Saturday, February 02, 2002

 
Arcady Novosyolov's risk theory web site is an excellent resource for those of us who need to brush up on probability as well as for advanced risk management practitioners in a number of professional disciplines. The focus of the site is financial risk management, but the content is applicable to risk management in general. Among the highlights are: basics and an introduction to risk theory (including lectures), a comprenehsive glossary of terms that also contain formulae, a handbook of distributions and links to other risk management resources.

The following books are my favorites on the software risk management: Managing Risk: Methods for Software Systems Development, Software Engineering Risk Management and Risk Management Processes for Software Engineering Models. If you're looking for an introductory book on project risk I recommend Project & Program Risk Management: A Guide to Managing Project Risks and Opportunities, which covers the basics well.

Harshal Laddha who is a good friend at Thinking Minds's India office shared another outstanding resource: Sridhar Iyer's IIT web page Mr. Iyer is an Assistant Professor at the School of Information Technology, Indian Institute of Technology. His page contains a wealth of information for anyone who works with network technologies.

The presentations, tutorials and papers on this page span wireless and fixed networking technologies, with an emphasis on WAP, M-Commerce and mobile computing. There are also presentations and papers on internet technologies, including tutorials on TCP/IP, routing, network security and other topics. You'll have to dig through the material carefully because some of the links lead to other topic areas that point to yet more material. I spent an hour going through the page and associated links and was thoroughly impressed with the quality of information and the large number of valuable resources.

Friday, February 01, 2002

 
Manisha Saboo of eRUNWAY contributed a number of resources to share:
  1. Software Test and QA resources
  2. Requirement Management in Testing, which is an 8-page PDF document that addresses an important topic for QA professionals.
I'd like to add to Manisha's impressive list a site devoted to GUI and UI testing.

Another topic that is worthy of discussion is software measurement. I recently wrote about resources available from Data & Analysis Center for Software (see my 30 January entry) and want to highlight measurement-related information that is also available, starting with their collection of Software Measurement Literature and a list of related sites. You'll also want to explore the official website of ISO/IEC JTC1/SC7, which is the ISO committee responsible for developing ISO standards in the area of Software and System Engineering. Data & Analysis Center for Software also maintains a page devoted to Cost Estimation. Project managers and SQA professionals will find a wealth of material in the Insight Newsletter, which is the Army's Software Metrics Newsletter and one of the best sources of software measurement information.

At the risk of drifting too far off topic I want to share an online book by Martin Fowler titled Information System Architecture. Mr. Fowler is one of my favorite authors with a number of books on patterns, Extreme Programming and UML to his credit. If you're a design patterns advocate his online book will not disappoint.

Please note that this weblog only tells half of the story. If you want the full picture of our thoughts and information we have to share I encourage you to also read Postcards from the Revolution. We use that weblog to balance the technical entries here with the realities of how technology applies to IT and the business.

Thursday, January 31, 2002

 
You need only to follow the trade press and e-mail newsgrams to know that security is a top concern these days. This is especially true if you're in healthcare because of the law mandating compliance with HIPAA. My most recent experience in security was on a project in Kuwait. One aspect of that project, for Kuwait National Petroleum Company from December 2000-May 2001, was specifying an enterprise security infrastructure as a part of the company's strategic plan. I spent the better part of today revisiting this topic and thought I'd share some of my notes and research.

A logical starting point is a presentation titled LDAP and Security for two reasons: (1) directory services such as LDAP (lightweight directory access protocol) are key to an enterprise-wide security infrastructure, and (2) this presentation is a good introduction to LDAP. A more technical presentation is Simplified Management of Hosted Services through LDAP in which the power and utility of LDAP becomes apparent. Drilling down into more technical aspects, The LDAP Protocol presentation explains the protocol itself.

If you're serious about implementing LDAP you should be aware of the open source version and a free LDAP Browser. Moreover, if you're using Java to develop your infrastructure or associated services, then the LDAP and Java Naming Services presentation will spark ideas.

LDAP in and of itself can quickly become a hairball unless you design your services intelligently. The key is to understand role-based access controls (RBAC), which in turn requires an understanding of set theory. The best resource for RBAC is the National Institute of Standards and Technology RBAC page. You'll find a plethora of tools, papers and other artifacts, including the Draft RBAC Standard. Another excellent source of information is at George Mason University's Laboratory for Information Security Technology.

Still on the topic of enterprise architectures, a technology worth exploring is JXTA. This is a set of open, generalized peer-to-peer protocols that allow any connected device (cell phone, to PDA, PC to server) on the network to communicate and collaborate. The home of Project JXTA has all of the resources you need to evaluate and/or employ this technology. JXTA, by the way, is short for Juxtapose, as in side by side. It is a recognition that peer to peer is a juxtaposition to client server or Web based computing

Digging deeper into issues we always bump into QA. Issues in Testing Java Applets and a related source, Automating the Java build and test process address some aspects of Java QA. Another interesting resource is JUnit, which is a regression testing framework written by Erich Gamma and Kent Beck. Also take the time to visit IT Toolbox's Java page for a wealth of resources.

A surprising find is a site I just discovered called Quality Assurance & Software Testing Downloads. I thought I knew where every test and QA site on the web was until I found this gem. Although I haven't fully explored it, the content and downloads I did look at seemed to be high quality stuff. Before leaving the topic of QA and testing I'd be remiss if I didn't mention XPractices, which is a page devoted to extreme programming practices. There is a lot of test material here that any XP practitioner, development manager or QA professional will find useful.

I'll come full circle back to enterprise architectures in general and end this entry with a recommended whitepaper titled Web Services, Business Objects and Component Models by Philippe Mougin & Christophe Barriolade of Orchestra Networks.

Wednesday, January 30, 2002

 
Harshal Laddha of Thinking Minds shared an interesting resource titled Java Technology for Business Intelligence.

On the topic of business-enabling technologies, there are two publications that are worth reading if you're an architect:

  1. XML: The Time is Now, which is a GartnerGroup presentation that makes a compelling business case for XML. This document is slanted towards healthcare and HIPAA, but is generic enough to be applied to any enterprise architecture initiative.
  2. Progress Report: HR-XML Implementations describes the progress to date by the HR-XML Consortium on schemas and DTDs supporting human resources. This consortium is an independent, non-profit organization dedicated to the development and promotion of standardized XML vocabularies for human resources.
Regardless of your technical environment, there is no doubt that XML is an important component of enterprise architectures. Information about and links to XML resources can be found on the DACS XML page. DACS also maintains a Java page that points to the top Java resources on the web. Who/what is DACS? It's the Data & Analysis Center for Software. which is a DoD software information clearinghouse. DACS also publishes Software Tech News, which is an outstanding software engineering publication that has an emphasis on QA and SQA.
 
Manisha Saboo of eRUNWAY is a friend with whom I exchange technical ideas and discuss various SQA topics. She recently asked me if I had any ready references on organizational communications plans. I fear that my response may have been overwhelming. I rapidly sent off three e-mails with large attachments that would have taken a team a week to sort through. I tend to do that sometimes.

A bit of digging in my usual haunts yielded resources that are focused on what Manisha wanted:


Tuesday, January 29, 2002

 
In my recent travels over and across the web in search of information on particular topics I found a few sites that exemplify what one can do with a personal web page. None of these sites are flashy, corporate entities - they are simple, filled with amazing content, and are an obvious labor of love. Here are the ones that most impressed me:A more mainstream site that security professionals will want to visit is the CISSP Open Study Guides web site. If you're pursuing Certified Information Systems Security Professional (CISSP) certification you'll want to visit this page. Of course, you'll also want to spend time on the International Information Systems Security Certification Consortium (ISC2) site for the latest news about the certification and requirements.
 
The joys of weblogs and the perils of free hosting. Within hours of Linda's last post Geocities lost her entire web page. Fortunately I had her site backed-up and was able to move her to her new home. I also corrected the URLs in her last post to reflect new page locations and have updated links on my list of sites and a few other locations.

Moral: A fool and his [her] data are soon parted. Fortunately we back-up after every change, and migrate those back-ups to CD ROM. If you're not doing the same thing ask yourself how long it would take to recover from a complete loss of all files and content on your personal page. Sobering, isn't it?

Monday, January 28, 2002

 
Linda's last entries are a tough act to follow. I have a few loose ends to tie:Goodnight from Tustin, California.

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]