|
|
Christopher Byrne's Profile
Customer Reviews: 52
New Reviewer Rank: 10,879
Classic Reviewer Rank: 9,207
Helpful Votes:
342
Views:
0
Helpful Votes:
0
Views:
Helpful Votes:
0
|
|
Guidelines: Learn more about the ins and outs of Your Profile.
|
Reviews Written by
Christopher Byrne "The Business Controls Caddy" (Atlanta, GA USA)
|
|
Page: 1 | 2 | 3 | 4 | 5 | 6
|
|
|
|
|
|
|
|
|
|
|
51 of 55 people found the following review helpful:
Jim Nantz Shares A Very Personal Journey, May 6, 2008
Sitting down watching the Master's over the past few years, we have noticed little change in the way Jim Nantz has called the action from the tower over the 18th green. The steady, calm voice would tell the story unfolding for the audience. Ever steady, his voice made you confident that that you were indeed watching a special event. However, things were not really so steady in his life as he has had to grapple with personal tragedy in his life, but who outside of a small circle of people knew.
This year, I was not watching the final round of the Masters. Instead, I was sitting on an airplane headed for Los Angeles. But I could still here Jim's voice in my head as I read his new book, Always By My Side: A Father's Grace and a Sports Journey Unlike Any Other (Jim Nantz with Eli Spielmen,Gotham Books, May 2008, 273 pages, ISBN-10: 1592403611, ISBN-13:978-1592403615). To me, the measure of a good book is not the words that are printed on the page, but the pictures they paint and the emotions they evoke. And as I finished the book, I sat there crying as I thought of the relationship I did not have with my now-deceased father and as I thought of my own mother battling dementia in a nursing home.
You see, Jim's book is a not a typical sports memoir. It is a story of deep love and respect for his father, and the pain of not being able to be with him as Alzheimer's disease stole the father Jim loved so much. It is the story about not being able to celebrate the high point of a career with the man you know guided and nurtured you to that point.
You will notice that I refer to the author of this book by his first name. This is because I first met him when he was starting out on CBS Sports Golf Coverage and was surprised by how he treated everyone with open arms and kindness. I did not know him as Mr. Nantz, just Jim. He probably does not remember me at all, nor would I expect him to. I have not had the pleasure of seeing him since I the Washington, DC area over 14 years ago, but this new book opened a floodgate of memories that I had not thought of in a long time.
The book is at its absolute best when he is is telling the story of the relationship he has lived with his father, and of how specific people have been father figures and role models to him over the years. The book, thankfully, is not written to be a manipulative tear jerker. But when you read what he has written and weaved throughout the book, a reader would have to be lying if they say they were not moved in some way. Without giving away the ending, all I can say is that I was hit in the gut as much by the closing as I was with his personal disclosures in the first chapter.
The book is at it weakest when some things seem to be written just for the sake of getting names into the book so nobody would be forgotten. At one point, he quickly rattles off the names of a number of CBS Sports producers and directors in one sentence, without going into more detail of his relationship with them or how they fit into the whole growth of his career. At another point, he briefly mentions "research maven John Kollmansperger." Outside of anyone at CBS Sports or elsewhere that has worked with John (also known as JK), this has absolutely no meaning to ayone reading the book. Don't get me wrong, a lot of information readers of this book have seen presented on CBS Sports startiing back in 1987 came from JK's attention to detail. Without adding additional background on JK, readers will be left to scratch their heads.
There are also a couple of areas of the book that left me, as a reader, wondering. Very little is written about the relationship between Brent Musberger and Jim. Musberger's professionalism is noted, but nothing is said about the relationship between the two men and what Jim was REALLY thinking on April 1, 1990 when the axe fell.
And then there is Billy Packer. Jim refers to Packer as a good friend, but I can't help but feel he is throwing Packer under the bus in describing an incident when Packer was on his knees and knees picking up shards of broken backboard glass so that he could use them to cash in and make money. While Jim may have felt he wrote that to help explain what makes his longtime broadcast partner tick, it only shows a side of Packer that I have heard from many people who know him personally and drives their distaste for him.
Putting these things aside, or perhaps even considering them, readers will not be disappointed by this book. Who knew that Clint Eastwood made adult films, as described by Nantz? Does anyone really know, or remember, who besides Fred Couples he shared a room with in college? And who knew that the calm person we see in Jim Nantz really has enough chutzpah to walk up and ask for what he wants, without apology?
So if you should chose to read this book, and I really think you should, enjoy the stories from the sports world that Jim tells. More importantly, reflect on the relationship you have or had with your parents, and the relationship you want to have with your children. For make no mistake about it, Jim is hammering home how important it is for children to have a strong father in their lives. I do not know if I will be able to make it over to Sugarloaf next week for the AT&T Classic, but if I do, I will make it a point to seek out and thank Jim for this book and for this oh so important message.
|
|
|
|
|
|
|
|
|
|
|
|
7 of 10 people found the following review helpful:
Getting a Cursory Overview of Privacy Issues, January 11, 2007
When it comes to books and hype, there is not often a distinction when it comes to marketing. At least this is the case with Privacy Lost: How Technology is Endangering Your Privacy by David H. Holtzman (2006, 352 pages, Josey-Bass, ISBN 0787985112). The cover touts "A technologist, Former Security Analyst, and Military Codebreaker Tells You What You Need To Know About Your Privacy", and the forward is written by US Senator Evan Bayh.
All of this glitz does not cover the fact that the book does not break any new ground in privacy literature, and that the author does not necessarily break any new ground in the existing literature on privacy issues. However, the book does address one thing not covered with the focus of other books: protection of your on-line and real life personal brand.
Take by itself, readers will find the book enlightening if they have not read anything else on the topic. Holtzman begins by covering what he considers to be the seven sins against privacy (which is perhaps the strongest part of the book), and discussions of the collateral damage to society. He then covers why he feels technology is key to our loss of privacy. He endeavors to cover the context of our view of privacy and privacy law, but falls short in this area, He also goes on to discuss the existing and growing threats to our privacy. He talks about the invasion of our privacy by marketers (again, nothing new here). The book wraps up by talking about ways to fight back. One particular approach that I personally like is to be the curmudgeon, or fighting to not give up information when requested. Sure they may already have it, but at least one can sleep at night thinking they are fighting back.
As a whole, the book takes too superficial a look at the issues, without doing into adequate background and depth. This is where the book gets swallowed up in its own hype cycle and falls short of other privacy titles. There is no doubt that the author has background and experience. It just does not translate effectively in this book. It is also ironic that he was once the chief technology officer for Network Solutions, which makes customers pay extra to protect their private information.
Who Should Read This Book?
If someone has only a cursory interest on the topic, this book will be adequate. However, a book that is a much better read and covers the background, growth and tensions in privacy would be better served to read The Digital Person: Technology And Privacy In The Information Age by Daniel Solove.
The Scorecard
Par on an average Par 4 playing downwind.
|
|
|
|
|
|
|
|
|
|
|
|
Do You Know The Business Risk of Blogs?, July 25, 2006
"The choice is simple. Be paralyzed with fear over the concept of open communications channels. or put a blog policy in place and start using these new media in a strategic way". These are the words of IBM Corporate Affairs Director Brian Doyle in Nancy Flynn's Blog Rules: A Business Guide to Managing Policy, Public Relations, and Legal Issues (2006, AMACOM, 226 pages, ISBN 0814473555 ). A specialist in e-policy development, Flynn sets out to describe the ecosystem that blogs exist in, and to lay out common sense rules for companies to follow if they want to enter the blogosphere. For the most part she succeeds, but occasionally the book falls down with an over-conservative approach, acknowledgement of a recent Forbes article without painting the whole picture of that article, and in one case, what I see as a questionable legal interpretation.
Disclaimer: I was interviewed for this book and am cited in both the acknowledgements and end notes.
Flynn starts out with a discussion of why blog rules are needed. Much like what Richard Schwartz and I wrote in "Managing the Business Risk of Blogs" in Compliance Solutions Advisor Magazine (see http://complianceadvisor.com/doc/16543 ), Flynn points out that blogging is here, is real, and presents a new kind of risk for business, while presenting opportunity as well. As such, a reference manual for managing this risk is needed. In Chapter 2, the author goes into more detail on the risks and opportunities faced by business contemplating blogs. Chapter 3 covers the strategic decision of whether to blog or not. Chapter 4 provides a self-assessment checklist.
In Part 2 of the book, Flynn covers legal risks and regulatory rules. Perhaps the most important discussion in this part centers on the topic of blogs as business records. This part also covers potential legal headaches, issues of protecting confidential information, as well as best practices for public companies/regulated firms. In part 3. she covers blog rules, policy and the importance of communication. Part 4 deals with content management issues, discussions on how to handle comments, and comment spam. Part 5 covers employee rights and termination issues. Part 6 covers public relations issues, including positioning of the CEO as an opinion leader. Part 7 goes on to discuss the importance of reputation management in the blogosphere. Part 8 presents cases studies from and interview with IBM and Edelman Worldwide.
What I Liked About the Book
Of all of the 4 books I have by Flynn, this is by far the best. She has conducted extensive research, and presents the information in an easy to read, easily digestible format. She lays out what she see as the risks and how best to address them.
What I Did Not Like About the Book
At times, the author takes an ultra-conservative view towards the risk management, advocating that all postings be reviewed by legal experts and that all comments be screened before posting. Doing this puts no trust in the employees and destroys the open discussion nature that blogs are intended to be. The author also has taken a very interesting interpretation on the safe-harbor act of the DMCA, quoting two lawyers. I disagree with what is written there, but do have an email and phone call into one of the lawyers for clarification/further discussion. Finally, she makes use of the Forbes magazines "Attack of the Blogs" article, choosing only to address one part of the article, without discussing the bigger context of much of the article.
Who Should Read This Book?
Anyone in any company that is considering starting blogs. internally or externally. Despite the drawbacks I have pointed out, it is a very easy to use reference to get started in addressing the business opportunities and risks of blogging.
The Scorecard
Birdie on a Short Par 4
|
|
|
|
|
|
|
|
|
|
|
|
1 of 1 people found the following review helpful:
It Is Always Good to Practice Safe SOX, June 22, 2006
Let's face it. In the current business environment, SOX sells. No, not the Boston Red Sox winning the World Series, but the Sarbanes-Oxley Act of 2002. Yet people find little joy on the whole process, and when I show people the Hugh Taylor's new book called The Joy of SOX: Why Sarbanes-Oxley and Service-Oriented Architecture May Be the Best Thing That Ever Happened to You (2006, J Wiley and Sons, 312 pages, ISBN 0471772747), they roll their eyes and say "What Joy?". What they do not realize with this first impression is that Taylor does something I have not seen in a book on Sarbanes-Oxley. He presents the content as a unified case study from start to finish. In doing so, the author makes available a reference of real world examples addressing SOX, COSO, COBIT, and the use of service-oriented architectures to facilitate what he calls "agile compliance".
Taylor introduces the reader to a rather small cast of characters by design. There is the overly ambitious, new CIO who totally wants to reinvent the company without any consideration for the SOX activities that are on-going. There is his trusty, military trained deputy. Then there is the CFO and the CIO, who do not get along at all. This should sound familiar to people from many organizations. The mission is to reinvent the company into an agile organization, without losing any of their compliance gains to date.
To do so, the author must take the reader on a journey. The first stop along the way is to give an overview of the fictional company, the good, the bad and the ugly. Taylor touches upon both organizational and product challenges, risks, and an introduction to the company's financial statements. It is into this environment that the corporate board ousts one CEO in favour on new blood. The new blood has his own set of bold, visionary ideas on how to turn the company around, but is clueless as to how what he wants will impact their compliance with the Sarbanes-Oxley Act. In fact, the new CEO has to persuade the CFO to stay on board. It is here that he gets his first whiff of Section 404 of SOX.
It is at this point where the journey takes another stop, as the author introduces concepts surrounding risk, COSO, control objectives, and control components. The journey then ventures in discussions of the relationships between internal controls and business processes, and their impacts on financial reporting data. The reader is then introduced to COBIT, with specific emphasis on a specific subset of COBIT for illustrative (and real life) reasons. The author does an excellent job of explaining COBIT and the challenges of implementation. There is an important emphasis made that is would be cost prohibitive to implement COBIT 100%. It would also be unrealistic. At this point of the journey, the author talks about the pain of SOX. It is here that the discussion moves onto what needs to happen for a company to be truly agile without compromising compliance. This culminates in discussions of how SOA can help facilitate agile compliance.
What I Like About the Book
There is a lot to like about this book. First and foremost, it is a comprehensive case study, putting real world examples on materials which are very dry in a vacuum. I also like the fact that the author is very frank in his discussions of the pluses and minuses of the topics. He is up-front in telling you that although he sells SOA Software and this is point of view, this is only one alternative solution. The key is that he sees a need to break down organizational silos.
What I Did Not Like About The Book
The book jacket talks about how this book is written by a Harvard MBA, and sometimes it comes across this way. Specifically, there were a few times where the author would throw in words which required a dictionary be close at hand. Yes, my vocabulary obviously has some limitations, but the content so be written as clearly and simply as possible. There is no reason to use a $10,000 word when a $1 word will do just as well. Another point is that although the author is clearly taking a view in line with Compliance Oriented Architectures proposed by Redmonk, the author does not address how SOA will not only benefit SOX compliance, but will also break down compliance silos as well.
Who Should Read This Book
Although this book is intended for general business readers, it should be considered a must read for anyone facing the challenges of SOX compliance at an architectural level. IT people may not get a firm grasp on the accounting issues, but this will help them along that path. For the business side of the house, it will clearly help them better understand the business path. Even people familiar with COBIT will get aditional insight from this book.
After all, compliance is a journey.
Scorecard
Eagle on a Long Par 5
|
|
|
|
|
|
|
|
|
|
|
|
6 of 6 people found the following review helpful:
An Excellent Read on ITIL Foundations, May 31, 2006
Some years ago across the pond, the British Government launched an initiative to guide organizations in provided better, consistent information technology services. Known as the Information Technology Infrastructure Library (ITIL), this now de facto global standard is growing in use and adoption in the United States. This is relatively new for a great many people, and there has not been a good comprehensive resource to provide people with a solid understanding of the foundations of ITIL. Until now. In IT Service Management Foundations: ITIL Study Guide (Gulf Stream Press, 2006, 271 pages, ISBN 0977146901), ITIL instructor and consultant Ron Palmer gives readers a succinct, comprehensive guide to the underpinnings of ITIL, providing the grounding necessary to sit for the ITIL Foundations certification examination
The book is broken down into four parts. The first is called, appropriately. "First Steps". In this section, Palmer begins by introducing the reader to IT service management concepts, with an emphasis on the key concept that IT must rethink processes to successfully align with business goals and objectives. In doing this, communication is effective and managed. This allows for IT to deliver quality, as well manage customer and end-user perceptions. After this introduction to these concepts, Palmer gives an overview of ITIL, the philosophy underpinning the framework, organizations that support ITIL, and information on the ITIL certification path.
Part II of the book covers "Service Support", Palmer goes into greater detail of the "service" (NOT "help") desk. This includes making the important distinction between customers and end-users, and defining the functions of the service desk. This part also provides explanations (and distinctions) for incident management, problem management, change management, release management, and configuration.
Part III moves into the realm of "Service Delivery". This topic includes important discussions of service level management (including service level agreements and the importance of establishing and managing these correctly), financial management issues, capacity management, availability management, and IT Service Continuity Management. In Part IV, the author wraps up the book with coverage of "Security Management".
Why I Like This Book
Palmer has done an excellent job of not only telling you what ITIL is and how it works at a fundamental level, he weaves in his own extensive experience and perspectives to challenge the reader's thinking. He has also brought in the knowledge and expertise of an organizational communications consultant, bringing a non-IT style perspective to the content. In addition, the author provides detailed study guide questions at the end of each chapter, with a cross-referenced answer key at the end of the book.
Who Should Read This Book?
First and foremost, this book should be read by anybody who wishes to sit for the ITIL Foundations certification exam. As this is the only exam in the ITIL certification track that allows for preparation by self-study, it is a very wise investment. It should also be read by IT Governance professionals and IT auditors who need a fundamental understanding of ITIL, and would like to see how it can complement COBIT implementations.
The Scorecard
Eagle on a Long Par 5, Playing Into the Wind
|
|
|
|
|
|
|
|
|
|
|
|
4 of 4 people found the following review helpful:
What You Need To Know About RFID, May 15, 2006
Wanting to get smarter about Radio Frequency Identification (RFID), I welcomed the opportunity to read some new titles on the topic. I started reading the first of these, RFID Essentials by Bill Glover and Himanshu Bhatt (2006, O'Reilly, 276 Pages, ISBN 0596009445), not knowing what to expect. What I walked away with was not only a high level understanding of the technical aspects of RFID, but also an excellent discussion of the compliance, governance, privacy and security issues that surround its expanded growth and use. If there is a title that truly matches its content, this would be it.
The authors write that they undertook this book because there was no title like it on the market: a book that could target readers in between senior management and electrical engineers. As the child of an old-school software engineer with minimal knowledge on the topic, I was eager to accept this as their goal.
The book begins with an introduction to RFID. In doing this, they break down the use of the technology into distinct eras, with the compliance era being the current time frame. Tracking back to the post-war 1940's, they walk through an overview of how RFID came to be with the birth of transistors. Fast-forwarding to the compliance era, driven by vendors such as Wal-Mart, they seek to explain how most RFID-based activities meet up with traditional compliance projects, with the emphasis being on meeting requirements with the lowest total cost of ownership (TCO). They then look at the "could be" as RFID-enabled enterprises come on line. They look at the various RFID application types, considerations for each of these types, and implementation of these types. They conclude this chapter wit an outline of the challenges, as well as some RFID adoption guidelines.
Chapter 2 of the book covers an overview of a "RFID Architecture". In this chapter, the authors walk through sequential items that need to be considered when looking at the implementation of an architecture. If there is an important lesson to be taken from this chapter, it would be the need to focus on business requirements.
Chapter 3 focuses on RFID Tags. They walk through basic tag capabilities, physical characteristics of tags, power sources, the "air interface", and more. They key in on the how and when to use various types of tags. A key understanding of this chapter is to look beyond the hype and at the realities. In chapter 4, they cover tag protocols. This discussion begins with a discussion of RFID Protocol terms and concepts. They then discuss how tags store data, as well as tag features that address security and privacy.
Starting in Chapter 5, the authors begin their discussion of readers and printers. This chapter includes important discussions of the types of readers that are available, and how to determine which ones make the best sense for a RFID implementation. Chapter 6 extends this discussion to include reader protocols.
From a business perspective, Chapter 7 offers insight into the important topic of data integration through middleware. A bit more technical in depth, this chapter covers issues associated with polling and managing the data provided by tags. Aside from the "commercial" for their employer (Sun), they do a good job covering high level discussions of middleware considerations, laced with technical content for systems architects to start their thinking. This line of thought continues in Chapter 8 in their coverage of the RFID Information Service.
Chapter 9 gets into the sensitive topic of manageability. Because RFID lives on the edge and the architecture has the potential to be massive in size, there are a number of areas that need to be planned for, including automation, The authors cover this with discussions of required capabilities, as well a standards and technologies.
Chapter 10 gets into a topic near and dear to my heart: privacy and security. The authors, while discussing the fact that public reaction to RFID is based on a great deal of speculation and misinformation, acknowledge that public perception will win, Without managing that perception with the realities of controls, the enterprise implementing RFID introduces additional risk into the environment. Unlike the authors of another RFID title I will be reviewing this week, they take a low-key, non-reactionary approach to this issue. This allows for the reader to think about the issues without being broad-sided by fear,uncertainty and doubt.
The book wraps up with a discussion of RFID futures in Chapter 11.
Who Should Read This Book?
This book should be read by anybody who needs to get up to speed quickly on RFID technology and issues. This includes business managers and systems architects. It is also an excellent resource for information technology auditors who need to gain in understanding of the technology (in fact, it can serve as the basis for developing the skeleton of a RFID audit plan, fleshed out with more details later.
The book is not designed for high-end tech heads or people who want to look at specific ERP-type applications. It was not written for this audience.
Scorecard
Eagle on a long par 5
|
|
|
|
|
|
|
|
|
|
|
|
5 of 6 people found the following review helpful:
Books Fills An Information Void, March 30, 2006
There has seemed to be an absence of books dealing with IBM Lotus Notes & Domino 7, leaving some to wonder if any would be published before the release of IBM Lotus Notes & Domino 8 down the road. Luckily for organizations and individuals that manage IBM Lotus Notes & Domino infrastructures, there is now a book that looks to help organizations make the upgrade to version 7 of this long-lived messaging and collaboration platform. Although it does not give as complete coverage as I would like, Upgrading to Lotus Notes and Domino 7 (Tim Speed, Matthew Henry et al, Packt Publications, 2006, 318 pages, ISBN 1904811639) gives readers a good foundation on the issues surrounding the upgrade of their infrastructure, and solutions on best how to deal with them. The book also addresses security concerns that administrators might sometimes forget about, which is a good thing.
The book begins with a short history of Notes & Domino. The authors take just four and one-half pages to do so. While compact, it seems to leave out some key interim events, mainly the introduction of the Domino Server in Release 4.6. As written, it could be interpreted as if it was there in Release 4.0. However, as most readers of this book will be seasoned veterans with this platform, this is a minor nit.
Chapter 2 focuses on a high level discussion of the new features for the Lotus Notes Client, Domino Designer, Domino Administrator, the Domino Server, and Lotus Enterprise Integrator. It is important to note that even though the primary focus of this version is server enhancements, there have been improvements made in the other products as well.
In Chapter 3, the authors offer an extensive discussion of what had many people drooling with anticipation with Release 7: Domino Domain Monitoring. This chapter provides detailed coverage of Probes, what they are and how they work. Coverage is given to application probe codes, database probes, directory probes, Messaging probes, operating system probes, replication probes, security probes, server probes and web probes. What this reader found interesting in this chapter was the use of security probes against a set of predefined best practices for Notes and Domino Security. This feature alone should enable many a system administrator to "audit proof" portions of their infrastructure.This chapter also covers event notifications and the creation of a tracking database for events.
Chapter 4 covers additions and changes within the Administration process (AdminP). In addition to covering the evolution of proxy actions from their introduction in Release 4, the authors cover the replica id relationship between admin4.nsf and names.nsf, as well as how name-change management has changed. Chapter 5 offers a deep-dive into Policy management, which is one of the best, most under used features in current versions of Lotus Notes management. This section should receive heavy focus from readers. Chapter 6 covers the smart-upgrade process for Notes, again a strong feature of current releases.
Chapter 7, "Performance Aspects and Additional Standards", offers a discussion that is somewhat a diversion from the rest of the book. This is not a bad thing. It is essential that actual and perceived performance be managed so that service level agreements can be met. This chapter gives a good in-depth discussion of the performance monitoring tools that are available.
In Chapter 8, a more detailed discussion of the new client features is presented. Included in this discussion is autosave, closing all tabs at once, subject line verification and more. Also covered are the new right mouse click actions that are available, and prevention of expanding of personal groups in messages. This is also the chapter to read if you want to understand the integration of IBM Lotus Sametime and Sametime awareness. In addition, a couple of changes in the Domino Designer client are somewhat covered (shared columns and the Java Debugger).
Chapter 9 covers Domino Web Access (DWA, formerly known as iNotes Web Access). This chapter is must reading to understand how to fully leverage and manage DWA in a Notes and Domino Infrastructure. This chapter also covers the requirements for users to be able to sign/encrypt messages, and Sametime integration/awareness.
Chapter 10, "Programming", is to this reader the weakest chapter in the book. While it briefly touches on autosave, some new formulae, and XML, there is absolutely no discussion about the new web services functionality. In fact, this is not addressed anywhere in the book. In addition, DB2 data stores are only briefly mentioned and readers are told that there is a download of a separate document from the publisher to get any coverage on the topic (I like books to be complete in my hand). But this download is not available on the publisher's web site.
Chapter 11 covers the new security features in Release 7. These include smartcard support, new security APIs, and enhanced encryption options. Chapter 12 covers the actual upgrade process to Release 7, introducing the concept of architectural use cases to support the process. The authors also cover test planning, piloting, and deployment.
Chapter 13 is one that goes against my aversion to Java and J2EE. Although titled "Domino and the Web", the chapter is really about WebSphere Integration. It is unclear why this merited its own chapter, while DB2 data stores and web services was not covered at all. To this reader it comes across as a commercial for IBM WebSphere. That being said, if an organization does go down this path, this chapter gives the reader enough information on LDAP Integration for SSL and other tasks (though more hand-holding may actually be required to make this happen).
Chapter 14 covers the heart of the Domino Infrastructure: Directories. The authors cover what the directory is, different ways it can be used, and the architecture. Chapter 15 covers Domino Access for Microsoft Outlook (DAMO), which many organizations may be looking to as a means of protecting their investments in Notes and Domino. There is key information in here about securing .pst files on shared machines (i.e. a must read).Chapter 16 offers troubleshooting advice if problems are encountered in the upgrade process. Finally, Chapter 17 offers a case study on how IBM Lotus developerWorks was upgraded to Release 7.
This book really should be procured by organizations with an investment in IBM Lotus Notes and Domino technology and are uncertain about the process. It is unclear why this book was not published as an IBM Redbook. However, even though it has warts in the application development arena as discussed earlier, it should prove to be a valuable resource given that there is not a whole lot currently out there.
Scorecard
Par on a Par 5 playing downwind and reachable in two. This rating is driven because of the lack of the download document referenced in the book and the omission of web services information.
|
|
|
|
|
|
|
|
|
|
|
|
7 of 7 people found the following review helpful:
An Interesting Entry-Level Primer on SarBox, February 23, 2006
For some people, the Sarbanes-Oxley Act of 2002 represents pain and expense. For others it represents opportunity. For almost everybody, it represents confusion, misunderstanding and uncertainty. This statement goes for CEOs, CIOs, staff, and even the outside auditors. So how does one explain it in as straight forward and simply as possible? One place to start would be to hand them a copy of the Jill Gilbert Welytok's Sarbanes-Oxley for Dummies (2006, John Wiley and Sons, 384 Pages, ISBN 0471768464). While not perfect, the book will provide a quick and dirty overview of SarBox, its history, its historical context, what it requires, and more importantly, what it does not require.
The book starts out with the saga of SarBox. The author covers the political environment, loopholes that existed before the legislation, and how the legislation sought to close them. The author also attempts to debunk myths about SarBox. For this reader, the most important myth is that "internal control means data security". The author states up front and for all to hear that SarBox does not specify any specific data security requirements. This is something all auditors and auditees need to hear and accept.
Chapter 2 covers "SOX in 60 Seconds", or what a sales person might call the "elevator pitch". Essentially this is the who, what, where and why. From here, the author goes into more details about how SarBox fits into the context of other securities regulations and laws. An important part of this chapter (Chapter 3) is the discussion why private companies should and do care are about the legislation and rules. In Chapter 4, SarBox and how it ties into specific financial statements such as the income statement and balance sheet. For those unfamiliar with these statements, it is a good quick and dirt overview.
Part II of the book goes into more details about roles and responsibilities under SarBox. This starts out with the auditors, and then the discussion extends to the audit committee, the board of directors, management and employees. The most important point to take home from this section is that in order to play the game, you have to 'know the playbook'. The rules of the game have changed and everyone needs to know the roles and responsibilities.
Part III of the book goes into a detailed overview of controls and audits. An important aspect of this is clearing up confusion about how the definition of controls is distinct in Sections 302 and 404. From here, the author covers what is covered under a 404 audit, how not to live in fear of it, and how it can be leveraged for success.
Part IV of the book, "Software for SOX Techies", is the weakest part of the book for this reader. The author does give some tips about specific tools. However, the tools selected are very narrow in scope. The discussion seems to miss the important point that organizations should look to build a "compliance oriented architecture" as opposed to buying silo-based solutions.
The remaining parts of the book cover the SarBox horizon, the potential legal repercussions (including discussions about who can and cannot file lawsuits and when they can be filed), the impact of SarBox on outsourcing, and more. Finally, the book goes into "rules of tens", such as 10 ways to avoid prosecution, 10 tips for an effective audit committee, and more.
As I said earlier, the book provides a good quick and dirty overview. It falls short in its discussion of software tools. The other thing that I did not like was the inclusion of the full text of the Act as an appendix. No, not the fact that they included it, but the fact that the text was entirely too small to be read. At that point, they should have just left it out.
Who Should Read This Book?
This book should be read by anybody who has an interest in the Sarbanes-Oxley Act of 2002 and its implications but does not want to get into too much detail. There are better titles for CEOs and CFOs who want a detailed discussion. But for the quick and dirty, it is a good first read on the topic.
The Scorecard
Par on an average Par 4
|
|
|
|
|
|
|
|
|
|
|
|
5 of 6 people found the following review helpful:
Book Succeeds At Daunting Task, December 31, 2005
It would be a daunting task to put together a book to cover all areas of information security into a single, comprehensive reference work. Perhaps that is why it has not been done. Until now. On December 30, 2006, John Wiley and Sons will release the Handbook of Information Security (2005, Edited by Hossein Bidgoli et al, 3366 pages). With contributions from 240 contributors and extensive peer review by over 1,000 others, this book should be the definitive reference manual that sits in the office of every information technology auditor, as well as every information technology security professional who needs information without extensive digging. In fact this three volume set might easily replace many other security titles that have not been through as extensive a peer review process.
This is not to say that information may quickly become dated as technology evolves (and as I found in one section on instant messaging). This being said, this initial review will provide an overview and synopsis of Volume I: Key Concepts, Infrastructure, Standards, and Protocols.
Volume I is broken down into three parts, as follows:
Part 1: Key Concepts and Applications Related to Information Security
* Internet Basics
* Digital Economy
* Online Retail Banking: Security Concerns, Breaches , and Controls
* E-Mail and Instant Messaging
* Internet Relay Chat
* Online Communities
* Groupware: Risks, Threats, and Vulnerabilities In The Internet Age
* Search Engines: Security, Privacy, and Ethical Issues
* Web Services
* Electronic Commerce
* EDI Security
* Electronic Payment Systems
* Intranets: Principles, Privacy, and Security Considerations
* Extr | | |
(Atlanta, GA USA)
