Search Results

Search found 1430 results on 58 pages for 'risk assesment'.

Page 5/58 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Is there a security risk for allowing people to set their DNS so their own subdomains can be route to my server?

    - by DantheMan
    Lets say that I have a web application, built in Django and deployed with Nginx. Is it a good idea to offer a service that allows customers to request that a subdomain can be pointed at it. I figured this: If I dont allow this, then some companies wont want to access the service from http://mydjangoappmadeupname.com/bigcorporation/ They would rather access it through http://service.bigcorporation.com That would effectively mask that they are using an outside resource. Is there a significant risk that I am overlooking? Also do you think it would be easier to just set things up in Django to handle it, allowing Nginx to accept all domains and then pushing them to Django which would filter out if they are allowed or not, or would it be better to just update my Nginx log each time a client wanted this changed?

    Read the article

  • How can I set up VLANs in a way that won't put me at risk for VLAN hopping?

    - by hobodave
    We're planning to migrate our production network from a VLAN-less configuration to a tagged VLAN (802.1q) configuration. This diagram summarizes the planned configuration: One significant detail is that a large portion of these hosts will actually be VMs on a single bare-metal machine. In fact, the only physical machines will be DB01, DB02, the firewalls and the switches. All other machines will be virtualized on a single host. One concern that has been is that this approach is complicated (overcomplicated implied), and that the VLANs are only providing an illusion of security, because "VLAN hopping is easy". Is this a valid concern, given that multiple VLANs will be used for a single physical switch port due to virtualization? How would I setup my VLANs appropriately to prevent this risk? Also, I've heard that VMWare ESX has something called "virtual switches". Is this unique to the VMWare hypervisor? If not, is it available with KVM (my planned hypervisor of choice)?. How does that come into play?

    Read the article

  • Database Security Events in April

    - by Troy Kitch
    Wed, Apr 18, Executive Oracle Database Security Round Table - Tampa, FL Tue, Apr 24, ISC(2) Leadership Regional Event Series - San Diego, CA April 24 - May 17,  Independent Oracle Users Group Enterprise Data at Risk Seminar Series Tue, Apr 24 IOUG Enterprise Data at Risk Seminar Series - Toronto Wed, Apr 25 IOUG Enterprise Data at Risk Seminar Series - New York Thu, Apr 26 IOUG Enterprise Data at Risk Seminar Series - Boston Thu, Apr 26 ISC(2) Leadership Regional Event Series - San Jose, CA

    Read the article

  • Java Plugin a huge security risk? How to preseve Java plugin from privilege escalation?

    - by Johannes Weiß
    Installing a regular Java plugin is IMHO a real security risk for non-IT people. Normally Java applets run in a sandbox and the applet cannot do anything harmful to your computer. If an applet, however, needs to do something like read-only accessing your filesystem e.g. uploading an image, you have to give it more privileges. Usually that's ok but I think not everyone knows that you give the applet the same privileges to your computer as your user has! And that's everything Java asks you: That looks as 'harmful' as a self-signed SSL certificate on a random page where no sensitive data is exchanged. The user will click on Run! You can try that at home using JyConsole, that's Jython (Python on Java)! Simply type in python code, e.g. import os os.system('cat /etc/passwd') or worse DON'T TYPE IN THAT CODE ON YOUR COMPUTER!!! import os os.system('rm -rf ~') ... Does anyone know how you can disable the possibily of privilege escalation? And by the way, does anyone know why SUN displays only a dialog as harmless as the one shown above (the self-signed-SSL-certificate-dialog from Firefox 3 and above is much clearer here!)? Live sample from my computer:

    Read the article

  • What's the risk of running a Domain Controller so that it is accessible from the internet?

    - by Adrian Grigore
    I have three remote dedicated web servers at different webhosts. Adding them to a common domain would make a lot of administration tasks much easier. Since two of the servers are running Windows 2008 R2 Standard, I thought about promoting them to Domain Controllers in order to set up the windows domain. There's another thread at Serverfault that recommends this. At the same time I've read a lot of times on different websites that this is not a good idea because an domain controller should always be behind a firewall LAN. But I can't set up something like this because I don't have a LAN with a static IP accessible from the internet. In fact I don't even have a windows server in my LAN. What I have not found out is why exposing a DC to the Internet would be bad idea. The only risk I can see is that if someone penetrates one of my webservers, it should be much easier to penetrate the others as well. But as far as I can see that's the worst case scenario since I am only going my web servers to that domain, not any computers from my local network. Is this the only downside or does it also make it easier to penetrate one of my web servers in the first place? Thanks, Adrian

    Read the article

  • How to minimize the risk of employees spreading critical information?

    - by Industrial
    Hi everyone, What's common sense when it comes to minimising the risk of employees spreading critical information to rivalling companies? As of today, it's clear that not even the US government and military can be sure that their data stays safely within their doors. Thereby I understand that my question probably instead should be written as "What is common sense to make it harder for employees to spread business critical information?" If anyone would want to spread information, they will find a way. That's the way life work and always has. If we make the scenario a bit more realistic by narrowing our workforce by assuming we only have regular John Does onboard and not Linux-loving sysadmins , what should be good precautions to at least make it harder for the employees to send business-critical information to the competition? As far as I can tell, there's a few obvious solutions that clearly has both pros and cons: Block services such as Dropbox and similar, preventing anyone to send gigabytes of data through the wire. Ensure that only files below a set size can be sent as email (?) Setup VLANs between departments to make it harder for kleptomaniacs and curious people to snoop around. Plug all removable media units - CD/DVD, Floppy drives and USB Make sure that no configurations to hardware can be made (?) Monitor network traffic for non-linear events (how?) What is realistic to do in a real world? How does big companies handle this? Sure, we can take the former employer to court and sue, but by then the damage has already been caused... Thanks a lot

    Read the article

  • How to minimize the risk of employees spreading critical information? [closed]

    - by Industrial
    What's common sense when it comes to minimising the risk of employees spreading critical information to rivalling companies? As of today, it's clear that not even the US government and military can be sure that their data stays safely within their doors. Thereby I understand that my question probably instead should be written as "What is common sense to make it harder for employees to spread business critical information?" If anyone would want to spread information, they will find a way. That's the way life work and always has. If we make the scenario a bit more realistic by narrowing our workforce by assuming we only have regular John Does onboard and not Linux-loving sysadmins , what should be good precautions to at least make it harder for the employees to send business-critical information to the competition? As far as I can tell, there's a few obvious solutions that clearly has both pros and cons: Block services such as Dropbox and similar, preventing anyone to send gigabytes of data through the wire. Ensure that only files below a set size can be sent as email (?) Setup VLANs between departments to make it harder for kleptomaniacs and curious people to snoop around. Plug all removable media units - CD/DVD, Floppy drives and USB Make sure that no configurations to hardware can be made (?) Monitor network traffic for non-linear events (how?) What is realistic to do in a real world? How does big companies handle this? Sure, we can take the former employer to court and sue, but by then the damage has already been caused... Thanks a lot

    Read the article

  • LexisNexis and Oracle Join Forces to Prevent Fraud and Identity Abuse

    - by Tanu Sood
    Author: Mark Karlstrand About the Writer:Mark Karlstrand is a Senior Product Manager at Oracle focused on innovative security for enterprise web and mobile applications. Over the last sixteen years Mark has served as director in a number of tech startups before joining Oracle in 2007. Working with a team of talented architects and engineers Mark developed Oracle Adaptive Access Manager, a best of breed access security solution.The world’s top enterprise software company and the world leader in data driven solutions have teamed up to provide a new integrated security solution to prevent fraud and misuse of identities. LexisNexis Risk Solutions, a Gold level member of Oracle PartnerNetwork (OPN), today announced it has achieved Oracle Validated Integration of its Instant Authenticate product with Oracle Identity Management.Oracle provides the most complete Identity and Access Management platform. The only identity management provider to offer advanced capabilities including device fingerprinting, location intelligence, real-time risk analysis, context-aware authentication and authorization makes the Oracle offering unique in the industry. LexisNexis Risk Solutions provides the industry leading Instant Authenticate dynamic knowledge based authentication (KBA) service which offers customers a secure and cost effective means to authenticate new user or prove authentication for password resets, lockouts and such scenarios. Oracle and LexisNexis now offer an integrated solution that combines the power of the most advanced identity management platform and superior data driven user authentication to stop identity fraud in its tracks and, in turn, offer significant operational cost savings. The solution offers the ability to challenge users with dynamic knowledge based authentication based on the risk of an access request or transaction thereby offering an additional level to other authentication methods such as static challenge questions or one-time password when needed. For example, with Oracle Identity Management self-service, the forgotten password reset workflow utilizes advanced capabilities including device fingerprinting, location intelligence, risk analysis and one-time password (OTP) via short message service (SMS) to secure this sensitive flow. Even when a user has lost or misplaced his/her mobile phone and, therefore, cannot receive the SMS, the new integrated solution eliminates the need to contact the help desk. The Oracle Identity Management platform dynamically switches to use the LexisNexis Instant Authenticate service for authentication if the user is not able to authenticate via OTP. The advanced Oracle and LexisNexis integrated solution, thus, both improves user experience and saves money by avoiding unnecessary help desk calls. Oracle Identity and Access Management secures applications, Juniper SSL VPN and other web resources with a thoroughly modern layered and context-aware platform. Users don't gain access just because they happen to have a valid username and password. An enterprise utilizing the Oracle solution has the ability to predicate access based on the specific context of the current situation. The device, location, temporal data, and any number of other attributes are evaluated in real-time to determine the specific risk at that moment. If the risk is elevated a user can be challenged for additional authentication, refused access or allowed access with limited privileges. The LexisNexis Instant Authenticate dynamic KBA service plugs into the Oracle platform to provide an additional layer of security by validating a user's identity in high risk access or transactions. The large and varied pool of data the LexisNexis solution utilizes to quiz a user makes this challenge mechanism even more robust. This strong combination of Oracle and LexisNexis user authentication capabilities greatly mitigates the risk of exposing sensitive applications and services on the Internet which helps an enterprise grow their business with confidence.Resources:Press release: LexisNexis® Achieves Oracle Validated Integration with Oracle Identity Management Oracle Access Management (HTML)Oracle Adaptive Access Manager (pdf)

    Read the article

  • Does sending e-mail in the name of customers increase the risk of being marked as spammer?

    - by Adrian Grigore
    Hi, We are developing a SaaS website application that lets users send invoices to their clients. Ideally, these e-mails should appear to be originating from our customers, so the sender e-mail address domain will not match the reverse IP entry for our server. In effect we would be forging their e-mail address, but of course with their consent. Will that result in a higher probability of being marked as a spammer / their e-mails being marked as spam? If yes, how bad is the penalty? And what about people who have an e-mail address originating form an SPF-enabled domain? I guess it should be the majority of the big e-mail providers.

    Read the article

  • Is it safe to have NVidia graphics always on on a Linux laptop, or do I risk overheating?

    - by codeape
    I'm getting a Lenovo T520 with two graphics cards: Integrated Intel HD 3000 Discrete NVidia NVS 4200M In BIOS, I can adjust which card(s) to use: Integrated only Discrete only Both (NVidia optimus) Since optimus is not well supported under Linux, I wonder if it is OK to set up the system to use the NVidia card all the time. I have read somewhere that a laptop risks overheating if using a discrete graphics card all the time. Is this true? Does someone have any experience to share?

    Read the article

  • The Virtues and Challenges of Implementing Basel III: What Every CFO and CRO Needs To Know

    - by Jenna Danko
    The Basel Committee on Banking Supervision (BCBS) is a group tasked with providing thought-leadership to the global banking industry.  Over the years, the BCBS has released volumes of guidance in an effort to promote stability within the financial sector.  By effectively communicating best-practices, the Basel Committee has influenced financial regulations worldwide.  Basel regulations are intended to help banks: More easily absorb shocks due to various forms of financial-economic stress Improve risk management and governance Enhance regulatory reporting and transparency In June 2011, the BCBS released Basel III: A global regulatory framework for more resilient banks and banking systems.  This new set of regulations included many enhancements to previous rules and will have both short and long term impacts on the banking industry.  Some of the key features of Basel III include: A stronger capital base More stringent capital standards and higher capital requirements Introduction of capital buffers  Additional risk coverage Enhanced quantification of counterparty credit risk Credit valuation adjustments  Wrong  way risk  Asset Value Correlation Multiplier for large financial institutions Liquidity management and monitoring Introduction of leverage ratio Even more rigorous data requirements To implement these features banks need to embark on a journey replete with challenges. These can be categorized into three key areas: Data, Models and Compliance. Data Challenges Data quality - All standard dimensions of Data Quality (DQ) have to be demonstrated.  Manual approaches are now considered too cumbersome and automation has become the norm. Data lineage - Data lineage has to be documented and demonstrated.  The PPT / Excel approach to documentation is being replaced by metadata tools.  Data lineage has become dynamic due to a variety of factors, making static documentation out-dated quickly.  Data dictionaries - A strong and clean business glossary is needed with proper identification of business owners for the data.  Data integrity - A strong, scalable architecture with work flow tools helps demonstrate data integrity.  Manual touch points have to be minimized.   Data relevance/coverage - Data must be relevant to all portfolios and storage devices must allow for sufficient data retention.  Coverage of both on and off balance sheet exposures is critical.   Model Challenges Model development - Requires highly trained resources with both quantitative and subject matter expertise. Model validation - All Basel models need to be validated. This requires additional resources with skills that may not be readily available in the marketplace.  Model documentation - All models need to be adequately documented.  Creation of document templates and model development processes/procedures is key. Risk and finance integration - This integration is necessary for Basel as the Allowance for Loan and Lease Losses (ALLL) is calculated by Finance, yet Expected Loss (EL) is calculated by Risk Management – and they need to somehow be equal.  This is tricky at best from an implementation perspective.  Compliance Challenges Rules interpretation - Some Basel III requirements leave room for interpretation.  A misinterpretation of regulations can lead to delays in Basel compliance and undesired reprimands from supervisory authorities. Gap identification and remediation - Internal identification and remediation of gaps ensures smoother Basel compliance and audit processes.  However business lines are challenged by the competing priorities which arise from regulatory compliance and business as usual work.  Qualification readiness - Providing internal and external auditors with robust evidence of a thorough examination of the readiness to proceed to parallel run and Basel qualification  In light of new regulations like Basel III and local variations such as the Dodd Frank Act (DFA) and Comprehensive Capital Analysis and Review (CCAR) in the US, banks are now forced to ask themselves many difficult questions.  For example, executives must consider: How will Basel III play into their Risk Appetite? How will they create project plans for Basel III when they haven’t yet finished implementing Basel II? How will new regulations impact capital structure including profitability and capital distributions to shareholders? After all, new regulations often lead to diminished profitability as well as an assortment of implementation problems as we discussed earlier in this note.  However, by requiring banks to focus on premium growth, regulators increase the potential for long-term profitability and sustainability.  And a more stable banking system: Increases consumer confidence which in turn supports banking activity  Ensures that adequate funding is available for individuals and companies Puts regulators at ease, allowing bankers to focus on banking Stability is intended to bring long-term profitability to banks.  Therefore, it is important that every banking institution takes the steps necessary to properly manage, monitor and disclose its risks.  This can be done with the assistance and oversight of an independent regulatory authority.  A spectrum of banks exist today wherein some continue to debate and negotiate with regulators over the implementation of new requirements, while others are simply choosing to embrace them for the benefits I highlighted above. Do share with me how your institution is coping with and embracing these new regulations within your bank. Dr. Varun Agarwal is a Principal in the Banking Practice for Capgemini Financial Services.  He has over 19 years experience in areas that span from enterprise risk management, credit, market, and to country risk management; financial modeling and valuation; and international financial markets research and analyses.

    Read the article

  • Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

    - by Monika Sulik
    I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users that are logged in. 2) I have a site, which can be used by both users who are logged in as well as guests. Parts of the site are for logged in users only, but there are also POST forms that can be used by all users - anonymous and not (for example a standard contact form). Should the contact form be safeguarded against CSRF attacks? 3) I have a site which doesn't have an authentication system at all (well, perhaps that's unrealistic, so lets say it has an admin site which is separate from the rest of it and the admin part is properly safeguarded). The main part of the site is only used by anonymous users. Do the POST forms on it need to be safeguarded? In the case of 1) the answer is clearly yes. But in the case of 2 and 3 I don't know (and is the difference between 2 and 3 even significant?).

    Read the article

  • How many times can you randomly generate a GUID before you risk duplicates? (.NET)

    - by SLC
    Mathematically I suppose it's possible that even two random GUIDs generated using the built in method in the .NET framework are identical, but roughly how likely are they to clash if you generate hundreds or thousands? If you generated one for every copy of Windows in the world, would they clash? The reason I ask is because I have a program that creates a lot of objects, and destroys some too, and I am wondering about the likelihood of any of those objects (including the destroyed ones) having identical GUIDs.

    Read the article

  • How to assess the risk of a java version upgrade?

    - by Roy Tang
    I'm being asked to assess whether we can safely upgrade the java version on one of our production-deployed webapps. The codebase is fairly large and we want to avoid having to regression test everything (no automated tests sadly), but we've already encountered at least one problem during some manual testing (XmlStringReader.getLocalName now throws an IllegalStateExeption when it just used to return null) and higher-ups are pretty nervous about the upgrade. The current suggested approach is to do a source compare of the JDK sources for each version and assess those changes to see which ones might have impact, but it seems there's a lot of changes to go through (and as mentioned the codebase is kinda large). Is it safe and easier to just review the java version changes for each version? Or is there an easier way to conduct this assessment? Edit: I forgot to mention the version upgrade being considered is a minor version upgrade, i.e. 1.6.10 to 1.6.33

    Read the article

  • If we develop iOS app, and submit a new version to the App Store, it won't have a risk of having the old version pulled out?

    - by ????
    As an iOS developer, is it true that once we get an app into the App Store, we can quite safely update any new version and the worst it can happen is that the new version is rejected, but the old version in general will always stay, unless there was something egregious that Apple didn't catch the first time? (and what if a method in a class is deprecated and later even removed? Won't iOS 8, say, in the future not be able to run the old app?)

    Read the article

  • JBD: Spotted dirty metadata buffer

    - by Jake Mach
    Sep 25 22:19:38 host kernel: [7798806.146942] JBD: Spotted dirty metadata buffer (dev = loop0, blocknr = 267). There's a risk of filesystem corruption in case of system crash. Sep 25 22:19:38 host kernel: [7798806.146956] JBD: Spotted dirty metadata buffer (dev = loop0, blocknr = 1). There's a risk of filesystem corruption in case of system crash. Sep 25 22:19:38 host kernel: [7798806.146967] JBD: Spotted dirty metadata buffer (dev = loop0, blocknr = 353). There's a risk of filesystem corruption in case of system crash. Sep 25 22:19:38 host kernel: [7798806.147121] JBD: Spotted dirty metadata buffer (dev = loop0, blocknr = 353). There's a risk of filesystem corruption in case of system crash. Sep 25 22:19:38 host kernel: [7798806.147133] JBD: Spotted dirty metadata buffer (dev = loop0, blocknr = 1). There's a risk of filesystem corruption in case of system crash. Sep 25 22:19:38 host kernel: [7798806.147143] JBD: Spotted dirty metadata buffer (dev = loop0, blocknr = 267). There's a risk of filesystem corruption in case of system crash. [7817859.850517] EXT4-fs error (device loop0): ext4_mb_generate_buddy: EXT4-fs: group 1: 28618 blocks in bitmap, 29028 in gd what does this mean? how did this happen?

    Read the article

  • null pointer exception comparing two strings in java.

    - by David
    I got this error message and I'm not quite sure whats wrong: Exception in thread "main" java.lang.NullPointerException at Risk.runTeams(Risk.java:384) at Risk.blobRunner(Risk.java:220) at Risk.genRunner(Risk.java:207) at Risk.main(Risk.java:176) Here is the relevant bits of code (i will draw attention to the line numbers within the error message via comments in the code as well as inputs i put into the program while its running where relevant) public class Risk { ... public static void main (String[]arg) { String CPUcolor = CPUcolor () ; genRunner (CPUcolor) ; //line 176 ... } ... public static void genRunner (String CPUcolor) // when this method runs i select 0 and run blob since its my only option. Theres nothing wrong with this method so long as i know, this is only significant because it takes me to blob runner and because another one of our relelvent line numbers apears. { String[] strats = new String[1] ; strats[0] = "0 - Blob" ; int s = chooseStrat (strats) ; if (s == 0) blobRunner (CPUcolor) ; // this is line 207 } ... public static void blobRunner (String CPUcolor) { System.out.println ("blob Runner") ; int turn = 0 ; boolean gameOver = false ; Dice other = new Dice ("other") ; Dice a1 = new Dice ("a1") ; Dice a2 = new Dice ("a2") ; Dice a3 = new Dice ("a3") ; Dice d1 = new Dice ("d1") ; Dice d2 = new Dice ("d2") ; space (5) ; Territory[] board = makeBoard() ; IdiceRoll (other) ; String[] colors = runTeams(CPUcolor) ; //this is line 220 Card[] deck = Card.createDeck () ; System.out.println (StratUtil.canTurnIn (deck)) ; while (gameOver == false) { idler (deck) ; board = assignTerri (board, colors) ; checkBoard (board, colors) ; } } ... public static String[] runTeams (String CPUcolor) { boolean z = false ; String[] a = new String[6] ; while (z == false) { a = assignTeams () ; printOrder (a) ; boolean CPU = false ; for (int i = 0; i<a.length; i++) { if (a[i].equals(CPUcolor)) CPU = true ; //this is line 384 } if (CPU==false) { System.out.println ("ERROR YOU NEED TO INCLUDE THE COLOR OF THE CPU IN THE TURN ORDER") ; runTeams (CPUcolor) ; } System.out.println ("is this turn order correct? (Y/N)") ; String s = getIns () ; while (!((s.equals ("y")) || (s.equals ("Y")) || (s.equals ("n")) || (s.equals ("N")))) { System.out.println ("try again") ; s = getIns () ; } if (s.equals ("y") || s.equals ("Y") ) z = true ; } return a ; } ... } // This } closes the class The reason i don't think i should be getting a Null:pointerException is because in this line: a[i].equals(CPUcolor) a at index i holds a string and CPUcolor is a string. Both at this point definatly have a value neither is null. Can anyone please tell me whats going wrong?

    Read the article

  • Smarter Ways to Unlock Your Unused Contingency Budgets

    - by Melissa Centurio Lopes
    Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Cash flow is becoming increasingly important in the current economy; senior executives are looking for smarter ways of unlocking unused funds for new or ongoing capital expenditure projects. With project contingency budgets on average equaling 10 percent of overall costs, are you confident that you can release this cash without risking existing investments or the health of your overall project portfolio? This is the central question posed in a new report from the EPPM board, Hedging Your Bets? Optimizing Investment Opportunities for Great Cash Flow. The board is Oracle’s international steering committee, which brings together senior figures from leading organizations to discuss the critical role of enterprise project portfolio management (EPPM). C-Level Visibility Will Unlock Funds In addition to exploring how unlocking your contingency funds enables you to augment your cash flow (without resorting to expensive borrowing), the report offers a number of suggestions on how this can be done in a risk-free way, including Building an effective governance framework that shows the demonstrable value of every project within the portfolio Undertaking contingency planning risk assessments that give you complete portfolio wide visibility into all risk factors Establishing executive ownership of the portfolio to promote a more realistic appreciation of the risk levels inherent in the portfolio Creating a chief risk officer role that can review consolidated contingencies and risks so they are not considered in isolation The overriding message behind the report—and the work carried out by the EPPM board—is the need for increased C-level visibility across the entire enterprise project portfolio to enable better business decisions. Read the complete report in English, Chinese, German, or French. Read more in the October Edition of the quarterly Information InDepth EPPM Newsletter

    Read the article

  • Is Innovation Dead?

    - by wulfers
    My question is has innovation died?  For large businesses that do not have a vibrant, and fearless leadership (see Apple under Steve jobs), I think is has.  If you look at the organizational charts for many of the large corporate megaliths you will see a plethora of middle managers who are so risk averse that innovation (any change involves risk) is choked off since there are no innovation champions in the middle layers.  And innovation driven top down can only happen when you have a visionary in the top ranks, and that is also very rare.So where is actual innovation happening, at the bottom layer, the people who live in the trenches…   The people who live for a challenge. So how can big business leverage this innovation layer?  Remove the middle management layer.   Provide an innovation champion who has an R&D budget and is tasked with working with the bottom layer of a company, the engineers, developers  and business analysts that live on the edge (Where the corporate tires meet the road). Here are two innovation failures I will tell you about, and both have been impacted by a company so risk averse it is starting to fail in its primary business ventures: This company initiated an innovation process several years ago.  The process was driven companywide with team managers being the central points of collection of innovative ideas.  These managers were given no budget to do anything with these ideas.  There was no process or incentive for these managers to drive it about their team.  This lasted close to a year and the innovation program slowly slipped into oblivion…. A second example:  This same company failed an attempt to market a consumer product in a line where there was already a major market leader.  This product was under development for several years and needed to provide some major device differentiation form the current market leader.  This same company had a large Lead Technologist community made up of real innovators in all areas of technology.  Did this same company leverage the skills and experience of this internal community,   NO!!! So to wrap this up, if large companies really want to survive, then they need to start acting like a small company.  Support those innovators and risk takers!  Reward them by implementing their innovative ideas.  Champion (from the top down) innovation (found at the bottom) in your companies.  Remember if you stand still you are really falling behind.Do it now!  Take a risk!

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >