We are going through an interesting journey at a government department I am working for. The business unit we are establishing is only partially established. We are building an EA for this business but the legisation and regulations, let alone the actual oeprating model of the business, is still being developed. As such we are having to deal with capabilities in a general way and strategic linkage can only be done at this level. This is quite different from most established organisations and the traditional top-down linkage models are fairly hard to apply. We are working through the challenge but I was wondering how many people had found themselves in this situation and how they approached it.
For the record we are doing the following:
Linking Vision, Strategic Objectives and Principles
to
Business Capabilities
to
Logical Technical Capabilities
to
Physical technical capabilties
Saturday, August 15, 2009
Friday, January 23, 2009
The future of MRPII is Lean
I have been working with a manufacturing client (T/O $12M, light industrial, MTO) that has been running an ageing MRPII platform - MK if you are interested. Originally they implemented the full breadth of capabilities from MPS to SFC. Over the years they have found that the return on effort of running all these features is not justifiable and they have progressively simplified the system's use. Over the past month we have been helping them evaluate a replacement strategy for this system which is now end of life and this week we had a eureka moment. Money is tight and the group this business belongs to uses an ERP solution targetted at the enterprise asset manageemnt space, not manufacturing. I had raised the possibility that one approach was to fairly radically simplify the production management process and only use the corporate system for sales orders and inventory. This week the light bulb went one in the MD's head and he asked me to elaborate on this idea. I outlined Lean manufacturing and described the experiences I had with seeing lean in action at Toyota and implementing it in Australia. He is getting the boards sign off and we will be organising training in Lean for the team. Our plan is to implement a full lean philosophy in the plant and slowly decommision the MRPII system. When we are back to just using Sales Orders and Inventory then we plan to swap to the corporate ERP system. My feeling is that, not only will they save much of the replacement and reimplementation costs of a new MRPII system BUT they will get a much better business in the prcoess. The more I see small manufacturers like this the more I think that MRPII is a bad fit for most of them and the more I like Lean as an approach. Lean can use technology - of course - but it puts people and process ahead of it. So the future for these types of companies may be an Accounting system with Lean rather than MRPII. I'll keep you posted on how it goes.
Saturday, November 1, 2008
Poor man's fraud scoring
As part of a research project at Griffith University I have been looking at the variables that best predict CNP fraud risk. What is different about my research is that it is quantitative - i.e. I am dealing with hard data not mumbo jumbo marketing phrases like 'auto-adaptive neural networks with genetic algorithms'. The end of the research is still far away but I wanted to share a tid bit with you that will solve 95% of your fraud problems and cost almost nothing to implement.
IF Card is Overseas (use a BIN table to determine this) AND
email address is free email service
THEN
Suspect Fraud
Too simple? I thought so too. After double checking adn re-checking my analysis, I realised that this is because most eCommerce is still intra-national AND most fraud networks are globalised.
No doubt after the bad guys start reading this, they will up the stakes. But right now if you have no fraud scoring on your web site, try implementing these two simple measures.
IF Card is Overseas (use a BIN table to determine this) AND
email address is free email service
THEN
Suspect Fraud
Too simple? I thought so too. After double checking adn re-checking my analysis, I realised that this is because most eCommerce is still intra-national AND most fraud networks are globalised.
No doubt after the bad guys start reading this, they will up the stakes. But right now if you have no fraud scoring on your web site, try implementing these two simple measures.
Friday, October 31, 2008
Meldown and security
A question my colleagues and I are asking ourselves is: will the financial meltdown increase or reduce organisations intent to improve imformation security? Will the companies that have just tkeen a bath see the 3 degrees of separation from financial risk, to risk culture, to information security to ICT security. Or will they once again see ICT Security as a nice to have that can be dumped when budgets contract.
Identity Management - lets integrate physical and digital
I have spotted some interesting trends in the IM space. There is an increasing need to converge enterprise solutions in access control and IM space. The token of choice for this will be contactless smart cards. Readers will be in laptops and PC (turn 'em on when I sit down!) and on physical access (Unlock the door as I approach). The costs are coming down - now we need a smart systems integrator to package it all together. The Killa product is - well that would be telling ;-)
Thursday, May 29, 2008
Verified by Visa - so near and yet so far
For those who have known me for years, you will know that I have been involved with Verified by Visa (VbV) from the early trial way back in 1999. It was then called 3D Secure and QSI was the first vendor to go though vendor certification of a Merchant Interface Processor (MIP). Fundamentally I am a fan of VbV and compared with SET it is lightweight, practical, moderately secure and represents IMHO the way forward for online card holder authentication of ePayments.
The other day I signed up to skypeout, the service that lets you call land line phones from your desktop - and sound like an offshore call centre :-). Skype UK use Bibit, a Payment Service Provider (PSP) owned by my old friends RBSG. The visa card I used was from one of the big-5 Australian banks, who uses the Arcot Access Control Server (ACS). I suspect it is the hosted service. As my card was not registered with VbV, it send me to a registration page, prompting for DOB and the security code. These did not validate (although correct) which make me suspect that the bank is not keeping account details in sync with their core banking systems. This is the problem you get when you go the low road and don't really integrate the ACS into your eBanking infrastructure.
The result was that the transaction would have been flagged as VbV complaint transaction, card holder not enrolled. I am not completely up to date with the VISA EU region rules but I think this means that as far as Skype is concerned, it is covered under the Card Present rules. If it turns out that there is fraud on the card, it will be my problem. In all a pretty poor protection of the consumer by my bank.
I'll let you know that they have to say about this when I hear back from them.
The other day I signed up to skypeout, the service that lets you call land line phones from your desktop - and sound like an offshore call centre :-). Skype UK use Bibit, a Payment Service Provider (PSP) owned by my old friends RBSG. The visa card I used was from one of the big-5 Australian banks, who uses the Arcot Access Control Server (ACS). I suspect it is the hosted service. As my card was not registered with VbV, it send me to a registration page, prompting for DOB and the security code. These did not validate (although correct) which make me suspect that the bank is not keeping account details in sync with their core banking systems. This is the problem you get when you go the low road and don't really integrate the ACS into your eBanking infrastructure.
The result was that the transaction would have been flagged as VbV complaint transaction, card holder not enrolled. I am not completely up to date with the VISA EU region rules but I think this means that as far as Skype is concerned, it is covered under the Card Present rules. If it turns out that there is fraud on the card, it will be my problem. In all a pretty poor protection of the consumer by my bank.
I'll let you know that they have to say about this when I hear back from them.
Wednesday, May 28, 2008
Enterprises at risk from email leaks
ITNEWS is reporting the results of a survey by Proofpoint that 30% of enterprises have investigated an email leak in the past 12 months. I have long been talking to clients about the risk of data leakage via email. Email is so widely used in corporations and so essential to business life that any move to limit its use is strongly resisted. Yet here is a mechanism that allows board papers, trade secrets, and personnel files to slip out the front door of the organization.
Prohibition of email is not going to work. Even blocking webmail access to employees will be unpopular with Gen Y employees. Unless you are the DoD or a major government department, this is not an effective management strategy.
Here are my suggestions of what you can do to:
http://www.proofpoint.com/
http://www.itnews.com.au/News/76978,enterprises-at-risk-from-email-leaks.aspx
Prohibition of email is not going to work. Even blocking webmail access to employees will be unpopular with Gen Y employees. Unless you are the DoD or a major government department, this is not an effective management strategy.
Here are my suggestions of what you can do to:
- Have a documented information classification and release policy
- Require explicit classification of information as Public before the email gateway delivers to an external address
- Keep a log of all outbound emails and monitor these logs
- Conduct awareness training with all employees
http://www.proofpoint.com/
http://www.itnews.com.au/News/76978,enterprises-at-risk-from-email-leaks.aspx
Subscribe to:
Posts (Atom)
