TEAM Zarate Tarrani Notes From the Field

SureTrak is a Sure Thing. In my 16 April entry in Postcards from the Revolution I briefly described the strengths of my favorite project management application, SureTrak Project Manager 3.0. In my opinion it's the best single-user PM software bar none.

SureTrak was designed with features that practicing project managers need, not glitzy fluff. Among its features are:

• Multiple calendars - you can have up to 31 base calanders per project, giving you absolute control that is not possible with other PM applications in this price range. This feature allows you to model different resource baselines, which is powerful. Also, unlike MS Project, SureTrak does not assume it knows better than you and change the project in strange and mysterious ways after you've made an adjustment. This alone makes SureTrak worth using.
• Earned Value project management is built in and works correctly. If you're a PMP you'll not only appreciate the solid implementation of earned value, but should also know that the earned value portions of the PMBOK were developed by members of the Primavera team--Quentin Fleming and Joel Koppelman--who also authored Earned Value Project Management, second edition (see my 18 March 2001 review on Amazon for details). This adds a high level of trust in the way SureTrak works.
• Project resource leveling works (it's somewhat challenged in MS Project), and the ability to automatically forecast resource shortages, trace PERT logic, and use precedence diagramming method if you so choose. It also gives you the ability to jump from WBS, resource, activity or PERT views with a mouse click shows your project from any perspective. Another nice feature is the cosmic view of the PERT view that shows the entire network in one window and details in another.
• The reports, profiling and analysis options are too many to list. Suffice it to say that if there is a view or report that isn't shipped with SureTrak (and I cannot think of any), you can easily create one.

Although it has serious features, it also has glitz: you can publish in HTML, add graphics to your schedule and customize bar legends. It also has team features, such as email management, the ability to manage multiple related projects simultaneously, and the ability to exchange files with MS Project via MPX files. Note that there are some losses when you exchange MPX files because SureTrak has features that Project doesn't have and they will not import correctly into MS Project.

If you make the leap from MS Project to SureTrak I strongly recommend investing in Planning Using Primavera SureTrak Project Manager Version 3.0 by Paul E. Harris, which will get you quickly started.

ISO 9001:2000. Among Linda's recent topics are ISO 9001 and 900-3. There is a single sentence in the new ISO 9001:2000 requirements that's a bombshell: Customer perception, as to whether customer requirements have been met, shall be monitored. There is a book on this topic, Customer Satisfaction Measurement Simplified: A Step-by-Step Guide for ISO 9001:2000 Certification, that has as its sole purpose to provide you with ISO 9001-friendly techniques for meeting the requirements in that sentence. The author provides a clear, 7-step process for tackling that daunting task:

1. Identify your customers.
2. Identify their requirements. (Maps to ISO requirements 5.2, 7.2.1).
3. Determine what you're going to measure, and how.
4. Measure satisfaction based on step 3. (Maps to ISO requirement 8.2.1).
5. Analyze the data. (Maps to ISO requirement 8.4).
6. Report the results.
7. Communicate the results and employ continuous improvement methods. This complies with the change from the 1994 version in that continual improvement is now required, where it was only implied in the 1994 version.

What makes this book so valuable is that it reduces the complexities for meeting each of the requirements using the process to a series of steps in each process stage. Each chapter contains a summary of the goals, then gives step-by-step procedures needed to attain the goals, and identifies the deliverables that must be produced. This sounds simple on the surface. In reality implementing customer satisfaction requirements management, measurement and continuous improvement is a complex undertaking that not only touches virtually all parts of an enterprise, but also mandates a change in corporate culture.

Additional value in the form of worksheets and checklists covered in the appendices (and provided in electronic format on the CD ROM) make this book absolutely essential to any company that is pursuing certification (or are re certifying under the 2000 version).

Other factors that make this book invaluable include:

• The author's extensive experience in customer satisfaction management is condensed into this reasonably short book
• Layout of the book makes it easy to follow and find information
• The straightforward manner in which necessary information is presented.

This is the only book, to the best of my knowledge, that solely focuses on this aspect of ISO 9001:2000. Fortunately, it covers all of the essentials and leads you step-by-step through the process of meeting this important set of requirements. I personally believe that it's the key to getting certified under the 2000 requirements because of the scope and magnitude of effort that is required to comply with a seemingly innocuous requirement that can be a major barrier to achieving certification.

When Will They Stop? Are you using Microsoft's XP family of products? If so you should know that it may be doing things behind your back. A 12 April article titled Win-XP Search Assistant silently downloads files is yet another of the growing reports of how the tagline, Where do you want to go today? is starting to look like I'll take you where I damn well please.

Microsoft isn't the only culprit. Consider the ramifications of Data Mine—Or Yours? by Diane Savage, then read World Without Secrets that Linda discussed in her last entry. That book has an associated web page from which you can download a sample chapter and read related articles.

The only reassuring news in the past week is an Associated Press article titled Web Group OKs Privacy Standards.

Book Review. Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes by by Albert J. Marcella Jr (Editor) and Robert S. Greenfield (Editor). Thorough and suitable for the experienced professional.

This book is an excellent follow-on book to Computer Forensics: Incident Response Essentials by Kruse and Heiser, which introduces the fundamentals. See my 14 April entry in Postcards from the Revolution for details. This book goes much deeper and is more technical than the Kruse and Heise, therefore the ideal audience is practicing professionals who have prior experience in forensics and a wide range of hardware, software and network knowledge.

Tools and techniques are presented in painstaking detail. I was unable to find a single gap or omission, which speaks highly of the editorial and review process behind this book's 464 pages. While most technical disciplines can dispense with finer details, the nature of forensics is to overlook nothing. If you find the step-by-step thoroughness boring that is an indication that forensics may not be your forte; if you're an experienced professional you'll appreciate the coverage of every technique or use of tools.

While the discussion of tools and techniques will satisfy even the most experienced practitioner, I found the detailed discussion of legal aspects, HR considerations and overall security and incident response processes to be the book's strongest points. This area is what sets forensics experts apart from technicians, and it is here that the book (in my opinion) adds the most value. Procedures ranging from how to properly gather, preserve and control evidence, to legal considerations for designing processes are covered in clear language, as are US and international legal guidelines.

Parts that I especially like include: intrusion management and profiling, up-to-date information on electronic commerce legal issues, the numerous checklists and cited resources, and the clearly delineated process for dealing with incidents.

If you're new to forensics you will probably get more from this book by first reading Computer Forensics: Incident Response Essentials by Kruse and Heiser. If, however, you have previous computer forensics experience or are currently serving in that role this book is probably one of the best investments you can make.

The book's accompanying web site keeps it up-to-date and provides additional material and links on forensics and other security-related information.

Administrative Note. Over the next few days my ISP will be doing maintenance. Most of the documents we provide here reside on the server that hosts tarrani.net. You may experience Document not found errors during the next 48 hours. If there are any documents that you absolutely need during this period let me know and I'll e-mail them to you.

Scalability and Performance + Yet More About Architecture. In my 8 April entry I mentioned Greg Barish's excellent book, Building Scalable and High-Performance Java Web Applications Using J2EE Technology. I was so impressed with the common sense approach that Mr. Barish proposed, and his clear writing, that I did a little investigating. As it turns out, Mr. Barish isn't your run-of-the-mill developer who wrote a book, but is a Ph.D candidate in the prestigious USC Computer Science Program. Two additional papers authored or coauthored by Mr. Barish that I found interesting are:

1. Using Tcl to Rapidly Develop a Scalable Engine for Processing Dynamic Application Logic. I recently cited the findings and conclusions from this 11-page PDF document to support the use of tcl in a proposed project.
2. World Wide Web Caching: Trends and Techniques. This 8-page PDF document is one of the clearest discussions of caching as a scalability technique that I've read. It's lavishly illustrated and masterfully explained.

An additional document that serves as a nice capstone on my previous entries about architecture is Conflicts Among Architecture Evaluation Criteria, which sorts out some of issues related to architecture evaluation that I've been discussing.