Wednesday, December 28, 2011

CyberCriminals: Identify and Prosecute?

By now, nearly everyone knows the conduct of a hacker. There are nine steps to hacking a system and they have gotten good at it by exploiting all kinds of system and software vulnerabilities.  The hacker is a person of various genres who break into computer systems for the thrill of the hack and to some extent for criminal purposes.  While hacking is a crime itself, cybercriminals are far more deviant.  It is important to identify a cybercriminal early and monitor in order to head off any issues.

Profiling and categorizing cybercriminals Article Summary

Knowing who cybercriminals are can aid in protecting the digital systems and intellectual property.  According to Deb Shinder, author of the book Scene of the Cybercrime,  traditional criminals have a cyber counterpart. For example, con artists can talk people out of money or establish elaborate cyber schemes using email and websites. Even with uniquely digital seedy endeavors, the criminal motives are the same.  Therefore,  Shinder  considers  a psychological assessment of an unknown person also known as a criminal profile as important.  She stresses ‘fitting the profile’ does not mean a person is a cybercriminal.  Shinder points to the profile as narrowing the field of possible suspects.   In a Sherlock Holmes sort of manner, investigators use inductive and deductive methods to formulate the profiles.  Shinder claims the cybercriminal has most of these characteristics:

·         Some measure of technical knowledge.
·         A disregard for the law or rationalizations about why particular laws are invalid or should not apply to them.
·         High tolerance for risk or need for “thrill factor.”
·         “Control freak” nature, enjoyment in manipulating or “outsmarting” others.
·         A motive: monetary gain, strong emotions, political or religious beliefs, sexual impulses, or even just boredom.

Shinder remarks that a large number of criminals use their employers email and digital equipment to commit cybercrimes posing a situation in which IT professionals may stumble across evidence of a crime that are not company systems related.  According to Shinder, indicators of a cybercriminal are:

·         Refusal to take time off from work or let anyone else help with his/her job, lest they uncover what’s been going on.
·         Attempts to avoid formal audits
·         A lifestyle far above what would be expected on the person’s salary with no good explanation for the extra income.
·         Large cash transactions
·         Multiple bank accounts in different banks, especially banks in different cities or counties
Shinder points readers to this article for further details on white collar crime.

CyberCriminals Go Unpunished Article Summary

John Connell, author of Companies choose to leave cybercriminals unpunished, comments that companies who track down and prosecute those who commit cybercrimes are going against the grain of how most companies handle cybercrimes.  Most companies, despite tough talk rarely prosecute today. The reasons vary for this.  One of the principle reasons according to Connell is that the assault on the company systems comes from abroad and is too legally complicated to prosecute.  He also points out that the legal process can expose company secrets.   Another reason Connell brings up is that exposing company vulnerabilities can erode confidence and keeping quiet is better than risking a bad impression.  The big question is when will companies risk prosecuting cybercrimes? 

Artisan Comments:

Cybercrimes and cybercriminals have been on the rise. Identifying these crimes and tracking the perpetrators is a chore. Chances are that a vast majority of the system administrators and support come across evidence of a cybercrime and fail to recognize it.  More importantly, vulnerabilities, which are often doorways to cybercrimes, are often overlooked.  Routine training and awareness of tale-tale signs is necessary to thwarting cybercrimes.  However, there is a risk that workplace interpersonal dynamics may point to someone for more political reasons than criminal reasons.  So these cases also need to be vetted closely and carefully.   Since companies and organizations are generally reluctant to prosecute people, it is better to identify the behavior and address it internally before a serious legal issue arises. Some of the better approaches are to counsel or train and reassign the individual when the indicators begins to emerge in order to avoid the legal mess. However, the organization must bear in mind that fitting the profile is not a sure indicator of cybercriminal. A degree of prudent judgment must be exercised in order to avoid false accusations and disrupting legitimate work.  The closing remark is to be on a BOLO for cybercriminals and use prudent judgment to avoid serious issues.

References:

Connell, J. (2001) Companies choose to leave cybercriminals unpunished. Techrepublic. http://www.techrepublic.com/article/companies-choose-to-leave-cybercriminals-unpunished/5033678

Shinder, D. (2010). Profiling and categorizing cybercriminals, techrepublic. http://www.techrepublic.com/blog/security/profiling-and-categorizing-cybercriminals/4069

Tuesday, December 20, 2011

Focused Disciplines in Operations Management:

Comment: This is the fifth post is a series on operations management. In this post I want to discuss a few focused areas.. In the future, I may write on more indepth briefs on these topics. But for now, I want to just skim them.

Supply Chain / Logistical Operations

The world is globalizing and populations are decentralizing or sprawling. On a Sunday drive through the countryside it is not uncommon to find manufacturing plants in the middle of nowhere.  Companies, in a capital market, naturally seek the Low Cost Business Design Profit and Experience Curve Profit models spawning the sprawl and off shoring phenomenon. This creates a unique set of business problems. Logistical lines become lengthened and access to persistent and integrated information becomes more important. More critically, the ability of the organization to respond to emergent conditions through strategic, operational, and even tactical business projects attests to the need for an organization's low latency and responsiveness. The combination of project management, IT, and supply chain management is a unique specialty that has the unique skill sets to respond to this need.

Nearly all operations today involve supply chains and/or logistical operations of various sorts.  Some supply operations have a full range from supplier to producer to the customer.  Other operations create intellectual products such as software, reports, or other intellectual products. These operations are mostly the producer to the customer. Everyone seems to have a need to send and recieve goods or services. In fact, the logistical networks are considered by many futurists to be one of the underpinnings of the new economy on the horizon.  Hence, supply chain management is a growing field. As such this deserves focused attention.

The Society for Operations Management, APICS, cites the basic supply chain model as shown in Figure 1.

Figure 1: Supply Chain Basics
There are numerous dynamics that play out with variations of this model.  However, we will remain focused at a high level in this discussion.  As raw materials from suppliers are transformed by the producer for the final customer money, information, and goods/materials flow.  Value is added and ultimately purchased using various forms of money. The money flows in the opposite direction of the product flow as payments. Reverse product flow occurs due to but not limited to warranty, recycling, and buy back programs. Information operates in both directions and is essential to the effective and efficient supply chain process.

One important point to understand is that supply chains involve everyone and cut across entire enterprises. There are also external entities to the supply chain process that have significant impacts on the process such as governments, public utilities, and the educational systems. These external entities affect transportation infrastructures, communications, market forces, the money supply, and the body of knowledge.

Operation managers must understand key processes of the supply chain in order to effectively manage the activities. These processes connect the actors in the chain, involve information flows, and cash flows. One APICS view centers on the supply chain as a series of linked processes detailed in the Supply Chain Operations Reference model (SCOR).  This model is limited to supply operations that extend two tiers in both directions from the principle producer.

I'll discuss the supply chain in more detail in a future series of posts. The take away from this discussion is that supply chain managers must have an end-to-end view of the process as well as all the external influencing factors and technologies in order to effectively manage the process. Issues involving misinformation, mis-interpreted information, or disinformation can grind an operation to a halt, cost money, cause legal issues, and  ultimately loose business.

Agile / SCRUM

Agile is truly a operations management spin off that utilizes operation line manager paradigms of cross-functional training, managing the tempo of operations, clearing backlogs, gut thinking, and production meetings.  Line operations tend to center on the U-Shaped cell concept which is one of self-managing and self-organizing production unit. The line manager is concerned with managing the inputs and outputs of the cell and the flow between cells having metrics, buffers, and having an enterprise view of the operation.  SCRUM is more or less a cooperative effort between self-managing functional areas; Development, Product Owners, and the SCRUM Master / PM. A line operations manager and SCRUM master are very similar yet have a few distinct differences.

Agile's SCRUM Master does the same on-the-fly management as would be expected of a line operations manager.  In manufacturing, work in process goes into work as materials arrive associated with the work in process. This production effort is called a production run.  In SCRUM the production run is the iteration period which is called a sprint.  The primary difference is that most operations, like manufacturing, tend to be linear in nature producing a finished good at the end of the line. Much of the line managers activities are focused in that manner. Whereas, SCRUM's operations tend to be non-linear or iterative. However, a single iteration is linear having several phases along the way. The product undergoes a continuous improvement process having version releases. Perhaps the SCRUM Master could be tagnamed a spiral or spin manager versus line manager. Anyhow, general operations and SCRUM tends to be of  the same character or genere with similiar duties.
  • Managers act as the guardian of the production process.
    • Both Line managers and SCRUM masters understand the quality, schedules, objectives, and methods promoting the process and controlling digression and changes away from the path towards the endstate. 
  • Steer and coach artisans / team members towards production goals
    • This is leadership and managerial skills of providing vision, direction, and coaching. Most line managers aspire to Dale Carnegie approaches. However, line positions are typically filled by Type A personalities which usually have an abrasive edge as they drive expectations to the endstate. In SCRUM the manager tends to be more of a facilitator  / coach rather than a driver.
  • Minimumizes outside influences keeping the production effort focused.
    • In AGILE outside influences tend to be changes and good ideas that if not managed can affect scope and objectives.  In line operations these can be a variety of types of influences from sales volatlity to material shortages to legal issues that can have a direct impact on the operations. For example, OSHA or the EPA making demands on the operations that require an immediate response. While changing legal requirements affect AGILE efforts, they tend to be removed from the AGILE process and viewed in terms of risk rather than an immediate external influence.
  • Track work-in-process removing hurdles and bottlenecks
    • Classic line manager duties are to delegate work to the experts and clear the way ahead for them. The same is true of SCRUM master activities.
  • Develops lessons learned to improve process performance
    • This is a practice for nearly every undertaking. Even war fighters return to battle site often as part of a lessons learned conducting battle walks.
Like SCRUM, line operations are often involved in lean processes and continuous improvement. Operational risk management techniques are employed to reduce risk on-the-fly in line operations as required by the line manager. In SCRUM risk is thought of differently though. Risk is more focused and is regularly reviewed  during the sprint.

In conclusion, line operations and SCRUM having many similarities and a few differences. AGILE SCRUM is more focused than line operations and is organized around a functional paradigm for iterative development in lieu of linear operations. 

Comment:  The next post will  explore that a scenario of the adaptive organization. Please stay tuned.

References:

Pham, A., Pham P.V. (2012). Scrum in action: agile software project management and development. Course Technology, USA.

(2011). APICS certified supply chain professional learning system. version 2.2. 2011 ED. APICS. Chicago.

Monday, December 5, 2011

Core Operations Management: Money

Comment: This is the fourth in a series of posts on operation management. The series focuses on the ends of project management taking an operational view of environmental conditions into account and focuses on sustainability through adaptability. We are currently looking the basics; methods, materials and machiney, manpower, and money. This post centers on money. This topic always amazes me, how much tension and consternation arise from this topic.

Operations Management Basics

Business operations come down to manpower, methods, materials/machinery, and money also known as the 4M's. In modern capital economies, the traditional capitalistic business model exchanges work in return for its monetary value. Work may be characterized as service labor or as the productive effort that went into a finished good. All work results in a monetary valuation or price. Wrapped up in the valuation or price are the cost to add value (the cost-of-work or the cost-to-manufacture), risk, overhead, and the markup associated with the demand. The fundamental formula that applies is:
Profit = Revenue - Costs

Efforts are underway to change the accounting process to an consistent international standard that accounts for social and corporate governance concerns while attempting to change the fundamental capitalistic ideology. The fundamental formula still remains the driving force regardless of the socio-political rhetoric around this topic.

Money

Operations management is focused principally on efficient and effective work and its associated cost. Hence, money becomes a concern and focus. However, money is a singularity point and polarizing factor. Dollarizing everything is not always the best measure as there are efficiencies and effectiveness that are more difficult to capture in terms of money. Ratios tend to be a little stronger measure but perforrmance indexing is a better approach.

Performance indexing removes all dimensionality and relates options to one another or to a baseline standard. Typically, the baseline standard is the status quo but can also be a ideal condition or standard the organization aspires towards.

In the Figure 1 example, there is a need to live somewhere and work somewhere else. You find work but need to optimize the use of your limited capital and time resources in a down economy. You have two options; move closer to work or remain in place. Rent is lower where you currently live but the drive consumes a lot of time and money. Equal living conditions are closer to work but the costs add up. You need to realistically vet which option is the best use of your resources; time and money in this case.

Figure 1: Option Matrix
In this scenario, the performance index (CP) and the cost per month totals are very different. Moving closer is the stronger performing option when comparing all factors non-dimensionally but the costs are lower to remain in place given option characteristics. When time is taken into account, the determining factor in the example, the cost or money focus can be misleading when relational performance is considered. While the options involve money in the decision making, money is not the single decisive factor in this case. Efficient use of time is important despite being monetized as 120 hours annually spent sitting in traffic in order to save $600.00 a year? That 120 hours cost $4800.00 annually and would be compared to other uses to determine its best use. Some Financial accounting methods may take into account the cost of sitting in traffic. However, the non-dimensionalized option matrix got to it faster without the extra math. The sooner a reasonable decision can be made the higher tempo the operations become.

On a side note, there are a variety of tools such as this non-dimensionality method, operational risk management methods, Just-in-Time, and other operational tempo methods which may be known today as agile methods that aide in rapid decision making.

Other Than Money

Cash representing the associated values always has the most flexibility. Nonetheless, despite money being a singularity and a polarizing factor, value can be gained not only through the money but also knowledge, time, and through barter of things. Knowledge, also known as intellectual capital, can create circumstances of value that are often intangible. Time can be applied in various ways to create value. Interest is the most common. In some cases, bartering is better than exchanging cash. Bartering is common in circumstances where a monetary transaction may be more expensive, complex, or impossible than simply providing a thing in its place. International economies often operate on bartered values. For example, the United States overproduces corn. The Government buys the corn from farmers at prices that support the farmers efforts rather than allowing the corn prices to drop because of the excess supply. The corn is then provided to another nation to feed their population as payment of debts and/or to adjust trade deficits. Industry may conduct business in a similar manner. Especially, where money is not effective because there is no complex economy that could utilize the money as the case in some areas of Africa and Asia where providing housing, food, and other essentials is valued over cash payments.

Another other than money method is the use of collateral. In projects, it is not uncommon to use letters of credit as collateral. This approach is not a loan but instead a form of insurance that collateralizes future ability to pay. Other forms of collateral include but not limited to equity, assets, and accounts receivables. 

In Closing

Money is a driving factor and a singularity point in operations. Sometimes to the extreme. Some accountants may see the business operation wholly in terms of monetary value. So much so that they may develop pro-forma financial statements and think its a matter of adapting the business to the pro-forma statements. For example, they may cite a "Product A" on the income statement with all it's desire financial performance. In this kind of thinking, it is a matter of product development and marketing's job to find a product or service that meets the desired performance. Then its operations purpose to fine tune it and meet the expectations. More realistically, accounting may provide a financial resource forecast which places limits on the product or market development. Leaders and managers then juggle the operations to work within the means available and may utilize other than money apporachs. This often results in work around solutions in which the same results or outcomes are sought by varying and finding alternatives paths to the same end.

The primal equation of profit equal to revenue less cost remains the driving factor. Operations managers, as well as project managers, have a variety of options available to them when juggling funding issues. These options range in style and type from low cost sources of capital to work around solutions. When considering options characteristic performance may show a stronger option quicker than dollarizing options. Knowledge, time, barter, and collateral are alternatives means to cash at hand. However, cash or cash-in-hand is considered to be the most flexible and most desireable.

This concludes the operations management basics. The next several sessions will focus on some interesting topics and move into discissions on sustainability and adaptability.