Vested Outsourcing White Paper! | Vested Outsourcing

Vested Outsourcing White Paper! Vested Outsourcing

Skydiver catches Image of NASA Shuttle Launch

Enterprise Reinvention: How to Improve Corporate Performance through Enterprise Risk Management

Where companies have historically been able to improve results through specialization, successful reinvention requires a much greater emphasis on unification and facilitation—moving from managing the parts to leading the whole. This requires a different approach:

• Start with Your Customer
Every company's enterprise view and strategy needs to start with customers. Most executives agree with this tenet philosophically, but few enterprise reinvention and enterprise risk management programs follow this in practice. This requires that executives clearly establish, articulate, and integrate: where your company intends to go and why.

• Be holistic and systematic
Another principle to incorporate is to be both holistic and systematic. Without a shared enterprise view to guide companies in continually changing environments, companies often get stuck by focusing on the parts instead of the whole.

When competitive and organisational situations change, executives get caught working on the wrong things—on areas that used to be important but are no longer the bottlenecks.

• Don't Forget Your Community
A third insight—important for sustainable enterprise reinvention and effective risk management—is to systematically manage social roles. Companies are the only true economic engines for society, and strong communities are the only source of sustainable profits. When companies don't formally integrate into their communities and—instead—view themselves as separate entities, enterprise risk profiles will inevitably increase.

Integrating Enterprise Reinvention and Enterprise Risk Management
Enterprise risk management is an important tool for sustainable competitive advantage. Similar to the market and the enterprise itself, a successful enterprise risk management program requires holistic and systematic processes to support the following:

• Envision: An Enterprise strategy linked to customer needs, with defined operational implications, and well-articulated enterprise guidelines for managing risks and opportunities.
  
• Design: Formal risk mitigation and opportunity sensitivity analysis/monitoring/reporting.
  
• Build: Enterprise-wide controls, processes and infrastructure.
  
• Operate: Well-established personal roles and motivations for people to act in the best interests of their companies—at the enterprise level—through proper incentive structures.

For companies to successfully reinvent themselves, the enterprises can't be viewed as the sum of their parts. The enterprise overall is the goose that lays the golden eggs. Similar to a brand, it needs to be holistic, integrated and relevant—and continuously adapt through successful and accelerated enterprise projects.

Improvements

To improve your company, try taking your enterprise reinvention and enterprise risk management program to the next level. Integrate "Envision-Design-Build-Operate," to achieve your objectives through a shared enterprise framework, integrated roles and responsibilities, and adaptive monitoring/sensitivity analyses.

Holistic approach

Then, holistically address risks through independent program assessments to diagnose and correct identified weaknesses and take full advantage of new opportunities.

Given our rapidly changing and hyper-competitive business environment, there has never been a better time to reinvent your enterprise and your enterprise risk management program.

Clearly, this will require a different approach than the scientific management methods that worked so well in the old Industrial Age.

The new knowledge-based approach is at the heart of systematic and sustainable enterprise reinvention. The best time to start your reinvention is today.

Today's Interim managers offer good value

A recent report by the Management Consultancy Association claims that while consultants provide specialist skills not available internally, contractors and interim managers simply replace full-time staff "at an inflated price".

This criticism comes on the back of recent comments that interim managers take home more than the prime minister.

Both claims are unfounded. Interim managers are senior, experienced and can turn their hand to a wide range of tasks. They work from within a customer organisation to identify ways to strengthen that organisation's capabilities and ensure the organisation has the capacity to continue to deliver results once they have left. They have an exit plan from day one and are looking for or already know their successor.

That is a contrast to consultants, who are an outside resource, hiring out knowledge and expertise to a client to achieve outcomes.

As for the claim that interim managers earn more than the prime minister, interims are small businesses compared with consultancies, who may have hundreds or thousands of staff, expensive offices to maintain, and big marketing budgets.

Interim managers may be paid up to £500 a day, but that is not a salary. That is gross revenue, which goes to a limited company. Holidays are unpaid, health insurance is unpaid, sick days are unpaid, time between assignments is unpaid.

Most interim managers have to pay their own businesses expenses, including national insurance, indemnity insurance, travel and accommodation costs and other costs, such as personal computing equipment, mobile phones and broadband connections.

Most interims work away from home, travelling on a Sunday evening and back on a Friday evening. My most recent assignments have involved journeys of between three hours and five and a half hours - all unpaid time out of the weekend. Accommodation is required and customers rarely pick up the tab. Iver and above this you have subsistance costs, you need to eat and keep fit.

An assignment may last six months - following which, an interim manager might not work again for another four months, so it is unclear how long a manager needs to make their money last.

A six-month contract would comprise a maximum of 120 days of paid work. That is a gross revenue of £60,000, which may sound a lot, but the costs involved could add up to more than £28,000, leaving under £32,000. That has to cover not just managers' pay, but also essential continuing professional development and professional accreditation.

The reality is that interim managers work, on average, 10-hour days. If the salary is £32,000, that equates to £26.67 an hour. A prime minister may earn £150,000, but add in holidays, pension, cars and expenses and they are still looking at a package of more than £180,000, even with the new constraints.

A professional, accredited interim manager lives and breathes for the customer while on assignment. They analyse, design, build, train, roll out and evaluate major changes for the customer and transfer skills into the organisation so they will not need to come back.

Unlike consultants, interim managers see the job through until it is done or until the customer is confident of its capacity to manage without external help.

The Secret Powers of Time - Animated video

Professor Philip Zimbardo conveys how our individual perspectives of time affect our work, health and well-being. Time influences who we are as a person, how we view relationships and how we act in the world. View the full video of Professor Philip Zimbardo’s talk at the RSA.

Why deception is our preferred way of life

Why deception is our preferred way of life

Greek philosopher Epictetus commented on human behaviour in this way: "It is not things in themselves that trouble us, but our opinions and perceptions of those things." It is not what happens to us that determines our behaviour but how we receive and interpret what happens to us.

Thus, when facing a potential threat, one person might interpret it as a challenge to be mastered, another as a force majuer and certain defeat, while a third might see it as retribution, the punishment he or she readily deserves.

Crucially, the decisions about what to do and how to react to this potential threat, follows on from the individual's ability for absorbtion, comprehension and interpretation, as it is attributed and applied to the original action.

This uncertainty lies at the heart of what we need to know if we are to understand ourselves and behave differently and more appropriately.

Yet throughout history we have denied ourselves this direct path to the truth because what it tells us about ourselves is that, while we are not responsible for most of what happens to us, we are always responsible for how we interpret it.

We appear to dislike taking responsibility for ourselves as much as we dislike risk and uncertainty.

The Economic Hitmen by John Perkins

The Economic Hitmen by John Perkins

H1N1 flu undergoing genetic changes in swine

H1N1 flu undergoing genetic changes in swine

Although the pandemic H1N1 "swine" flu that emerged last spring has stayed genetically stable in humans, researchers in Asia say the virus has undergone genetic changes in pigs during the last year and a half.

The fear is that these genetic changes, or reassortments, will produce a more virulent bug.

"The particular reassortment we found is not itself likely to be of major human health risk, (but) it is an indication of what may be occurring on a wider scale, undetected," said Malik Peiris, an influenza expert and co-author of a paper published in the June 18 issue of Science. "Other reassortments may occur, some of which pose greater risks."

The findings underscore the importance of monitoring how the influenza virus behaves in pigs, said Peiris, who is chair and professor of microbiology at the University of Hong Kong and scientific director of the university's Pasteur Research Center.

"Obviously, there's a lot of evolution going on and whenever you see some unstable situation, there's the potential for something new to emerge that could be dangerous," added Dr. John Treanor, professor of medicine and of microbiology and immunology at the University of Rochester Medical Center in New York.

The novel H1N1 pandemic influenza virus that began circulating in humans in early 2009 originally came from swine, first infecting humans in Mexico before spreading to more than 200 countries.

In humans, the 2009 H1N1 virus has stayed genetically the same and still causes relatively mild disease, when it causes disease at all (the virus has all but disappeared in recent weeks, although experts suspect it will be back).

Directors of Passive Intervention

Director of Compliance and Passive Intervention

“When the music stops, in terms of liquidity, things will be complicated,” Citigroup’s Chairman and CEO Charles Prince told the Financial Times. “But as long as the music is playing, you’ve got to get up and dance. We’re still dancing.”

This quote has become the emblematic aphorism of the economic crisis of 2008–09: a symbol of how some banking and financial-services executives justified their poor judgment and negligent (and/or even fraudulent) behaviour. But it also reflects a more pernicious pathology — relevant to all the corporate crises we’ve seen recently in the oil, automobile, and financial-services industries, in which companies’ own lack of strategy, control and judgement have been partially responsible for their substantial public woes.

As one respected non-executive director of a top-tier U.S. bank noted, “I still can’t believe Prince said that. If I had been one of his shareholders, I’d have been furious. Where was his board?” Still sheltering in his pocket, I guess.

Prince knew that his boardroom overseers were comfortable with their bank waltzing around on its shareholders’ time and possibly it's behalf, because none of his directors ever came forward and challenged the assumption.

The passive board — which obeys the law but does not provide meaningful oversight — is a hindrance and handicap for any corporation. In accounting terms, its oversight is mere overhead.

Perhaps they were selected for their level of deference and compliance to the 'team.' These directors did their 'duty.' They simply had to follow the law and the corporate customs that protected them, whilst living in the luxury of the moment.

How often have we heard this excuse of following directives without question as an excuse for positive action. Do we not expect substantially more initiative and significantly less sheepish behaviour from our corporate 'leaders?'

Phishing Gangs Hosted by Paraguyan Government servers

Phishing gangs have been getting bolder of late, and there's no clearer evidence than the cache of phishing data that researchers at Sunbelt found on a site owned by the Paraguayan government.

The researchers discovered that a site belonging to the federal government in Paraguay is currently hosting a fairly large drop of phishing information related to attacks on banks, insurance companies and other targets in the U.K.The targets include some of the bigger companies in the U.K. business world: Barclays, Lloyds, Halifax and others.

This hidden cache, while sitting on a relatively high-profile server, is not much different than drops that have been found on servers all over the world. In many cases, researchers will sit and watch the servers in hopes of learning something about the gang behind the phish. In this case, the Sunbelt researchers have notified the site owners.

No less than fourteen different banking / financial services phishes including Barclays, Abbey, Northern Rock, Halifax and Lloyds TSB. Clearly, someone is desperate to get their hands on as many UK banking credentials as possible. These phishes are all online at the moment although some appear to be flagged in browsers such as Firefox. We’ve contacted the hosts and hopefully all of the above will be offline shortly.

The server on which the data is being hosted belongs to the Central Department of the federal government in Paraguay. But that doesn't seem like much of a bother or a challenge to the gang behind the attack. It's just another server on which to hide their wares; one's as good as another.

The Best Leaders Teach Others To Lead

"There's nothing you can screw up that I can't help fix," she was often heard telling her students at Air Force Fighter Weapons School (the Air Force equivalent of Top Gun). And it is this philosophy that makes Lori Robinson a great leader. She understands she's only as good as those she leads.

When a leader spends more time reprimanding people for making mistakes, they will quickly create a culture in which people will fear making mistakes. Innovation and productivity suffer because the team will play not to lose instead of playing to win.

Worse, few if any will want to take personal accountability for their actions. They will point fingers or come up with excuses. And if people don't own their own decisions and actions then they will never feel a part of something bigger than themselves. They will rarely go out of their way to help their colleagues, the group or the company.

That's not the case for those who General Robinson commands. She is renowned for working to clear a path for others so that they may succeed. She has earned remarkable loyalty from those who have ever served her. In fact, those who have served under her have gone on to have remarkable careers of their own. And it is this that makes Lori Robinson a brilliant leader. She does all she can to serve those who serve her.


Click to download the excerpt about Lori Robinson in Start With Why

Security Alert for Windows XP Users

Microsoft is warning Windows XP and Server 2003 users that exploit code has been posted online showing attackers how to break into these operating systems remotely via a newly-discovered security flaw.

The vulnerability has to do with a weakness in how Windows Help and Support Center processes links. Both Windows XP and Server 2003 retrieve help and support information from a fixed set of Web pages that are included on a whitelist maintained by Windows. But Google security researcher Tavis Ormandy last week showed the world that it was possible to add URLs to that whitelist.

Microsoft said an attacker could exploit this flaw by tricking a user into clicking a specially crafted link. Any files fetched by that link would be granted the same privileges as the affected system’s current user, which could spell big problems for XP users browsing the Web in the operating system’s default configuration — using the all-powerful “administrator” account.

“Given the public disclosure of the details of the vulnerability, and how to exploit it, customers should be aware that broad attacks are likely,” Microsoft said in a statement released last week.

Security experts have frequently urged XP users to create and use a limited user account for everyday computing, and to use the administrator account only for occasional updates and other tinkering that can’t be done as a regular user. While more malware these days is being configured to run even in limited user accounts (the ZeuS and Clampi Trojans, to name a couple), a limited account will block a large number of attacks, and should prevent user-level infections from becoming system-wide infestations that are more challenging to clean up.

Google’s Ormandy, who has privately alerted Microsoft to a large number of security flaws he found in the company’s products over the years, indicated he was releasing the details of this bug publicly just five days after alerting Microsoft in an effort to force Microsoft to patch the flaw more quickly than it would have otherwise.

“I’ve concluded that there’s a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security,” Ormandy wrote. “Those of you with large support contracts are encouraged to tell your support representatives that you would like to see Microsoft invest in developing processes for faster responses to external security reports.”

Ormandy included a “hotfix” tool designed to help XP and Server 2003 users mitigate the threat from this vulnerability until Microsoft releases a patch for it. For its part, Microsoft claims Ormandy’s hotfix doesn’t protect users.

“Unfortunately it is ineffective at preventing the vulnerable code from being reached and can be easily bypassed,” Microsoft said in a post on its Security Research & Defense blog. “We recommend not counting on the Google hotfix tool for protection from the issue.”

The Art of Rapid Transition

The Art of Rapid Transition - the new economics foundation

We are living in what can only be described as interesting times: a debt-fuelled economic crisis, the looming peak and decline of global oil production, and the potential loss of a climate system able conducive to stable, flourishing societies.

The Art of Rapid Transition was a series of five extraordinary events hosted by nef at the Hay Literary Festival in 2009.

They were inspired by the admission by the former Federal Reserve, Alan Greenspan that: “I discovered a flaw in the model that I perceived as the critical functioning structure that defines how the world works”.

There are a range of positive examples, both past and present, which provide a rich source of inspiration for the Great Transition to a new economy.

From Cuba, where the response to the sudden loss of cheap oil and subsequent economic collapse was so successful that it was dubbed the ‘anti-model’ in Washington DC, to the spectacular growth of the Transition Town movement.

The lessons that can be learnt from resource-use during war-time, The Art of Rapid Transition presents a range of positive ideas about how to survive (and thrive) in times of crises, and be better equipped to deal with emerging challenges.

Malware and Trojans use YouTube to spread

Security firm eSoft has alerted web surfers about the dangers of bogus websites using the YouTube brand and format to spread malicious malware, something the company has found on more than 135,000 web pages derived from Google search results.

It appears, according to the firm’s CTO Patrick Walsh, that unsuspecting users looking for videos on recent events like the Gulf of Mexico oil spill are being directed to maliciously crafted websites with videos that appear to be identical to YouTube postings.

The so-called YouTube videos are actually phishing pages says Walsh, and they are built to look like real pages from the online video portal but are hosted on compromised sites.

In a recent Infosecurity blog posting, the eSoft CTO detailed how attempting to play these fake YouTube videos actually installs a downloader trojan with a less than 20% detection rate according to Virus Total, a website that tracks anti-virus detection rates. When the user clicks to run the video, they are instead prompted to install a codec. Of course this ‘codec’ is actually a piece of malware that allows attackers to stealthily control the user’s machine.

“By using websites like YouTube, cyber criminals are taking advantage of a users’ inherent trust in the site and are able to infect more machines”, said Walsh. “We were able to find these sites by searching for common terms like oil search video, so I think it’s fair to say that search engine poisoning was being used to drive people to these sites”.

However, Walsh added that Google appears to be doing a bang-up job in removing these infected results from search queries, as the number of malicious sites has shrunk from 135 000 two days ago to about a half dozen.

Zen and Business Analytics, Information and Performance Management

Analytics is the use of modern data mining, pattern matching, data visualization and predictive modeling tools to produce analyses and algorithms that help businesses make better decisions.

With regard to topics such as customer management, pricing, supply chain, logistics and workforce analysis, analytics helps companies answer questions such as: "Why is this happening?" "What if trends continue?" "What will happen next?" "What is the best outcome?" Thus, analytics can provide foresight to what events may have the most impact on the enterprise as a whole.

Performance management is an umbrella term that describes the methodologies, metrics, processes and analytical applications used to monitor and manage business performance.

Examples include budgeting, planning and forecasting; profitability modeling and optimization, scorecard applications and financial reporting and consolidation. Performance management can also provide insight into the future and better understanding of current activities and events.

BI is the use of querying, reporting, online analytical processing and alerts that help answer event-based questions such as: "What happened?" "How many?" "How often did it happen?" "Where exactly is the problem?" "What actions are needed to resolve it?" BI is best for gaining insight into current activities and events, as well as understanding what has happened and how those events have affected the business.

Finally, data management is the development and execution of architectures, policies, practices and procedures designed to help properly manage the collection, quality, standardisation, integration, aggregation and governance of data across the enterprise. Data management primarily involves looking backward and figuring out how to learn from the past to improve the present and future.

There are multiple drivers of investments in BA technologies. First, companies collect vast amounts of information about their business activities and customers via transactions generated through customer relationship management, enterprise resource planning and online systems, among others.

However, this discrete information doesn't provide an integrated view across the enterprise. The problem of data is literally growing out of control, and the lack of a holistic view will begin to cripple many companies in the not-too-distant future.

Compliance needs also drive the push for better BA capabilities. BI applications, reporting and analytics tools are key enablers to support regulatory requirements. Costly as it may be, most companies have no choice but to implement these tools in order to adhere to compliance measures and to monitor and mitigate risk.

Finally, increased performance and competitive demands are intense drivers of improved BA capabilities. The need to remain competitive compels companies to invest in BA tools that improve insight into business and market information, which in turn can enable more informed and proactive decisions.

Most companies have also implemented comprehensive performance management systems to deliver information to decision-makers to improve insight and outcomes.

How do BA capabilities meet these needs? They can shift the paradigm. Over the last couple of decades, companies have been investing heavily in ERP systems to streamline their processes.

This has resulted in a significant increase in organized data; however, the focus has shifted from simply organizing data more efficiently toward analyzing information to improve performance.

Business analytics can help companies move from answering the question, "What do I need to do?" to answering the more complex, nuanced question of "What do I need to know?"

This paradigm shift is the wave of the future. Most companies know what they need to do. To stay ahead of the competition in the future, companies will need to slice and dice their data in myriad, increasingly complex ways in order to understand what they need to know about their business to improve its performance.

One way to gain this knowledge is to leverage BA to gain foresight as well as insight. I believe that companies that are best able to leverage BA capabilities will certainly gain a leg up on their competition and better position themselves to thrive in an uncertain future.

Smile or Die: The Perils of Positive Psychology

Smile or Die: The Perils of Positive Psychology Open Culture



Positive psychology is a discipline tailor made for American culture. Our cultural DNA inclines us towards optimism and positive thinking. These days we’ll even send positive vibes your way, and what can be wrong with that?

If you ask Barbara Ehrenreich, the author of the bestselling book Nickel and Dimed, she’ll tell you what’s the problem in 10 animated minutes.

The KNO: An iPAD Killer

Greenpeace Video - Ocean acidification research in Svalbard

The Future of Local Government

The Drivers
There are huge pressures on Local Government to link services and deliver a shared provision. This isn’t just between neighbouring councils, we are seeing a real push towards regional and national shared service providers. In addition, we are seeing links to 3rd sector agencies to provide and deliver public services.

The Cloud
The cloud is having a big impact on ICT services in councils and it is clear that the level of transformation required to cope with this, will require additional investment in ICT but it is unlikely that a single council could justify the spend on its own. Therefore, we would need to look at a shared arrangement for regional and national cloud services, possibly a public sector cloud. Here the Government Cloud is driving people’s thinking and will have a head start in this area, if it is managed properly.

Budget
Financial pressures on councils is making them seriously consider what services they can afford and establish priority levels for their specific local areas. Total Place will drive an approach which will inevitably bring 3rd sector and communities themselves to the table as service providers in some instances.

Directgov
Central Government’s apparent success with Directgov will be used as a model for local government, to drive out efficiencies and to provide efficiency benefits and cost savings for local government transactional services. This will be achieved, either through an enhanced LocalDirectgov portal or directly offered through Directgov but there will be close links needed, whatever happens.

Transparency
The drive for transparency and an open data policy, will allow a greater level of local innovation by social innovators and entrepreneurs and in some instances delivering council services directly, in a more usable and useful way.

A greater push for more local involvement in decision-making and greater transparency to enable citizens to provide scrutiny and shape services directly.

The Impact
What this essentially does is completely break down local government and disbands the silo mentality of individual organisations who are unconnected, uncoordinated and in many cases duplicating functions.

The Local Service Provision
This future vision sees the only aspect of local government to remain local is the 'last mile', or the actual service delivery and decision making. The organisation behind it will be held in the cloud; a mix of closely linked, local, regional, national and cloud based services all supporting an individual worker, to deliver a service to someone in a community. The worker in question may be an independant trader or part of an outsourced agreement, under the control of the local, regional or national government, facilitated via the cloud but not directly employed by the council,

Benefits
This will imply that local government will become simply the conceptual, and management control layer, allowing greater transparency and openness, radical approaches to service delivery and support services. Therefore, the only aspect of local government that needs to be focussed on will be the People in the Community.

This will be a difficult path to walk, a political hot potato in most areas and would need to bring forward a great outcome. If successful, and if properly controlled and implemented, this approach could help to drive out the inefficiencies in local government and offer greater local involvement in service design and creation.

The Pleasures of Imagination: Paul Bloom

The Pleasures of Imagination

How do Americans spend their leisure time? The answer might surprise you. The most common voluntary activity is not eating, drinking alcohol, or taking drugs. It is not socializing with friends, participating in sports, or relaxing with the family. While people sometimes describe sex as their most pleasurable act, time-management studies find that the average American adult devotes just four minutes per day to sex.

Our main leisure activity is, by a long shot, participating in experiences that we know are not real. When we are free to do whatever we want, we retreat to the imagination—to worlds created by others, as with books, movies, video games, and television (over four hours a day for the average American), or to worlds we ourselves create, as when daydreaming and fantasizing. While citizens of other countries might watch less television, studies in England and the rest of Europe find a similar obsession with the unreal.

This is a strange way for an animal to spend its days. Surely we would be better off pursuing more adaptive activities—eating and drinking and fornicating, establishing relationships, building shelter, and teaching our children. Instead, 2-year-olds pretend to be lions, graduate students stay up all night playing video games, young parents hide from their offspring to read novels, and many men spend more time viewing Internet pornography than interacting with real women. One psychologist gets the puzzle exactly right when she states on her Web site: "I am interested in when and why individuals might choose to watch the television show Friends rather than spending time with actual friends."

One solution to this puzzle is that the pleasures of the imagination exist because they hijack mental systems that have evolved for real-world pleasure. We enjoy imaginative experiences because at some level we don't distinguish them from real ones. This is a powerful idea, one that I think is basically—though not entirely—right. (Certain phenomena, including horror movies and masochistic daydreams, require a different type of explanation.)

Hacking is an SME -Anatomy of the Eleonore Exploit Kit | threatpost

Anatomy of the Eleonore Exploit Kit | threatpost

When an unknown attacker compromised three domains belonging to the U.S. Bureau of Engraving and Printing last month, it became big news, mainly for the brazenness of the attack against a federal Web site. The bigger news, however, turned out to be that the attack involved the use of the Eleonore exploit kit, a sophisticated and well-developed toolkit for attackers.

In a talk at the Kaspersky Lab Security Analyst Summit on Thursday, Kurt Baumgartner, an independent security researcher, gave a detailed analysis of the Eleonore exploit pack, which he has been tracking for some time now. The kit hit the market just about a year ago and has been selling steadily ever since, for a price that has now reached about $2,000, he said.

The Eleonore kit has gone through several iterations since its debut in June 2009, beginning with a fairly basic version 1.0 that sold for around $560. The kit now includes exploits for some vulnerabilities on Windows 7, including at least one for 64-bit Windows 7, Baumgartner said. However, the Eleonore kit isn't necessarily the most original attack toolkit on the Web right now.

"These are usually not zero-days. Usually the exploits are from milw0rm," Baumgartner said. "You're not getting a lot of creativity for your money."

What you are getting, he said, is a ready-made attack tool that can be used to exploit a number of existing flaws. The Eleonore kit has an interesting business model that limits the ways in which customers can use the tool. The current version includes a URL-binding feature that ensures that each customer can only use the tool on one site. In order to use it on other URLs, customers have to pay $50 for each additional URL.

The creator of the Eleonore kit, who goes by the handle "exmanoize," likely is selling one new copy of the kit each week, along with about another 20 or so licenses for extra URLs. Baumgartner said that there also are about 15 other sites that come online each week that are serving exploits using the kit, but those are either using older versions or stolen copies of the code.

Following the current trend in the security underground, Baumgartner said that the most prevalent exploits used by the Eleonore customers are Adobe PDF attacks, with Flash exploits following close behind.

Gen Y are coming soon to Business Schools

Business Schools Beware: Gen Y is at the Door

In a few years, Generation Y will storm the gates of MBA programs that are ill-equipped to teach them on their technology-focused terms. It’s time for B-schools to embrace the future

By Matt Symonds

They say every army trains to fight the last war, not the next one. Could it be that business schools are in danger of falling into the same trap, gearing up to train the current generation of corporate leaders rather than the upcoming one?

The bright young things that schools hope will become their MBA students in three or four years’ time might look a lot like the occupants of today’s classrooms, but they differ in one crucial respect. They don’t just use the new technology that has revolutionized business over the past decade—they eat, sleep and breathe it. That means the lessons they will want to learn and the way they will expect those lessons to be delivered could be radically different.

Practically all major schools are addressing this development in various ways: by increasing the use of technology in the classroom; by including its employment in case studies; and by embracing social media such as Facebook, blogs, and Twitter. But all this is fraught with danger. Unless schools really understand the mind-set of the potential Gen Y MBA, they risk looking at best like enthusiastic amateurs and at worst like the embarrassing “cool dad” attempting to engage with their teenage children about the latest release by Jay-Z or Lady Gaga.

So who, if anyone, in the international business school community has woken up and smelled the forthcoming coffee so far?

Virtual Classrooms and iPods

Warwick Business School in England is one of the schools that seems to have grasped the fact that Gen Y really doesn’t understand why its elders insist on working or learning on a face-to-face basis. As a result, it has constructed one of the most effective of the new breed of virtual classrooms. Going under the name of wbsLive, the system allows students to interact not only with their lecturer but also with fellow classmates, trading information and opinions and working together in project teams as if they were sitting side by side rather than on different continents. It’s now being rolled out across the school’s alumni community to encourage closer links between graduates and to bring a more personal element to the international mentoring scheme.

Also in Europe, HEC Paris has shown much more than a flirtation with technology by working with Apple (AAPL), allowing the school to equip every MBA student with an iPod touch that will be used as a platform for learning materials, FAQs, filmed lectures, and connecting with classmates and academics. The initiative is part of an increasing involvement by schools including Yale, Cambridge, and Duke’s Fuqua School of Business in iTunes U, the online learning content available from Apple’ iTunes store. Other schools have joined similar projects such as YouTubeEDU, which hosts content from the University California at Berkeley’s Haas School of Business, and Academic Earth, where business content is generated by Stanford.

Outside the business school community proper, other educational providers have begun to work with Gen Y through the media that fill not just people’s working lives but also their leisure time. The leadership institute Mannaz has recently launched a mini-program with the provocative title “Are you an Orc?” The course examines the leadership tools and techniques used in the world’s most successful online game, World of Warcraft, which currently has more than 11 million players, and applies them to the real-world workplace.

Collaboration and Consensus

The presumption is that managing and directing international teams means the traditional “face-to-face” model of leadership is no longer possible and, for younger employees in particular, not even relevant. In this context, leaders need to be collaborative, consensual, and inclusive. Ironically, that’s exactly what a role-playing game like World of Warcraft teaches. It also seems to teach interesting ways of disposing of competitors using an eclectic mix of medieval weaponry, but nothing is ever perfect.

Perhaps the most forward-thinking ideas in this area have come out of the Pittsburgh Science of Learning Center, a sister institute of Carnegie Mellon’s Tepper School of Business. The Center’s director, Ken Koedinger, argues that to truly engage and excite the next generation of MBAs, technology should not just amend the current business school model, it should shake it up. He points out that we are only a step away from throwing out the idea of a business school as a set of buildings providing formal education and bringing in the concept of school as a knowledge “hub,” perhaps a largely or even entirely virtual one. Traditional history-based case studies, the bedrock of so many MBA programs, would disappear, replaced by real-time, real-life case studies in which organizations work with students and academics to solve problems and meet challenges on a day-to-day basis.

It’s an exciting prospect and, theoretically, one that could eradicate much of the herd mentality and stifled thinking that have led us into so many economic crises, from the South Sea Bubble to subprime mortgages. The question is: Who is going to have the vision and the courage to implement it?

Matt Symonds is co-founder and former director of the QS World MBA Tour and is co-author of ABC of Getting the MBA Admissions Edge.

The Devil's Triangle of IT Project Management

The Devil’s Triangle describes a basic set of dysfunctional relationships that push many projects toward failure. As you have heard in other contexts; there are three people in this marriage.

Three parties participate in virtually every major software deployment: the customer, system integrator or consultant, and the software vendor. Since each of these groups has its own definition of success, conflicts of interest rather than efficient and coordinated effort are built into and affect many software implementation projects.

The Devil's Triangle

The Devil’s Triangle explains how economic pressures can drive software vendors and system integrators to act in ways that do not serve customer interests. It also offers insight into the ways some enterprise software customers damage their own projects.

Devil’s Triangle relationships are a short sighted and self-interested way of life for too many participants in the enterprise technology landscape.

Schizophrenic software vendors and split loyalties

Clearly, Software companies want to sell product licenses to end customers. However, the vendor’s loyalties are sometimes unclear, because 3rd party system integrators have a great deal of influence in most software deals.

Beware the Systems Integrator

As a result, although the customer buys the license, the system integrator may have a closer, better, stronger, relationship or partnership with the vendor. The link to the customer is more tenuous.

Although the customer is certainly important because he finances the deal, some integrators offer incentives to enable critical 'deal flow' to the vendor, making the integrator a key part of the software company’s sales process.

So who wins when a software vendor’s loyalties to the customer conflict with its relationship to the system integrator?

Wacky system integrators: billable time vs. customer success

When a project goes over-budget, the customer pays much of that extra cost to the system integrator in the form of additional services fees. In the best cases, these fees enable the service provider to perform additional, high value work improving business outcomes for the customer despite the higher cost.

Beware the Dual Incentive

System integrators sometimes have a dual incentive to build long-lasting customer relationships while racking up change order fees if the project runs late.

Sometimes, this situation creates an negative incentive pushing the integrator away from the goal of completing the project on time and allowing the cash to continue flowing, out of the customer's budget.

For these unscrupulous consultants, unsuccessful projects represent “annuity consulting” revenue coming at the customer’s expense.

This conflict has been described before:

• In private moments, many third-party consultants dream of long projects, where billable hours and customer purchase orders flow like water.
  
• This kind of annuity consulting is never good for the ERP buyer.
  
• Almost by definition, when projects exceed their schedule and budget, the extra dollars go into the consultant’s pocket.

Marin County sues Deloitte: Alleges fraud on SAP project | ZDNet

Marin County sues Deloitte: Alleges fraud on SAP project

In a case that has the potential to reshape important aspects of the systems integration business, Marin County, California filed a complaint against Deloitte Consulting for its role in an over-budget SAP implementation. The lawsuit alleges that Deloitte committed fraud and “misrepresented its skills and experience.”

Here is an overview of the case:

Marin County on Friday filed a lawsuit against Deloitte Consulting alleging fraud related to an SAP ERP software implementation the county said is still not working four years after it initially went live.

In its lawsuit, filed Marin County Superior Court, the county is asking for actual and compensatory damages of at least $30 million, along with unspecified punitive and, or exemplary damages and interest.

Deloitte in turn filed a claim on Friday with the Marin County Board of Supervisors that the County owes it $444,171.50 for work completed, plus an additional late charge of $111,713.80.

This quote, directly from Marin County’s court filing, alleges fraud:

Deloitte mounted an extensive sales campaign to be hired by the County. As part of its sales efforts, Deloitte repeatedly represented to the County that Deloitte consultants had the requisite skills and experience to successfully implement a complex ERP software product specifically designed for public sector entities, developed and licensed by SAP AG and SAP America, Inc. (”SAP for Public Sector”). Deloitte further represented that for the County’s SAP implementation, Deloitte had assembled a team of its “best resources” who had “deep SAP and public sector knowledge.”

These representations were fraudulent.

The complaint emphasizes that the system integrator was aware of Marin County’s lack of skill, experience, and capability to manage a complex ERP implementation. In non-legal terms, the complaint suggests that Deloitte lied to Marin County in order to make the sale:

Indeed, at the time Deloitte made [the representations], it knew that it did not have the ability or intention to provide the skilled resources necessary to deliver a successful SAP implementation for the County. Deloitte also knew that because the County did not have any prior ERP implementation experience in general, or SAP experience in particular, it would be depending on Deloitte to oversee, guide and manage the project. Notwithstanding such knowledge, Deloitte made these false representations in order to obtain the contract for the County’s lucrative SAP project.

THE PROJECT FAILURES ANALYSIS

The lawsuit reads like a caricature of many IT 'Devils Triangle' problems I discuss in this blog, and lists a catalog of alleged IT services failures.

For example, the complaint states that Deloitte mishandled staffing, project management, risk management, and testing:

As part of its fraudulent performance of the contract, Deloitte: intentionally and/or recklessly failed to disclose to the County that Deloitte’s lack of SAP public sector skills resulted in a defective SAP system; withheld information about critical project risks; falsely represented to the County that the SAP system was ready to “go-live” as originally planned; conducted woefully inadequate testing; and concealed that it had failed to perform the necessary testing, thereby ensuring that system defects would remain hidden prior to the go-live.

According to the complaint, Deloitte failed to fulfill core system integrator responsibilities required on a project of this type.

Aston Martin DB5 for sale: One careful spy

The 1964 Aston Martin DB5 which was driven by Sean Connery in Goldfinger and Thunderball, and which is expected to make around £3.5 million when it is sold at auction in October

Impossible figures brought to life in virtual worlds

Impossible figures brought to life in virtual worlds - New Scientist



Ever found a computer game truly impossible? If not, you soon might, thanks to Chinese computer scientists who have found a way to depict physically impossible figures in 3D virtual environments.

The endless staircases of the Dutch artist M. C. Escher appear impossible and possible at the same time, and able to go in all directions. Such visual trickery depends heavily on the observer's viewpoint – and that makes it difficult to animate Escher-type figures in games. If the viewpoint pans around a 3D computer depiction of such a staircase, "the impossibility is lost", says Tai-Pang Wu at the Chinese University of Hong Kong.

Now his team has found a way to make these images viewable from a useful array of angles. The trick is to take advantage of the image's strangeness; viewers scarcely notice if an Escher staircase becomes slightly distorted.

MIND: Improve Mental Health in the Workplace

.

The campaign

There are three simple steps you can take to make our campaign for mentally healthy workplaces a success:

1. Spread the word. The first step in the campaign is to open peoples' eyes to the true cost of putting on a happy face at work. Send this page to your friends and colleagues and help us get the word out.
2. Sign up to get involved in the campaign, and we can send you updates, actions to join and useful tips to make your workplace more mentally healthy.
3. Make a donation to help support our campaign for mentally healthy workplaces.

Find out more

Employers	Employees and supporters
Let Mind improve your workplace's mental health, increase productivity, improve staff performance and save thousands of pounds.	Join the campaign and find out how to improve your mental health at work.

Facebook and The Money Mule Farm

Scammers and phishers are continuing to adapt their recruitment tactics, now going so far as to create special Facebook groups for their work-at-home scams.

Phishers have been using social networks such as Facebook, MySpace and Twitter for years now as fertile hunting grounds not only for new victims but as a way to find new participants in their scams, as well. Now, the scammers have taken to creating Facebook groups specifically dedicated to the work-at-home scams that often serve as recruitment schemes for money mules. One such group that's being tracked by researchers has nearly 225,000 members on Facebook.

The criminals promise that their potential mules will get more than $ 6,000 USD per month and will only need to work no more than 18 hours a week. The mule site has a GeoIP javascript, which customizes some parts of the offer according to your current geographical location. So, it’s another old, but in some cases, effective trick to lure more potential mules.

Money mules are an integral part of the phishing and credit-card theft ecosystem, effectively serving as the money launderers for the actual phishing gangs on the back end. The money mules are recruited through these work-from-home or easy money scams that promise high payments for very little effort. What they usually end up doing is accepting deposits and wire transfers of thousands of dollars a day, then transferring the money to other accounts designated by the phishing gang.

For their trouble, the money mules typically earn a small commission on each transaction. In one sense, it is pretty easy money. But the reality is that the money mules are the ones in the phishing scams who are most exposed to discovery, arrest and prosecution. In some cases the money mules don't actually know what the end result of their activities is, they just know that they're moving money from one account to another.

But that's not enough to protect them from prosecution, so the phishers are always in need of new mules for their scams. And Facebook is turning into their recruitment scheme of choice.

The nature and content of these recruiting scams on Twitter, Facebook and other sites has evolved and improved over time as the scammers have seen what works and what doesn't. The gangs behind these scams also move around the Internet quite a bit, changing domains often and using multiple URL redirects to obfuscate the ultimate destination site when potential victims click on one of their links.

It's the same kind of tactic that has worked so well on the front end of phishing scams, disguising malicious domains, redirecting victims through a series of hops and using digital sleight-of-hand to make their scams look more attractive.