a comment below

Just got back from two weeks in Santorini. It's gorgeous, it really is, and even with two weeks, it's hard to do everything, even though it is quite a small island/archipelago. Oia is probably the most beautiful place I've ever been to, but the Prehistoric Museum in Fira is also a must-see for its Bronze Age frescos.

I'm going to be on holiday from the 4th August to the 18th August, but if you leave a message on my voicemail or send me an email, I'll get back to you when I return.

IT security professionals charged with securing the information architecture of an e-commerce-driven business face special and daunting challenges. They must fight phishing attempts, identity theft, reputation management and DDoS attacks, and at the same time, the risk of media exposure of the business if they get it wrong.

What is the latest thinking in protecting an e-business from cyber attack? This feature will go behind the headlines to look at the reality of attacks and outline what IT security professionals should do to mitigate threats and deal with attacks if and when they happen.

So I'd like to speak to consultants and analysts as well as IT security professionals, including at least one for a case study, preferably about someone who has successfully defended against non-trivial attacks (DDos, hackers attempting to penetrate networks, bad employees trying to hack from within, etc), to discuss the latest security thinking.

Interview probably to mostly be conducted between 16-24th July. My final, final deadline (before anyone asks) is the 28th July.