SlideShare a Scribd company logo
1 of 12
Download to read offline
SPRING2014
bcs.org/itnow
SUMMER2014
T H E M A G A Z I N E F O R T H E I T P R O F E S S I O N A L
PROJECT MANAGEMENT
04 	 TWEETING PROJECT MANAGERS
06	 PROJECTS AREN’T FLAT
08	 THREE STEPS TO SUCCESS
HEALTH
16 	 TO SHARE OR NOT TO SHARE
SECURITY
12	 PREPARING FOR ATTACK
14	 WHAT IS RISK?
...THE REST
10 	 THE ROLE OF THE CIO
18 	 COMPUTER ARTS
20 	 THE LAST PAGE
EDITORIAL TEAM
Henry Tucker Editor-in-Chief
Justin Richards Multimedia Editor
Grant Powell Assistant Editor
Brian Runciman Publisher
PRODUCTION
Florence Leroy Production Manager
Advertising
Jack St Valery
E jackstvalery@agencypublicom.com
T +44 (0) 20 7978 2544
Keep in touch
Contributions are welcome for
consideration. Please email:
henry.tucker@hq.bcs.org.uk
ITNOW is the membership magazine of
BCS, The Chartered Institute for IT.
It is sent to a wide variety of IT
professionals, from systems developers
to directors, consultants to training and
education specialists. A subscription to
ITNOW comprises four issues.
All prices include postage. For subscribers
outside the UK, delivery is by Standard Air.
Annual subscription rates
Institutional: print edition and site-wide
online access: £250/US$473/€373;
print edition only: £230/US$436/€344;
site-wide online access only: £200/
US$303/€239.
Personal: print edition and individual
online access: £184/US$348/€275.
ITNOW, ISSN 1746-5702, is published
quarterly (March, June, September,
December) by BCS, The Chartered Institute
for IT, North Star House, Swindon, UK.
The US annual subscription price is $299.
Airfreight and mailing in the USA by agent
named Air Business Ltd, c/o Worldnet
Shipping Inc., 156-15, 146th Avenue, 2nd
Floor, Jamaica, NY 11434, USA.
Periodicals postage paid at Jamaica NY
11431.
US Postmaster: Send address changes
to ITNOW, Air Business Ltd, c/o Worldnet
Shipping Inc., 156-15, 146th Avenue, 2nd
Floor, Jamaica, NY 11434, USA
Subscription records are maintained at
BCS, The Chartered Institute for IT, North
Star House, North Star Avenue, Swindon,
SN2 1FA UK.
For payment details and terms and
conditions, please see:
www.oxfordjournals.org/our_journals/
combul/access_purchases /price_list.htm
The current year and two previous
years’ issues are available from Oxford
University Press. Previous volumes can
be obtained from the Periodicals Service
Company, 11 Main Street, Germantown,
NY 12526, USA.
E psc@periodicals.com T +1 518 537
4700, F +1 518 537 5899
For further information, please contact:
Journals Customer Service Department,
Oxford University Press, Great Clarendon
Street, Oxford OX2 6DP, UK.
E jnls.cust.serv@oup.com
T (and answerphone) +44 (0)1865 353 907
F +44 (0)1865 353 485
The opinions expressed herein are
not necessarily those of BCS or the
organisations employing the authors.
© 2014 The British Computer Society.
Registered Charity No 292786.
Copying: Permission to copy for educational
purposes only without fee all or part of
this material is granted provided that the
copies are not made or distributed for direct
commercial advantage; BCS copyright notice
and the title of the publication and its date
appear; and notice is given that copying is by
permission of BCS.
To copy otherwise, or to republish,
requires specific permission from the
publications manager at the address
below and may require a fee.
Printed by RotolitoLombarda, S.p.A
Italy.
ISSN 1746-5702. Volume 56, Part 2.
BCS The Chartered Institute for IT
First Floor, Block D, North Star House,
North Star Avenue, Swindon, SN2 1FA, UK.
T +44 (0)1793 417 424
F +44 (0)1793 417 444
www.bcs.org/contact
Incorporated by Royal Charter 1984.
Liz Bacon BCS President
David Clarke CEO
Feedback
email: editorialteam@hq.bcs.org
Image:iStockphoto/173390168
PROJECT MANAGEMENT
June 2014 ITNOW 0504 ITNOW June 2014
Not everyone wants to be social
You can have the best tools in the world,
but getting your team to start working in
a different way can be a huge barrier to
overcome. Commonly it is a generational
issue. People born since 1985 are what I
term born digital.
That is to say they do not know a time
before the internet. Their communication
style is more open, shorter form, multi-
device. They are used to information
coming from different directions and much
more accepting of the notion of being
always on. For many of us (that’s me too)
who are pushing 40, 50 or older this just
isn’t the norm. Not everyone wants to
publicly share their views or respond to an
instant message at 10pm.
The most surprising issue I get given
in boardrooms and when training senior
managers is a concern for saying the
wrong thing and looking bad. Ironically it is
the people with the most experience and
most knowledge that fear this the most.
Notice, however, (as I point out when
faced with this concern) that the people
who you think look bad are the people that
we are talking about now. If it was you that
was confidently and publicly sharing your
experience then it would be you who would
be getting the plaudits and increasing your
reputation.
Get people to push past their concerns
by focusing on their skills and the value
they can add to others by sharing them.
Characteristics of a social business
Having chosen your tools and instructed
your team all that is left is to work on the
culture of the business to ensure adoption
of social technologies and social project
management success.
In my personal experience it is hard to
enforce new working practices and get
people to stay on board after the initial
fanfare and training. What often works well
is using a smaller group to champion the
process and become a case study that will
inspire the rest of your project teams.
It may also pay dividends to consider the
more commonly associated social media
channels of Twitter, LinkedIn, Facebook,
Google Plus and YouTube as a way to
show the increasingly social nature of your
business. Encourage and invite people
into the program in a way that suits them;
this might be leaving areas of your social
project management tool open for more
general topics so that people can arrange
drinks after work or borrow a power tool
off a colleague. Anything to get them in the
habit of using it.
McKinsey’s Social Economy report of
2012 noted common characteristics of
successful networked organisations, i.e.
they’ve gone social, as:
•	 	persistent approach to trying new
things, learning and adapting;
•	 	role modelling and vocal support of
leaders as a catalyst;
•	 	social technologies are embedded in
to their day-to-day work;
•	 	high degree of trust and willingness to
collaborate between colleagues.
Time to go social
You don’t really have a choice about adopting
social project management practices. Your
people or future employees, your custom-
ers or simply your competitors are going to
force your hand. It is such an exciting time for
anyone in business. Our lives are being made
easier and success put within closer reach.
For anyone who enjoys their work
it should be a boom time filled with
opportunities.
www.bcs.org
From crowd sourcing business finance to
collaborative mapping and traffic reports,
from renting out your spare room by the
night to controlling your central heating
by mobile, everything is becoming intercon-
nected.
Rolls-Royce, the engine manufacturer,
has fitted around 100 sensors to its
aircraft engines and they report live
information back to a 24 hour team of 30
engineers who pour over the data and
make decisions that impact the aircraft at
500 airline companies around the globe.
It is the combination of these applications,
people and data that are making decisions
that impact the world we live in.
Many people (still) see social media as
inane chat about who had what for lunch. The
reality, however, is that social technologies
are allowing people to collaborate, absorb
information and make better decisions
faster. For the most part the technology is
an enabler for people to be social and it is
simply human nature that we use this to
make better things. For businesses that
embrace this transformation it can be
startling. For those that do not the impact
may be much more negative.
Project management has to change
Traditionally, a project manager was the
lynch pin of any project. The hub of all the
information and the leader who ensured
everyone was doing their job on time. No
matter how effective the project manager
or the systems are though this very linear
approach can lead to bottlenecks and
breakdowns.
In the age of web 2.0, and the rise of
social technology, such problems are
being resolved by solutions that bring
collaboration and agility. Core to this also is
the open use of and access to data.
Regardless of the size of team traditional
project management would also have
likely happened mostly via email and face-
to-face meetings. Thus creating silos of
information that are hard to review, analyse
or share. This is inefficient.
Social PM improves effectiveness
Social project management by virtue of
interconnected systems makes
collaboration core to the project team. It
creates efficiencies and delivers better end
results because of accountability and the
collective intelligence of the group.
Rarely does a new system bring cost
savings and increased productivity, but
using social technologies and working
socially could, as suggested by McKinsey
Global Institutes’ 2012 Unlocking the Social
Economy report, increase productivity
by up to 25 per cent and unlock up to
$1.3 trillion of annual value in the world
economy. Naturally two objectives many
finance directors are keen to hear about.
Your customers will also be very grateful
and increasingly loyal as they benefit from
the improved communication and access
to information. In a commoditised world
your collaborative culture and strong client
relationships can become a differentiator,
which is almost impossible to recreate.
How to make a project social
Deciding to make your project and project
management more social is not difficult.
There really are a great many tools that
have been launched that can be used with
minimal cost or training.
Podio, Trello, Basecamp (all .com) and
now even SharePoint are social at their
heart. Google Apps including Google Plus
(which is a social network) is, because of its
tool set, an excellent option also. A social
project will be open in its nature, with
people being able to see what each other is
responsible for and the status of that work.
The common features to ensure you have
are:
•	 project management and permission
setting by leader;
•	 	team member pages and profiles;
•	 	shared schedule and work flow;
•	 	collaborative work spaces;
•	 	document repository;
•	 	search engine functionality;
•	 	remote, multi-device access;
•	 	message alerts via email and live chat;
•	 	open conversation with tagging,
commenting and sharing.
Video conferencing and group communication
are also commonplace, meaning that as
well as being able to collaborate on
documents, team meetings can happen
easily and regularly.
Carry out a review of your systems and
choose your tools based on how simple
it will be for your company to adopt this
new way of working. Simply creating
shared workspaces and making everybody
accountable to each other through an open
community is a great stepping stone to
embracing social project management.
The technology world has changed massively in recent years, but how much has project management
changed and how have project managers changed the way they work? Jonnie Jensen, social business strat-
egist and founder of Live And Social, looks at what it is going to take for more project managers to confident-
ly go social.
PROJECT MANAGEMENT
TWEET?
doi:10.1093/itnow/bwu033©2014TheBritishComputerSociety
HOW MANY PROJECT MANAGERS DOES IT TAKE TO SEND A
Image:ER_Creative/185010011
PROJECT MANAGEMENT
06 ITNOW June 2014
1.	 A grown-up conversation about our
ability to estimate business leadership;
2.	 A value-based approach to design,
planning and execution;
3.	 A grown-up conversation about our
ability to estimate.
As Alcoholics Anonymous knows, the first
step in finding a solution is to accept that
there is a problem.
The truth is that it just isn’t possible to
accurately estimate the cost of an IT-based
project. Actually, it is extremely difficult
to estimate the cost and duration of any
activity that we have not done before.
Let’s say you decide to walk from
London to Paris. How long will it take? We
have clear picture of the destination and
the speed at which we might go, but it’s
still tricky.
Let’s try something trickier. Say, Paris to
Rome? And let’s say you are in a group of
seven. Two couples of different ages and
three children ranging in age from 12 to
17. It’s complicated, right? You can still find
out the distance, but the route takes you
over the Alps. Different members of the
group will go at different speeds and the
amount they can walk in a day will vary.
On top of that, the two families have to
cooperate on the overall journey.
Now think about a project involving IT.
It’s much more complicated than a walk
from Paris to Rome. There is no map of
the journey. Calculating the distance to
the destination isn’t easy. In fact, it is often
pretty difficult to describe the destination
at all. And what about speed? You have a
bunch of people, of varying abilities and
experience, who have come together to do
this project - how fast can they go?
The only way that we can estimate any
task reliably is to do it over and over again.But
we don’t do the same project over and over.
Projects might share similar characteristics
but each is a different journey,usually with
different group of people.
This is why the ‘on time and on budget’
mantra is a nonsense. We cannot estimate
reliably, so we cannot come in on time and
on budget, unless our guess is generously
padded with contingency.
But even with contingency added,
Standish tell us that only 32 per cent of
projects come in on time and budget. One of
the reasons for this is that we all suffer from
what psychologists call Optimism Bias.
We all believe that we are better than
average drivers. We all believe we are
better than average parents. We all believe
that we are better than others at anything
we regard as important. That includes our
own project. We are smarter and better
than others, so will not make the same
foolish mistakes. And nor will we be over-
optimistic, as the others were.
Business leadership
Researching the talks that I referred to
earlier, I pulled together all of the publicly
in front of a snow covered building site.
The project has cost much more and taken
much longer than anyone expected. They
have run out of money and Christmas will
be in a caravan, at the side of the site.
Alternatively, they could take a value-
based approach. To do so, they would have
collaborated with their builder to identify
chunks of value. For example, having
identified a functioning toilet as having
particularly high value, they could then
have asked for it to be delivered first. Then
this might be followed by a shower room,
followed by a kitchen, a bedroom and so on.
The total value could have been
delivered in chunks. The builder might
argue that this approach would make the
overall project more expensive. But then
the estimate is only a guess anyway, given
the novelty of the project. A value-based
approach is better because it enables
the customer to calibrate the supplier’s
productivity and improve the overall
estimate with each delivery. And, in any
event, wouldn’t it be better to have a four-
bedroomed home with a roof, rather than
an uninhabitable eight-bedroomed home
without one?
The delivery of each increment of
the project’s overall value provides an
opportunity for a customer to evaluate not
just cost and time but also value, quality
and the customer-supplier relationship
and the project team to learn and adjust
course, rather than waiting until the end of
the journey to discover that the project has
arrived at the wrong place.
The world isn’t flat and nor are projects.
Continuing to make believe that they are
will only perpetuate the cycle of failure. If
we do the same, we get the same.
It’s time for the grown-up conversation,
for business leaders to take some driving
lessons and to take a lean approach
based on the pull of value not the push of
requirements.
www.bcs.org
doi:10.1093/itnow/bwu034©2014TheBritishComputerSociety
Gary Lloyd posed the question ‘what proportion of IT-based projects deliver what they say they would, on
time and on budget?’ at meetings of three different consultancy, project/programme management and
business change BCS specialist groups. Most of the attendees were, like Gary, of mature years and had
seen a lot of projects.
June 2014 ITNOW 07
available research into why IT-based
projects fail. Here is my synthesis of the
top five causes of failure:
1.	 Unclear business objectives and links
to strategic priorities;
2.	 Lack of executive and senior
management support;
3.	 Poor quality and changing requirements;
4.	 Lack of user involvement;
5.	 Poor planning and risk management.
With the possible exception of the last
item, these causes point to one thing: poor
business leadership. It is the business
that has the greatest capability to address
all of these points, including the last one.
Standish Group agrees. It rates ‘effective
executive sponsorship’ as the number one
determinant of IT project success.
Interestingly, IT professionals go in for
an enormous amount of breast beating,
challenging themselves to do a better job
at engaging with ‘the business’ and getting
good-quality requirements. IT professionals
believe that the onus is on them to drag
what they need out of business managers
in order to get the job done.
But why should it be that way?
Shouldn’t business managers be agonising
about how they can ensure that they
get what they want? Shouldn’t they be
demanding customers?
All too often, however, those business
leaders who have initiated projects in
order to be drivers of change, allow
themselves to become passengers
on their own projects. Reporting on
the government’s Universal Credit
Programme, in November 2013, the Public
Accounts Committee wrote:
‘Oversight has been characterised by a
failure to understand properly the nature
and enormity of the task, a failure to
monitor and challenge progress regularly,
and a failure to intervene promptly when
problems arose. Senior managers only
became aware of problems through ad
hoc reviews, mostly conducted by external
reviewers.’
But my aim is not to point a finger
of blame. IT suppliers collaborate with
their customers in mutual self-delusion.
Solutions are relatively low risk, cost and
schedule estimates are robust, and the
project is always on course. Until it isn’t.
That grown-up conversation needs to be
open about risks and focus on strategies
to mitigate not ignore them. We don’t
expect adults to be able to drive a car, just
because they are adults. Why should we
expect business leaders to be able to lead
complex projects, without appropriate
education and support? We need to help
business leaders to become demanding
customers who don’t think the job is done,
once the ship sets sail.
We need to help time-poor business
leaders to understand when, how, where
and why they need to contribute to project
success. Of course, in order to do so, we
need to understand that ourselves.
Design, planning and execution
So let’s say that a grown-up conversation
between supplier and customer has taken
place. How can we, practically, ensure that
the customer’s money is well spent?
I believe that the solution is to adopt
a strategy that delivers regular business
value to customers and stakeholders
throughout the project, not just at the end.
This needs to be clear to suppliers at the
start of the project. The project team need
to know that they have to design a solution
that is structured for regular value delivery.
Ikea doesn’t design furniture and then
work out how to flat-pack it. The delivery
strategy is a constraint on the design.
Consider a building project, such as those
featured on the television programme Grand
Designs. A happy couple decide to take on
a huge Tudor barn refurbishment project,
vowing to be in by Christmas.
Three-quarters of the way through the
programme, we see a disconsolate couple
In answer to the question, an attendee at one
of the meetings held up his hand and made
the shape of a zero with his thumb and
forefinger. I asked the group if they agreed.
On the whole, the answer was ‘yes’, with
no one offering a success rate above 10
per cent. It was the same story in the other
meetings. Seasoned IT professionals were
pessimistic about the ability of IT-based
projects to deliver as promised.
Actually, research data shows that track
record is better than the groups’ collective
intuition, but not that much better and no
cause for celebration. Research carried out
on behalf of BCS found that less than half
of projects delivered what they said they
would within budget. The Standish Group,
that has a database of over 70,000 projects,
paints a gloomier picture. It reports that
less than a third of projects delivered
within budget.
If that wasn’t bad enough, research by
Oxford’s Said Business School, showed
that one in six projects overrun budget
by 200 per cent or more. When IT-based
projects go wrong, they can go very badly
wrong. This conclusion is supported by BCS
research referred to earlier.
So what’s the problem and what can we,
as IT professionals, do about it? IT-based
projects are complex and there is no
single cause nor is there a single silver-
bullet solution. There are, however, three
key points of leverage that can make a
disproportionately positive impact. These are:
PROJECTS
AREN’T FLAT
Image:Jannoon028/477268163
PROJECT MANAGEMENT
08 ITNOW June 2014
managers do habitually are:
1.	 make informed decisions,
2.	 gain management support;
3.	 deal with the unexpected.
I shall now take a closer look at these
three distinguishing project management
qualities.
Making informed decisions
Project management is often misunderstood
and poorly practised because organisations
don’t know how to control change. Simply
put, they don’t know what they are doing.
Senior management believes it is driving
change through from the top down when
in reality it is basing too many decisions on
assumptions.
And here’s the crux of the problem.
Every one believes someone at the top
knows what they’re doing. This stops
everyone from learning and innovating. Let
me tell you a story.
Channel shift
We have been working to introduce a new
content management system. It started
out as a technology project. However, I
was convinced that this was the wrong
approach.
I thought we had an opportunity to save
a great deal through channel shift and
improved handling of customer enquiries.
But a change this big meant a change in
the way we viewed the customer and how
we engaged with them. I soon realised
this would not be possible unless top
management saw the opportunity and
bought into the idea. This was a big ask
because they all thought the project was
about technology.
To get to the heart of the problem I
asked an analyst to do a small study on
website usage. I wanted to know how
We also knew our limitations and when
external help was desired. Our approach
to the project meant we could anticipate
problems and deal with them head-on
before they derailed what we were trying
to do.
For instance, when parts of the business
were too ambitious in their plans we were
able to convince the project board that
restraint was necessary.
We fully understood the end-to-end
transaction costs and the importance of
user experience. In contrast, some of the
ideas coming from the business made
neither economic nor practical sense.
Most business change projects have
difficulties. This is not surprising since we
rarely know exactly what we are doing or
how it is to be done. In other words, project
management is learning as you go.
Or to put it another way, dealing with the
unexpected. Why this is such a surprise
often confounds me.
I think we are all in agreement that
the project manager’s job is to deal with
uncertainty. However, I believe it is more
than this. It is about making a future more
probable.
What we learn from the case study is
that driving projects from the top does not
work because people assume someone
knows the answers.
Projects are called projects because we
don’t know exactly what we are going to
do. We have to learn as we go. The project
manager has to learn fast. Only then
can the unexpected be handled with any
degree of confidence.
So now you know what the project
manager has to do: to make informed
decisions, gain management support, and
know how to deal with the unexpected.
‘There is no such thing as a problem without
a gift in its hands for you.’
Robert Bach
Who said project management was easy?
www.bcs.org
doi:10.1093/itnow/bwu035©2014TheBritishComputerSociety
Martin Webster MBCS CITP is managing solution architect at Leicestershire County Council and his job is
to solve problems, find solutions that enable beneficial business-led change. Project management is a
core competence in directing and managing change.
June 2014 ITNOW 09
many pages we had and how often they
were visited. I also wanted some insight
into the way our customers behaved
online.
When the analyst completed the
research, she reported that we had over
5,000 web pages, yet more than 80 per
cent of them were rarely used or not used
at all. When I examined what she had
found I learned that customers hardly ever
visited the home page and never spent
time browsing our pages. Indeed most
traffic was via a search engine. I couldn’t
believe how bad things were; one of our
most popular pages was a not found error.
The key players in channel shift are not
top management. They are the project
manager and the analyst. The project
manager had the conviction to follow
his hunch and the analyst the tenacity to
uncover evidence.
Project management isn’t simply about
following process. It is about challenging
the status quo and making sure project
objectives and benefits are crystal clear.
The project manager must use evidence,
hard honest facts, to inform decisions and
show people how the project will make
change happen.
So, a project manager’s job is making
informed decisions to get change started.
Gaining management support
The next point is about gaining management
support. So let us return to the case study.
I have a voice
The analyst collected all of the information
and prepared not one but five reports: one
for each business unit and one for each
project board member. At the next project
board meeting we presented our findings.
We decided to hand out unique reports to
each board member.
What they read was a service-by-
service description of their departments’
web presence. Or rather, how ineffective
their department was at engaging
customers. For many minutes the
boardroom was quiet. Everyone was intent
on reading. They had nothing to say.
Later we were invited to present our
findings at management teams across the
organisation. Soon afterwards executive
management heard about it and we were
presenting to the CEO. Through the report
we were able to reinforce at every level of
the organisation a sense of this is how bad
the website is.
In ‘I have a voice we learn that those
who think they have little power can make
a difference. The overwhelming evidence
presented to the project board could
not be refuted. They were on side. The
project manager had moved them from
commanders to sponsors.
Making informed decisions using hard
facts helped the project manager win over
the project board. The board immediately
connected themselves to something
important and lent it their credibility.
In this way project managers must
learn to gain proactive support from
senior leaders. This is what sponsorship is
about. It is holding up an idea or cause as
important. And, when the project manager
has true sponsorship they are empowered
and more likely to succeed in their role.
So, a project manager’s job is about
making informed decisions and gaining
management support.
Dealing with the unexpected
But this isn’t enough. We all know that projects
are unpredictable and inherently risky
endeavours. Therefore, the third and last
point is this: project managers must know
how to deal with the unexpected.
Knowledge is power
Getting senior management on board was
just the beginning. Lots of questions
followed and there was an expectation for
us to have all the answers. We didn’t have
them.
The project team quickly realised it had
to learn about customer access, efficiency
and channel shift. We needed to be one
step ahead of everyone else’s thinking.
Let’s begin with a concise definition of
project management taken directly from
Managing Successful Projects with PRINCE2,
5th Edition.
‘Project management is the planning,
delegating, monitoring and control of all
aspects of the project, and the motivation
of those involved, to achieve the project
objectives within the expected performance
targets for time, cost, quality, scope,
benefits and risks.’
As far as project management definitions
go this is rather good. But what does it tell
us about project management? What does it
tell us about being a project manager?
In truth, many definitions often leave us
out in the cold. Yet this simple definition
does encapsulate what we should be doing.
It helps identify three important things a
successful project manager does.
The three (and yes, this is a three-
point sermon) things successful project
SUCCESS
Image:Photos.com/92825837
STEPS TO
THREE
DIGITAL LEADERS
10 ITNOW June 2014
advice; I have a discussion with them
about why they are interested in those
things in their business.’
Dave went to on to say that he thinks
that the I in CIO, information, is very
important because information is the
lingua franca. He feels that people who
can’t speak that language are destined for
obsolescence in modern industry.
He then added: ‘What I encourage
CIOs to think about is, how do they get
the maximum return on the information
model in their organisation? How can they
focus on the strategy of that information
model and how that information model is
evolving. We own that information model
for the whole corporation and that, for me,
is an important and critical role for the
business. It is a role that shouldn’t have
any competition if the CIO approaches it as
their piece of the cake.
pressures. When you are seen as someone
who has that technology knowledge and
people come to you, it must be very hard to
say “no, I’ve got other priorities in my job.”
People then just see you as the person who
responds to the technology problem rather
than information business issues,’ he said.
Ade McCormack agreed with this. ‘It
happens every day where CIOs are going
in to see the CEO and it turns out that the
laptop isn’t working, so you become the
chief laptop fixing officer. You get a bit
further in and the CEO says “my 13-year-
old daughter has this app and I want our
payroll to be an app.” So now a 13-year-old
girl has more influence over IT strategy
than the CIO.
‘I think it is around brand and perception.
I believe job number one for digital leaders
and aspirant digital leaders is to get their
brand act together, of which there are
probably four stages to do this.
‘The first is to define what your brand
is. Stage two is to reengineer your bio to
reflect that, that doesn’t mean lie though.
It might mean hiding the fact that you’re
a programmer, as that might not help you
where you want to go. The third stage is to
behave like the new brand and the fourth is
communicate the new brand.
‘This works very well with people that
don’t know you. If you talk like a business
person, they will presume you’re a
business person. You may well get push-
back from people who want to keep you in
a certain place and many business leaders
are not comfortable with making that
journey.’
www.bcs.org
doi:10.1093/itnow/bwu040©2014TheBritishComputerSociety
BCS, The Chartered Institute for IT, recently held a summit for and about digital leaders. Included in the
summit was a discussion session about the role of the chief information officer (CIO) hosted by
Ade McCormack and featuring Nick Millman from Accenture, John Morton from IP3 and Dave Wheeldon
from Aveva.
June 2014 ITNOW 11
‘Too frequently CIOs tend to get wrapped
up in other CIO topics and, I think, they get
too close to procurement and therefore
they get too close to technology providers
and this means they tend to go towards
the IT responsibility rather than the
information responsibility. ‘
CIO vs. CDO
The discussion moved on to the subject of
other job roles within organisations.
Nick Millman asked: ‘Is the CIO looking at
information or are they running the IT
function? I think in some sense the trend
is already there for organisations to have a
chief data officer, which I think does happen
when the CIO is running the IT function and
people think about who is looking after our
data, who is thinking about governance
and our data model. Let’s create a new
role called the chief data officer (CDO).
‘We are seeing a surge in the number
of organisations getting a CDO and we did
some research across major organisations
in the US and the UK and two thirds of
organisations, approximately, said that they
had a CDO or that they intended to appoint
one in the next 12 months.
‘In some ways if the CIO doesn’t start to
tackle the data issue, the answer is that a
CDO suddenly appears.’
Mark Say, author of the BCS
whitepapers on the next wave of
computing, who was in the audience, then
asked: does the fact that a lot of CIOs have
come from a technology background mean
that they get given the IT function, whereas
if they came from another part of the
business they wouldn’t necessarily get it?
Dave Wheeldon answered first and
suggested a CIO’s role is often governed by
their previous work experience.
‘The experience I have when I am
talking to CIOs is that they have lost their
way during their careers. I came into IT
as an engineer, but added IT as a way
to do engineering and have become a
moderately IT-literate IT engineer.
‘Some people, who have gone down the
pure information technology route have
lost their connection with the business.
I feel that I, and others that I meet in our
business, have a very strong crossover
between a business discipline such as
engineering or production plus IT.
‘The people who get stuck and find it
difficult to progress are people who are
more of a single dimension and work in the
IT discipline.’
Ade McCormack agreed with Dave.
‘I think you are right. We develop a brand
and, particularly if you have gone through a
technology path, the chances are that your
brand cries out technology and that’s quite
difficult to shake off if you want to make it
into the boardroom.
‘I don’t think you can mix the brands of
being a business leader and a technologist
because your brand will always go to the
lowest one you exhibit.’
‘A boardroom-bound CIO must arrive with
more than just technology management
and even information leadership. They need
to be multi-skilled if they are going to get a
place in the boardroom.
‘We are seeing non-IT people being
successful in CIO roles because they can’t
understand what their people are talking
about so they force their people to talk in a
business language, which I think is a good
thing.’
Mark Say then brought up another
issue that probably doesn’t help CIOs and
that is having to respond to day-to-day IT
John Morton from IP3 added:
‘Sometimes there isn’t a CIO in place, but
different personas of CIO. Some have been
brought to embrace change projects, some
have spent the past years running the
business. When new business demands
growth or being prepared for growth,
come to the fore, you need to ask yourself
whether you are the right person to drive
change in an organisation.’
Dave Wheeldon from Aveva said: ‘As
a CTO (chief technology officer) I think I
have a good bridging knowledge of how
CIOs and CTOs crossover and where IT can
enable us for business process change
and technology innovation and so on.
‘What I frequently find, when I talk to
CIOs, is that they want my opinion about
CIO topics. They want my opinions about
big data, about cloud computing and social
and mobile computing. I don’t give them
Image:iStockdaily/450293517
The discussion started with each person
describing what they see as the role of the
CIO. Nick Millman from Accenture said:
‘Based on the conversations that I have
with CIOs it is often around two aspects.
One, how do they set themselves up for
success within the organisation and what
should the CIO be doing versus what other
C-level executives are doing in the
organisation.
‘With the digital world those boundaries
are blurring more and more, so how do
you set yourselves up for success in terms
of who is responsible for what?
‘Secondly, with the shift into these
new technologies, how do you get the
workforce that you need, how do you find
the people with the digital needs and
experience? How many should you hire in,
how many should you train or what do you
give to service providers?’
CIO
THE ROLE OF THE
BCS has produced a series of
whitepapers on a number of leading IT
topics. These include 3D printing,
augmented reality and cognitive
computing. These are available online
now at www.bcs.org/nextwave
BCS Whitepapers
They get too close to technology providers
and this means they tend to go towards the
IT responsibility rather than the information
responsibility.
June 2014 ITNOW 13
INFORMATION SECURITY
12 ITNOW June 2014
buy and sell,and the internet still works.
Sometimes individual companies are hacked
and the consequences are expensive,but
modern business reacts,adapts,and then
carries on.
For a very long time,the military has
conducted military exercises or wargames as
part of its normal training cycle.
These wargames take many forms
including: Bohemia Interactive’s Virtual
Battle Space (think of a realistic first
person shooter, but with hundreds of
soldiers as the players); mock battles on
Salisbury Plain and straightforward table
top exercises. Business cyber wargames
are closely related to the latter.
One type of cyber wargame is penetration
testing.This consists of testing company IT
systems for various technical vulnerabilities,
for example,checking for unsecured network
ports,unpatched software or staff failing
to follow company polices such as opening
dubious email attachments.
Usually the attackers are white hat
hackers who work for reputable firms who
provide services including mock attacks on a
company’s systems.
This sort of testing is invaluable for
the technical staff involved in network
management,but they are not so useful in
preparing the rest of the business.
Another type of cyber wargame is a
committee or seminar game.This basically
consists of staff sitting around a table
discussing the situation and making decisions.
Such manual pen and paper exercises are
focused on the business,rather than the
technical,aspects of attacks.
There are real advantages to such a
manual game: it’s immediate, it’s simple,
player’s ideas, the scenario will develop
and hopefully, as a result of the player’s
choices, the crisis will be mitigated and the
facilitator will be able to draw the game to
a conclusion.
Step 5: hot wash-up
At the end of the game it is important to
capture feedback from those taking part.
Everyone should be encouraged to
discuss what they could take from the
game into a real world situation. It is
important for the facilitator to highlight that
any poor decisions are not the fault of a
named individual; they are the fault of the
organisation for not providing appropriate
training or the result of inadequate
company policies.
Final thoughts
Games really work as part of a training
package. They can be invaluable
mechanisms for helping identify potential
weakness in a company’s systems.
Research shows that taking part in such
games does increase staff’s
long-term awareness of information
security. These games also help increase
the staff’s chances of making better
decisions when faced by the huge pressure
of real cyber-attack.
www.bcs.org/security
The first stage is to work out the business
aims of the training. Perhaps it is to test
staff in handling the loss of business
reputation in the aftermath of a publicised
hack? It is important to remember that the
wargame has to be designed to be played
in single room with the participants sitting
around a table. A successful game should
avoid being over ambitious. It is far better
to run a few modest exercises that deliver
some benefit that a grander scoped one
that does not.
Step 2: prepare the script
Once the aims of the training are
established, the facilitator can then
develop the scenario. Potential questions
can include.
Who is attacking? What are their aims? How
sophisticated are their methods? Are they
persistent? The facilitator needs to develop an
idea of how the game will progress.
Normally, each stage of the game
consists of a short briefing by the facilitator,
perhaps with handouts, and then the players
should be have time to make decisions.
Step 3: prior training
Warning the players of the scope of the
game is an excellent way to motivate them
to refresh their understanding of company
policies on the subject.
Step 4: conduct the game
The players will assemble on the day and
the facilitator will immediately present
them with a developing crisis. Under time
pressure, they will discuss the potential
options open to them and then jointly
decide on a course of action.
It is good practice for the facilitator to
routinely ask them to justify their response.
Depending on the effectiveness of the
it’s immune to the usual problems with
technology, and it gets people away from
their laptops, tablets, smartphones and
everything... and so concentrates on the
wargame.
By considering information security
and practicing incident management and
reporting,the game should generate practical
insights into security vulnerabilities that
attackers may be able to exploit or it may
simply allow staff to rehearse their responses
before being potentially faced by a real crises.
Experience shows such games work very
well as part of a wider company training
package.A modest business cyber wargame
can be prepared in only a few weeks and be
successfully run within a single morning or
afternoon.
Step 1: define the scope
doi:10.1093/itnow/bwu042©2014TheBritishComputerSociety
The idea of cyber wargames usually conjures up a vision of large numbers of staff faced by a developing crisis
shown in glorious multimedia and managed by a huge team of umpires.Whilst such large exercises are
necessary for government level wargames,it is quite possible to run an effective business cyber wargame with
very modest resources says John Curry.
The harsh reality is that practically every
business has been successfully attacked at
least once over the last few years and from
the perspective of information security the
business environment is getting more hostile.
As the requirement for maximum efficiency,
productivity and communications drives
forward innovation in business computing,
each leap forward opens up new potential
vulnerabilities.
Organised crime,hactivists groups such as
Anonymous and state level actors have been
added to the threat landscape.
Faced by these powerful threats,
information assurance professionals around
the world have responded and,as discussed
in the Spring 2014 edition of ITNOW,have been
largely successful in keeping the situation
manageable.
Banks continue to trade,businesses
By considering information security, practice
incident management and reporting, the game
should generate practical insights into security
vulnerabilities.
PREPARING FOR
THE NEXT ATTACK
Image:JozefDunaj/96083993
John Curry has edited/written over 50
books on various aspects of wargaming.
He is the co-author, with Tim Price
MBE, of Dark Guest Training Games for
Cyber Warfare: Volume 1: Wargaming
Internet Based Attacks.
Author
June 2014 ITNOW 15
INFORMATION SECURITY
14 ITNOW June 2014
uncertainty on objectives’: a definition at
once irrefutable and effectively useless, as
it’s entirely abstract.
Many attempts to create operationally
functional definitions have been
made, ranging from the elementary
‘risk=likelihood x consequence’ to quite
complex combinations of ‘vulnerability’,
‘threat’, ‘opportunity’, ‘impact’ among other
terms, multiplied and summed in various
ways.
However, I question whether many of
these ostensible mathematical relationships
are valid, and whether their parameters are
specified in ways that allow mathematical
operators to be used at all. How do you
multiply (or add) ‘wooden shed’, ‘small boy
with box of matches’, ‘pyromaniac tendency’,
and ‘value of contents’ to arrive at ‘loss of
tools’?
But this is not my only concern. Finding
evidence-based or ‘quantitative’ risk
decision-making rather hard work, risk
practitioners have mostly resorted to
‘qualitative’ methods (a.k.a. guesswork),
resulting in a drastic loss of both accuracy
and repeatability.
Such sloppy thinking encourages
the use of crude risk rankings - ‘high’,
‘medium’, ‘low’ - that make it impossible to
distinguish with confidence anything but
extreme differences in risk. Furthermore,
cross referencing ‘medium impact’ and
‘medium likelihood’ may yield ‘medium
risk’ or ‘high risk’, depending solely on my
personal preconceptions when I designed
the corporate risk matrix.
There’s no demonstrably valid (or even
accepted arbitrary) axiom to guide us, so
someone else in the same organisation
(and even the same role) might create
a risk matrix quite different from mine,
delivering different answers. These failings
combine to cause cultural dynamics
(‘office politics’ and personal attitudes to
taking gambles) to swamp objectivity.
Unwillingness both to bring bad news
and to stick one’s neck out frequently
with confidence.
However, before the fact it’s possible
to use the reverse of fault tree analysis -
consequence analysis - to map the possible
outcomes of coincidences of events. This
is not strictly ‘risk assessment’ unless it’s
possible to assign probability distributions
to the events, but it’s nevertheless a
powerful tool for identifying possible
adverse outcomes that might otherwise
escape identification due to the apparent
insignificance of their causal factors when
considered individually in isolation.
Such outcomes can then be pre-empted
by preventing as many of the causal
factors as practicable from acting.
To make reliable risk judgements we
must: understand the basic principles
of probability, including recognising that
statistics don’t describe individual events
and knowing when probability theory can’t
be usefully applied; completely understand
the process or system risk being assessed;
have no vested interest in the outcome of
the assessment and apply a repeatable
standard process that demonstrably yields
results that consistently accord with reality.
Sometimes likelihood’s contribution
to business exposure must be ignored,
particularly when a potential outcome
could be catastrophic.
www.bcs.org/security
the coincidence of multiple independent
events. Some of these events, individually
or in concert, may trigger dependent
intermediate events, forming chains
of causality. The ultimate result may
sometimes be a single outcome, or
there may be multiple alternative or
simultaneous outcomes. Each event has
a likelihood of occurring at the required
point in the mesh of causality, depending
not only on its intrinsic properties but also
on the properties of any other events that
contribute to it.
Furthermore,some events are binary (they
happen or they don’t) and some have multiple
discrete effects,but the effect of many events
varies over a range,and not necessarily in an
intuitively determinable way.
The probability of each possible
outcome is a function of the aggregate
of probabilities of all the events in all
the contributory chains of causality, so
clearly there is usually a range of possible
outcomes and consequences. Such ranges
of possibility are ‘probability distributions’.
Although they can be highly informative,
they are almost universally ignored in the
sphere of information risk management,
partly because they are hard to define
for some of the events we deal with, but
mainly because most practitioners don’t
even know they exist.
That said, events driven by human
decisions - including most cyber attacks
- tend not to have constant probability
distributions over time. This is why trying
to deduce future exposure from past
information breaches is so uncertain.
Although fault tree analysis is a widely
adopted technique for finding causes after
the fact, because we often don’t know the
probability distributions of the contributory
factors at the time of the incident it’s often
impossible to recreate its causal matrix
leads to most risks being ranked ‘medium’,
so we don’t make much progress in
prioritising our risk treatment, even
supposing our criteria were trustworthy in
the first place.
Considering the large number of entries
in a realistic corporate risk register,
granularity is essential - there’s no real
hope of prioritising the treatment of 649
‘medium risks’. And ultimately, that’s what
corporate risk management is about:
not arriving at absolute values of risk as
an intellectual exercise, but working out
the optimum priorities when allocating a
limited protection budget.
These failings (ill-defined formulae,
low resolution poorly quantified ‘risk
scales’ and uncontrolled or biased
guesswork) contribute significantly to
what are often essentially meaningless
risk decisions. However, their malign
influences are usually dwarfed by an
overriding conceptual error. Corporate risk
assessments commonly assume a single
cause leads to a single outcome with a
single (if vaguely expressed) likelihood and
consequence. Unfortunately, the real world
ain’t quite like that.
This has frequently been ignored,
even in life-critical arenas. For example,
a coincidence of one ‘medium risk’ and
two ‘low risk’ independent events is
unlikely to be considered a high risk, even
supposing we know what low, medium
and high mean in the first place. But
those were the assumed risks of the
three most significant causal factors of
the NASA Challenger accident3 (reduced
rocket segment ‘O’ ring resilience at
low temperatures, distorted re-usable
rocket segments, leaks in segment joint
insulating putty).
Most adverse incidents (and indeed
many business opportunities) result from
doi:10.1093/itnow/bwu043©2014TheBritishComputerSociety
In addition to Donald Rumsfeld’s much quoted ‘known unknowns’ and ‘unknown unknowns’ there’s another class
of misapprehension that he failed to recognise - things you’re convinced of that happen to be wrong (in his case,
WMD).For many of us in corporate information assurance,the real nature of risk is in this category.We all perform
what we believe to be ‘risk assessments’,but Mike Barwise asks,are they really any good?
Fortunately (or for me as a methodologist
- unfortunately), information breaches
are quite rare so the majority of our risk
assessments never get tested. If they did,
I suspect they would exhibit a long-term
success rate approaching 50 per cent.
That makes them about as useful as
tossing a coin - not because we’re stupid,
but because we’re simultaneously largely
uninformed, and widely misinformed by
‘experts’, about the true nature of risk.
So what is risk? Many supposedly
authoritative sources refer to events or
outcomes as risks, whereas risk is actually
an attribute of an event: a measure of its
probable consequence. Nevertheless 95
per cent of risk professionals responding
to a survey in 20011 agreed that ‘a risk’ is
an event.
Having defined risk, let’s consider how
to quantify it. We might hope to be guided
here by standards, but the ISO Guide 732
definition that has influenced almost all
other risk-related standards is ‘effect of
Unwillingness both to bring bad news and to
stick one’s neck out frequently leads to most
risks being ranked ‘medium’.
WHAT
IS
RISK?
Image:IngramPublishing/122399113
1. Hillson, D. What is ‘Risk’? Results from
a Survey Exploring Definitions.
www.risk-doctor.com/pdf-files/
def0202.pdf
2. ISO Risk management - Vocabulary,
2009
3. Report of the Presidential Commission
on the Space Shuttle Challenger
Accident, Chapter IV: The Cause of the
Accident
http://history.nasa.gov/rogersrep/
v1ch4.htm (section 70: Findings)
References
June 2014 ITNOW 17
HEALTH INFORMATICS
16 ITNOW June 2014
During his introductory plenary of the
second day of the conference, Professor
Haslam, Chair of NICE, said: ‘It’s astonishing
that despite the fact that GPs have had
computers for twenty five years, the rest
of the NHS hasn’t yet caught up with them
and, in some cases, are still using
paper-based systems!’
In fact according to Kingsley Manning,
Chair of Health and Social Care Information
Centre (HSCIC), in a recent audit carried
out by his office it was found that 80 per
cent of all records were written by hand
before they were retyped into a PC. Hence,
it’s understandable that the recent Francis
Report1 found that there was not enough
good, reliable information available.
With calls for a more joined-up
approach to sharing data and making
available data more accessible to
interested parties, NHS England rolled
out their ambitious care.data programme
with the intention of collecting together
as much data about NHS patients as
possible to be used in… Well, that’s the
main problem for most the scheme’s
many detractors; there are just too many
unanswered questions at the moment for
the public and many clinicians to be happy
to get behind the programme.
According to Geriant Lewis, Chief Data
Officer from NHS England, ‘Across the
country there’s a lot of data missing. For
example, there’s no information about
in-hospital prescribing, investigations,
obscurities or about care outside of
hospital, and no information about social
care.’
Lewis seems to think we can’t currently
answer questions such as:
•	 How many patients in England
received chemo last year?
•	 What proportion of patients in a
of safeguards in place for dealing with
this sort of data. All identity and access
governance (IAG) will be overseen by the
HSCIC.
Identifiable data is flagged as being ‘red’,
potentially identifiable data as ‘amber’ and
unidentifiable data is coded as ‘green’. The
Consumer Action Group (CAG) will oversee
the movement of red data, the use of
which will be decided by the Data Access
Advisory Group (DAAG).
According to Lewis,patients will be able
to access their own ‘red’ data and some
universities and research establishments will
be able to access ‘amber’ data.In some cases
‘green’ data will be published,at cost price.
Apparently patients can halt the flow
of data at any point, if they object to its
transfer, although how will they know that
a) their data is being used and b) for what
purpose, is harder to say. Will the NHS
phone us up before they plan on doing
anything with our data?
The take home message from these
discussions on the subject of care.data
and with regard to data sharing in general
seemed to be that whatever the NHS does
in this space, it needs to be as transparent
as possible and actually engage more with
both patients and their GPs otherwise there
will continue to be very limited support for
this programme going forward.
Dr Ian Herbert FBCS Health, perhaps
summed it up best when he said that ‘an
extended and ongoing conversation about
the whole data sharing conundrum needs
to be had and in a transparent way.’
www.bcs.org/health
appreciates that data sharing can be a
good thing (and history has shown this
to be the case), but no one agrees on
exactly how it should be done and what the
parameters will be.
According to Tim Carter, the negative
reaction to the care.data programme has
‘led the health service to try to understand
what it is that people really want, take that
on board and then explain how it’s going
to take care of people’s data, all the while
being realistic about the risks.’
It’s a fact that the Francis Report has
driven the NHS to collect more data and
Geriant Lewis briefed the conference
saying: ‘The initial consultation revolved
around what information was currently
held by the health service and how easy
it was to collect it.’ He then went on to say
that ‘the updated consultation themes are
focusing on:
•	 	resourcing;
•	 	timescales;
•	 	the variety in provider capacity;
•	 	data entry and the point of care;
•	 	responsibility for datasets;
•	 	clarity of benefits.
It appears that NHS England is currently
examining the barriers getting to patient data,
its safety, assessing data that’s
easiest to obtain (probably drug charts and
patient movement from ward to ward), and
looking at which data it already has access to.
The key objection to data sharing
appears, understandably, to be data
security. With this fact in mind NHS
England has categorised data into three
types, namely: non-identifiable, potentially
identifiable and identifiable data and
awarded them with a traffic light colour
coding system.
Identifiable data is strictly controlled by
the law and includes information such as
a person’s date of birth or their postcode.
Potentially identifiable data contains
a unique pseudonym for each person
and there are a wide-ranging number
particular hospital, were reviewed by
a consultant, at least once a day?
•	 The average time a GP took to
diagnose bowel problems.
•	 The proportion of patients on a ward
who had a highly abnormal diagnosis.
Hence NHS England thinks the care.data
programme will be able to help address
some of these issues once the NHS has a
more structured data sharing culture.
Dr Peter Flynn, Director of the care.data
programme, stated that the programme’s
initial priorities would include the
expansion of GP and hospital data and to
increase the information storage capacity
at the HSCIC.
However, despite reassurances from
NHS England regarding the care.data
information gathering programme, stating
that ‘the information would only be used
benignly and that all information about
patients would be stored in a secure way’,
the general public and many clinicians
have not bought into the idea, resulting in
the programme being put on hold for six
months while NHS England rethink their
approach and try to bring us all on board
as enthusiastic stakeholders.
According to Tim Carter, Communications
& Awareness Lead, NHS England, the
care.data programme ‘has been put on
hold for six months in order for a more
comprehensive consultation to occur with
all the various stakeholders.
‘The care.data leaflet drop was seen
by some as a failure and the NHS was
accused of just talking a bit louder rather
than actually engaging with people.
In fact the noise became so loud that
stakeholders were soon asking: “what is
the NHS really doing?” This then led to
various newspapers creating a furore over
“what the NHS is doing with our data.”’
It became quickly apparent at the
various plenaries and discussion groups
that the next six months can’t just be about
awareness-raising for the programme,
it has to be more substantial. Everyone
doi:10.1093/itnow/bwu052©2014TheBritishComputerSociety
With a medically-orientated menagerie of clinicians, health informaticians and software suppliers meeting
at HC2014, it wasn’t long before BCS Health Editor, Justin Richards MBCS, realised what was foremost on
almost everyone’s mind, namely care.data.
SHARE
Image:dolgachov/457775797
1 http://www.health.org.uk/areas-of-
work/francis-inquiry/about-the-francis-
inquiry/
www.england.nhs.uk/caredata
England.cdo@nhs.net
Reference and useful info
OR NOT TO
TO
June 2014 ITNOW 19
COMPUTER ARTS
18 ITNOW June 2014
I had the great pleasure recently to spend
the afternoon with this month’s artist
Barbara Nessim, a pioneer in digital art
and illustration; it was fascinating to hear
first-hand about her career spanning six
decades.
She was one of the first prominent (non-
fashion) female illustrators working in the
industry and has also seen major changes
in computer graphics. Now a significant
body of her work has been donated to the
Victoria & Albert Museum, where it was
exhibited in 2013 accompanied by the
(highly recommended) monograph Barbara
Nessim: An Artful Life.
In the 1950s it was rare for women
(especially single women) to have a career
in the arts, outside perhaps of teaching,
the norm being to marry. However for
Barbara work and the ability to support
herself financially was important, believing
that she wouldn’t be able to find her true
self if she married.
Commercial illustration allowed her to
continue her painting and fine art. She tells
me, ‘I don’t understand the snobbishness
associated with illustration.’ In fact she
only knows of one other woman, Lorraine
Fox, in the 1950s, but by the 1960s the
field had opened up to women somewhat
more.
A life-long New Yorker, Barbara’s work
often reflects the energy of that city
and the goings-on of its hip inhabitants
including her fellow artists, among them
Zandra Rhodes and Richard Avedon, who
she has collaborated with.
Her work has a focus on women and
gender roles; she’s interested in exploring
the relationships between women, men
and women and women and the world
including social norms and ‘rules’ for
women - how you are supposed to act, to
look, and so on.
From the 1970s she was producing
strong graphics and illustration for famous
magazines such as Time, Vogue, Rolling
Stone (including a famous John Lennon
remembered cover in 1988), Harpers, New
York Times and many others.
From the first, sketchbooks became
an essential part of her practice. These
she carries wherever she goes and are
the well-spring of her creative energy
- she tells me, ‘it all starts here.’ As she
explained these are unlike commercial
jobs that come with specific constraints:
- the brief, the art director, his boss, the
story, ultimately the public, all of these
have to work together and as Barbara
points out, ‘you do have to please yourself
within that framework too.’
The production of sketchbooks allowed
her to ‘still keep my own self and produce
work for other people.’
The drawings, paintings and collages
within these sketchbooks are diverse
in style and subject matter but are
characterised by a graceful, flowing line.
Looking through these beautiful books
it is clear what an inspiration they must
be, reflecting aspects of daily life in NYC
or concerns at a particular time or an
image that catches her eye. (A selection is
reproduced in An Artful Life and they are
also available to print on demand.)
Of her unique style she says, ‘I didn’t
look for a style, it just found me.’ She is
keen to point out however that her vibrant,
colourful and life-affirming women are not
psychedelic, as is sometimes described in
the press.
Her reputation as an artist was such
that in 1980 MIT called with an offer to
come and work on its computers. Although
at that time she was unable to take the
necessary time off teaching and other
commitments, the possibility of making art
on the computer intrigued her and she set
out to find a computer at home in NYC.
Barbara recalls, ‘At that moment, I knew
that computers were a radically important
shift from the norm, which would be
life-altering and completely change the
way we were all working and doing things.
Instinctively people don’t like change. It took
didn’t know how to use a
computer, or didn’t want to
accept them, you were out
of a job.’
Throughout this early
period she had to invent
ways of exhibiting and
displaying this new type
of art, as there wasn’t a
norm already in place to
follow. The longevity of
the work and its durability
and permanence for the
future has always been an
important concern.
To this end the artist
developed her own
methods to ensure the
archival qualities of her
work. This involved the
use of gatorfoam board
(for its strength) and then
wrapping the board in
rice paper before hanging
with attached magnetic
strips. She would also
Xerox images before hand-
colouring them with pastel,
as, again, she knew this
method would last.
Our image this month
shows the artist in front of
her work ‘A Current Past’ at
the Condé Nast building in
NYC, 2010 where she held
a three month show. This
very large work - 28x12
feet - occupies the 3rd and 4th floors on
the Eventi Hotel in NYC (30th St and 6th
Ave.). It is the centrepiece of the complete
13 artwork commission called ‘Chronicles
of Beauty’, all of which are digitally printed
on brushed aluminium and demonstrate
Barbara’s digital collage technique of using
found images with hand drawn elements to
explore historic and contemporary notions
of femininity.
more than 20 long years for it to mature
and for people not to consider it a fad.’
Eventually she was able to access
systems at Time Life, becoming artist
in residence at the newly formed Time
Video Information Services in 1982. Here
she used a Norpak IPS-2 (a Canadian
invention) used by Time for games and
television graphics. Barbara recalled that
the console looked like a big desk and
describes working on it as ‘a challenge’;
she had only six primitive shapes: an arc,
circle, dot, rectangle, polygon and a line
that could be defined and used to draw.
Further, the system did not allow
mistakes to be erased, you had to start all
over again.
Output consisted of a Polaroid or
a 35mm slide. As is typical of many
pioneering artists using state of the art
computing at this time, Barbara was
allowed access to the machines after
hours so she worked from 5pm to 9pm.
In fact her love of the arc command
earned her the nickname ‘arc-angel’ in
the office. She worked at Time for about a
year or so before the office was shut-down
and was the only artist to use this system
there to create a body of work. (See a 1984
video made the last night of her residency
documenting her work)
Her very first computer works appeared
in a four-page spread in the German
publication Frankfurter Allgemeine Magazin
(1984). Another early work, a portrait of
the head of the statue of liberty - Ode to
the Statue of Liberty, (1986) is now in the
collection of the V&A.
In 1991 she was hired as the Chair in
the Illustration Department at Parsons
the New School for Design and during
her 12 years there was responsible for
bringing computers into the studios and
overhauling the curriculum, with the
result that her popular course became the
genesis of the Digital Design Department.
As Barbara says ‘the digital shift had
happened.’ By the mid-1990s, ‘If you
doi:10.1093/itnow/bwu057©2014TheBritishComputerSociety
Catherine Mason MBCS is the author of
A Computer in the Art Room: the origins
of British computer arts 1950-80.
For more information on the computer
arts please see the Computer Arts
Specialist Group website:
www.computer-arts-society.com
More on this month’s artist:
www.barbaranessim.com
Credit: Barbara Nessim, ‘A Current Past’,
from the ‘Chronicles of Beauty’ series,
digital painting on brushed
aluminium, installed EVENTI hotel NYC,
28 x 12 ft, 2010.
Copyright the artist, reproduced with
permission.
LIFE
AN
ARTFUL
ITNOW June 201420
LEFT OF THE INSIDE BACK COVER
doi:10.1093/itnow/bwu061©2014TheBritishComputerSociety
DAYS PAST
1984
Because the last couple of columns here
at the left of the inside back cover have
looked with a sardonic eye at some of the
sexism in 50-year-old Computer Bulletins
I thought we would go back just the 30
years this time...what will I find? asks Brian
Runciman MBCS.
Let’s skate over the proliferation of
Norman Tebbit mentions - he was guest
of honour at the 1984 AGM and the annual
dinner and go straight for an interesting
little piece of computing history.
RS-232 interface lead
The issue has an obituary for Dennis Victor
Blake, drawing particular attention to his
work in networking. He came up, with
colleague Derek Barber, with an
interface that the magazine calls
‘analagous to a three-pin plug.’ This led on
to being involved in the British Standard
Interface BS4421, with these principles
later appearing in the still-in-use RS-232,
which was version 24 of BS4421.
That’s a pretty big contribution. As
the article reports: ‘The real impact of
the pioneering work of Dennis is that we
expect “alien” devices to communicate
and to have a general purpose interface or
connection.’
An expectation that we still very much
have of course.
And this wouldn’t be complete without
a mention of the classic Spitting Image
sketch from around the same time:
www.youtube.com/watch?v=CDlj0jBtYmQ
It depicts a paean to the RS-232 lead
with ‘songs’ from the likes of Status Quo,
David Bowie and Dolly Parton. Also the ‘fat
lady’ sings in a spoof Tosca opera that the
eponymous lead ‘hasn’t solved my local
networking problems, so I’m going to kill
myself.’
The arts in the late 20th century
Here’s something editorially interesting:
even in 1984 we had a computer arts
column.
Our current computer arts pieces, which
appear monthly on the website, with an
occasional piece in ITNOW, are very popular.
We have even got some well-known names
to contribute: David Hockney
www.bcs.org/content/conWebDoc/43630
and Grayson Perry
www.bcs.org/content/conWebDoc/42643
In 1984 this was not such a high profile
area, but we still had a two-page spread
from John Lansdown: Portrait of the artist
as a bug.
This article explored the concept of art
arising from errors. John shows a shell-like
spiral which, when requiring a perspective
view grew legs to become, in a John’s
words, ‘a self-portrait of a (computer) bug,
if ever I saw one.’
He goes on to talk about a 1981
Reproduced from the excellent xkcd.com
Preliminary Report on the Japanese
Fifth-Generation Project. He was
impressed not just by the technical
matters being discussed but by the
‘social requirements expected of
computers in the 1990s.’
They included increasing productivity
in various fields with the goal of
reducing social imbalances; energy
saving schemes to use the world’s
finite resources more effectively;
developing streamlined medical and
other related systems to help address
the aging population issue; and working
toward international cooperation by
exploiting Japan’s highly educated
workforce.
Interesting goals for the 1990s, some
of which may need a bit more work
even in 2014...
What of the sexism in 1984?
Well I suppose I must admit to a tiny
twinge of disappointment. No dreadfully
portrayed female secretaries or
tactless gender implications anywhere
that I could see.
The only thing may be a design issue.
ITNOW sometimes gets criticism for its
pictures - particularly when they are
big - But March 1984 Computer Bulletin
just went with a lot of small pictures of
chaps (all chaps) with unkempt facial
hair...no stereotypes there!
Find out more at: www.engc.org.uk/ieng
Engineer
AM AN
Incorporated Engineer (IEng) professional
registration not only recognises your
proven commitment, skills and experience,
but also identifies to employers that you have
the competences, expertise and work ethics
that they value.
Do you have the talent to apply
technology in a practical and
creative way? Do you see yourself working in
an engineering role where on a daily basis it is
your skills and know-how that ensure success?
If the answer to both is yes, then why not get
your professionalism recognised by gaining
the letters IEng after your name?
Nothing says professional
like letters after your name
Why wait when you could
be one step closer to
becoming IEng TODAY?
Becoming registered as IEng:
■ Demonstrates that you
are a professional
■ Can improve your career
prospects and earning potential
■ Provides high status
and self esteem
■ Gives you an internationally
recognised qualification
Find out more at: www.bcs.org/ieng or call +44 (0) 1793 417 424
Further your career with BCS business
analysis certification
Wherever you are in your BA journey, we’ll help
you develop your capabilities and confirm your
position as a vital catalyst for business change.
bcs.org/businessanalysis
BC809/LD/AD/0514
© BCS, The Chartered Institute for IT, is the business name of The British Computer Society
(Registered charity no. 292786) 2014
Lastingchange.
Startingnow.

More Related Content

What's hot

Society 5.0 Redefined
Society 5.0 RedefinedSociety 5.0 Redefined
Society 5.0 Redefined
University of Hertfordshire
 
Dynamic clouds and networks without infrastructure
Dynamic clouds and networks without infrastructureDynamic clouds and networks without infrastructure
Dynamic clouds and networks without infrastructure
University of Hertfordshire
 
Social Media in the Workplace
Social Media in the WorkplaceSocial Media in the Workplace
Social Media in the Workplace
Michael Specht
 
use of social media sites in work place
use of social media sites in work placeuse of social media sites in work place
use of social media sites in work place
Simran Agrawal
 
Patient Heal Thyself
Patient Heal ThyselfPatient Heal Thyself
Patient Heal Thyself
University of Hertfordshire
 
ebusiness Strategy in Entrepreneurship 2: Pedro Eloy at SMECC - 20130903
ebusiness Strategy in Entrepreneurship 2: Pedro Eloy at SMECC - 20130903ebusiness Strategy in Entrepreneurship 2: Pedro Eloy at SMECC - 20130903
ebusiness Strategy in Entrepreneurship 2: Pedro Eloy at SMECC - 20130903
smecchk
 

What's hot (20)

Society 5.0 Redefined
Society 5.0 RedefinedSociety 5.0 Redefined
Society 5.0 Redefined
 
The future of work oct 2018
The future of work oct 2018The future of work oct 2018
The future of work oct 2018
 
Dynamic clouds and networks without infrastructure
Dynamic clouds and networks without infrastructureDynamic clouds and networks without infrastructure
Dynamic clouds and networks without infrastructure
 
H.R Congress Apr '08 in Warsaw
H.R Congress Apr '08 in Warsaw H.R Congress Apr '08 in Warsaw
H.R Congress Apr '08 in Warsaw
 
Social Media in the Workplace
Social Media in the WorkplaceSocial Media in the Workplace
Social Media in the Workplace
 
WARNING: Social Media Is In Your Workplace
WARNING: Social Media Is In Your WorkplaceWARNING: Social Media Is In Your Workplace
WARNING: Social Media Is In Your Workplace
 
Developing a social media communications strategy - Melcrum Social Media Conf...
Developing a social media communications strategy - Melcrum Social Media Conf...Developing a social media communications strategy - Melcrum Social Media Conf...
Developing a social media communications strategy - Melcrum Social Media Conf...
 
Telecom service futures driven by customer need
Telecom service futures driven by customer needTelecom service futures driven by customer need
Telecom service futures driven by customer need
 
10 Characteristics of a great primary connector
10 Characteristics of a great primary connector10 Characteristics of a great primary connector
10 Characteristics of a great primary connector
 
Ignited #SalfrodBSchool magazin: The Future
Ignited #SalfrodBSchool magazin: The FutureIgnited #SalfrodBSchool magazin: The Future
Ignited #SalfrodBSchool magazin: The Future
 
A guide to staying competitive in the workforce
A guide to staying competitive in the workforceA guide to staying competitive in the workforce
A guide to staying competitive in the workforce
 
use of social media sites in work place
use of social media sites in work placeuse of social media sites in work place
use of social media sites in work place
 
Patient Heal Thyself
Patient Heal ThyselfPatient Heal Thyself
Patient Heal Thyself
 
The Digital Campus - The Online Future of International Higher Education
The Digital Campus - The Online Future of International Higher EducationThe Digital Campus - The Online Future of International Higher Education
The Digital Campus - The Online Future of International Higher Education
 
Continuous Improvement thruogh Knowledge Management, Social Learning and Coll...
Continuous Improvement thruogh Knowledge Management, Social Learning and Coll...Continuous Improvement thruogh Knowledge Management, Social Learning and Coll...
Continuous Improvement thruogh Knowledge Management, Social Learning and Coll...
 
Creative entrepreneur 2015 - MediaCityUK
Creative entrepreneur 2015 - MediaCityUK Creative entrepreneur 2015 - MediaCityUK
Creative entrepreneur 2015 - MediaCityUK
 
Digital Workplace Trends 2012
Digital Workplace Trends 2012Digital Workplace Trends 2012
Digital Workplace Trends 2012
 
Traingmag 2012/9-10 CLOUD CONTROL
Traingmag 2012/9-10 CLOUD CONTROLTraingmag 2012/9-10 CLOUD CONTROL
Traingmag 2012/9-10 CLOUD CONTROL
 
ebusiness Strategy in Entrepreneurship 2: Pedro Eloy at SMECC - 20130903
ebusiness Strategy in Entrepreneurship 2: Pedro Eloy at SMECC - 20130903ebusiness Strategy in Entrepreneurship 2: Pedro Eloy at SMECC - 20130903
ebusiness Strategy in Entrepreneurship 2: Pedro Eloy at SMECC - 20130903
 
The Second Machine Age: An Industrial Revolution Powered by Digital Technologies
The Second Machine Age: An Industrial Revolution Powered by Digital TechnologiesThe Second Machine Age: An Industrial Revolution Powered by Digital Technologies
The Second Machine Age: An Industrial Revolution Powered by Digital Technologies
 

Similar to ITNOW magazine: June 2014 (sample)

40736A DigitalDNA online FINAL
40736A DigitalDNA online FINAL40736A DigitalDNA online FINAL
40736A DigitalDNA online FINAL
Will Gosling
 
Benefitsofentsocialforit 140911152413-phpapp02
Benefitsofentsocialforit 140911152413-phpapp02Benefitsofentsocialforit 140911152413-phpapp02
Benefitsofentsocialforit 140911152413-phpapp02
Vini Dilavari
 
COI, Nick Jones
COI, Nick JonesCOI, Nick Jones
COI, Nick Jones
Paul Edge
 
EY-Open-Innovation-Accelerators-Harnessing-the-value-created-through-collabor...
EY-Open-Innovation-Accelerators-Harnessing-the-value-created-through-collabor...EY-Open-Innovation-Accelerators-Harnessing-the-value-created-through-collabor...
EY-Open-Innovation-Accelerators-Harnessing-the-value-created-through-collabor...
Nathalie Goldstein
 
Work and Enterprise - A New Future
Work and Enterprise - A New FutureWork and Enterprise - A New Future
Work and Enterprise - A New Future
Paul Taylor
 
Social Media & Workforce Development
Social Media & Workforce DevelopmentSocial Media & Workforce Development
Social Media & Workforce Development
Kristin Wolff
 
Social Media For The Public Sector - Social Media intro
Social Media For The Public Sector - Social Media introSocial Media For The Public Sector - Social Media intro
Social Media For The Public Sector - Social Media intro
PCM creative
 

Similar to ITNOW magazine: June 2014 (sample) (20)

Technological Innovation and media management
Technological Innovation and media managementTechnological Innovation and media management
Technological Innovation and media management
 
Presentation 6
Presentation 6Presentation 6
Presentation 6
 
The Impact of Digital on global teams' interactions
The Impact of Digital on global teams' interactionsThe Impact of Digital on global teams' interactions
The Impact of Digital on global teams' interactions
 
Why today’s businesses need enterprise social
Why today’s businesses need enterprise socialWhy today’s businesses need enterprise social
Why today’s businesses need enterprise social
 
Grib mulighederne med seneste IT trends- få Microsoft overblikket og nyhederne
Grib mulighederne med seneste IT trends- få Microsoft overblikket og nyhederneGrib mulighederne med seneste IT trends- få Microsoft overblikket og nyhederne
Grib mulighederne med seneste IT trends- få Microsoft overblikket og nyhederne
 
40736A DigitalDNA online FINAL
40736A DigitalDNA online FINAL40736A DigitalDNA online FINAL
40736A DigitalDNA online FINAL
 
Embracing ICT
Embracing ICTEmbracing ICT
Embracing ICT
 
Digital Economy
Digital EconomyDigital Economy
Digital Economy
 
Benefitsofentsocialforit 140911152413-phpapp02
Benefitsofentsocialforit 140911152413-phpapp02Benefitsofentsocialforit 140911152413-phpapp02
Benefitsofentsocialforit 140911152413-phpapp02
 
BT On The Productivity Puzzle in Collaboration
BT On The Productivity Puzzle in CollaborationBT On The Productivity Puzzle in Collaboration
BT On The Productivity Puzzle in Collaboration
 
3a2 Digital Visions 2018 - public WiFi
3a2 Digital Visions 2018 - public WiFi3a2 Digital Visions 2018 - public WiFi
3a2 Digital Visions 2018 - public WiFi
 
The Benefits of Enterprise Social for IT Professionals
The Benefits of Enterprise Social for IT ProfessionalsThe Benefits of Enterprise Social for IT Professionals
The Benefits of Enterprise Social for IT Professionals
 
Navigating Continual Disruption . richard Adler
Navigating Continual Disruption . richard AdlerNavigating Continual Disruption . richard Adler
Navigating Continual Disruption . richard Adler
 
Wefusa digital mediaandsociety_report2016
Wefusa digital mediaandsociety_report2016Wefusa digital mediaandsociety_report2016
Wefusa digital mediaandsociety_report2016
 
COI, Nick Jones
COI, Nick JonesCOI, Nick Jones
COI, Nick Jones
 
Clouds, Crowds And Customers
Clouds, Crowds And CustomersClouds, Crowds And Customers
Clouds, Crowds And Customers
 
EY-Open-Innovation-Accelerators-Harnessing-the-value-created-through-collabor...
EY-Open-Innovation-Accelerators-Harnessing-the-value-created-through-collabor...EY-Open-Innovation-Accelerators-Harnessing-the-value-created-through-collabor...
EY-Open-Innovation-Accelerators-Harnessing-the-value-created-through-collabor...
 
Work and Enterprise - A New Future
Work and Enterprise - A New FutureWork and Enterprise - A New Future
Work and Enterprise - A New Future
 
Social Media & Workforce Development
Social Media & Workforce DevelopmentSocial Media & Workforce Development
Social Media & Workforce Development
 
Social Media For The Public Sector - Social Media intro
Social Media For The Public Sector - Social Media introSocial Media For The Public Sector - Social Media intro
Social Media For The Public Sector - Social Media intro
 

More from BCS-IT

Organizational efficiencies
Organizational efficienciesOrganizational efficiencies
Organizational efficiencies
BCS-IT
 

More from BCS-IT (18)

Careers in software testing
Careers in software testingCareers in software testing
Careers in software testing
 
Digital skills from BCS
Digital skills from BCSDigital skills from BCS
Digital skills from BCS
 
How to increase the business value of your IT team
How to increase the business value of your IT teamHow to increase the business value of your IT team
How to increase the business value of your IT team
 
IT Talent Management
IT Talent ManagementIT Talent Management
IT Talent Management
 
Map your IT career
Map your IT careerMap your IT career
Map your IT career
 
Improve your skills with professional certification
Improve your skills with professional certificationImprove your skills with professional certification
Improve your skills with professional certification
 
International skills and competency framework
International skills and competency frameworkInternational skills and competency framework
International skills and competency framework
 
Organizational efficiencies
Organizational efficienciesOrganizational efficiencies
Organizational efficiencies
 
IT user qualifications (for colleges and trainig centres)
IT user qualifications (for colleges and trainig centres)IT user qualifications (for colleges and trainig centres)
IT user qualifications (for colleges and trainig centres)
 
BYOD
BYODBYOD
BYOD
 
IT Service Management information pack
IT Service Management information packIT Service Management information pack
IT Service Management information pack
 
Identify and plug the security skills gap
Identify and plug the security skills gapIdentify and plug the security skills gap
Identify and plug the security skills gap
 
Business Analysis
Business AnalysisBusiness Analysis
Business Analysis
 
A countdown to professional success
A countdown to professional successA countdown to professional success
A countdown to professional success
 
Big data
Big data Big data
Big data
 
Personal Development Plan
Personal Development PlanPersonal Development Plan
Personal Development Plan
 
Vocational Qualifications for Digital Skills
Vocational Qualifications for Digital SkillsVocational Qualifications for Digital Skills
Vocational Qualifications for Digital Skills
 
BYOD
BYODBYOD
BYOD
 

Recently uploaded

Recently uploaded (8)

TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdfTEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
TEST BANK for Operations Management, 14th Edition by William J. Stevenson,.pdf
 
Travis Hills of Minnesota Leads Livestock Water and Energy in Sustainable Inn...
Travis Hills of Minnesota Leads Livestock Water and Energy in Sustainable Inn...Travis Hills of Minnesota Leads Livestock Water and Energy in Sustainable Inn...
Travis Hills of Minnesota Leads Livestock Water and Energy in Sustainable Inn...
 
Mastering Agility_ Unveiling the Power of Agile Project Management.pdf
Mastering Agility_ Unveiling the Power of Agile Project Management.pdfMastering Agility_ Unveiling the Power of Agile Project Management.pdf
Mastering Agility_ Unveiling the Power of Agile Project Management.pdf
 
Leading People - Harvard Manage Mentor Certificate
Leading People - Harvard Manage Mentor CertificateLeading People - Harvard Manage Mentor Certificate
Leading People - Harvard Manage Mentor Certificate
 
Team Dynamics: A Journey to Excellence
Team Dynamics: A Journey to ExcellenceTeam Dynamics: A Journey to Excellence
Team Dynamics: A Journey to Excellence
 
Management 13th Edition by Richard L. Daft test bank.docx
Management 13th Edition by Richard L. Daft test bank.docxManagement 13th Edition by Richard L. Daft test bank.docx
Management 13th Edition by Richard L. Daft test bank.docx
 
UX in an Agile World - Scrum Gathering
UX in an Agile World -   Scrum GatheringUX in an Agile World -   Scrum Gathering
UX in an Agile World - Scrum Gathering
 
Presentation On "Yusuf Ibn Tashfin" a true leader (1061 to 1106)_ prepared by...
Presentation On "Yusuf Ibn Tashfin" a true leader (1061 to 1106)_ prepared by...Presentation On "Yusuf Ibn Tashfin" a true leader (1061 to 1106)_ prepared by...
Presentation On "Yusuf Ibn Tashfin" a true leader (1061 to 1106)_ prepared by...
 

ITNOW magazine: June 2014 (sample)

  • 1. SPRING2014 bcs.org/itnow SUMMER2014 T H E M A G A Z I N E F O R T H E I T P R O F E S S I O N A L
  • 2. PROJECT MANAGEMENT 04 TWEETING PROJECT MANAGERS 06 PROJECTS AREN’T FLAT 08 THREE STEPS TO SUCCESS HEALTH 16 TO SHARE OR NOT TO SHARE SECURITY 12 PREPARING FOR ATTACK 14 WHAT IS RISK? ...THE REST 10 THE ROLE OF THE CIO 18 COMPUTER ARTS 20 THE LAST PAGE EDITORIAL TEAM Henry Tucker Editor-in-Chief Justin Richards Multimedia Editor Grant Powell Assistant Editor Brian Runciman Publisher PRODUCTION Florence Leroy Production Manager Advertising Jack St Valery E jackstvalery@agencypublicom.com T +44 (0) 20 7978 2544 Keep in touch Contributions are welcome for consideration. Please email: henry.tucker@hq.bcs.org.uk ITNOW is the membership magazine of BCS, The Chartered Institute for IT. It is sent to a wide variety of IT professionals, from systems developers to directors, consultants to training and education specialists. A subscription to ITNOW comprises four issues. All prices include postage. For subscribers outside the UK, delivery is by Standard Air. Annual subscription rates Institutional: print edition and site-wide online access: £250/US$473/€373; print edition only: £230/US$436/€344; site-wide online access only: £200/ US$303/€239. Personal: print edition and individual online access: £184/US$348/€275. ITNOW, ISSN 1746-5702, is published quarterly (March, June, September, December) by BCS, The Chartered Institute for IT, North Star House, Swindon, UK. The US annual subscription price is $299. Airfreight and mailing in the USA by agent named Air Business Ltd, c/o Worldnet Shipping Inc., 156-15, 146th Avenue, 2nd Floor, Jamaica, NY 11434, USA. Periodicals postage paid at Jamaica NY 11431. US Postmaster: Send address changes to ITNOW, Air Business Ltd, c/o Worldnet Shipping Inc., 156-15, 146th Avenue, 2nd Floor, Jamaica, NY 11434, USA Subscription records are maintained at BCS, The Chartered Institute for IT, North Star House, North Star Avenue, Swindon, SN2 1FA UK. For payment details and terms and conditions, please see: www.oxfordjournals.org/our_journals/ combul/access_purchases /price_list.htm The current year and two previous years’ issues are available from Oxford University Press. Previous volumes can be obtained from the Periodicals Service Company, 11 Main Street, Germantown, NY 12526, USA. E psc@periodicals.com T +1 518 537 4700, F +1 518 537 5899 For further information, please contact: Journals Customer Service Department, Oxford University Press, Great Clarendon Street, Oxford OX2 6DP, UK. E jnls.cust.serv@oup.com T (and answerphone) +44 (0)1865 353 907 F +44 (0)1865 353 485 The opinions expressed herein are not necessarily those of BCS or the organisations employing the authors. © 2014 The British Computer Society. Registered Charity No 292786. Copying: Permission to copy for educational purposes only without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage; BCS copyright notice and the title of the publication and its date appear; and notice is given that copying is by permission of BCS. To copy otherwise, or to republish, requires specific permission from the publications manager at the address below and may require a fee. Printed by RotolitoLombarda, S.p.A Italy. ISSN 1746-5702. Volume 56, Part 2. BCS The Chartered Institute for IT First Floor, Block D, North Star House, North Star Avenue, Swindon, SN2 1FA, UK. T +44 (0)1793 417 424 F +44 (0)1793 417 444 www.bcs.org/contact Incorporated by Royal Charter 1984. Liz Bacon BCS President David Clarke CEO Feedback email: editorialteam@hq.bcs.org Image:iStockphoto/173390168 PROJECT MANAGEMENT
  • 3. June 2014 ITNOW 0504 ITNOW June 2014 Not everyone wants to be social You can have the best tools in the world, but getting your team to start working in a different way can be a huge barrier to overcome. Commonly it is a generational issue. People born since 1985 are what I term born digital. That is to say they do not know a time before the internet. Their communication style is more open, shorter form, multi- device. They are used to information coming from different directions and much more accepting of the notion of being always on. For many of us (that’s me too) who are pushing 40, 50 or older this just isn’t the norm. Not everyone wants to publicly share their views or respond to an instant message at 10pm. The most surprising issue I get given in boardrooms and when training senior managers is a concern for saying the wrong thing and looking bad. Ironically it is the people with the most experience and most knowledge that fear this the most. Notice, however, (as I point out when faced with this concern) that the people who you think look bad are the people that we are talking about now. If it was you that was confidently and publicly sharing your experience then it would be you who would be getting the plaudits and increasing your reputation. Get people to push past their concerns by focusing on their skills and the value they can add to others by sharing them. Characteristics of a social business Having chosen your tools and instructed your team all that is left is to work on the culture of the business to ensure adoption of social technologies and social project management success. In my personal experience it is hard to enforce new working practices and get people to stay on board after the initial fanfare and training. What often works well is using a smaller group to champion the process and become a case study that will inspire the rest of your project teams. It may also pay dividends to consider the more commonly associated social media channels of Twitter, LinkedIn, Facebook, Google Plus and YouTube as a way to show the increasingly social nature of your business. Encourage and invite people into the program in a way that suits them; this might be leaving areas of your social project management tool open for more general topics so that people can arrange drinks after work or borrow a power tool off a colleague. Anything to get them in the habit of using it. McKinsey’s Social Economy report of 2012 noted common characteristics of successful networked organisations, i.e. they’ve gone social, as: • persistent approach to trying new things, learning and adapting; • role modelling and vocal support of leaders as a catalyst; • social technologies are embedded in to their day-to-day work; • high degree of trust and willingness to collaborate between colleagues. Time to go social You don’t really have a choice about adopting social project management practices. Your people or future employees, your custom- ers or simply your competitors are going to force your hand. It is such an exciting time for anyone in business. Our lives are being made easier and success put within closer reach. For anyone who enjoys their work it should be a boom time filled with opportunities. www.bcs.org From crowd sourcing business finance to collaborative mapping and traffic reports, from renting out your spare room by the night to controlling your central heating by mobile, everything is becoming intercon- nected. Rolls-Royce, the engine manufacturer, has fitted around 100 sensors to its aircraft engines and they report live information back to a 24 hour team of 30 engineers who pour over the data and make decisions that impact the aircraft at 500 airline companies around the globe. It is the combination of these applications, people and data that are making decisions that impact the world we live in. Many people (still) see social media as inane chat about who had what for lunch. The reality, however, is that social technologies are allowing people to collaborate, absorb information and make better decisions faster. For the most part the technology is an enabler for people to be social and it is simply human nature that we use this to make better things. For businesses that embrace this transformation it can be startling. For those that do not the impact may be much more negative. Project management has to change Traditionally, a project manager was the lynch pin of any project. The hub of all the information and the leader who ensured everyone was doing their job on time. No matter how effective the project manager or the systems are though this very linear approach can lead to bottlenecks and breakdowns. In the age of web 2.0, and the rise of social technology, such problems are being resolved by solutions that bring collaboration and agility. Core to this also is the open use of and access to data. Regardless of the size of team traditional project management would also have likely happened mostly via email and face- to-face meetings. Thus creating silos of information that are hard to review, analyse or share. This is inefficient. Social PM improves effectiveness Social project management by virtue of interconnected systems makes collaboration core to the project team. It creates efficiencies and delivers better end results because of accountability and the collective intelligence of the group. Rarely does a new system bring cost savings and increased productivity, but using social technologies and working socially could, as suggested by McKinsey Global Institutes’ 2012 Unlocking the Social Economy report, increase productivity by up to 25 per cent and unlock up to $1.3 trillion of annual value in the world economy. Naturally two objectives many finance directors are keen to hear about. Your customers will also be very grateful and increasingly loyal as they benefit from the improved communication and access to information. In a commoditised world your collaborative culture and strong client relationships can become a differentiator, which is almost impossible to recreate. How to make a project social Deciding to make your project and project management more social is not difficult. There really are a great many tools that have been launched that can be used with minimal cost or training. Podio, Trello, Basecamp (all .com) and now even SharePoint are social at their heart. Google Apps including Google Plus (which is a social network) is, because of its tool set, an excellent option also. A social project will be open in its nature, with people being able to see what each other is responsible for and the status of that work. The common features to ensure you have are: • project management and permission setting by leader; • team member pages and profiles; • shared schedule and work flow; • collaborative work spaces; • document repository; • search engine functionality; • remote, multi-device access; • message alerts via email and live chat; • open conversation with tagging, commenting and sharing. Video conferencing and group communication are also commonplace, meaning that as well as being able to collaborate on documents, team meetings can happen easily and regularly. Carry out a review of your systems and choose your tools based on how simple it will be for your company to adopt this new way of working. Simply creating shared workspaces and making everybody accountable to each other through an open community is a great stepping stone to embracing social project management. The technology world has changed massively in recent years, but how much has project management changed and how have project managers changed the way they work? Jonnie Jensen, social business strat- egist and founder of Live And Social, looks at what it is going to take for more project managers to confident- ly go social. PROJECT MANAGEMENT TWEET? doi:10.1093/itnow/bwu033©2014TheBritishComputerSociety HOW MANY PROJECT MANAGERS DOES IT TAKE TO SEND A Image:ER_Creative/185010011
  • 4. PROJECT MANAGEMENT 06 ITNOW June 2014 1. A grown-up conversation about our ability to estimate business leadership; 2. A value-based approach to design, planning and execution; 3. A grown-up conversation about our ability to estimate. As Alcoholics Anonymous knows, the first step in finding a solution is to accept that there is a problem. The truth is that it just isn’t possible to accurately estimate the cost of an IT-based project. Actually, it is extremely difficult to estimate the cost and duration of any activity that we have not done before. Let’s say you decide to walk from London to Paris. How long will it take? We have clear picture of the destination and the speed at which we might go, but it’s still tricky. Let’s try something trickier. Say, Paris to Rome? And let’s say you are in a group of seven. Two couples of different ages and three children ranging in age from 12 to 17. It’s complicated, right? You can still find out the distance, but the route takes you over the Alps. Different members of the group will go at different speeds and the amount they can walk in a day will vary. On top of that, the two families have to cooperate on the overall journey. Now think about a project involving IT. It’s much more complicated than a walk from Paris to Rome. There is no map of the journey. Calculating the distance to the destination isn’t easy. In fact, it is often pretty difficult to describe the destination at all. And what about speed? You have a bunch of people, of varying abilities and experience, who have come together to do this project - how fast can they go? The only way that we can estimate any task reliably is to do it over and over again.But we don’t do the same project over and over. Projects might share similar characteristics but each is a different journey,usually with different group of people. This is why the ‘on time and on budget’ mantra is a nonsense. We cannot estimate reliably, so we cannot come in on time and on budget, unless our guess is generously padded with contingency. But even with contingency added, Standish tell us that only 32 per cent of projects come in on time and budget. One of the reasons for this is that we all suffer from what psychologists call Optimism Bias. We all believe that we are better than average drivers. We all believe we are better than average parents. We all believe that we are better than others at anything we regard as important. That includes our own project. We are smarter and better than others, so will not make the same foolish mistakes. And nor will we be over- optimistic, as the others were. Business leadership Researching the talks that I referred to earlier, I pulled together all of the publicly in front of a snow covered building site. The project has cost much more and taken much longer than anyone expected. They have run out of money and Christmas will be in a caravan, at the side of the site. Alternatively, they could take a value- based approach. To do so, they would have collaborated with their builder to identify chunks of value. For example, having identified a functioning toilet as having particularly high value, they could then have asked for it to be delivered first. Then this might be followed by a shower room, followed by a kitchen, a bedroom and so on. The total value could have been delivered in chunks. The builder might argue that this approach would make the overall project more expensive. But then the estimate is only a guess anyway, given the novelty of the project. A value-based approach is better because it enables the customer to calibrate the supplier’s productivity and improve the overall estimate with each delivery. And, in any event, wouldn’t it be better to have a four- bedroomed home with a roof, rather than an uninhabitable eight-bedroomed home without one? The delivery of each increment of the project’s overall value provides an opportunity for a customer to evaluate not just cost and time but also value, quality and the customer-supplier relationship and the project team to learn and adjust course, rather than waiting until the end of the journey to discover that the project has arrived at the wrong place. The world isn’t flat and nor are projects. Continuing to make believe that they are will only perpetuate the cycle of failure. If we do the same, we get the same. It’s time for the grown-up conversation, for business leaders to take some driving lessons and to take a lean approach based on the pull of value not the push of requirements. www.bcs.org doi:10.1093/itnow/bwu034©2014TheBritishComputerSociety Gary Lloyd posed the question ‘what proportion of IT-based projects deliver what they say they would, on time and on budget?’ at meetings of three different consultancy, project/programme management and business change BCS specialist groups. Most of the attendees were, like Gary, of mature years and had seen a lot of projects. June 2014 ITNOW 07 available research into why IT-based projects fail. Here is my synthesis of the top five causes of failure: 1. Unclear business objectives and links to strategic priorities; 2. Lack of executive and senior management support; 3. Poor quality and changing requirements; 4. Lack of user involvement; 5. Poor planning and risk management. With the possible exception of the last item, these causes point to one thing: poor business leadership. It is the business that has the greatest capability to address all of these points, including the last one. Standish Group agrees. It rates ‘effective executive sponsorship’ as the number one determinant of IT project success. Interestingly, IT professionals go in for an enormous amount of breast beating, challenging themselves to do a better job at engaging with ‘the business’ and getting good-quality requirements. IT professionals believe that the onus is on them to drag what they need out of business managers in order to get the job done. But why should it be that way? Shouldn’t business managers be agonising about how they can ensure that they get what they want? Shouldn’t they be demanding customers? All too often, however, those business leaders who have initiated projects in order to be drivers of change, allow themselves to become passengers on their own projects. Reporting on the government’s Universal Credit Programme, in November 2013, the Public Accounts Committee wrote: ‘Oversight has been characterised by a failure to understand properly the nature and enormity of the task, a failure to monitor and challenge progress regularly, and a failure to intervene promptly when problems arose. Senior managers only became aware of problems through ad hoc reviews, mostly conducted by external reviewers.’ But my aim is not to point a finger of blame. IT suppliers collaborate with their customers in mutual self-delusion. Solutions are relatively low risk, cost and schedule estimates are robust, and the project is always on course. Until it isn’t. That grown-up conversation needs to be open about risks and focus on strategies to mitigate not ignore them. We don’t expect adults to be able to drive a car, just because they are adults. Why should we expect business leaders to be able to lead complex projects, without appropriate education and support? We need to help business leaders to become demanding customers who don’t think the job is done, once the ship sets sail. We need to help time-poor business leaders to understand when, how, where and why they need to contribute to project success. Of course, in order to do so, we need to understand that ourselves. Design, planning and execution So let’s say that a grown-up conversation between supplier and customer has taken place. How can we, practically, ensure that the customer’s money is well spent? I believe that the solution is to adopt a strategy that delivers regular business value to customers and stakeholders throughout the project, not just at the end. This needs to be clear to suppliers at the start of the project. The project team need to know that they have to design a solution that is structured for regular value delivery. Ikea doesn’t design furniture and then work out how to flat-pack it. The delivery strategy is a constraint on the design. Consider a building project, such as those featured on the television programme Grand Designs. A happy couple decide to take on a huge Tudor barn refurbishment project, vowing to be in by Christmas. Three-quarters of the way through the programme, we see a disconsolate couple In answer to the question, an attendee at one of the meetings held up his hand and made the shape of a zero with his thumb and forefinger. I asked the group if they agreed. On the whole, the answer was ‘yes’, with no one offering a success rate above 10 per cent. It was the same story in the other meetings. Seasoned IT professionals were pessimistic about the ability of IT-based projects to deliver as promised. Actually, research data shows that track record is better than the groups’ collective intuition, but not that much better and no cause for celebration. Research carried out on behalf of BCS found that less than half of projects delivered what they said they would within budget. The Standish Group, that has a database of over 70,000 projects, paints a gloomier picture. It reports that less than a third of projects delivered within budget. If that wasn’t bad enough, research by Oxford’s Said Business School, showed that one in six projects overrun budget by 200 per cent or more. When IT-based projects go wrong, they can go very badly wrong. This conclusion is supported by BCS research referred to earlier. So what’s the problem and what can we, as IT professionals, do about it? IT-based projects are complex and there is no single cause nor is there a single silver- bullet solution. There are, however, three key points of leverage that can make a disproportionately positive impact. These are: PROJECTS AREN’T FLAT Image:Jannoon028/477268163
  • 5. PROJECT MANAGEMENT 08 ITNOW June 2014 managers do habitually are: 1. make informed decisions, 2. gain management support; 3. deal with the unexpected. I shall now take a closer look at these three distinguishing project management qualities. Making informed decisions Project management is often misunderstood and poorly practised because organisations don’t know how to control change. Simply put, they don’t know what they are doing. Senior management believes it is driving change through from the top down when in reality it is basing too many decisions on assumptions. And here’s the crux of the problem. Every one believes someone at the top knows what they’re doing. This stops everyone from learning and innovating. Let me tell you a story. Channel shift We have been working to introduce a new content management system. It started out as a technology project. However, I was convinced that this was the wrong approach. I thought we had an opportunity to save a great deal through channel shift and improved handling of customer enquiries. But a change this big meant a change in the way we viewed the customer and how we engaged with them. I soon realised this would not be possible unless top management saw the opportunity and bought into the idea. This was a big ask because they all thought the project was about technology. To get to the heart of the problem I asked an analyst to do a small study on website usage. I wanted to know how We also knew our limitations and when external help was desired. Our approach to the project meant we could anticipate problems and deal with them head-on before they derailed what we were trying to do. For instance, when parts of the business were too ambitious in their plans we were able to convince the project board that restraint was necessary. We fully understood the end-to-end transaction costs and the importance of user experience. In contrast, some of the ideas coming from the business made neither economic nor practical sense. Most business change projects have difficulties. This is not surprising since we rarely know exactly what we are doing or how it is to be done. In other words, project management is learning as you go. Or to put it another way, dealing with the unexpected. Why this is such a surprise often confounds me. I think we are all in agreement that the project manager’s job is to deal with uncertainty. However, I believe it is more than this. It is about making a future more probable. What we learn from the case study is that driving projects from the top does not work because people assume someone knows the answers. Projects are called projects because we don’t know exactly what we are going to do. We have to learn as we go. The project manager has to learn fast. Only then can the unexpected be handled with any degree of confidence. So now you know what the project manager has to do: to make informed decisions, gain management support, and know how to deal with the unexpected. ‘There is no such thing as a problem without a gift in its hands for you.’ Robert Bach Who said project management was easy? www.bcs.org doi:10.1093/itnow/bwu035©2014TheBritishComputerSociety Martin Webster MBCS CITP is managing solution architect at Leicestershire County Council and his job is to solve problems, find solutions that enable beneficial business-led change. Project management is a core competence in directing and managing change. June 2014 ITNOW 09 many pages we had and how often they were visited. I also wanted some insight into the way our customers behaved online. When the analyst completed the research, she reported that we had over 5,000 web pages, yet more than 80 per cent of them were rarely used or not used at all. When I examined what she had found I learned that customers hardly ever visited the home page and never spent time browsing our pages. Indeed most traffic was via a search engine. I couldn’t believe how bad things were; one of our most popular pages was a not found error. The key players in channel shift are not top management. They are the project manager and the analyst. The project manager had the conviction to follow his hunch and the analyst the tenacity to uncover evidence. Project management isn’t simply about following process. It is about challenging the status quo and making sure project objectives and benefits are crystal clear. The project manager must use evidence, hard honest facts, to inform decisions and show people how the project will make change happen. So, a project manager’s job is making informed decisions to get change started. Gaining management support The next point is about gaining management support. So let us return to the case study. I have a voice The analyst collected all of the information and prepared not one but five reports: one for each business unit and one for each project board member. At the next project board meeting we presented our findings. We decided to hand out unique reports to each board member. What they read was a service-by- service description of their departments’ web presence. Or rather, how ineffective their department was at engaging customers. For many minutes the boardroom was quiet. Everyone was intent on reading. They had nothing to say. Later we were invited to present our findings at management teams across the organisation. Soon afterwards executive management heard about it and we were presenting to the CEO. Through the report we were able to reinforce at every level of the organisation a sense of this is how bad the website is. In ‘I have a voice we learn that those who think they have little power can make a difference. The overwhelming evidence presented to the project board could not be refuted. They were on side. The project manager had moved them from commanders to sponsors. Making informed decisions using hard facts helped the project manager win over the project board. The board immediately connected themselves to something important and lent it their credibility. In this way project managers must learn to gain proactive support from senior leaders. This is what sponsorship is about. It is holding up an idea or cause as important. And, when the project manager has true sponsorship they are empowered and more likely to succeed in their role. So, a project manager’s job is about making informed decisions and gaining management support. Dealing with the unexpected But this isn’t enough. We all know that projects are unpredictable and inherently risky endeavours. Therefore, the third and last point is this: project managers must know how to deal with the unexpected. Knowledge is power Getting senior management on board was just the beginning. Lots of questions followed and there was an expectation for us to have all the answers. We didn’t have them. The project team quickly realised it had to learn about customer access, efficiency and channel shift. We needed to be one step ahead of everyone else’s thinking. Let’s begin with a concise definition of project management taken directly from Managing Successful Projects with PRINCE2, 5th Edition. ‘Project management is the planning, delegating, monitoring and control of all aspects of the project, and the motivation of those involved, to achieve the project objectives within the expected performance targets for time, cost, quality, scope, benefits and risks.’ As far as project management definitions go this is rather good. But what does it tell us about project management? What does it tell us about being a project manager? In truth, many definitions often leave us out in the cold. Yet this simple definition does encapsulate what we should be doing. It helps identify three important things a successful project manager does. The three (and yes, this is a three- point sermon) things successful project SUCCESS Image:Photos.com/92825837 STEPS TO THREE
  • 6. DIGITAL LEADERS 10 ITNOW June 2014 advice; I have a discussion with them about why they are interested in those things in their business.’ Dave went to on to say that he thinks that the I in CIO, information, is very important because information is the lingua franca. He feels that people who can’t speak that language are destined for obsolescence in modern industry. He then added: ‘What I encourage CIOs to think about is, how do they get the maximum return on the information model in their organisation? How can they focus on the strategy of that information model and how that information model is evolving. We own that information model for the whole corporation and that, for me, is an important and critical role for the business. It is a role that shouldn’t have any competition if the CIO approaches it as their piece of the cake. pressures. When you are seen as someone who has that technology knowledge and people come to you, it must be very hard to say “no, I’ve got other priorities in my job.” People then just see you as the person who responds to the technology problem rather than information business issues,’ he said. Ade McCormack agreed with this. ‘It happens every day where CIOs are going in to see the CEO and it turns out that the laptop isn’t working, so you become the chief laptop fixing officer. You get a bit further in and the CEO says “my 13-year- old daughter has this app and I want our payroll to be an app.” So now a 13-year-old girl has more influence over IT strategy than the CIO. ‘I think it is around brand and perception. I believe job number one for digital leaders and aspirant digital leaders is to get their brand act together, of which there are probably four stages to do this. ‘The first is to define what your brand is. Stage two is to reengineer your bio to reflect that, that doesn’t mean lie though. It might mean hiding the fact that you’re a programmer, as that might not help you where you want to go. The third stage is to behave like the new brand and the fourth is communicate the new brand. ‘This works very well with people that don’t know you. If you talk like a business person, they will presume you’re a business person. You may well get push- back from people who want to keep you in a certain place and many business leaders are not comfortable with making that journey.’ www.bcs.org doi:10.1093/itnow/bwu040©2014TheBritishComputerSociety BCS, The Chartered Institute for IT, recently held a summit for and about digital leaders. Included in the summit was a discussion session about the role of the chief information officer (CIO) hosted by Ade McCormack and featuring Nick Millman from Accenture, John Morton from IP3 and Dave Wheeldon from Aveva. June 2014 ITNOW 11 ‘Too frequently CIOs tend to get wrapped up in other CIO topics and, I think, they get too close to procurement and therefore they get too close to technology providers and this means they tend to go towards the IT responsibility rather than the information responsibility. ‘ CIO vs. CDO The discussion moved on to the subject of other job roles within organisations. Nick Millman asked: ‘Is the CIO looking at information or are they running the IT function? I think in some sense the trend is already there for organisations to have a chief data officer, which I think does happen when the CIO is running the IT function and people think about who is looking after our data, who is thinking about governance and our data model. Let’s create a new role called the chief data officer (CDO). ‘We are seeing a surge in the number of organisations getting a CDO and we did some research across major organisations in the US and the UK and two thirds of organisations, approximately, said that they had a CDO or that they intended to appoint one in the next 12 months. ‘In some ways if the CIO doesn’t start to tackle the data issue, the answer is that a CDO suddenly appears.’ Mark Say, author of the BCS whitepapers on the next wave of computing, who was in the audience, then asked: does the fact that a lot of CIOs have come from a technology background mean that they get given the IT function, whereas if they came from another part of the business they wouldn’t necessarily get it? Dave Wheeldon answered first and suggested a CIO’s role is often governed by their previous work experience. ‘The experience I have when I am talking to CIOs is that they have lost their way during their careers. I came into IT as an engineer, but added IT as a way to do engineering and have become a moderately IT-literate IT engineer. ‘Some people, who have gone down the pure information technology route have lost their connection with the business. I feel that I, and others that I meet in our business, have a very strong crossover between a business discipline such as engineering or production plus IT. ‘The people who get stuck and find it difficult to progress are people who are more of a single dimension and work in the IT discipline.’ Ade McCormack agreed with Dave. ‘I think you are right. We develop a brand and, particularly if you have gone through a technology path, the chances are that your brand cries out technology and that’s quite difficult to shake off if you want to make it into the boardroom. ‘I don’t think you can mix the brands of being a business leader and a technologist because your brand will always go to the lowest one you exhibit.’ ‘A boardroom-bound CIO must arrive with more than just technology management and even information leadership. They need to be multi-skilled if they are going to get a place in the boardroom. ‘We are seeing non-IT people being successful in CIO roles because they can’t understand what their people are talking about so they force their people to talk in a business language, which I think is a good thing.’ Mark Say then brought up another issue that probably doesn’t help CIOs and that is having to respond to day-to-day IT John Morton from IP3 added: ‘Sometimes there isn’t a CIO in place, but different personas of CIO. Some have been brought to embrace change projects, some have spent the past years running the business. When new business demands growth or being prepared for growth, come to the fore, you need to ask yourself whether you are the right person to drive change in an organisation.’ Dave Wheeldon from Aveva said: ‘As a CTO (chief technology officer) I think I have a good bridging knowledge of how CIOs and CTOs crossover and where IT can enable us for business process change and technology innovation and so on. ‘What I frequently find, when I talk to CIOs, is that they want my opinion about CIO topics. They want my opinions about big data, about cloud computing and social and mobile computing. I don’t give them Image:iStockdaily/450293517 The discussion started with each person describing what they see as the role of the CIO. Nick Millman from Accenture said: ‘Based on the conversations that I have with CIOs it is often around two aspects. One, how do they set themselves up for success within the organisation and what should the CIO be doing versus what other C-level executives are doing in the organisation. ‘With the digital world those boundaries are blurring more and more, so how do you set yourselves up for success in terms of who is responsible for what? ‘Secondly, with the shift into these new technologies, how do you get the workforce that you need, how do you find the people with the digital needs and experience? How many should you hire in, how many should you train or what do you give to service providers?’ CIO THE ROLE OF THE BCS has produced a series of whitepapers on a number of leading IT topics. These include 3D printing, augmented reality and cognitive computing. These are available online now at www.bcs.org/nextwave BCS Whitepapers They get too close to technology providers and this means they tend to go towards the IT responsibility rather than the information responsibility.
  • 7. June 2014 ITNOW 13 INFORMATION SECURITY 12 ITNOW June 2014 buy and sell,and the internet still works. Sometimes individual companies are hacked and the consequences are expensive,but modern business reacts,adapts,and then carries on. For a very long time,the military has conducted military exercises or wargames as part of its normal training cycle. These wargames take many forms including: Bohemia Interactive’s Virtual Battle Space (think of a realistic first person shooter, but with hundreds of soldiers as the players); mock battles on Salisbury Plain and straightforward table top exercises. Business cyber wargames are closely related to the latter. One type of cyber wargame is penetration testing.This consists of testing company IT systems for various technical vulnerabilities, for example,checking for unsecured network ports,unpatched software or staff failing to follow company polices such as opening dubious email attachments. Usually the attackers are white hat hackers who work for reputable firms who provide services including mock attacks on a company’s systems. This sort of testing is invaluable for the technical staff involved in network management,but they are not so useful in preparing the rest of the business. Another type of cyber wargame is a committee or seminar game.This basically consists of staff sitting around a table discussing the situation and making decisions. Such manual pen and paper exercises are focused on the business,rather than the technical,aspects of attacks. There are real advantages to such a manual game: it’s immediate, it’s simple, player’s ideas, the scenario will develop and hopefully, as a result of the player’s choices, the crisis will be mitigated and the facilitator will be able to draw the game to a conclusion. Step 5: hot wash-up At the end of the game it is important to capture feedback from those taking part. Everyone should be encouraged to discuss what they could take from the game into a real world situation. It is important for the facilitator to highlight that any poor decisions are not the fault of a named individual; they are the fault of the organisation for not providing appropriate training or the result of inadequate company policies. Final thoughts Games really work as part of a training package. They can be invaluable mechanisms for helping identify potential weakness in a company’s systems. Research shows that taking part in such games does increase staff’s long-term awareness of information security. These games also help increase the staff’s chances of making better decisions when faced by the huge pressure of real cyber-attack. www.bcs.org/security The first stage is to work out the business aims of the training. Perhaps it is to test staff in handling the loss of business reputation in the aftermath of a publicised hack? It is important to remember that the wargame has to be designed to be played in single room with the participants sitting around a table. A successful game should avoid being over ambitious. It is far better to run a few modest exercises that deliver some benefit that a grander scoped one that does not. Step 2: prepare the script Once the aims of the training are established, the facilitator can then develop the scenario. Potential questions can include. Who is attacking? What are their aims? How sophisticated are their methods? Are they persistent? The facilitator needs to develop an idea of how the game will progress. Normally, each stage of the game consists of a short briefing by the facilitator, perhaps with handouts, and then the players should be have time to make decisions. Step 3: prior training Warning the players of the scope of the game is an excellent way to motivate them to refresh their understanding of company policies on the subject. Step 4: conduct the game The players will assemble on the day and the facilitator will immediately present them with a developing crisis. Under time pressure, they will discuss the potential options open to them and then jointly decide on a course of action. It is good practice for the facilitator to routinely ask them to justify their response. Depending on the effectiveness of the it’s immune to the usual problems with technology, and it gets people away from their laptops, tablets, smartphones and everything... and so concentrates on the wargame. By considering information security and practicing incident management and reporting,the game should generate practical insights into security vulnerabilities that attackers may be able to exploit or it may simply allow staff to rehearse their responses before being potentially faced by a real crises. Experience shows such games work very well as part of a wider company training package.A modest business cyber wargame can be prepared in only a few weeks and be successfully run within a single morning or afternoon. Step 1: define the scope doi:10.1093/itnow/bwu042©2014TheBritishComputerSociety The idea of cyber wargames usually conjures up a vision of large numbers of staff faced by a developing crisis shown in glorious multimedia and managed by a huge team of umpires.Whilst such large exercises are necessary for government level wargames,it is quite possible to run an effective business cyber wargame with very modest resources says John Curry. The harsh reality is that practically every business has been successfully attacked at least once over the last few years and from the perspective of information security the business environment is getting more hostile. As the requirement for maximum efficiency, productivity and communications drives forward innovation in business computing, each leap forward opens up new potential vulnerabilities. Organised crime,hactivists groups such as Anonymous and state level actors have been added to the threat landscape. Faced by these powerful threats, information assurance professionals around the world have responded and,as discussed in the Spring 2014 edition of ITNOW,have been largely successful in keeping the situation manageable. Banks continue to trade,businesses By considering information security, practice incident management and reporting, the game should generate practical insights into security vulnerabilities. PREPARING FOR THE NEXT ATTACK Image:JozefDunaj/96083993 John Curry has edited/written over 50 books on various aspects of wargaming. He is the co-author, with Tim Price MBE, of Dark Guest Training Games for Cyber Warfare: Volume 1: Wargaming Internet Based Attacks. Author
  • 8. June 2014 ITNOW 15 INFORMATION SECURITY 14 ITNOW June 2014 uncertainty on objectives’: a definition at once irrefutable and effectively useless, as it’s entirely abstract. Many attempts to create operationally functional definitions have been made, ranging from the elementary ‘risk=likelihood x consequence’ to quite complex combinations of ‘vulnerability’, ‘threat’, ‘opportunity’, ‘impact’ among other terms, multiplied and summed in various ways. However, I question whether many of these ostensible mathematical relationships are valid, and whether their parameters are specified in ways that allow mathematical operators to be used at all. How do you multiply (or add) ‘wooden shed’, ‘small boy with box of matches’, ‘pyromaniac tendency’, and ‘value of contents’ to arrive at ‘loss of tools’? But this is not my only concern. Finding evidence-based or ‘quantitative’ risk decision-making rather hard work, risk practitioners have mostly resorted to ‘qualitative’ methods (a.k.a. guesswork), resulting in a drastic loss of both accuracy and repeatability. Such sloppy thinking encourages the use of crude risk rankings - ‘high’, ‘medium’, ‘low’ - that make it impossible to distinguish with confidence anything but extreme differences in risk. Furthermore, cross referencing ‘medium impact’ and ‘medium likelihood’ may yield ‘medium risk’ or ‘high risk’, depending solely on my personal preconceptions when I designed the corporate risk matrix. There’s no demonstrably valid (or even accepted arbitrary) axiom to guide us, so someone else in the same organisation (and even the same role) might create a risk matrix quite different from mine, delivering different answers. These failings combine to cause cultural dynamics (‘office politics’ and personal attitudes to taking gambles) to swamp objectivity. Unwillingness both to bring bad news and to stick one’s neck out frequently with confidence. However, before the fact it’s possible to use the reverse of fault tree analysis - consequence analysis - to map the possible outcomes of coincidences of events. This is not strictly ‘risk assessment’ unless it’s possible to assign probability distributions to the events, but it’s nevertheless a powerful tool for identifying possible adverse outcomes that might otherwise escape identification due to the apparent insignificance of their causal factors when considered individually in isolation. Such outcomes can then be pre-empted by preventing as many of the causal factors as practicable from acting. To make reliable risk judgements we must: understand the basic principles of probability, including recognising that statistics don’t describe individual events and knowing when probability theory can’t be usefully applied; completely understand the process or system risk being assessed; have no vested interest in the outcome of the assessment and apply a repeatable standard process that demonstrably yields results that consistently accord with reality. Sometimes likelihood’s contribution to business exposure must be ignored, particularly when a potential outcome could be catastrophic. www.bcs.org/security the coincidence of multiple independent events. Some of these events, individually or in concert, may trigger dependent intermediate events, forming chains of causality. The ultimate result may sometimes be a single outcome, or there may be multiple alternative or simultaneous outcomes. Each event has a likelihood of occurring at the required point in the mesh of causality, depending not only on its intrinsic properties but also on the properties of any other events that contribute to it. Furthermore,some events are binary (they happen or they don’t) and some have multiple discrete effects,but the effect of many events varies over a range,and not necessarily in an intuitively determinable way. The probability of each possible outcome is a function of the aggregate of probabilities of all the events in all the contributory chains of causality, so clearly there is usually a range of possible outcomes and consequences. Such ranges of possibility are ‘probability distributions’. Although they can be highly informative, they are almost universally ignored in the sphere of information risk management, partly because they are hard to define for some of the events we deal with, but mainly because most practitioners don’t even know they exist. That said, events driven by human decisions - including most cyber attacks - tend not to have constant probability distributions over time. This is why trying to deduce future exposure from past information breaches is so uncertain. Although fault tree analysis is a widely adopted technique for finding causes after the fact, because we often don’t know the probability distributions of the contributory factors at the time of the incident it’s often impossible to recreate its causal matrix leads to most risks being ranked ‘medium’, so we don’t make much progress in prioritising our risk treatment, even supposing our criteria were trustworthy in the first place. Considering the large number of entries in a realistic corporate risk register, granularity is essential - there’s no real hope of prioritising the treatment of 649 ‘medium risks’. And ultimately, that’s what corporate risk management is about: not arriving at absolute values of risk as an intellectual exercise, but working out the optimum priorities when allocating a limited protection budget. These failings (ill-defined formulae, low resolution poorly quantified ‘risk scales’ and uncontrolled or biased guesswork) contribute significantly to what are often essentially meaningless risk decisions. However, their malign influences are usually dwarfed by an overriding conceptual error. Corporate risk assessments commonly assume a single cause leads to a single outcome with a single (if vaguely expressed) likelihood and consequence. Unfortunately, the real world ain’t quite like that. This has frequently been ignored, even in life-critical arenas. For example, a coincidence of one ‘medium risk’ and two ‘low risk’ independent events is unlikely to be considered a high risk, even supposing we know what low, medium and high mean in the first place. But those were the assumed risks of the three most significant causal factors of the NASA Challenger accident3 (reduced rocket segment ‘O’ ring resilience at low temperatures, distorted re-usable rocket segments, leaks in segment joint insulating putty). Most adverse incidents (and indeed many business opportunities) result from doi:10.1093/itnow/bwu043©2014TheBritishComputerSociety In addition to Donald Rumsfeld’s much quoted ‘known unknowns’ and ‘unknown unknowns’ there’s another class of misapprehension that he failed to recognise - things you’re convinced of that happen to be wrong (in his case, WMD).For many of us in corporate information assurance,the real nature of risk is in this category.We all perform what we believe to be ‘risk assessments’,but Mike Barwise asks,are they really any good? Fortunately (or for me as a methodologist - unfortunately), information breaches are quite rare so the majority of our risk assessments never get tested. If they did, I suspect they would exhibit a long-term success rate approaching 50 per cent. That makes them about as useful as tossing a coin - not because we’re stupid, but because we’re simultaneously largely uninformed, and widely misinformed by ‘experts’, about the true nature of risk. So what is risk? Many supposedly authoritative sources refer to events or outcomes as risks, whereas risk is actually an attribute of an event: a measure of its probable consequence. Nevertheless 95 per cent of risk professionals responding to a survey in 20011 agreed that ‘a risk’ is an event. Having defined risk, let’s consider how to quantify it. We might hope to be guided here by standards, but the ISO Guide 732 definition that has influenced almost all other risk-related standards is ‘effect of Unwillingness both to bring bad news and to stick one’s neck out frequently leads to most risks being ranked ‘medium’. WHAT IS RISK? Image:IngramPublishing/122399113 1. Hillson, D. What is ‘Risk’? Results from a Survey Exploring Definitions. www.risk-doctor.com/pdf-files/ def0202.pdf 2. ISO Risk management - Vocabulary, 2009 3. Report of the Presidential Commission on the Space Shuttle Challenger Accident, Chapter IV: The Cause of the Accident http://history.nasa.gov/rogersrep/ v1ch4.htm (section 70: Findings) References
  • 9. June 2014 ITNOW 17 HEALTH INFORMATICS 16 ITNOW June 2014 During his introductory plenary of the second day of the conference, Professor Haslam, Chair of NICE, said: ‘It’s astonishing that despite the fact that GPs have had computers for twenty five years, the rest of the NHS hasn’t yet caught up with them and, in some cases, are still using paper-based systems!’ In fact according to Kingsley Manning, Chair of Health and Social Care Information Centre (HSCIC), in a recent audit carried out by his office it was found that 80 per cent of all records were written by hand before they were retyped into a PC. Hence, it’s understandable that the recent Francis Report1 found that there was not enough good, reliable information available. With calls for a more joined-up approach to sharing data and making available data more accessible to interested parties, NHS England rolled out their ambitious care.data programme with the intention of collecting together as much data about NHS patients as possible to be used in… Well, that’s the main problem for most the scheme’s many detractors; there are just too many unanswered questions at the moment for the public and many clinicians to be happy to get behind the programme. According to Geriant Lewis, Chief Data Officer from NHS England, ‘Across the country there’s a lot of data missing. For example, there’s no information about in-hospital prescribing, investigations, obscurities or about care outside of hospital, and no information about social care.’ Lewis seems to think we can’t currently answer questions such as: • How many patients in England received chemo last year? • What proportion of patients in a of safeguards in place for dealing with this sort of data. All identity and access governance (IAG) will be overseen by the HSCIC. Identifiable data is flagged as being ‘red’, potentially identifiable data as ‘amber’ and unidentifiable data is coded as ‘green’. The Consumer Action Group (CAG) will oversee the movement of red data, the use of which will be decided by the Data Access Advisory Group (DAAG). According to Lewis,patients will be able to access their own ‘red’ data and some universities and research establishments will be able to access ‘amber’ data.In some cases ‘green’ data will be published,at cost price. Apparently patients can halt the flow of data at any point, if they object to its transfer, although how will they know that a) their data is being used and b) for what purpose, is harder to say. Will the NHS phone us up before they plan on doing anything with our data? The take home message from these discussions on the subject of care.data and with regard to data sharing in general seemed to be that whatever the NHS does in this space, it needs to be as transparent as possible and actually engage more with both patients and their GPs otherwise there will continue to be very limited support for this programme going forward. Dr Ian Herbert FBCS Health, perhaps summed it up best when he said that ‘an extended and ongoing conversation about the whole data sharing conundrum needs to be had and in a transparent way.’ www.bcs.org/health appreciates that data sharing can be a good thing (and history has shown this to be the case), but no one agrees on exactly how it should be done and what the parameters will be. According to Tim Carter, the negative reaction to the care.data programme has ‘led the health service to try to understand what it is that people really want, take that on board and then explain how it’s going to take care of people’s data, all the while being realistic about the risks.’ It’s a fact that the Francis Report has driven the NHS to collect more data and Geriant Lewis briefed the conference saying: ‘The initial consultation revolved around what information was currently held by the health service and how easy it was to collect it.’ He then went on to say that ‘the updated consultation themes are focusing on: • resourcing; • timescales; • the variety in provider capacity; • data entry and the point of care; • responsibility for datasets; • clarity of benefits. It appears that NHS England is currently examining the barriers getting to patient data, its safety, assessing data that’s easiest to obtain (probably drug charts and patient movement from ward to ward), and looking at which data it already has access to. The key objection to data sharing appears, understandably, to be data security. With this fact in mind NHS England has categorised data into three types, namely: non-identifiable, potentially identifiable and identifiable data and awarded them with a traffic light colour coding system. Identifiable data is strictly controlled by the law and includes information such as a person’s date of birth or their postcode. Potentially identifiable data contains a unique pseudonym for each person and there are a wide-ranging number particular hospital, were reviewed by a consultant, at least once a day? • The average time a GP took to diagnose bowel problems. • The proportion of patients on a ward who had a highly abnormal diagnosis. Hence NHS England thinks the care.data programme will be able to help address some of these issues once the NHS has a more structured data sharing culture. Dr Peter Flynn, Director of the care.data programme, stated that the programme’s initial priorities would include the expansion of GP and hospital data and to increase the information storage capacity at the HSCIC. However, despite reassurances from NHS England regarding the care.data information gathering programme, stating that ‘the information would only be used benignly and that all information about patients would be stored in a secure way’, the general public and many clinicians have not bought into the idea, resulting in the programme being put on hold for six months while NHS England rethink their approach and try to bring us all on board as enthusiastic stakeholders. According to Tim Carter, Communications & Awareness Lead, NHS England, the care.data programme ‘has been put on hold for six months in order for a more comprehensive consultation to occur with all the various stakeholders. ‘The care.data leaflet drop was seen by some as a failure and the NHS was accused of just talking a bit louder rather than actually engaging with people. In fact the noise became so loud that stakeholders were soon asking: “what is the NHS really doing?” This then led to various newspapers creating a furore over “what the NHS is doing with our data.”’ It became quickly apparent at the various plenaries and discussion groups that the next six months can’t just be about awareness-raising for the programme, it has to be more substantial. Everyone doi:10.1093/itnow/bwu052©2014TheBritishComputerSociety With a medically-orientated menagerie of clinicians, health informaticians and software suppliers meeting at HC2014, it wasn’t long before BCS Health Editor, Justin Richards MBCS, realised what was foremost on almost everyone’s mind, namely care.data. SHARE Image:dolgachov/457775797 1 http://www.health.org.uk/areas-of- work/francis-inquiry/about-the-francis- inquiry/ www.england.nhs.uk/caredata England.cdo@nhs.net Reference and useful info OR NOT TO TO
  • 10. June 2014 ITNOW 19 COMPUTER ARTS 18 ITNOW June 2014 I had the great pleasure recently to spend the afternoon with this month’s artist Barbara Nessim, a pioneer in digital art and illustration; it was fascinating to hear first-hand about her career spanning six decades. She was one of the first prominent (non- fashion) female illustrators working in the industry and has also seen major changes in computer graphics. Now a significant body of her work has been donated to the Victoria & Albert Museum, where it was exhibited in 2013 accompanied by the (highly recommended) monograph Barbara Nessim: An Artful Life. In the 1950s it was rare for women (especially single women) to have a career in the arts, outside perhaps of teaching, the norm being to marry. However for Barbara work and the ability to support herself financially was important, believing that she wouldn’t be able to find her true self if she married. Commercial illustration allowed her to continue her painting and fine art. She tells me, ‘I don’t understand the snobbishness associated with illustration.’ In fact she only knows of one other woman, Lorraine Fox, in the 1950s, but by the 1960s the field had opened up to women somewhat more. A life-long New Yorker, Barbara’s work often reflects the energy of that city and the goings-on of its hip inhabitants including her fellow artists, among them Zandra Rhodes and Richard Avedon, who she has collaborated with. Her work has a focus on women and gender roles; she’s interested in exploring the relationships between women, men and women and women and the world including social norms and ‘rules’ for women - how you are supposed to act, to look, and so on. From the 1970s she was producing strong graphics and illustration for famous magazines such as Time, Vogue, Rolling Stone (including a famous John Lennon remembered cover in 1988), Harpers, New York Times and many others. From the first, sketchbooks became an essential part of her practice. These she carries wherever she goes and are the well-spring of her creative energy - she tells me, ‘it all starts here.’ As she explained these are unlike commercial jobs that come with specific constraints: - the brief, the art director, his boss, the story, ultimately the public, all of these have to work together and as Barbara points out, ‘you do have to please yourself within that framework too.’ The production of sketchbooks allowed her to ‘still keep my own self and produce work for other people.’ The drawings, paintings and collages within these sketchbooks are diverse in style and subject matter but are characterised by a graceful, flowing line. Looking through these beautiful books it is clear what an inspiration they must be, reflecting aspects of daily life in NYC or concerns at a particular time or an image that catches her eye. (A selection is reproduced in An Artful Life and they are also available to print on demand.) Of her unique style she says, ‘I didn’t look for a style, it just found me.’ She is keen to point out however that her vibrant, colourful and life-affirming women are not psychedelic, as is sometimes described in the press. Her reputation as an artist was such that in 1980 MIT called with an offer to come and work on its computers. Although at that time she was unable to take the necessary time off teaching and other commitments, the possibility of making art on the computer intrigued her and she set out to find a computer at home in NYC. Barbara recalls, ‘At that moment, I knew that computers were a radically important shift from the norm, which would be life-altering and completely change the way we were all working and doing things. Instinctively people don’t like change. It took didn’t know how to use a computer, or didn’t want to accept them, you were out of a job.’ Throughout this early period she had to invent ways of exhibiting and displaying this new type of art, as there wasn’t a norm already in place to follow. The longevity of the work and its durability and permanence for the future has always been an important concern. To this end the artist developed her own methods to ensure the archival qualities of her work. This involved the use of gatorfoam board (for its strength) and then wrapping the board in rice paper before hanging with attached magnetic strips. She would also Xerox images before hand- colouring them with pastel, as, again, she knew this method would last. Our image this month shows the artist in front of her work ‘A Current Past’ at the Condé Nast building in NYC, 2010 where she held a three month show. This very large work - 28x12 feet - occupies the 3rd and 4th floors on the Eventi Hotel in NYC (30th St and 6th Ave.). It is the centrepiece of the complete 13 artwork commission called ‘Chronicles of Beauty’, all of which are digitally printed on brushed aluminium and demonstrate Barbara’s digital collage technique of using found images with hand drawn elements to explore historic and contemporary notions of femininity. more than 20 long years for it to mature and for people not to consider it a fad.’ Eventually she was able to access systems at Time Life, becoming artist in residence at the newly formed Time Video Information Services in 1982. Here she used a Norpak IPS-2 (a Canadian invention) used by Time for games and television graphics. Barbara recalled that the console looked like a big desk and describes working on it as ‘a challenge’; she had only six primitive shapes: an arc, circle, dot, rectangle, polygon and a line that could be defined and used to draw. Further, the system did not allow mistakes to be erased, you had to start all over again. Output consisted of a Polaroid or a 35mm slide. As is typical of many pioneering artists using state of the art computing at this time, Barbara was allowed access to the machines after hours so she worked from 5pm to 9pm. In fact her love of the arc command earned her the nickname ‘arc-angel’ in the office. She worked at Time for about a year or so before the office was shut-down and was the only artist to use this system there to create a body of work. (See a 1984 video made the last night of her residency documenting her work) Her very first computer works appeared in a four-page spread in the German publication Frankfurter Allgemeine Magazin (1984). Another early work, a portrait of the head of the statue of liberty - Ode to the Statue of Liberty, (1986) is now in the collection of the V&A. In 1991 she was hired as the Chair in the Illustration Department at Parsons the New School for Design and during her 12 years there was responsible for bringing computers into the studios and overhauling the curriculum, with the result that her popular course became the genesis of the Digital Design Department. As Barbara says ‘the digital shift had happened.’ By the mid-1990s, ‘If you doi:10.1093/itnow/bwu057©2014TheBritishComputerSociety Catherine Mason MBCS is the author of A Computer in the Art Room: the origins of British computer arts 1950-80. For more information on the computer arts please see the Computer Arts Specialist Group website: www.computer-arts-society.com More on this month’s artist: www.barbaranessim.com Credit: Barbara Nessim, ‘A Current Past’, from the ‘Chronicles of Beauty’ series, digital painting on brushed aluminium, installed EVENTI hotel NYC, 28 x 12 ft, 2010. Copyright the artist, reproduced with permission. LIFE AN ARTFUL
  • 11. ITNOW June 201420 LEFT OF THE INSIDE BACK COVER doi:10.1093/itnow/bwu061©2014TheBritishComputerSociety DAYS PAST 1984 Because the last couple of columns here at the left of the inside back cover have looked with a sardonic eye at some of the sexism in 50-year-old Computer Bulletins I thought we would go back just the 30 years this time...what will I find? asks Brian Runciman MBCS. Let’s skate over the proliferation of Norman Tebbit mentions - he was guest of honour at the 1984 AGM and the annual dinner and go straight for an interesting little piece of computing history. RS-232 interface lead The issue has an obituary for Dennis Victor Blake, drawing particular attention to his work in networking. He came up, with colleague Derek Barber, with an interface that the magazine calls ‘analagous to a three-pin plug.’ This led on to being involved in the British Standard Interface BS4421, with these principles later appearing in the still-in-use RS-232, which was version 24 of BS4421. That’s a pretty big contribution. As the article reports: ‘The real impact of the pioneering work of Dennis is that we expect “alien” devices to communicate and to have a general purpose interface or connection.’ An expectation that we still very much have of course. And this wouldn’t be complete without a mention of the classic Spitting Image sketch from around the same time: www.youtube.com/watch?v=CDlj0jBtYmQ It depicts a paean to the RS-232 lead with ‘songs’ from the likes of Status Quo, David Bowie and Dolly Parton. Also the ‘fat lady’ sings in a spoof Tosca opera that the eponymous lead ‘hasn’t solved my local networking problems, so I’m going to kill myself.’ The arts in the late 20th century Here’s something editorially interesting: even in 1984 we had a computer arts column. Our current computer arts pieces, which appear monthly on the website, with an occasional piece in ITNOW, are very popular. We have even got some well-known names to contribute: David Hockney www.bcs.org/content/conWebDoc/43630 and Grayson Perry www.bcs.org/content/conWebDoc/42643 In 1984 this was not such a high profile area, but we still had a two-page spread from John Lansdown: Portrait of the artist as a bug. This article explored the concept of art arising from errors. John shows a shell-like spiral which, when requiring a perspective view grew legs to become, in a John’s words, ‘a self-portrait of a (computer) bug, if ever I saw one.’ He goes on to talk about a 1981 Reproduced from the excellent xkcd.com Preliminary Report on the Japanese Fifth-Generation Project. He was impressed not just by the technical matters being discussed but by the ‘social requirements expected of computers in the 1990s.’ They included increasing productivity in various fields with the goal of reducing social imbalances; energy saving schemes to use the world’s finite resources more effectively; developing streamlined medical and other related systems to help address the aging population issue; and working toward international cooperation by exploiting Japan’s highly educated workforce. Interesting goals for the 1990s, some of which may need a bit more work even in 2014... What of the sexism in 1984? Well I suppose I must admit to a tiny twinge of disappointment. No dreadfully portrayed female secretaries or tactless gender implications anywhere that I could see. The only thing may be a design issue. ITNOW sometimes gets criticism for its pictures - particularly when they are big - But March 1984 Computer Bulletin just went with a lot of small pictures of chaps (all chaps) with unkempt facial hair...no stereotypes there! Find out more at: www.engc.org.uk/ieng Engineer AM AN Incorporated Engineer (IEng) professional registration not only recognises your proven commitment, skills and experience, but also identifies to employers that you have the competences, expertise and work ethics that they value. Do you have the talent to apply technology in a practical and creative way? Do you see yourself working in an engineering role where on a daily basis it is your skills and know-how that ensure success? If the answer to both is yes, then why not get your professionalism recognised by gaining the letters IEng after your name? Nothing says professional like letters after your name Why wait when you could be one step closer to becoming IEng TODAY? Becoming registered as IEng: ■ Demonstrates that you are a professional ■ Can improve your career prospects and earning potential ■ Provides high status and self esteem ■ Gives you an internationally recognised qualification Find out more at: www.bcs.org/ieng or call +44 (0) 1793 417 424
  • 12. Further your career with BCS business analysis certification Wherever you are in your BA journey, we’ll help you develop your capabilities and confirm your position as a vital catalyst for business change. bcs.org/businessanalysis BC809/LD/AD/0514 © BCS, The Chartered Institute for IT, is the business name of The British Computer Society (Registered charity no. 292786) 2014 Lastingchange. Startingnow.