It Now Magazine

T H E
M A G A Z I N E
F O R
T H E
I T
P R O F E S S I O N A L
WINTER 2011
FIT FOR
iT
Moving your career forward:

ideas, profiles and more
bcs.org/itnow
T
I
F
FOR IT
CAREERS AND SKILLS
INFORMATION SECURITY
06
10
12
14
16
19
26
28
30
32
34
FIGHTING FIT FOR IT

COMP. SCIENCE IN SCHOOLS
PROFESSIONAL BODIES
DO IT YOURSELF
BE A GREAT CIO
ONLINE WELLBEING
BAKED IN SECURITY
SECURE SOFTWARE
WAR ON CYBERCRIME
DEVILS IN THE MICROCODE
MALWARE RESPONSE
THE REST
HEALTH INFORMATICS
54
55
56
58
59
60
62
64
66
44 DESIGNED FOR AGEING

46 SAFETY FIRST
LEGAL
GAMING
HEROINES OF IT
BEST OF THE BLOGS
COMPUTER JOURNAL
BOOK REVIEWS
COMPUTER ARTS
PCG VIEW
LEFT OF INSIDE BACK COVER
EDITORIAL TEAM
Henry Tucker Editor-in-Chief
Justin Richards Multimedia Editor
Brian Runciman Publisher
PRODUCTION
Florence Leroy Production Manager
Advertising
E chris.bean@tenalps.com
T +44 (0) 20 7878 2415
Keep in touch
Contributions are welcome for
consideration. Please email:
editorialteam@hq.bcs.org.uk
ITNOW is the membership magazine of
BCS, The Chartered Institute for IT.
It is sent to a wide variety of IT
professionals, from systems developers
to directors, consultants to training and
education specialists. A subscription to
ITNOW comprises four issues.
All prices include postage. For subscribers

outside the UK, delivery is by Standard Air.
Annual subscription rates
Institutional: print edition and site-wide
online access: 150/US$285/225;
print edition only: 141/US$268/242;
site-wide online access only: 141/
US$268/212.
Personal: print edition and individual
online access: 141/US$283/212.
For payment details and terms and
conditions, please see: www.
oxfordjournals.org/our_journals/
combul/access_purchases
/price_list.htm
The current year and two previous
years issues are available from Oxford
University Press. Previous volumes can
be obtained from the Periodicals Service
Company, 11 Main Street, Germantown,
NY 12526, USA.
E psc@periodicals.com T +1 518 537
4700, F +1 518 537 5899
LEARNING AND DEVELOPMENT

50 AHEAD OF THE CURVE
52 SHAKING UP TRAINING
For further information, please contact:
Journals Customer Service Department,
Oxford University Press, Great Clarendon
Street, Oxford OX2 6DP, UK.
E jnls.cust.serv@oup.com
T (and answerphone) +44 (0)1865 353 907
F +44 (0)1865 353 485
To copy otherwise, or to republish,

requires specific permission from the
publications manager at the address
below and may require a fee.
The opinions expressed herein are

not necessarily those of BCS or the
organisations employing the authors.
2011 The British Computer Society.
Registered Charity No 292786.
BCS The Chartered Institute for IT

First Floor, Block D, North Star House,
North Star Avenue, Swindon, SN2 1FA, UK.
T +44 (0)1793 417 424
F +44 (0)1793 417 444
www.bcs.org/contact
Incorporated by Royal Charter 1984.
Copying: Permission to copy for

educational purposes only without fee
all or part of this material is granted
provided that the copies are not made
or distributed for direct commercial
advantage; BCS copyright notice and the
title of the publication and its date appear;
and notice is given that copying is by
permission of BCS.
Printed by the Wyndeham Group, UK.

ISSN 1746-5702. Volume 53, Part 6.
Jim Norton BCS President

David Clarke Chief Executive
Feedback
email: editor@bcs.org
MEMBER NEWS
THE IT AWARDS
WINNERS ARE...
doi:10.1093/itnow/bwr048 2011 The British Computer Society
Winners of the 2011 IT Industry Awards presented at a gala evening in London.

The Royal Shakespeare Company, Jaguar
Land Rover, Network Rail, Sainsburys, IBM
and the National Grid were among the
winners of the 2011 UK IT Industry Awards
run by BCS, The Chartered Institute for IT,
and Computing.
The winners and medallists were
presented with their awards by Alexander
Armstrong at a gala evening event held at
the Battersea Park Events Arena, London
on 10 November.
David Clarke, MBE, Chief Executive
Officer of BCS later said: On behalf of BCS,
The Chartered Institute for IT, Id like to
congratulate all our winners, medallists
and finalists. The awards are rigorously
judged, so to be a winner or medallist
means that you really are the best of the
best.
He continued: The great variety of
organisations from across different sectors
that collected awards this year reinforce
the fact that today the IT profession
is integrated into the business and is
increasingly being seen as a partner that
can help deliver real value, benefit and
success.
04
ITNOW December 2011
It also highlights the extent to which

IT is embedded in our society, from our
healthcare to the high street, from car
production to the stage; IT is the enabler
behind so many businesses in the UK.
In total 23 awards were presented,
covering project, organisation, technology,
and individual excellence and included
awards such as Security Innovation,
Infrastructure Innovation, Business Project,
Environment Project and CIO of the Year,
the latter collected by Sainsburys IT
Director, Rob Fraser.
Abigail Waraker, Editor of Computing,
said: Id like to congratulate everyone
involved in this years awards. Its great to
recognise such excellent achievements and
highlight the very real benefit that IT brings
to our society. The winners are shining
examples of the positive impact that
exceptional management and technology
skills can bring to the UK.
The annual awards are a platform for
the entire IT profession to showcase and
celebrate best practice, innovation and
excellence. Entrants can be organisations
or individuals involved in IT across the
public, not-for-profit and commercial

sectors.
The full list of winners is available online
at www.bcs.org/itawards
AGM 2012
BCSs 2012 annual general meeting
will take place on 14 March at the BCS
London office, starting at 2pm.
In January 2012 Professional
Members will receive details of how to
vote at the 2012 AGM. All Professional
Members will continue to be given a
choice of how they vote, online or on
paper. However, to vote by post you will
need to opt-in during January 2012.
If BCS does not hold a valid email
address for you, you will receive a
postal voting pack. Look out for an
email from the Electoral Reform
Services with more details.
Please ensure we have current
contact details for you by logging into
the Members Area.
www.bcs.org/agm
MEMBERNEWS
MEMBER
BENEFITS
Save time and money with
new, extra member benefits.
BATTLE OF THE
MILIBANDS
The winners of the fourth annual MP Web Awards have been
announced at a special event in the House of Commons.
David Miliband, MP has won the Social
Media category in the BCS MP Web Awards
2011 run by BCS, The Chartered for IT,
narrowly defeating his brother, Labour
leader Ed Miliband, MP.
Hosted by the Rt Hon Alun Michael
MP, the awards were presented during a
reception at the House of Commons on 23
November.
The standard for this years social
media award was exceptionally high and
there was a marked improvement by MPs
using social media to engage with their
constituents in a two-way conversation,
said David Clarke, MBE, CEO of BCS.
We are delighted that David Miliband
has won this award. His use of social
media is well integrated across his website
and our judges felt Davids diverse use of
social media made him a clear winner.
Narrow margin
Other finalists in the MP Web Award for
social media included Labour Leader Ed
Miliband, MP for Doncaster North, and
James Morris, MP for Halesowen and
Rowley Regis. David Miliband defeated his

brother by the narrowest of margins, their
scores differed by only one point in the
final round of judging.
Embracing technology
The annual awards recognise MPs who
embrace web technologies and use them
to engage effectively with their
constituents.
All MPs sites are automatically entered
and judges look for MPs who are using
their websites and web technology to
communicate with their constituents
effectively.
The awards were judged by an
independent panel of guest judges
including: Mark Say, Editor of Guardian
Government Computing; Oussama Kardi,
Deputy Member of Youth Parliament for
Hillingdon; and Ian Dunt, Editor of politics.
co.uk.
Go online for a complete list of the
winners at www.bcs.org/mpawards
We know that our professional members

are often short on time, and in these
difficult economic times, cost savings
are more important than ever.
To help support members and
save them time we have put together
something extra. We have a new
set of discounts and offers across a
range of products and services.
The price promises mean you
will be getting genuine cost savings
without having to spend time
shopping around for the best price.
The discounts and offers cover a
wide range of different areas, not just
for you to use in your working day, but
also when you have left your office.
Through the new scheme you can
save money on both business and
home mobile phones, landlines and
broadband. There are also discounts
on software, such as accountancy,
web and ecommerce design.
For those who travel there are
discounts on airport parking, hotels,
as well as foreign currency exchange,
car rental and even airport lounges so
that you can make the wait for your
flight that bit more comfortable.
In order to make sure that you
are financially protected the scheme
gives you money off various forms
of insurance too. This isnt just for
when you travel, but also for life, car
and private medical insurance. You
can also add roadside assistance for
additional peace of mind.
With the offers you can save money
on your fuel bills, get discounted gym
membership and even cashback on
shopping bills at high street stores.
In addition to these offers there are
many more. The scheme is available
now from the secure area website
exclusively for Professional (MBCS),
Fellow (FBCS) and Chartered BCS
members.
www.bcs.org/members
December 2011 ITNOW
05
FIGHTING
doi:10.1093/itnow/bwq049 2011 The British Computer Society
FOR IT
FIT
This issues focus looks at how fit we are for
IT, from a UK perspective with the teaching of
computer science in schools and the role of
professional bodies, to the personal perspective of
the entrepreneurial spirit and what it takes to do
some big IT roles. Its about careers and skills.
06
ITNOW December 2011
Top 10 IT roles applied for on Jobsite

1. Business Analyst
2. Project Manager
3. Java Developer
4. .Net Developer
5. Web Developer
6. Php Developer
7. C# Developer
8. Software Developer
9. Senior Java Developer
10. Test Analyst
Check out the BCS jobsite is at
www.bcsrecruit.com/
December 2011 ITNOW
07
GETTING TO GRIPS WITH
STRESS
IN PROJECT MANAGEMENT
Projects can be very tough

environments, especially when
things do not run to plan or
in turnaround situations, and
there is a strong correlation
between mental toughness, or
resilience, and management
seniority. BCS author Peter
Parkes FBCS CITP looks at
managing stress in the project
management
environment using
neurolinguistic programming
(NLP) techniques.
In small doses, stress provides a useful

stimulus. Stress is a natural response built
in humans as a flight or fight response to
danger. It increases the heart rate to pump
blood to the limbs so that we can either stay
to fight or run away quickly. In todays society we often involuntarily invoke this flight or
fight mode in response to social situations.
For projects, and other time pressured
jobs, the result can be chronic stress,
which results in strain, i.e. where we
do not return to our original state after
prolonged and cumulative stimulus. This
is sometimes referred to as burn-out.
Stress and burn-out have been cited as
the principle health concerns of project
managers. Long before burn-out occurs,
primitive responses triggered by stress
hormones result in many decisions being
routed to the primordial part of our brain,
the part dominated by fight and flight,
rather than the higher functions more
suited to social interaction. It focuses our
senses on a single issue facing us, to the
detriment of wider social interactions.
Sometimes our response can be
so extreme that it is called emotional
hijacking, where our mental faculties are
not in control of the situation, but we are
reacting to our hormones.
Working stress response
NLP regards response to stress as a
meta-program. People with a feeling
The good news is that stress is triggered by the

thought of a situation, not by the situation itself.
08
ITNOW December 2011
pattern respond to stress at work by going

into their emotions and then getting stuck
there, making it difficult for them to function
normally. At the opposite extreme, people
with a thinking style do not have a strong
emotional response to stressful situations.
Great for leadership, you may think, but
unfortunately this means that they are
not good at empathising either. These two
extremes account for perhaps a fifth of the
working population each, with the majority
being in the continuum between and having
some natural ability to choose whether to
empathise or stay detached as the situation dictates.
Reframing stressful situations
The good news is that stress is triggered
by the thought of a situation, not by the
situation itself. The brain processes these
thoughts, equates the stimulus and
context as danger, and triggers the stress
response. Once the threat passes you tell
yourself that youre safe and in response
to these new thoughts, your body returns
to its natural state of balance. We can use
NLP to reframe the context and also
manage our state so that we either avoid
triggering stress or make it pass quickly.
Given that the bulk of projects are
probably delivered later than the original
estimate, one of the most stressful
constraints on project managers is time,
especially when faced with complex
interdependencies. But can we reframe
time? We can reframe our attitude to it.
Time will never run out it is abundant
and infinite.
In planning we are only dealing with an
CAREERS AND SKILLS
abstract mathematical summation of third

party estimates based on imperfect data.
By law of averages, the estimate should
be under as many times as it is over, and
that is making the risky assumption that
the estimate was not unduly influenced to
be on the short side. Ideally, we will have
used three-point estimates (duration that
activity will definitely be complete, likely
to be complete, and possibly be complete
taking into account the optimists,
pessimists and pragmatists).
What we can do is track progress
against assumptions, monitor risks that
may affect planned duration, and address
mitigating actions for issues that are
impacting the plan.
Removing the source of stress
In NLP we say that every action, emotion
and behaviour has a positive intent, no
matter how bad the actual consequence.
Use of dissociation
One of the recognised NLP meta-programs
is association/dissociation. When associated,
we are in touch with our feelings and this
is a very resourceful state for working with
people. It is also the state most sensitive to
stress. Conversely, the dissociated state is
useful in potentially stressful situations. The
real skill is being able to switch between
the two according to context.
Previously we discussed the need to
be in tune with our emotions in order
to achieve greater self awareness, and
the fact that people can often be very
dissociated from their feelings. They are
not particularly happy or sad but just go
about their allocated tasks much like an
automaton. Often it is the result of some
trauma or depressing event in the past,
but in my early career I would sometimes
get stressed about project boards to the
point where I
felt unwell. I
realised that
I was coming
from a place of
fear as I was
not in control
of the board
and hated
surprises.
I recognised that this feeling had started

after I had been ambushed at one board
by someone with a hidden agenda. Instead
of gritting my teeth and continuing as I had
done, I started to visit key stakeholders
ahead of board meetings to see what
issues might come up and get their views
on them. As a civil servant at this time, like
In my view, panic around deadlines is

poor project management and should be
rectified by better planning and better self
management. If you feel that you need the
pressure of deadlines to be motivated then
make sure that your plan has plenty of
intermediate deliverables and milestones
so that pressure is not all loaded onto the
Panic around deadlines is poor project

management and should be rectified by better
planning and better self management.
in the armed forces, it was not usual to
arrange meetings with people who were
senior to you unless it was via your boss
at their grade. Individuals turned out to
be quite welcoming of chats outside the
floodlights, and said things that they would
not have at minuted meetings. This gave
me the confidence to relax more at the
actual project boards and operate from a
state of resourcefulness.
The mind /body connection and rapport
with self
You may be one of the lucky ones that
always seem to be in harmony with yourself. Some describe it as being grounded
or centred. For the rest of us, there is
usually some measure of internal conflict
going on. This can manifest itself in self
sabotage, and in the extreme can progress
through bouts of ill-health, depression,
stress-related illness and worse. Some of
us who work with NLP and health issues
believe that this is because the conscious
and unconscious mind fall out of rapport,
and communication between the two
breaks down.
Avoid passing stress on to others
People who run the away from metaprogram for motivation often feel that they
need stress around deadlines to motivate
themselves. At the extreme, some of these
are the people who heroically manage to
complete things at the last minute, from
homework as a child to deliverables on
major projects. The PM, often being more
resilient, may cope with this unnecessary
stress, but the team are likely to suffer.
back end of the project when there is no

contingency to use.
As managers, it is our professional duty
to make sure that our staff return home as
they left it, and not suffering from stressrelated illness as a result of our style or
failure to manage the work environment.
Regulation around health and safety
at work is also coming into play now and
classifying avoidable stress-related illness
as an industrial injury.
A common reason for people getting
stressed is that they are being aggressive
or passive rather than assertive. We need
to develop our assertive behaviour to avoid
stressing ourselves and others.
NLP for Project Managers: Make

things happen with Neurolinguistic
Programming is available via
www.bcs.org/category/14066
December 2011 ITNOW
09
THE FUTURE OF
COMPUTER SCIENCE
IN SCHOOLS
We all know that digital literacy

is vital in the modern world, but
are we making sure our next
generation of researchers and
academics, the innovators that
will produce the UKs valuable
digital intellectual property of
the future, are being looked
after too? Brian Runciman
MBCS reports.
With so many organisations depending on

computing, computer science itself should
be viewed as a fundamental discipline
like Maths and English. Engineering- and
science-based industries require
computers to simulate, calculate, emulate,
model and more, yet there is a shortage
in the UK of people with the requisite abilities to run these systems. And the problem
begins in school.
The Next Gen report shows that 40
per cent of teachers conflate ICT with
computing, not appreciating that ICT is
learning to use applications but computing
is learning how to make them.
This is a fundamental difference that
can be compared to that between reading
and writing.
Children certainly need to learn about
digital literacy and BCS already addresses
some of these issues with qualifications
like Digital Creator, ECDL, Digital Skills,
eType and other qualifications. But teaching
computing as a discipline in schools will
allow children to express creativity.
Disciplines learnt in even older
computing courses apply because these
are based on principles.
Its the skills area, such as specific
programming languages, that change.
Of course, practical work is still needed
For me, computer science is the new Latin.

to pick up practical techniques, but an
understanding of the discipline can take
children right through from primary school
learning to a university computer science
course.
10
ITNOW December 2011
What about the teachers and the

schools?
Unfortunately teaching computing seems
to have gone backwards in schools. In the
1980s children using BBC Micros had the
opportunity to learn programming and
wanted to create something using digital
building blocks.
But, at a certain point, that disappeared
and schools took to teaching ICT how to
use word processors, spreadsheets and
the like. Whilst these skills are useful you
cant forge a career in a creative industry
with them.
The qualification network has been set
up in such a way that the main motivation
for schools is to climb the league tables,
so they go for ICT qualifications that
are based around using software. The
teachers available have often done a great
job teaching ICT, but there arent enough
of them who can teach computer science.
So those two things together have actually
created an environment where head
teachers dont want to teach computer
science-related syllabuses.
This also affects the motivation of
the teachers who could teach computer
science-related areas, because ICT
teaching has been seen as something that
can be done by anyone who has those
basic IT skills.
Strange approaches
Strangely, the new English Baccalaureate
doesnt have computer science, or even
ICT, included in it. Even art isnt included,
so this could have knock-on effects in, for
example, games development, which is a
CAREERS AND SKILLS
coming together of art and technology.

A way of thinking of this is seeing the
teaching of computing as three-layered:
firstly the basic digital literacy, which
most people come out of the womb with
now; then the next level of the intelligent
user, perhaps in architecture or the like;
then there is the top layer: those who are
specialists in computing and are creating
new technologies and applications. These
ones keep us at the forefront of the
creative economy.
An interesting example of skewed
viewpoints was demonstrated recently
when Michael Gove spoke of Mark
Zuckerberg, surely an excellent computer
science role model as founder of
Facebook, as having studied Latin in
school. Gove didnt mention that he had
also studied computer science, surely
much more relevant. This shows the
traditional emphasis on the classics, but
computer science should also be part of
the curriculum.
For me computer science is the new
Latin, said Ian Livingstone at this point in
the discussion.
Another example of the difficulties
faced in changing approaches is shown
in games development as promoted by
universities. There are 144 games courses
at universities, but only 10 of those have
been approved as fit for purpose by
Skillset. Most are really updated versions
of media studies, showing context and
impact, but not teaching how to create
games.
The codes used by universities to
grade courses are also viewed as not
really doing the job. The universities could
help more by labelling courses more
accurately.
How do we get young people excited
about computer science in schools?
A drawback to the current curriculums
means that a child could be taught the
use of Excel spreadsheets three times
over their time at school, when most could
probably master it in a week. Its no
wonder many of them find ICT so boring.
Parents, guardians and teachers need
to be aware of the opportunities computer
science can offer. What IT can do in the

creative areas is exciting for children. For
children in secondary education seeing
of digital literacy, but the core academic

discipline of computing.
The UK needs to take this seriously
The application of computer science in, for

example, robotics, such as Lego Mindstorms,
can show children that through a computer
you can build and animate an entire world.
the application of computer science
in, for example, robotics, such as Lego
Mindstorms, can show them that through
a computer you can build and animate an
entire world.
If they see the creative potential while
they are young they will stay engaged later.
There are also exciting possibilities
in the games industry despite the bad
press, 97 per cent of what is produced is
family friendly and very innovative. Its
true in the financial industry too, which
uses advanced modelling techniques.
Many physics PhDs wind up in the city of
London doing computer science activities.
Computer modelling in engineering is
vibrant; pharmaceutical companies
are dependent on modelling too. There
are huge opportunities for those with
programming talent.
We could also make better use of role
models. If you stopped the average child
in the street they would be hard pushed to
name an IT role model. Possibly they would
think of Sir Tim Berners-Lee, but we need
to champion these more too.
when in China there are a million

graduates with computer science,
engineering and software engineering
degrees. Some of the best intellectual
property in technology is coming out of
Israel, where computer science is taught in
schools nationally.
Industry can help too, perhaps
encouraging the young to program on new
mobile platforms through competitions
and the like. This is being done, but more is
always helpful.
What progress is being made and what

can be done?
This is where BCS and the Computing at
Schools group have a very important role,
because they can bring together the
academic community, grow it and help
others get involved, commented Andrew
Herbert.
This needs to include a partnership
between the universities and schools. Until
recently the government was happy that
there were plenty of ICT qualifications and
a curriculum in place, but with the national
curriculum review, it seems that the DFE
now recognise not only the importance
This article is based on a video round

table discussion produced by BCS, The
Chartered Institute for IT, on behalf of
the BCS Academy of Computing. It was
attended by BCS Academy of Computing
Director Bill Mitchell; Andrew Herbert,
former Chairman of Microsoft Research
Europe and a key player in setting up the
Computing at Schools Working Group; and
Ian Livingstone of EIDOS, coauthor of the
recent NESTA report, Next gen.
What next?
The panel agreed that computer science
should be an option in the science part
of STEM and that education needs to be
reformed in schools and universities.
Computer science needs to be seen as an
essential discipline and on the school
curriculum from early stages.
Bill Mitchell concluded: Every child
should be experiencing computing
throughout their school life, starting at
primary school, through to age 16, even
18.
The full video is at: www.bcs.org/video

The NESTA report is at: www.nesta.org.
uk/publications/assets/features/next_gen
December 2011 ITNOW
11
THE RELEVANCE OF
PROFESSIONAL
BODIES
As IT proves its business value,

are professional bodies more
or less relevant? Christine
Williams, Head of Global
Membership for CIPD, Simon
La Fosse, MD of specialist CIO
recruiter La Fosse Associates
and Richard Harris, CIO of ARM
Holdings, discussed the issues
with Adam Thilthorpe, BCS
Director of Professionalism.
Brian Runciman MBCS reports.
12
ITNOW December 2011
Can membership of a professional body

help reduce the cost and risk of
recruitment? According to Simon La
Fosse, yes, as long as its part of an
effective recruitment policy.
Richard Harris said, at ARM, we find
this to be increasingly so as the IT industry
matures just as with lawyers, doctors,
accountants. We are starting to look out
for this on CVs.
Maturity issues around professional
bodies are relevant, particularly in IT, which
a relatively immature profession itself.
What can we learn from CIPD, which has
recently enjoyed an explosion of relevance?
Christine comments: Our Institute was
established 100 years ago, but the business
influence of HR is more recent.
Newer professions may be new but they
are professions. Demonstrating that is the
challenge for newer bodies.
Our CIPD qualification is not a licence
to practice. But this is important, because
it says to employers that our members
are self-motivated, choosing to do this for
recognition.
Where membership is mandatory,
motivations could be questioned.
Licence to practice for IT?

Richard Harris commented that IT could go
the way of licensing all practitioners, but
membership of a professional body is more
about professional development and the
confidence that gives to business leaders.
This led to the next area of discussion,
whether professional and business skills
are making inroads now in IT. Are we
seeing a blending of IT and business skills?
At ARM there is an emphasis on
leadership and engagement with
other business functions, commented
Richard. People are being equipped as
IT professionals working in business
environments, something that is crucial.
Simon: The ebusiness agenda is
changing organisations approaches. There
is also an entrepreneurial aspect to this
coming through.
So what are CIO common behaviours?
Are they now more qualified as the role
has changed so much over the last 15
years?
They are not necessarily more qualified,
said Simon, but the job has changed. Its
more about their ability to evolve rather
CAREERS AND SKILLS
business picture.
Sustained investment in people is
needed. A professional body that promotes
lifelong learning can support the right
person for decades.
We all believe in a blend of experience
and qualifications, so what should a person
who belongs to professional body bring to
an organisation? Is it tangible?
Simon: Its tangible experience that
would not have been gained in that role
alone; engaging with their peer group;
understanding at a more fundamental level
the parts of their role. And qualifications
cover basics that need to be covered, so
Christine: Its not just what you know but

what you do and how you do it. A key point
in a relationship to see professionalism is at
point of recruitment so accreditation by a
body gives that. Its about added value.
IT is at a crossroads moving from
technical to business influence. So the
measure of a persons expertise in IT needs
to be measured in a more sophisticated
way. The IT profession is uniquely placed
disruptive technologies can hit to the heart
of a business and change them quickly. But
success is based on business outcomes.
Professional bodies can help people
become more rounded to address these
A key point in a relationship to see professionalism

is at point of recruitment so accreditation by a body
gives that. Its about added value.
professional qualifications are good to
show level of competence.
than a specific competence. We have seen

a radical change in responsibilities. For
example, we had a worldwide consultancy
firm approach us to help with the
recruitment of a CIO and a head of digital
and there was a big debate about whether
this was one role or two. The conclusion
was that these were two separate roles.
Opportunities of recruitment
The costs of getting recruitment wrong are
massive and with organisations
trying to reinvent themselves digitally
there are big changes to business models
being undertaken.
Richard: The cost of recruitment is big
for an organisation going through a lot
of change. There is also an opportunity
cost if you get people that can take the
business to a new place then they are
contributing more value showing IT as a
solution to business problems.
Christine commented that in the
HR area the idea is to contribute to
organisational change so its very
important to get the right individual. Not
just one with the right technical skills
but someone who can input to the bigger
issues.
Simon: A professional body can help
move the IT mindset from a technical to
So are professional bodies still relevant? a business perspective, which is a huge
Professional bodies are even more important opportunity for BCS.
now, says Simon, especially for CIOs, as
Christine The days of trust me, Im a
the role is moving so quickly. They need
professional are gone. But bodies can give
help to stay ahead of curve and profesthe public confidence. The public duty of
sional bodies help there.
care is part of a professional bodys remit.
A professional body is always changing
Codes of conduct and ethics frameworks
and that is helpful for a member. For
are a very important function.
CIPD, says Christine, 135,000 members
represent a collective brainpower the
The tipping point
added value of support. You can find
The building blocks are in place for IT to be
lessons from your peer group and bring it
recognised as a profession. So what do we
back into the business.
need to do to get to the tipping point?
A professional body can be a friend it
Simon: Its not about driving recruitment
hones feedback, which is really important, companies to insist on membership, but
adds Richard.
to make sure individuals see value in
membership, so it becomes a de-facto
Yet recruit adverts dont often feature
requirement. Theres a lot of space to
professional body membership as a
communicate the benefits of membership
requirement. Is that a problem? What can more widely to demonstrate that this is
be done?
not a dry area.
Richard: Im not too concerned. There are
Richard: Sometimes bodies come
desirable experiences and expertise, that
across as staid. But in ARM, IT is viewed as
membership requires, but we also want
fun, meaningful and interesting and that
creativity, so making membership a mustneeds to be reflected by BCS. A sense of
have could exclude good people. But
fun, interest, care and responsibility.
membership of a body is desirable, and
suggests that people can add value to an
The full video is at www.bcs.org/video
organisation.
December 2011 ITNOW
13
DO IT
YOURSELF?
The entrepreneurial spirit is

alive and well in the UK and
could suggest another possible
career path. What inspires you?
Brian Runciman MBCS spoke
to some of the finalists in the
BCS IT Awards Innovation and
Entrepreneurship section.
Innovation is exciting all the way through

the process, from concepts to raising
capital, and testing to success. The BCS IT
Awards showcased a wide range of
innovators.
Thank you for the music
Are you the new Thom Yorke (or Jonny
Greenwood)? The traditional market for
professionally created physical guitar tab
books has seen declining sales over a
number of years, due to the rise in
popularity of free user generated ASCII tab
websites. But any guitarist will tell you that
many sites have inaccurate tabs, wrong
chords and even music in the wrong key.
Digiclef Guitar Buddy (DGB) is a new free
app that addresses these issues for the
serious (and semi-serious) guitar player,
and its all legal and artist approved. There
are some free tabs, but its in-app
purchase functionality retails tabs from
artists such as Radiohead, Foo Fighters
and Queen (and Depeche Mode See the
demo video we recorded at the Awards
here: www.bcs.org/video).
Guitar Buddy also provides a number of
advantages over physical tabs: using touch
screen technology to navigate the guitar
tab, variable tempo to allow guitarists to
practice according to their ability, scrolling
The sale of DigiClef compatible Guitar Tabs has

effectively revived a revenue stream for publishers.
so users can learn and rehearse the full
song performance without having to stop
to turn pages, playback to provide an audio
guide, section selection and looping to
14
ITNOW December 2011
practice specific sections and an in-app

store providing rapid access to hundreds
of new free and paid for tabs.
The sale of DigiClef compatible Guitar
Tabs has effectively revived a traditional
revenue stream for sheet music
publishers.
Delivery innovation
Failed deliveries cost UK retailers 1bn
in delivery costs and many times more in
lost sales a year and is the greatest cause
of online shoppers dropping at checkout.
Shutl is a new UK-based delivery
service that enables retailers to offer
two delivery options to their customers immediate delivery within as little as 90
minutes, or delivery within a one-hour
window of the customers choosing. This
is made possible by operating a platform
that aggregates capacity in the same day
courier market via a web service.
Shutl chose Amazon Web Services to
provide their cloud infrastructure, allowing
retailers to integrate with their web
service API via ecommerce, point of sale,
mobile or telephone channels. The service
also allows customers the option to track
their orders and watch them shutling
their way to them in real time on a GPSenabled map. All apps are built in REST
(a lightweight alternative to SOAP-based
services) using Ruby on Rails.
Shutls record delivery time stands at 17
minutes, with an average of 70 minutes.
Health in the cloud
The health domain has to face problems
with fragmentation of information and
legacy systems.
Over the next few years the amount of
data held in hospitals should go down, but
only at the cost of further fragmentation
as different kinds of carers, therapists,
nurses and the like deliver healthcare
in patients homes and nursing homes.
This will cause even greater information
problems in the long-term, as these
disparate sources will need to adhere to
the requirements of good
governance; security, scalability and
trustworthiness.
Researchers at Edinburgh Napier
CAREERS AND SKILLS
University, and Imperial College, along with

clinicians from Chelsea and Westminster
Hospital have created a new ehealth
platform which overcomes many of the
GENOME MAPPING
With the increase in the seriousness
and utility of what can be derived
from genomics, getting the approach
right has implications for all of us.
The life sciences require very
computer intensive applications.
Demands in the testing environment
have led some to set up in-house
operations to address this need, but
often these self-made server farms
are unsupported.
This complication, taken in tandem
with the fact that reducing time taken
to develop a drug can reduce costs
by 300 million with better computer
modelling (meaning less time being
wasted at the clinical trial end) has
led to Constellation Technologies
cloud computing service.
Data from a sequenced human
genome is used to determine new
targeted therapy treatments, i.e.
medicines that work for ones own
genome. Constellations software
as a service can turn large amounts
of data into economically and
socially important information with
the potential to lead to life saving/
enhancing medicines.
Constellation Technologies is a UK
based high technology start up using
technology and expertise developed
as part the UKs particle physics
research programme. Based at the
Rutherford Appleton Laboratories
near Harwell, Oxfordshire, the
company also uses, when necessary,
technologies and expertise developed
under the European particle physics
programme at CERN, Geneva. Its
clients include some of the largest
pharmaceutical companies. The other
consortium members are Microsoft,
Active Web Solutions and STFC.
existing problems with usage of electronic

patient records. Called PatientCloud, it
uses new security methods to integrate
assisted living with primary and secondary
healthcare, and aims to create an
integrated environment for the capture,
storage and delivery of clinical services.
number of systems and displays it to ward

staff via a 46 flat screen panel.
The ward tracker application provides a
complete, real time overview of key patient
information for the staff. It is both easier
to read and displays a greater amount of
data, supporting clinicians in delivering
Reducing time taken to develop a drug can reduce

costs by 300 million.
Key clinical services can be accessed
from a range of devices, including from
web pages and mobile phones. The work
has also created a unique patient simulator
which can create vital clinical measures
for a wide range of patient illness, such as
for health conditions and infection-related
illness, and feed these into data buckets so
that the clinical services can be observed.
more efficient and effective quality of care.

A traffic light scheme alerts staff to the
current state of test results for all patients,
and similar schemes give visual indicators
for an early warning score, time elapsed
before senior review and whether critical
care indicators are present.
Forensic imaging in reverse?

Analysis of images is a well embedded
Evolving into a web company
skill, but Functional Technologies
Many companies are facing huge
forensic image analyser is capable of using
challenges as they evolve into web
the enhanced sensor pattern noise (SPN)
companies. With the continuous growth of
extracted from images to identify specific
eretailing, site downtime and slowdowns
source devices, verify content integrity and
can lead to unhappy customers, lost
blindly classify images into groups.
revenues and decreased brand value.
The novelty of this product lies in the
Aware Monitoring provides a software
sensor pattern noise enhancer, which
solution that continually monitors websites
is currently the only method capable of
or web applications and alerts providers
preventing scene details from distorting
to any issues. The product operates at a
the SPN and facilitating the forensic
number of levels, from basic site monitoring applications effectively.
to advanced monitoring of a customers
Due to manufacturing imperfection,
journey through a site. It is not only easy to
semi-conductor sensors of digital imaging
use but requires no installation.
devices leave unique sensor pattern noise
The location of the company office at
in the images. Like human fingerprints,
the Nottingham University Innovation Park these are unique and can thus identify the
enables frequent interactions with other
source device.
start-up organisations also based at the
An even more challenging task
university. Staff is closely involved with
addressed by this innovation is blind image
the local and national start-up community, classification, which aims to classify a
including sponsoring Nott Tuesday, a
large set of images in the absence of the
monthly tech event started by Adam Bird,
imaging cameras. The system also allows
CTO of Esendex, one of Nottinghams
content integrity verification. The system
fastest growing technology companies.
is used by a number of police forces in the
UK, France and Australia.
Whiteboards to flatscreens
A new Windows-based application
www.awaremonitoring.com
developed by NHS Countess of Chester
www.constellationtechnologies.com
Foundation Hospital can replace ward
www.shutl.co.uk
whiteboards. It streams data from a
www.bcs.org/awards
December 2011 ITNOW
15
BIG JOBS 1: WHAT IT TAKES TO BE A
GREAT CIO
The BCS and Computing UK IT
Industry Awards took place on
10 November 2011. Some of the
finalists in the CIO of the Year
category, and the eventual
winner, give an insight into
their careers and the achievements that have brought them
this far.
Phil Pavitt, HMRC

What does it take to be a great CIO?
Its about leadership, people,
understanding the business. The order
depends on the issues you have to face.
Whats the biggest challenge you face?
Trying to develop and deliver massive
changes with cost restrictions. Right now
it is to help fund UK PLC, cut costs, serve
business, collect tax and close the tax gap.
Best advice?
A retiring person said to me: Worry about
the numbers, not the anecdotes that
people say. You need to listen to people
of course, but what do the numbers really
say? Understand them. Its not based on
personalities or stories, because you can
always find bad IT stories.
Biggest achievement?
I have a saying that I am a business leader
who happens to work in IT. I want to make
IT boring, not as in people dont like it, but
in that people dont talk about it.
Ian Cox, May Gurney

You need to understand the business so
that your strategy and the solutions that
go with that are aligned with where your
business colleagues are going.
Stretching thinking as to what is
possible with technology. At May Gurney
we were fairly unsophisticated, so we
wanted to raise expectations, and get
I want to make IT boring, not as in people dont

like it, but in that people dont talk about it.
16
ITNOW December 2011
people to believe that a lot more was

possible other than just fixing problems.
Now we are beyond that and are
managing expectations.
Best advice?
A previous mentor suggested I attend
London Business School to do a corporate
finance course so that gave me a good
understanding of how business works
from a corporate and financial
perspective.
Youve got to have a good technology
background, but youve also got to
understand how the business works.
Youve got to be able to describe the
technology and solutions in a way that
business people understand them and
show the link between technology and
what the business outcomes are.
Creating a new platform, so we can win
new work. Weve come from being behind
our competitors to winning work because
of our technology.
James Thomas, UCLH

Its multifaceted you have to have an
ability to understand business and outputs
from business and the inputs required to
support the business. You have to have
the right people around you and be able to
motivate them. You also have to have an
appetite for change you mustnt fight the
need for change as its absolutely at the
core of the role.
The role is the bridge between business
as to how it transacts and produces its
outcomes and a suite of technologies and
information to try and help that business
CAREERS AND SKILLS
work. So you act as a broker between

those two. To help people understand
what their information need is and then
work with a world that is becoming
ever-more complex in the technology
provider space and work out which of
those bits you should be trying to deliver
and put in place to assist your business.
Best advice?
Paul Coby wrote an article for CIO
magazine on the top 50 things to do to be
a CIO and that was broken down into what
you need to do for yourself, what you need
to do for the business, how to motivate
your staff and so on.
I go back to that every two years or so.
Its really interesting because youll find
that in the last two years youve focused
on a couple of areas and made progress,
but sometimes to the detriment of others.
Its good to make sure I go back and tackle
all the areas in a positive way.
The job will be difficult and challenging
at times, but when you get through
challenging times you are a much better
person because of it.
Try to take the positives from an
oppressive situation. There will be a way
through, so take the positives, learn from it
and coach others.
For the last five years Ive been working
in the NHS and the focus that comes from
making something better for a clinician or
nurse is phenomenally rewarding.
One of the big biggest achievements in
the last couple of years was that I inherited

IT can be a little bit like the wild west,
so my challenging times have been
working with decisions weve made and
getting them to work with partners.
Best advice?
A lecturer at Uni gave me advice on

More of it is about being customer-facing
and customer-focused rather than being
a technologist now and with that a really
good CIO needs to understand his team
and make them feel empowered and know
There will always be a way through, so take

the positives, learn from it and coach others.
a data centre of 120 plus clinical systems
in the basement of an old building and over
a nine month period managed to move that
into primary and secondary systems
without a single bit of downtime for six
hospitals. It went from my biggest
nightmare keeping me awake every night
to being a really good success.
From a clinician/nurse perspective they
didnt even know wed done it, so that was
a really good testament.
In April we opened a 100 million
cancer centre without waiting rooms on
the basis that we are using kiosks, texting
and summoning; we have orchestrated
the building around making the patient
experience better. This also enables people
to be assessed and prescribed in one-day,
something that previously took two days.
The Winner: Rob Fraser, Sainsburys

You need to be good with building
relationships across the business. IT
connects the business, so we work
with every division all the time. Need to
be in step with our colleagues great
relationship builder, and commercial in
thinking rather than tech centric.
Mark Bramwell, Wellcome Trust
careers to follow, youve spent three

years training as an engineer, its
madness to throw it away, you may
not like IT. But IT has matured and paid
twice as much. Best: Chief Executive
Justin King says about his career: always
try to do an absolutely fantastic job of
whatever youre doing at the time and
when an opportunity comes up grab it.
The thing Im most proud about is going
from trainee programmer to IT Director
across 25 years. It is harder and harder
to find an entry-level position and go to
the top we are proud of that possibility
at Sainsburys.
what success looks like. If the team isnt

successful, then neither am I.
We are a unique organisation that has
three autonomous businesses in
investments, grant giving and a head office
function. In any given day I could be
talking to our chief investment officer who
is looking after 14.5 billion, or 220 PHds
giving away 600 million of grant funding
or to the COO about the forecasting for the
year. So transitioning between being an
investment banker, medical researcher
scientist or COO, is what I face everyday.
Best advice?
The foundation is service. If you cant
deliver a service that is reliable, robust and
performing then you may as well forget
everything else. If you deliver service you
build credibility and that leads to trust. If
you have trust you can influence and add
value to an organisation. Its one of the
most exciting times there has ever been in
technology. So careers in this area are a
great opportunity.
Being shortlisted for CIO of Year Award!
Also, having been able to save over a
million pounds in IT operating costs. Being
the organisation that we are that money
goes to supporting medical research,
making a positive contribution. Every
pound I save could be the one that goes
toward curing cancer or malaria or
diabetes.
The full videos are here:
www.bcs.org/content/conWebDoc/42600
December 2011 ITNOW
17
BIG JOBS 2
What online resources are valuable in
your area?
There is a phenomenal amount of online
resource available in such a wide range
of areas too, it would be impossible to list
them all. Sites like support.microsoft.com
and experts-exchange.com are invaluable
resources for people in IT providing
technical support. Google alone can be such
a powerful tool too. Outside of that are the
various industry bodies, of which BCS is one,
which will help you advance your career by
providing the resource and help needed.
Rich Kavanagh FBCS CITP

Head of ICT & Facilities
Brief description:
Responsible for ICT strategy development
and implementation, business continuity
and budget management, team leadership
and development, risk assessment, policy
formation and project management.
Type of organisation:
Charity/third sector
What do you love about your job?

The variety, without doubt. Every day is
different; no two days have ever been the
same in all the years that Ive been doing
this job. You can start your day thinking you
have it planned quite well and more often
than not, something happens to throw a
spanner in the works. There is also a great
challenge too. Running a corporate
network with 100 per cent availability can
be a full-time job in itself. On top of that is
the challenge of the ever-decreasing
budget as the requirements from the board
to reduce expenditure and generate more
revenue are always increasing.
What are the prospects for advancement?
The career path in IT is often quite wide
and varied. In smaller organisations the
career path may be limited but you should
use this opportunity to expand your skill
set and gain as much experience as
possible. In larger organisations there is
quite often a career ladder you can climb,
from being a first line technical support
officer to managing an entire department.
What do you consider your biggest
achievement?
I have two achievements of which I am
18
ITNOW December 2011
very proud. The first is achieving my

BCS Fellowship status; it really is the
gold standard in terms of industry and
peer recognition. The second is being
able to reduce the expenditure of the ICT
Department at Keep Britain Tidy by over
38 per cent. This is a huge saving to a
charity organisation where every penny
really does count.
What do you find hardest?
From a managerial perspective, losing
good members of staff is pretty hard.
The ICT department of most
organisations is a close knit team,
regardless of the size. Its always hard
trying to replace someone, it can often
take months to train them and you need
their personality to fit in with not just the
department, but the organisation too.
Another area thats hard is managing
peoples expectations. We seem to live in
an always-on, always-connected world
these days. If people cant connect to the
internet or access their email for even a
very short period of time, it can be quite
disastrous.
What do you consider key success
factors?
Being able to provide the organisation with
what it needs in order to deliver its
objectives.
The board members or senior
management team of an organisation will
often set the goals and objectives of the
organisation without realising the potential
impact on the ICT department in terms of
whats deliverable for the (often limited)
budget available.
If you are able to provide the
organisation with the tools it needs to help
it succeed, you wont go far wrong.
What qualifications do you value most, or

have been the most use to you?
My Chartered IT Professional status has
been the most valuable as it carries the
most weight. BCS is known and trusted
worldwide as the industry body. Their
code of conduct to which members must
adhere to also proves that people with
Chartered IT Professional status are
serious about their professionalism.
What do you think of the Project
Management career path created by BCS?
I think the chart in the middle is fantastic.
It allows you to see exactly where you are,
or where you want / need to be, alongside the relevant BCS membership level
too. The development needs section is
very good too as often people get stuck,
not knowing what they need to do next in
order to progress their chosen path.
www.bcs.org/careers
What advice would you

give to someone trying
to get into your job?
Quite simply, do it. The requirement
for people with good skills, knowledge
and experience is never going to go
away. As people and organisations
become more and more dependant on
technology their need for support will
continue to increase.
Id also recommend trying to choose
a specialist subject in which youre
more focused on. Be sure to have
a good basic skill set across a wide
range of areas or technologies but if
possible focus to become an expert in
just a few.
ONLINE
WELLBEING
FOR CHILDREN
Eric Schmidt, Googles Executive Chairman, recently said

there are only two states for our children today, asleep
or online. A recent BCS roundtable discussion, Children
are digitally savvy but are they information savvy? How
e-safety training in schools can help, addressed one of
the implications of this.
The discussion was attended by Dave Miles, Director at the Family Online
Safety Institute; James Garnett, Lead ICT Projects Executive, United Church
Schools Trust; Alan Earl, Harm Reduction Officer of Avon And Somerset
Constabulary on secondment to the South West Grid for Learning and Jeremy
Barlow, Relationship Manager, BCS. Brian Runciman MBCS chaired.
Parents, teachers and pupils know the Stranger Danger approach for
helping children deal with people they dont know, but they need similar savvy
December 2011 ITNOW
19
online social brand is important so that

children have thought about what may be
available about them when they come to
look for jobs. University dons and future
employers can easily find this information
today. There is a large growth in
acceptable youth policies recently should
a teacher friend a pupil and so on the
scope is large.
advice in the online environment.
Schools need to be sure they are doing
the right thing too, as the Office for
Standards in Education, Childrens
Services and Skills (Ofsted) requires them
to verify that they are managing these
risks and teaching the relevant skills.
Teaching young people about safety in
the virtual world
Alan kicked off the discussion: The
internet is a powerfully useful tool. We
wouldnt send someone who came into a
school with a big knife and to the domestic
science block, but with internet safety
people get directed to the IT person and
the issue is bigger than that.
There is a permanency to what our
children post online. Children lack the life
experience of the real world that parents
and teachers have, but with less technical
savvy. This means parents are not always
well equipped to address online safety
issues, especially as they are time-poor.
As to the division of responsibilities,
James commented, They are across the
board. Educators can raise issues, but
children dont always take this on board.
We have a duty to educate the teachers
as well. In one of our schools over half the
teachers didnt use social networks.
FOSI represents 30 of the largest
social providers in the worlds, says Dave.
We need to recognise that these are often
innovative technologies, so there will be
disruption to social norms. One of the
ways we frame that, because its a global
phenomenon, is that we talk of digital
citizenship bringing social responsibility
of the real world into the online world. This

includes the role of government and law
enforcement. Its a real challenge, but all
those stakeholders have a duty to work
together.
Alan commented from the parents
side: Weve dealt with 7,000 parents and
we find there is still a lack of dialogue
between parents and children. Children
arent challenged about how they behave
online by their parents. They need to speak
together.
Behaviour on social networks
The EU Kids Online report said that 59
per cent of 9-16 year-olds have social
networking sites (and 49 per cent of 11-12
year-olds) and of those, 26 per cent have
public profiles so that anyone can see their
personal information.
This indicates that the perception of
privacy is changing, so how should that
affect our approach as a society?
Dave: A lot of children go online
technically underage and parents are
complicit because they want their children
in the online world, to talk to grandparents
and the like. Theres an education process
there. Facebook has updated its privacy
settings to reflect changing views, which is
an ongoing process. The notion of privacy
is changing. Youngsters have a different
perception of offline and online friends.
Alan: The way children view privacy is
changing the way adults view it too. Its
difficult to simplify privacy policies, so
talking to kids about it is vital. Its about
education.
James: How children manage their
At school age there has to be a conversation

between the parents and children about this
rather like the sex conversation.
20
ITNOW December 2011
Privacy settings
Should privacy on social networking sites
be set at the highest level by default to
help protect all users?
Privacy settings are vital, says Jeremy,
but behaviour is equally important.
Social networking can have a competitive
element to it the number of friends or
followers children have. This can lead to
foregoing privacy.
Social networking is based on sharing
and being open so expecting sites to
automatically set privacy at the highest
level is unlikely and in many ways going
against the philosophy of the idea. Its
also not just about Facebook. Theres also
Twitter, uploading photos to Flicker and so
on. Even iTunes has an age limit of 13.
So how rigorously should we enforce
age limits on social networks?
Dave: There are 194 countries in
the world and they all have differing
legislation. Over the last few years its
changed. Five years ago there was a fixed
PC, in a public room, but now networking
is on games consoles, smartphones and
the like its broken the fixed idea. At
school age there has to be a conversation
between the parents and children about
this rather like the sex conversation. At
that point you can share in the positives
and find out how children use technology
and celebrate the creativity. Then discuss,
secondarily, risks and security at a level
relevant to their age.
How can we simplify privacy policies for
young people?
Alan: I dont think we can. But they can
understand what they are putting online
and that what they are doing has some
parameters.
Dave: The different platforms do
CAREERS AND SKILLS
Its like we are in an aeroplane but the

children are flying it. We need to go into the
cockpit and ask them what they are doing.
have a lot of parental controls. There is
already a European-wide default filtering
on mobile devices. So parents need to
be a part of the purchasing process and
interpret those things on the childs behalf.
Sometimes parents are unaware of the
capabilities of the devices their children
use, so parents need education too. This
could also come via schools. The PEGI
system is addressing some of this.
Jeremy: There is a curriculum
opportunity there too. The difficulty is
getting the appropriate amount of time for
this, but there is also a wealth of material
for extracurricular activities.
Risk management
A 2011 OFCOM survey highlights that
33 per cent of 12-15 year-olds speak to
friends of friends or people they do not
know online. So what can teachers and
parents do to improve childrens
understanding of the risks? .
Talk to them, says James. In the Byron
review, it mentioned the concern that
children are being taken away from risk
dont play outside, but stay indoors on your
computer because its safe. So, ask them
about the apps they use, be aware of the
changing technology and dont be afraid
to appear to be behind the curve when
speaking to your children.
Dave: The nature of parenting and
families is changing to make the role
of IT and literacy vital. So the Institutes
e-safety qualification is important because
it allows children to all come in at the
same level and that engagement is key.
In Luxembourg there is a digital passport
where children get responsibility points
that translate into gift vouchers and the
like. BCSs approach is really important,
not just for children but for parents.
Alan: Teachers and parents need to
take the fear factor out, to understand the
positives and the risks. And a qualification
that can assist with that is helpful.
Jeremy: The language we use
is important. The very term risk
management has fear culture
connotations. We want to enrich the online
experience with e-safety qualifications.
James: Children are going to play with
this stuff anyway, so we need to talk to

them to help them understand.
Its like we are in an aeroplane, says
Alan, but the children are flying it. We need
to go into the cockpit and ask them what
they are doing. Its my belief that it is the
child we need to educate the most help
them understand risks - but parents are
very important too.
Dave: Its about rules, tools and
resilience in the online world. Parents do
the rules and tools, children should work
out the resilience. Parents are catching up,
the playing field is levelling.
Jeremy: There are also plenty of
good materials online for education, so
organisations like those represented here
should be signposting to these things for
teachers and parents.
Where next quick wins and longer term
James: The new BCS e-safety qualification
is certainly a quick win. With it a school can
frame their curriculum around a
recognised qualification. So when Ofsted
come the school can show it has begun on
that path. Its not at the end of that path,
but its on the way.
Alan: Data from 360 Safe indicates that
staff training is the weakest area. So if the
BCS qualification enables improvement
there are no drawbacks to that.
Id like to reiterate, says Dave, that
in the longer term we have to recognise
the child/parent conversation. Governors
bodies and parents associations have a
role. There is a generational transition
going on. There are challenges, but I think
we are now coming through the worst of
it. In the next 10 years we are going to see
real benefits from that.
Alan: The internet is such a great
environment, so its real important that
e-safety is part of school curriculum.
We also need to understand that the
area is evolving with new platforms and
emerging technologies, says Jeremy.
Ofcom suggest 35 per cent of 15 year-olds
have smartphones. Id like to quote a piece
from The Guardian by Stephen CarrickDavies, 19th July 2011: A new three Rs of
literacy would help us to understand the
risks, better manage online reputations
RESOURCES
BCS has launched e-safety, a Level
1 qualification that maps to parts of
the National Curriculum for PSHCE Personal Wellbeing, Citizenship, ICT
and Every Child Matters.
It aims to help teachers raise
the issue of online safety with their
students and covers the potential
risks associated with being online,
how to protect yourself and your
personal information online, as
well as how to behave responsibly
and within the law whilst using the
internet.
Information is at www.bcs.org/
category/14422 The full video is at:
www.bcs.org/careers
Risks and safety on the internet:
The perspective of European
children. Livingstone et al:
www.eukidsonline.net
A PDF of the survey results is
available from The i in online :
www.chis.org.uk/file_download/49
Stephen Carrick-Davies piece:
www.guardian.co.uk/society/
joepublic/2011/jul/19/mobilephones-young-people-vulnerablethree-rs
and together build resilience to cope with

the contradictions and opportunities of
the online world. I think thats a good
summing up.
Dave: E-safety is a set of life skills.
Some countries talk about digital wellbeing.
So we need to look at this as a lifestyle
health issue rather than a tech issue.
James: A constant dialogue with the
children is vital.
www.bcs.org/video
December 2011 ITNOW
21
THE FATE OF
EMPIRES
BCS, The Chartered Institute for
IT, recently responded to the
HEFCE teaching funding and
student number controls
consultation. Parts of this
response follow, the full report
is available via:
HEFCE 1: Following the changes to

funding for higher education agreed by
the government, we need to phase out
the mainstream teaching funding
relating to old-regime students.
Comments on our proposed approach?
Computer science degrees (that is courses
with JACS version 2 code of: G400, G401,
G402, G600, G601, G602, and in JACS
version 3, I100, I101 or I102, and I300,
I301, I302) should receive a teaching grant
at the same level as band B subjects. Our
full explanation for why we believe this to
be appropriate is given in the response to
question three.
HEFCE 2: Given the reductions to HEFCEs

teaching grant from 2012-13, do you
have any comments on our proposal
that certain non-mainstream allocations
should be phased out, and others
continued as an interim measure in
2012-13?
Computer science is a strategically
important subject for the UK economy that
is expensive to teach, and which currently
suffers a shortage of well qualified
applicants. We explain in our submission
to question three why this subject should
receive a continuing teaching grant for
new and old regime students at the same
level as band B subjects.
HEFCE 3: We need to change the way
HEFCE provides teaching grants for

new-regime students. Do you have any
comments on our proposed approach?
BCS RECOMMENDATION: Computer
science degrees are currently bundled
together with IT-related degrees in the
same teaching grant band, which is band
C. However, due to their national strategic
importance and higher cost, computer
science degrees should be treated
separately and moved into band B so that
they receive a teaching grant for new
regime students proportionate to the
actual cost of the course. Further
explanation follows below.
BCS RECOMMENDATION: Four year
MEng courses need to receive special
treatment so that potential applicants
are not deterred by the additional debt
of a fourth year of study. This could be
achieved through a more lenient loan
repayment scheme, or through additional
teaching grant allocation to such courses.
Although employers highly value MEng
graduates, the extra debts incurred in the
fourth year are significant and would deter
many students.
BCS RECOMMENDATION: We
recommend that the teaching grant is
capped so that the grant plus fee is not
greater than the cost per student of
delivering the degree (calculated using
TRAC data).
BCS RECOMMENDATION: We propose
that science (including computer science),
engineering and maths subjects should
receive a teaching grant based on a
sliding scale proportionate to their TRAC
normalised rate, rather than applying the
broad bands currently used. The current
banding sometimes allocates the same
subsidy to subjects with quite different
TRAC normalised codes, whilst sometimes
giving radically different subsidies to
subjects with similar TRAC normalised
codes. A sliding scale funding formula
There is considerable uncertainty that the

system will result in the mix of university
courses needed for the prosperity of the UK.
22
ITNOW December 2011
BCS RESPONSE
MEng courses need to receive special

treatment so applicants are not deterred by
additional debt. This could be achieved through
a more lenient loan repayment scheme.
would enable HEFCE to achieve a greater
benefit from its limited teaching grant.
HEFCE 4: We have been asked by the
government to remove students
achieving AAB+ equivalent from the
student number controls. Do you have
any comments on our proposed method
of implementing this?
BCS RECOMMENDATION: Rather than use
AAB+ as the sole indicator for all degree
subjects, it would be more appropriate to
consider the average entry tariff for top
applicants in each degree subject and define
a subject specific quality measure based on
that. Also the criteria should take into account
what subjects make up the requirement.
For example, giving extra weight to
science (including computing) and maths
A2 level subjects would encourage more
students to take those subjects at A2-level,
which would be of significant benefit to the
UK. We recommend allowing additional
science places for ABB+ students,
when two of these subjects are science
(including computing) and the other is
maths at A2-level.
The intention of AAB+ is to introduce
free market forces at the high end of the
HE sector. The intended effect will be that
through competition some HEIs will be
forced to reduce their fees as they fail to
maintain their market share of high quality
students, whilst allowing other HEIs to
grow by taking on a greater share of
high-quality applicants. In fact this is
already taking place before the scheme
officially comes into effect. For example,
as recently reported in The Guardian,
the University of Kent is planning to give
2,000 scholarships to any recruit for 2012
who gains three A grades at A2-levels.
HEFCE 5: The government has asked us
to consult on a core/margin approach to
re-allocating places towards lower fee
provision. Do you have any comments on
our proposed method of implementation?
When introducing transformation change
with subsequent systemic uncertainty into
our very successful education
system, which is the envy of many

countries around the world, such as China
and India, it is perhaps wise to bear in
mind this quote from Aristotle: The fate
of empires depends on how they educate
their children.
Market forces will most certainly reduce
costs, but may well not improve quality. We
should note with concern the recent Wall
Street Journal report, which states that 75
per cent of Indias technology graduates
are unemployable by Indias high-growth
global industries. The report echoes
similar findings published in 2008 by Duke
University. Such low quality education is
the result of intensive competition in Indias
private university sector that has driven
down cost at the expense of quality.
The Indian HE sector does have a
small number of world class institutions,
specifically the Indian Institutes of
Information Technology, IIIT. They produced
around 5,000 high quality engineering
graduates in 2008 out of the 350,000
engineering graduates produced. IIITs do
not however provide an adequate supply
of high quality graduates for Indias
economic needs. At present India is still
an outsourcing destination for mainly less
skilled IT jobs, and cannot yet compete at
the higher end of the value chain except on
a relatively small scale.
The UK must be careful to guard against
that situation arising here.
The combination of allowing uncapped
expansion of AAB+ places, re-allocation of
some existing places through competition
for lower fee institutions and the research
councils proposals to concentrate future
funding seems likely to lead to a twotier higher education system. In fact
it would seem quite likely to lead to a
situation similar to the days when we had
polytechnics and universities.
If the intention is to split the HE sector
into well-resourced research intensive
universities and low-cost teaching only
universities it would be better to state
this as a matter of policy and then work
through appropriate consultation to
determine the right balance. There is
considerable uncertainty that the proposed

system will result in the right mix of
university degree courses needed for the
future prosperity of the UK.
HEFCE 6: Do you have any comments on
the impact(s), positive or negative, that
the proposals in this consultation will
have on equality and diversity?
BCS RECOMMENDATION: The number of
uncapped places a university is
permitted to recruit for should be linked
to an increase in students they accept
from disadvantaged backgrounds.
Disadvantaged students should also
receive an additional teaching grant to
support remedial education.
It is a stated aim of the white paper to
increase accessibility for students from
disadvantaged backgrounds. This would
best be addressed by ensuring all children
from the ages of 5 to 18 have access to the
same high quality of education.
The AAB+ scheme seems likely to have
a negative effect on equality and diversity,
since attainment levels for students from
a disadvantaged background are likely
to be below this threshold. Although
universities will have an obligation to enrol
more disadvantaged students through
their agreements with OFFA, in practice it
seems likely that much of their energy and
focus will be on attracting AAB+ students.
The current HESA data shows that
the UKs elite institutions have a smaller
proportion of disadvantaged students
compared to other universities. Since these
universities intend on remaining elite, it
is in their interests to focus on expanding
their share of AAB+ students and it is not in
their interests to divert resources from that
to attracting other students. Admissions
tutors across the land all want to attract
the brightest and best students onto their
courses, which explains why widening
participation will not work unless there are
tangible incentives that are dependent on
objective key performance indicators.
The full response can be read here:
www.bcs.org/consultations
December 2011 ITNOW
23
BIG JOBS 3, 4, 5
Kevin Johns
Head of Professional Services, BT Global
Services UK
Brief description
Responsible for the development and
delivery of consulting and professional
services to BT Global Services UK clients
across private and public sectors.
particularly enjoyed launching a number of

new IT products and services the chance
to shape something and send it out into
the world to stand on its own feet is highly
rewarding. With BCS, it was starting up the
BCS Business Change Specialist Group it
became very popular very quickly and we
have had regular attendances of 70+ and
up to 140 at our meetings.
balance of breadth, to show that you can

adapt within fast-changing market
conditions for ICT, and depth, to show what
you can actually deliver.
Id encourage everyone to review
how they perceive their core skills and
experience regularly, one sometimes
acquires new skills without at first
realising that its happening.
What do you find hardest?

Saying no to learning opportunities the
variety of my career has been amazing but
variety needs to be balanced with focus so
that you can develop depth in your career
and show people what you can deliver.
What do you think of the Business

Analysis Career Path created by BCS?
I think it is really useful and it refers to
SFIA for advice on preparing to enter
business analysis as a profession. I
couldnt suggest any improvements to it as
its clearly right.
Type of organisation
B2B IT and telecommunications
outsourcing and managed services.
What do you love about your job?
Our customers the opportunities and
challenges that our customers face across
their various industries fascinate me and I
relish finding ways in which IT and
telecommunications can help them.
What are the prospects for advancement?

BT is one of the largest ICT organisations in
the world, operating in nearly 200
countries, so career opportunities are in
abundance. Many of our people take on
roles either with more responsibility or in
order to broaden their skills.
What advice would you give to someone
trying to get into your area?
To understand how you can apply the skills
you have within the sector, gain an
understanding of current trends in the
sector from websites of organisations such
as OfCom, the major competitors including
BT and industry analysts such as Ovum,
Gartner and Forrester. For career
opportunities in BT get in touch with us
through our careers website. For broader
opportunities within the telecom sector
look at our the recruitment websites of
other major organisations within the sector
such as Cisco and Avaya. Its also worth
Googling for employment opportunities a
number of employment agencies exist,
working into the sector.
What do you consider your biggest
achievement?
Arguably my biggest career achievement
to date was going back to university parttime at 47 with the Open University to read
for a MSc in Technology Management it
opened my eyes to wider career
opportunities and after 26 years in IT,
prompted a move into telecommunications.
In terms of what I have delivered, I have
24
ITNOW December 2011
What do you consider key success

factors?
Keeping it simple, two things - its that
More information is available via:

www.bcs.org/careers
Careers videos at www.bcs.org/videos

Simon La Fosse
Kate Craig-Wood
Chief Executive,
Entrepreneur
Managing Director,
Entrepreneur
Simon talks to BCS about the

entrepreneurial spirit and how he got
started. www.bcs.org/content/conWebDoc/41699
Kate Craig-Wood, Managing Director

and co-founder of Memset, talks about
her inspirations and motivations to start
her own business.
Simon talks about CIOs, what skills they

need and the state of the CIO recruitment
market. www.bcs.org/content/conWebDoc/41896
www.bcs.org/content/conWebDoc/41427
SECURE
SOFTWARE
Welcome to Information Security Now (ISNOW) in its new home in ITNOW. Since security and IT
are often inseparable neither should be ignored, says Gareth Niblett chair of BCS ISSG.
Some consider secure software an

oxymoron, and history has many incidents
that seem to support this position, writes
Gareth Niblett, Chair of the ISSG.
Most of us depend on software in our
work and lives, although we sometimes
may not realise it, and secure, dependable
and resilient software is required for
many of the things we take for granted.
All too frequently we hear of major
IT project failures, online services
being unavailable, systems being
configured incorrectly, crashing and

so on. Sometimes it is simply an
inconvenience; sometimes there are
serious consequences. Loss of Facebook
is (or should be) less disastrous than an
incorrect radiation dosage.
With hundreds of thousands of apps
out in the mobile marketplace, along
with all the software (and malware) that
can be installed on personal computers,
what assurances do end users, and the
organisations they might work in, have
that the software is secure, respects their
privacy and is available when needed?
public-private platform for making

software better, may be one initiative that
can help in this area.
The SSDRI evolved from a Technology
Strategy Board and Centre for the
Protection of National Infrastructuresponsored Secure Software Development
Partnership.
Tier 1 risk
In 2010, the UK National Security Strategy
identified 15 priority risks, including a Tier
1 risk of hostile attacks upon UK cyber
space, potential shortcomings in the UKs
cyber infrastructure and the actions of
cyber terrorists and criminals: reduction of
this risk is inherently linked to
improving software security, dependability
and resilience.
The Software Security, Dependability
and Resilience Initiative (SSDRI
www.ssdri.org.uk/), which is a UK
FURTHERINFORMATION
Secure software is a BCS Security

Community of Expertise (SCoE) hot topic.
www.bcs.org/security
Information Security Specialist

Group (ISSG):
www.bcs-issg.org.uk
Information Risk Management and
Assurance Specialist Group:
www.bcs.org/groups/irma
BCS Security Community of
Expertise (SCoE):
December 2011 ITNOW
25
BAKED IN
SECURITY
Ian Bryant, Technical Director at the Software Security, Dependability and Resilience Initiative
(SSDRI), explains some of the challenges involved in securing software.
At first sight, it would be easy to assume
that we understand what we mean by the
term software: it is the element of
information and communications technology
that sits between physical hardware and
what is often referred to as the wetware
(the human operator).
But this boundary is becoming
increasingly blurred, with hardware
such as field-programmable gate arrays
and integrated circuits being designed
using VHDL (VHSIC hardware description
language), and autonomic systems being
developed which mean software processes
are taking on roles previously carried out
by human operators.
And the degree on which we as a society
rely on IT, and software, is growing all the
time. It is difficult to conceive of any major
sector of the economy in the developed
world that is not dependent, often critically
so, on IT and software. This dependence
extends into our private lives, with figures
for the UK in October 2011 showing that
26
ITNOW December 2011
over 50 per cent of the population now has

a smartphone (against a backdrop of 80+
million and growing active mobile phone
accounts for a population of about 62
million people).
This dependence of IT and software can
be expected to broaden and deepen in the
coming years, with a number of trends
already being identifiable to drive this
dependence and complicate the problem
space, including:

the move to distributed application

platforms and services (the cloud);
the increasing reliance on mobile
devices, which typically rely on
lightweight operating systems that
have fewer inherent controls than the
operating systems on previous
generation devices;
a move in business to consumerisation
(bring-your-own-device);
commoditisation in previously closed
architectures, such as industrial
control systems;
the pressure for IT consolidation for
energy efficiency (the low carbon
imperative), relying on software
virtualisation.
Furthermore, there are significant changes

going on in the way software is developed.
The historic assumption was that software
would be developed under engineeringstyle waterfall model, under single
organisational control, but this is now far
from the only approach, with factors such
as agile development and open source
challenging this.
Finally, we are encountering emergent
problems with areas such the use of
structured data (e.g. XML), which is
becoming used in ways that inherently
control the behaviour of IT systems that
process such information.
It should therefore not be surprising
that the impact of software problems is a
high cost to the economy. Recent figures
from the US government National Institute

of Standards and Technology (NIST)
indicate that software flaws and weakness
cost around $60 billion a year to the US
alone, and a 2011 University of Oxford
Sad Business School / McKinsey report
confirms the trend in earlier studies from
ESSU, Standish and Rand that software
remains the major source of IT project
failures.
From a UK perspective, a governmental
risk analysis of such factors led to the
identification of cyber-attack and
cyber-deficiencies as one of the four tier
one risks in the 2010 UK national security
strategy.
The consensus has therefore emerged
that a concerted effort is needed to
improve the way that software is produced,
used and sustained, not only in the sort
of systems developed for specialist
markets where security, dependability and
resilience are functional requirements,
where an existing body of knowledge and
good practice already exists, but also for
all other software and systems, where
security, dependability and resilience
are often overlooked non-functional
requirements (NFR).
This has led to the creation of the UKs
Software Security, Dependability and
Resilience Initiative (SSDRI), a publicprivate partnership established in July
2011 to enhance the overall software and
systems culture, with the objective that
all software should become designed,
implemented and maintained in a secure,
dependable and resilient manner. It is
genuinely cross-sectoral, being governed
by a steering committee drawn from the
demand-side (in both public and private
sectors), the supply-side, and those
producing the corpus of knowledge, and is
operated by the new cyber security centre

(CSC) at De Montfort University.
The challenge for SSDRI is to bake in
security, dependability and resilience to all
software, recognising that implementations
may vary with audiences and functional
/ assurance requirements. The focus of
SSDRI is therefore on establishing Pareto
principal (80:20) approaches to making
software better, iteratively using learnings
from specialist domains and interpreting
them for the common good. This is
analogous to the public health approach
in the world of medicine: prevention now
avoids treatment later.
Environmental shaping
Although software itself is a technical
discipline, a major challenge is actually a
non-technical issue: to make stakeholders, in
particular senior decision makers, realise
the potential risks that are being exposed
by the currently poor overall state of
software, and the attractions of improving
the baseline of software across the board.
Conceptual evolution
Although many of the concepts required
for software security, dependability and
resilience have long been established,
there is still a need for conceptual evolution,
for instance in understanding
composability and traceability, as most
software is an assemblage of subordinate
components. Intrinsically linked to the
subject of composition is that of
understanding the potentially globalised
supply chain, with cloud computing
presenting a disruptive challenge.
Practice improvement
In mature industries (e.g. aviation engineering),
all practitioners intrinsically accept
responsibility for producing quality output,
yet the software industry has no such
acceptance. The challenge for SSDRI is to
take learnings from specialist domains and
make this part of the culture, including:

training of current workforce;

education of future workforce, in
particular through the higher
education sector;
awareness for all specifiers,
producers and consumers.
Independent verification
For market segments where a degree
of assurance as to software security,
dependability and resilience is desirable,
independent verification is a preferred
technique. Yet this is only currently
adopted in niche communities such as
safety and security, and is typically
targeted as high assurance needs. Initial
stakeholder feedback is that a widely
applicable independent black box
testing approach is also needed for due
diligence needs.
International collaboration
Although there should be measurable
benefits from national level initiatives
to genuinely improve software security,
dependability and resilience the
challenges implicit in globalisation of
the supply chain cannot be ignored. A
need for international collaboration is
therefore implicit, and SSDRI is engaged
with European, North American and
Australasian partners to explore how
this can be achieved.
Standards contribution
Noting Henry Fords maxim that
Standardisation can be thought of as
the best that you know today, but which
is to be improved tomorrow, and that
standards have a market-shaping effect,
it is highly desirable that approaches
established by SSDRI and international
partners be formalised through a widely
recognised standards development
organisation such as ISO/IEC.
Further information on SSDRI can be
found at www.ssdri.org.uk, or through
Dr Adele-Louise Carter and the BCS
Security Community of Expertise, which
provides the link to SSDRI from the
Institute.
December 2011 ITNOW
27
N
IS
E
R
A
W
W
T
F
?
O
E
S
R
U
HY
C
E
S
When it comes to software

development, security is
worryingly left out because of
the cost, says Jonathan Gray
MBCS.
Much of the software we use will have

vulnerabilities, in fact I dare say all
software we use will have vulnerabilities.
Taking this further we need to be
concerned with system security, which comes
hand in hand with the specifics of issues with
an item of software being secure.
Why ?
I always like to come at things from a
different angle, so rather than focus on the
difficulties of software development and
technical challenges, differing operating
systems and compilation conundrums,
which are of the utmost importance I
offer you.
Humans make mistakes
I am sure as you read this you are straight
away thinking, thats a bit nave, of course
they obviously do and a coder may make a
mistake when writing many lines of code.
That is true, but how many mistakes are
more importantly made in the conceptual
phase. On the project drawing board, or in
the perception of risk vs. reward as a
solution is under preparation.
28
ITNOW December 2011
The rest of this post is focused on

general project mentality. This is not
concerned with security products,
Microsoft hotfixes or the availability of
zero-day exploits. Whilst important,
I believe the normal run-of-the-mill
software, which is not deemed as a
security release, is more worthy of our
focus as this is what builds up the portfolio
of applications that form the COE (common
operating environment) or corporate build.
Whilst the technical task is immense,
the need to get things out of the door from
a project perspective is even greater.
In the push for deadlines and
milestones, corners will be cut and the
result will be a trade off. We can reduce
testing, lose a version, de-scope certain
elements. It is this process that often
leads to the problems that are found later
as releases contain flaws or elements
combine to cause a set of events, which
expose a weakness.
The human mind always looks for the
best possible outcome. Any constraint will
lead to a reduction in quality elsewhere.
We accept this in order to get the job done.
The needs of the many outweigh the

needs of the few.
In a real world I would have prototypes,
many rounds of testing, back to the
drawing board and more prototypes
and re-testing. In reality these often get
paid little more than lip-service, with the
expectation that the product will be fit-forpurpose with a minimal understanding of
the risk at stake.
Risk mitigation is a wonderful concept
and I bring to the table a design that may
be technically perfect, but yet to visit the
cost centre and strategic vision centre or
tactical solution knee capping.
My design will then go through many
approvals and governance mechanisms,
which in almost all cases reduce the cost,
ease the simplicity of install and support.
Worryingly more and more they are
also diluted so as to fit into the strategic
solution and not to rock the boat with what
the client was sold previously.
Mechanics
I always draw a parallel with car
mechanics as it something we can all
relate to. We all want a service as fast as

possible and as cheap as we can get. But
there will be hell to pay if they miss
something or an error occurs. The human
mind does not think of this, you get-whatyou-pay-for is as true as ever.
Humans do indeed make mistakes.
This is as much the case in the selection
of software as much as in the creation of
software.
A secure deployment will have various
choices about development, add ons and
packages to be decided upon.
I admire the market share of Microsoft
and the flexibility of the packages and
platforms supported, but also aspire to
the visionary produce of Apple and its
locked down application portfolio giving me
confidence and security (until recently).
Start-ups simplicity and sensibility
Why are start-ups one of the most
effective software houses on the planet? Is
it true any group of teenagers in a garage
can threaten even the biggest of corporate
projects, producing ground-breaking code
for a fraction of the cost with little risk?
Yes. Why? Simple.

The goal of start-ups and garage/bedroom
projects is the end product. There are none
of the timescales or constraints the rest of
the world face. Just a desire to produce the
best possible product.
It needs to work and be effective no
matter how long it takes. Every release
is seen as an improvement rather than
admittance of a failure in the previous
version and every hour spent is an hour
loved in pursuit of your dream.
How many employees would say that
when it comes to 5pm? But how many
garage coders would be able to produce
on time and on schedule for release? Two,
three, 20?
The idealistic perfect software does exist
but is not in the project budget in most
cases. The first thing to go when it comes
to cutting costs is security. Unfortunately
its one of the areas that costs a lot, but
offers no direct reward or gain perceived
by the business.
December 2011 ITNOW
29
THE WAR ON
CYBER
CRIME
Charlotte Walker-Osborn, Partner and Head of TMT Sector, and Jonathan Price, Associate Solicitor,
Eversheds LLP discuss the issue of tackling cybercrime.
A major international two-day
conference took place in London at the
start of November aimed at improving
global coordination of efforts to
combat the threat of cybercrime,
estimated by GCHQ to cost 600
billion annually worldwide. The London
Conference on Cyberspace was attended
by senior politicians from around the
world, including UK Prime Minister David
Cameron and Foreign Secretary William
Hague, as well as representatives of
leading IT industry players such as Cisco
and Facebook.
As the conference got underway,
opinions seemed to be divided on the best
course of action and whether government
intervention is part of the solution or part
of the problem. Some delegates advocate
a full-blown international treaty while
others (including Britain) prefer a less
30
ITNOW December 2011
formal set of international rules.

Whichever approach can be agreed,
care will need to be taken to balance
measures needed for the fight against
crime with the risk of infringing civil
liberties. The founder of Wikipedia, Jimmy
Wales, voiced his concern that the biggest
threat to the internet is not cybercriminals,
but misguided or overreaching
government policy. Prime Minister David
Cameron acknowledged the risk of a
heavy-handed approach to countering
cybercrime, stating that governments
must not use cybersecurity as an excuse
for censorship.
UK attacks
Government focus on cybersecurity has
intensified in the wake of recent warnings
from GCHQ that attacks on the UK have
reached concerning levels, continuing a
trend of significantly escalating cybercrime globally in the last six years. Highprofile attacks have taken place in recent
months against the computer systems of
the Foreign Office and other government
departments. The frequency and
seriousness of such incidents have
prompted the UK government to pledge
an extra 650 million towards countering
cybercrime in the next four years.
Reports suggest that many such attacks
originate from Russia and China and the
international nature of these attacks is a
very common feature. The international
dimension can make cybercrime
extremely difficult to tackle and
necessitates a much more coordinated
international approach.
Despite criminal legislation in the UK
and many other jurisdictions, a question
remains as to the success of international
by a recent series of major cyberattacks

targeting US, UK and Danish companies
in the chemicals industry. In these
cases employees received emails with
attachments containing a Trojan that
enabled the hackers to gain access to the
companies computer systems and attempt
to copy files. The objective of the attacks
appears to have been to steal intellectual
property, formulas and design processes.
They are thought to have originated from
China. Similar attacks are known to have
taken place recently against human rights
use, as well as people who pay others to

commit an offence.
On 2 October 2011, a Metropolitan Police
Unit stated it had saved the UK economy
more than 140m in the past six months.
The figures are at least encouraging.
Successful cases include Operation
Pagode, which reportedly resulted in over
80m worth of savings with five people
being jailed for cybercrimes.
Global battle
Despite the existence of local laws aimed
Reports suggest that many such attacks originate

from Russia and China and the international nature
of these attacks is a very common feature.
organisations and companies in the motor
industry.
deterrents since cyberattacks can take

place on a global scale without regard
to national boundaries. The obstacles to
effective enforcement include differing
laws, varying standards of evidence to
prosecute offenders and the need for
greater mutual cooperation between
law enforcement agencies to take crossborder action. Although there have
been recent cases of the US and the UK
cooperating to extradite people charged
with hacking offences, not all countries
have reciprocal agreements, which means
some countries can be used as safe
havens by perpetrators of these crimes.
Of course cybercrime is not just a
serious issue for governments, it is also
a very key threat to other organisations
who can frequently be victims of denial of
service attacks, hacking and other forms
of computer crime. This is highlighted
Cybertheft
There are clearly very important business
reasons to protect confidential
information and intellectual property
against such attempted cybertheft. There
are also numerous statutory and
regulatory requirements that oblige
organisations to take steps to ensure
protection of information and security of
computer systems.
For example, online retailers are often
required to comply with the Payment
Card Industry Data Security Standards
in respect of payment card details. In
addition, of course, the UK Data Protection
Act 1998 requires organisations to take
steps to safeguard individuals personal
information by having in place appropriate
technical and organisational measures
to protect personal information from
unauthorised use.
In the UK, as many of you will know, the
main law dealing with computer crime is
the Computer Misuse Act (CMA), which was
updated in 2006 by the Police and Justice
Act to better address current technologies.
Many types of cybercrime are likely to be
caught by some of the offences set out
in that Act; for example people who post
malware or distribute passwords on the
internet with a reckless disregard for its
at preventing cybercrime and the

encouraging strides forward in the UK
made this year towards tackling such
crimes, the limits of national boundaries
mean this can never be the whole solution.
In July, the International Cyber Security
Protection Alliance (ICSPA) was set up to
fight cybercrime on a global scale, uniting
governments, international businesses
and law enforcement agencies. Its aim is
to improve international law enforcement
capability and capacity to help protect
businesses and consumers against
cybercrime.
Cybercrime is very much a global issue
which must be tackled on a
world-wide basis. Only time will tell how
far the London Conference, ICSPA and
other international efforts will result in
greater global cooperation to help win
the war against cybercrime. One thing is
for sure - in an increasingly technological
world, the ability of governments and
businesses to cope with cybercrime and
limit it to reasonable degrees will prove
increasingly important.
Please note that the information provided
above is for general information purposes
only and should not be relied upon as a
detailed legal source.
www.bcs.org/legal
December 2011 ITNOW
31
THE
IS IN THE
DEVIL
MICROCODE
Todays coders are more

designing rather than writing
real code, says Andrew Rice of
HP Information Security.
32
ITNOW December 2011
In the early ages of computing, we wrote

our applications in machine code, the 1s
and 0s computing language. You knew
what each bit meant and what would
happen with it. When we moved to
assembler, we could read the code more
easily, but still knew the machine code
that would be generated and it was
specific to the hardware it would run on,
so we had a high degree of confidence on
what it would do. Bugs in the code were
literally just that and could easily be picked
out with a pair of tweezers.
Then came the human readable
languages of Fortran, Cobol and so on,
where we now had to trust that the
compiler would generate the correct
machine code. The compiler was specific
to the hardware, so we still could see
the linkage between what was written
and the compiled results. 4GLs or fourth
generation languages followed and today
we have rapid application development
environments; Visual Studio, Java, Python,
Ruby on Rails all taking us further away

from the safety of the hardware.
To complicate matters, testing time
has been restricted in favour of getting to
market first. As we know, first to market
usually wins the space and sets the price
so testing is now done by the users rather
than in controlled test environments.
The latest complication is the plethora
of devices connecting to the cloud. Now
we have no control of the host, client or
network that our code will run on or in.
How do we ensure the code actually
executed is what we intended? Test,
test and test again. Line by line code
review is restricted to the most secure
environments and we need to look at
practical ways we can address this need.
Whilst I have said that testing has
given way to first to market, it is still a
necessary element of providing secure
code that executes in an expected manner.
A number of options are available to
facilitate testing. Open source gives a
control. The person installing our application

may give it unintended privileges.
People wishing to subvert our code may
make changes and provide links to their
own version in order to gain advantage
over the users. Compilers inject code
into the resulting objects that we have no
control over.
Just look at the length of code to
produce Hello World in assembler, C++
and Visual Basic to see how much we dont
know is being produced on our behalf.
great platform for peer review of our code.

The communities are highly motivated to
provide feedback and testing. Where it is
not possible to test in this manner then
open source or commercial testing tools
can be used to automate as much of the
testing as possible.
A dedicated test environment that offers
as diverse as possible environment can
provide a good platform, but we must
accept it will not demonstrate every
possibility for the use of our code. Beta
testing has become more akin to alpha
testing and now is an established and
accepted mechanism. This allows us to
get our code out into the wild to a known
audience where we can obtain feedback
and fine tune the final release.
What are the threats to our code?
Our code is under attack from every angle.
This can be the user maliciously or
accidentally entering unexpected data or
the hosting environment may not be under
Trust - the future currency of the net

A trusted source for our development environment is a great place to start. This can
be found in the use of known suppliers or
providers that have built up a
reputation. eBay is a key driver of this
model by the users ranking the buyers and
sellers and providing feedback.
Signing your code will do two things.
Firstly, it gives the users a connection to
the writer and gives them a place to go to if
things go wrong. Secondly, it counters the
threat of code tampering, as a change to
the code will invalidate the signature. This
gives the user a higher degree of control in
the integrity of the code and its author.
What does this all mean for developers
and users?
We must accept that we are already
compromised and be ready to respond.
By taking this point of view, we will not be
complacent in the view that everything is
OK.
We will be better prepared to respond
when something goes wrong and not be
so defensive by realising we cannot know
everything about how our code will be used
and respond.
Signing our code shows we are taking
responsibility for what we release and are
ready to support it. Code review, where
economical, and automated testing with
tools such as Appscan, Klokwork and
Flawfighter will help us minimise the risk
of poor coding from not just a vulnerability
perspective but will also help track down
other bugs.
10 rules for secure development:

1. educate yourself and others on how to
develop secure code;
2. design your software with security in
mind;
3. provide clear guidance on how to
deploy your software and its intended
configuration;
4. only use root or administrator privileges
where absolutely necessary;
5. ensure protection of sensitive
information;
6. dont trust your users or their data;
7. prevent cross-site scripting, injection
attacks and buffer over-runs;
8. check error conditions;
9. test, test and test again;
10. model the threats.
These are not exhaustive and there are
plenty of other rules that will help you.
Keeping up with the latest techniques and
awareness of the latest threats will make
you a more secure and trusted developer.
FURTHER RESOURCES
Microsofts guide to writing secure
code http://msdn.microsoft.com/
en-us/security/aa570401
Tools for static code analysis http://
en.wikipedia.org/wiki/List_of_tools_
for_static_code_analysis
OWASP testing guide https://www.
owasp.org/index.php/Appendix_A:_
Testing_Tools
Ruby on rails security guide
www.rorsecurity.info/
Open source testing tools
www.opensourcetesting.org/security.
php
December 2011 ITNOW
33
MALWARE
RESPONSE
The IET, The Royal Academy

of Engineering (RAE) and BCS,
The Chartered Institute for
IT responded to the IT House
of Commons Science and
Technology Committee: Inquiry
into Malware and Cybercrime.
Brian Runciman MBCS provides an overview.
34
ITNOW December 2011
The IET, RAE and BCS (from now on we)

begin their report with the comment that
the true extent of the cybercrime problem
goes unreported and unrecorded. We are
cautious about recommending industry
figures as we believe that in many cases
the figures are debatable and in some
instance self-serving.
In May 2010, it was generally accepted
in the anti-malware research community
that there were around 43 million known
malicious programs (evidenced by several
presentations at the Computer Antivirus Researchers Organisation (CARO)
workshop in Helsinki). ESET (an antivirus
company) claims that as many as 200,000
unique samples of malware can be seen
per day. It is hard to be specific, however,
due to the fact that estimates vary widely
from company to company.
It is generally argued that malware
is used either directly or indirectly in a
significant proportion of cybercrime, banks
are said to have an incentive to treat many
reports as the fault of their customer and
not as crime. Police figures are therefore
likely to be lower than the real numbers.
We would like to point out that there
is likely to be a substantial increase in
cybercrime as more financial transactions

are carried out on mobile phones, which
are much more vulnerable and virtually
unprotected from malware.
Where does the malware come from?
The usual intention of a malware user is
to compromise and potentially control as
many systems as possible. Usually
malware is created by intelligent
individuals who desire either financial
advantage, fame or power power gained
from control or the fame gained from
being an international cybercriminal. A
significant proportion of malware is said to
come via emails, mainly through
attachments.
The usual sources include organised
crime, hackers, and activists; reasons
include status, disruption, dissidents,
military, business espionage, theft,
financial gain and global terrorism.
There are six notable groups associated
with the use of malware:
1. script kiddies;
2. criminals;
3. hacker groups;
4. insiders;
5. political/religious/commercial groups;
6. advanced persistent threat (APT)/

nation states.
Regional variations have been observed
in the use of malware. African malware
use tends to involve non-technical
fraud. Russia and Latin/South America
tend to be associated with malware
relating to banking/financial fraud and
phishing. Russia and Eastern Europe
have highly organised gangs devoted to
a whole economic framework related to
cybercrime, from money laundering to
malware distribution.
How much is needed to combat malware?
We believe that considerable resources are
needed to combat malware. It is reported
that the United States federal agencies
spend about $100m a year on combating
cybercrime through the Federal Bureau of
Investigation (FBI), Secret Service, National
Cyber-Forensics & Training Alliance
(NCFTA), Department of Homeland Security
(DHS). Large web services firms like
Google and Microsoft are thought to spend
in the order of $100m a year each on
cybercrime prevention, with smaller firms
like PayPal spending in the tens of millions.
It is only possible to provide an effective
defence for known vulnerabilities for
which that the vendor has supplied a
security patch. AV software is only partially
effective in detecting malware on a data
channel that the software is monitoring.
There is no defence against malware that
is exploiting vulnerabilities that are only
known to the attacker (or malware writer).
This means that even with vast resources,
an organisation cannot guarantee 100 per
cent effectiveness in the detection and
elimination of malware attacks.
We have identified five distinct resource
types:
1. Development resources are used to
design and implement security in a system
as it is being built.
On 15 January 2002, Bill Gates, the
chairman of Microsoft, informed all
employees that security was a top priority,
changing the companys strategy. It took
Microsoft until 25 August 2004 to make
its PC operating system secure, when it
released Service Pack 2 for Windows XP.
The first PC operating system that was

built with security in mind was not until
30 January 2007 when Windows Vista
was released, some five years after the
companys strategy was changed.
into their products, as they see the cost

as an overhead, with no commercial
advantage to them. For example, Adobe
found its products targeted in 2010/11,
particularly Adobe Reader and Flash,
Microsoft is the exception. Most vendors of

software tend not to incorporate security into
their products
Microsoft released Windows 7 on 22
October 2009 which made significant
improvements in the security of the
product over previous versions. However,
there are still vulnerabilities in Windows 7.
Microsoft is the exception. Most vendors
of software tend not to incorporate security
which forced them to have to release

out-of-cycle security to address
vulnerabilities that were actively being
exploited.
2. Research resources are the
resource required to find and identify the
vulnerability in a system, whether it is
What should government consider when

developing a cybercrime strategy?
1. Education.
We would encourage the government to
increase the level of advice it
provides to the public about security, in
order that people do not remain
ignorant to the issues. We would again
argue that more resources should
be given over to explaining the basic
security facts and the importance to
individuals and industry. Basic lessons
in the safe use of computers should be
provided regularly to schoolchildren
throughout their schooling, starting in
primary school, in view of the reducing
age at which children become active
and vulnerable users of computers and
mobile devices.
2. Government contracts
It is important that the UK government
leads by example. The government
could consider deploying products
where the vendor of the product has
actively designed security into the
product. The government is a large
buyer of ICT systems. Consequently, it
can have an impact on the marketplace.
The government could have significant
influence if a list of more secure

products was published.
3. Legislation
Criminals operate in many different
jurisdictions, making it difficult to
prosecute them. There are very few
convictions under current legislation.
Developing malware, and installing
malware onto computers, are offences
which should be punished with
penalties proportionate to the losses
caused. Legislation would also need
to make it clear that researchers and
vulnerability /penetration testers, who
have a contract in place to perform
such testing, are not committing an
offence.
4. International relationships
The UK government needs to
encourage other countries to establish
appropriate legislation that enables the
successful prosecution of
criminals who are committing
cybercrime. Sanctions also need to be
imposed on countries that are
harbouring cybercriminals.
December 2011 ITNOW
35
being actively exploited at present or

not.
3. Vendor resources (which also apply
to systems developed internally) are those
resources required to develop and test a
security patch to help with the detection of
vulnerabilities.
4. Individual resources are those
employed by an individual to maintain
their own system in a good state to defend
against malware.
useful information that may be stored

on the PC, which could include personal
details, bank details etc.
3. The PC may be used to host illegal
content. The owner of the PC is then open
to being accused of knowingly hosting the
illegal content.
Up to 2 million people, or 4 per cent, of
the English population are said to become
victims of fraud each year. Cleaning up
infected corporate networks may cost tens
2 million people, or 4 per cent, of the English

population are said to be victims each year.
5. Organisation resources are the
resources of organisations (government
department/agency, commercial
organisation, or charitable organisations)
used to maintain their systems in a good
state in order to effectively defend against
malware attacks. The costs are significant
as security patches must be tested before
they are deployed.
Impact on individuals
The impact to the individual from a
successful malware infection is varied, but
can be very significant. Examples include:
1. The PC becomes part of a Botnet. The
owner of the PC may only suffer a loss in
performance of their PC, or they may be
accused of committing a criminal offence.
2. The malware may be used to extract
of millions of pounds and take a team of

people several months.
Industry effectiveness
By and large, industry is not effective in
defending against malware attacks. Many
vendors still do not take security seriously.
What we are seeing is an arms race, with
the malware writers always being one
step ahead of the defenders. To quote from
a Virus Bulletin article (1 Feb, 2011): In
the mid 90s we were in a position where
we could accurately count the number of
viruses that had been seen. This was
possible for several reasons:
1. The number of new viruses was small
enough for each sample to be identified
and analysed in detail.
2. It was easy to determine which part
What is the cost of malware to individuals?

There are no authoritative statistics.
The proportion of infected PCs is
variously estimated to be in the 1-15
per cent range; 5 per cent might be
a conservative estimate. It has been
reported that hostile cyber attacks
on companies accounted for nearly
one third of all UK data breaches in
2010 - up from around 22 per cent the
year before, with incidents becoming
increasingly expensive.
A survey by the Ponemon Institute
36
ITNOW December 2011
found that the cost of a data breach

rose in 2010 for the third year running.
The average data breach incident
cost UK organisations 1.9 million or
71 per record, an increase of 13 per
cent on 2009, and 18 per cent on 2008.
The incident size ranged from 6,900
to 72,000 records, with the cost of each
breach varying from 36,000 to 6.2
million. The most expensive incident
increased by 2.3 million compared
to 2009.
was virus and which part was the infected

application.
3. The size and complexity of the
malware was quite limited.
In 2011, the situation is completely
different, with a large variety of malware
out on the internet (new variants of a
particular malware are produced every
day or so). Malware threats have increased
in complexity. AV software vendors
have varying degrees of effectiveness at
detecting known malware threats. Some
large vendors have effectively stopped
developing their product five years ago,
so may only be 50 per cent effective at
detecting known malware.
The role of government
All malware is in breach of the Computer
Misuse Act 1990 and therefore a criminal
activity. Malware therefore needs to be
viewed in the same way as any other
criminal offences. Human disease is natural
and may be unavoidable, but this is not
the case for malware and as such the
government needs to be instrumental in
tracing those responsible and prosecuting
them accordingly. The biological analogies
should not be stretched to imply that similar control mechanisms would be effective
in the cyber domain.
How effective is the government in
responding to malware cybercrime?
We are unclear on the detail of the
governments strategy toward cybercrime
associated with malware. We would like to
see renewed focus by the government in
preventing exploitation of its core
departments by its competitors overseas
and lead by example. We would also argue
that the police need to be better resourced
to combat cybercrime, and to ensure that
all criminal malware use is prosecuted.
www.cabinetoffice.gov.uk/resourcelibrary/cost-of-cyber-crime
www.getsafeonline.org/
The full report is at:
www.bcs.og/consultations
Gain a sustainable career advantage

With employers increasingly demanding sustainability expertise, our range of
professional certificates in green and sustainable IT can give you a career advantage.
The need for wider sustainability leadership and implementation in companies is
being increasingly recognised. Source: Ends Report September 2011
BCS, The Chartered Institute for IT, is the business name of The British Computer Society
(Registered charity no. 292786) 2011
MTG/AD/1100/1011
Find out more at www.bcs.org/greeneducation
Professional Certifications from

BCS, The Chartered Institute for IT
As BCS, The Chartered Institute for IT, we are committed to providing IT professionals
globally with the professional development and career support they deserve.
Find out more at www.bcs.org/professionalcerts

BCS, The Chartered Institute for IT, is the business name of The British Computer Society (Registered charity no. 292786) 2011
01129/P/AD/1111
Thats why weve aligned our certification portfolio to our IT skills and competency framework,
SFIAplus, and our membership grades and services so you benefit from additional career
development and support to help you achieve your professional goals.
INFORMATION SECURITY OPINION
ALL
CHANGE
When it comes to making secure software, John Mitchell believes it is more of an issue of change
management than anything else.
Software integrity is a security issue and
as such should fall in the CIAC domains
of confidentiality, integrity, availability and
compliance. Although we are primarily
interested in the capability of software to
do exactly and only what it is specified to
do, we ensure its integrity by having
excellent confidentiality, availability and
compliance processes in place or at
least we should have. I suspect that most
software integrity issues are not caused
maliciously, but are as a result of poor
change management processes. However,
poor change management does provide
an opening for malicious manipulation,
so, with my audit hat on I will attempt to
explain where I believe the main issues to
be.
Firstly, and most importantly, the
majority of change management
processes are based on trust. Trust in
the programmer to correctly make the
requested change; trust in the systems
people to adequately test the change and
trust in the user to accept the change after
suitable testing. Unfortunately, trust is not
a control mechanism, but an act of faith.
If you dont believe me, then please send
me a signed cheque made out to me with
a blank amount. I promise, not to insert a
large amount, nor to submit the cheque
for clearing. It will be interesting to see
how trusting you are by the number of
such cheques I receive. The problem with
trust is that you only find out that it is
misplaced after the event, so it is a pretty
useless prevention mechanism. Testing
is actually a trust substitute. You dont
really trust the programmer to get it right
so you go into detection mode via a test
mechanism. Now this is all well and good,
but unfortunately most test mechanisms
centre on the authorised change. If the
programmer inserts some other code at
the same time as the authorised change,
then the chances of it being detected
during the testing process are negligible.

So lets not be nave. Let us remove trust
from the equation. My (untrusting) change
management process goes like this.

1. receive authorised change request;
2. security officer (or equivalent)
retrieves digitally signed source code
from once write-only media held in an
off-line store;
3. source code is made available to the
programmer;
4. programmer makes change, produces
executable and tests it;
5. programmer returns amended source
to the security officer;
6. security officer does an electronic
compare between original and
amended sources;
7. another programmer compares the
code changes against the change
request;
8. assuming that no illicit code is detected
by (7), then the security officer
produces a digitally signed executable
and promotes it to production;
9. the security officer stores a copy of
the amended source and executable
(both digitally signed) onto once writeonly media into the off-line store
mentioned in (2) above;
10. every time the program is now
executed its signature is checked;
11. on a regular schedule the production
executable is automatically compared
with the copy from the off-line store
to detect any really sneaky
manipulation of the production code
and signature.
insert illicit code it will detected;

the security officer does not have
access to code editing tools and
therefore cannot amend the code;
any back-door changes to the production
code will invalidate the signature and
so will be detected when the code is
executed;
as copies of the source and object are
held off-line they cannot be remotely
amended;
the regular comparison between the
stored object and the production code
will detect any change to the latter
which has somehow been done without
invalidating the signature (not that I
believe that this could be achieved
anyway).
For clarity I have abbreviated the

process by removing system and user
testing, but you can add those where you
like. The points being that:
Of course, if you had collusion between

the first programmer and the checking
programmer then you are in trouble, so it
would be sensible to rotate the checking
and to have a bonus system that will
reward diligent checking. Most of what I
propose can be easily automated that puts
into level four/five on the CMMi scale and
thus makes it Sarbanes-Oxley compliant
too. This brings me to my last point.
Many so-called controls I examine are
just processes. There is no real control
in the sense of prevention, or detection
that can be effectively measured and I
am constantly amazed that many security
officers (and auditors for that matter)
cannot define what a control is, or how it
works, which is why I am forever telling
them that the nice move from inherent red
to residual green in their risk register is a
figment of their imagination. None more
so than with their change management
processes that are usually beautifully
documented with wonderful flow charts,
but primarily trust based.
the programmers know that if they
December 2011 ITNOW
39
GONG
CERFING
Vint Cerf, Googles Chief

Internet Evangelist, has been
made a Distinguished Fellow
of BCS, The Chartered Institute
for IT, in recognition of his outstanding contribution and service to the advancement of computing. Henry Tucker MBCS
spoke to him.
40
ITNOW December 2011
What does it mean to you to get this

award?
Quite surprising in a way, a little startling.
As its the British Computer Society, and
not the ACM or IEEE. Its a real honour to
be associated with people who contributed
so much here in the UK.
a technology with that burden is well

intended but not well thought through,
because what happens when the internet
is superseded. Do we lose a human right?
The human right of expression still needs
to be instantiated even if the internet is
replaced someday, as it very well may be.
The UN recently said that access to the

internet is a human right, what are your
thoughts on that?
I thought there was something odd about
that formulation because the internet is
a technology. The proper formula is built
into the UN Declaration of Human Rights,
and is the freedom to express, the freedom to hear that expression, to engage.
Human freedom of expression should
be sanctified. The notion of imbuing
Following the Arab Spring in the Middle

East earlier this year where the internet
played a huge part in giving a voice to
repressed people, how do you think we
can provide internet access to less well
developed nations around the world?
We have to accept that these technologies
allow people to find others of common
interest, and this is both a good thing and
can be a bad thing, for example, the protest that got out of control here in the UK.
INTERVIEW
Bad behaviour is a social problem

and I dont think it should inhibit our
development of these technologies. People
should be educated about their use, and
look for norms in social behaviour.
When you think everyone has a phone
that has a video and audio capability
and the ability to upload these to the
internet means that the notion of privacy
is beginning to evaporate. We need to
establish social norms. These issues cross
borders, because the internet crosses
borders, as does uploaded content. We
need an international discussion on what
the norms should be.
Where should we start? With so many
borders isnt this a minefield?
Well, this is a non-trivial issue. But this is
not the only thing that crosses borders. For
example, postal services and telephone
systems. At least in the US there are laws
about postal fraud, so one could imagine
reciprocal agreements between countries
on what is a social abuse on the net and
look for possible reciprocal reactions too.
We have to come to grips with that.
The worry that many have is that
the abuses may be used as excuses
to exercise more control over the net
than is absolutely needed. In countries
where authoritarian governments want
to suppress peoples ability to share
information, thats the start of a slippery
slope.
What about the security issues?
There are things that can, should and are
being done to improve the security of the
technology itself. DNSSec is one example.
The use of end-to-end security, HTTPS, is
another example.
The agreement about the meaning of
digital signatures is another example of the
importance of multi-lateral reciprocity. So
if we sign an agreement we need to know
that this contract is enforceable in our
respective countries.
This raises questions about how the digital
certificate was issued, how carefully the
identity of the owner of the certificate was
validated and so on. These are not unsolvable.
Driving licences for example, can be
issued here in UK, but you are allowed to

drive in Europe, rather than pass a test
in every country you drive through. So
notions of trusting a validation procedure
of another country is not a new thing.
Are you surprised by the rapid take-up of
social networking tools?
No, and heres why. In 1971 network
email got invented by Ray Tomlinson and
geothermal power. These are ways to do

this that are more environmentally friendly
than firing up a coal-powered plant. Also
mobiles now run for a relatively long time
on batteries, running a fairly high-powered
processor, and the implication of that is
that this technology could make its way
into datacentres.
At the moment we visualise a datacentre
as racks of PCs, which could now become
One could imagine reciprocal agreements between

countries on what is a social abuse on the net and
look for possible reciprocal reactions too.
Newman and in what seemed like a few
weeks distribution lists were created.
The first one was for sci-fi lovers, for
people who like to read science fiction,
which probably accounts for a fair few BCS
members.
The next one was restaurant reviews.
That came within weeks, so when these
new media for human interaction became
available people jumped on them because
they are amplifiers and facilitators of
human discourse.
How can we make datacentres more
environmentally friendly?
First of all I believe that people have blown
out of proportion the absolute amount
of electricity that datacentres consume.
Google has, for obvious financial reasons,
worked very hard to reduce the cost of
running them.
So we have put them where we can use
cold water to cool them, or hydroelectric or
racks for mobiles. I see the technology

trend as at least maintaining if not
reducing the electrical requirement for
increased capacity.
Are you at all surprised with the success
of the iPad and Android tablets?
Certainly these new devices have their
places. I have yet to come to the conclusion
that any pad type device is a substitute for
a good keyboard.
So I carry my trusty Mac laptop, along
with a mobile or two and a Kindle. I have
an iPad too, but I have found it mostly
useful for reading and watching movies
but if Im at home I use a wall-sized
projection system.
But people like to stay in touch between
these different media, and have access to
the same information on each one. So at
Google we are proud that our services, like
email, are generally accessible through all
these different devices.
VINTON G. CERF
Wikipedia: Vint Cerf is known as one of
the fathers of the internet, sharing this
title with American computer scientist
Bob Kahn. In the early days, Cerf was
a program manager for the United
States Department of Defense Advanced
Research Projects Agency (DARPA)
funding various groups to develop TCP/
IP technology.
When the internet began to transition

to a commercial opportunity he moved
to MCI where he was instrumental
in the development of the first
commercial email system (MCI Mail)
connected to the internet.
Vinton Cerf was instrumental in
the funding and formation of ICANN,
becoming Chairman.
December 2011 ITNOW
41
Do you have a ChromeBook?

I do have one it still needs work,
especially in the context of internal Google
operation, so Im still pushing for certain
additional features till I consider it a
complete replacement to what I use now.
way, but we have no choice in the matter.

There are some people who dont make
anything but acquire patents and sue
others for infringement of their use. As
non-productive an activity as I can think of.
Thats not what we intend to do.
Google has recently said it intends to buy

Motorola Mobility: isnt this taking the
company away from its roots?
First of all remember the parameters
of that acquisition. It was expensive and
came with a large cache of patents.
Android has been under fire with
patents disputes, so part of the hope is
that part of the 17,000 patents will help to
defend the Android operating system.
We were forced into that. Im frankly
not a big fan of using patents in that
Can businesses still flourish without

patent protection?
We made a concerted effort to make our
software available as open source. There
are people like Red Hat who make a
business out of supporting Linux, the
foremost open source system. We want
to make platforms, APIs and so on to help
others make use of those systems. Thats
why weve made APIs for Google Maps and
open source for Chrome and Chrome OS.
The whole idea is an enabling function.
INTERPLANETARY INTERNET
Hows the interplanetary internet going?
At JPL we started out using TCP/IP and
they work just as well on Mars as on
Earth, but between planets the speed
of light is too slow. Its 20 minutes to
Mars, so round trip times are 40
minutes. And theres disruption with
planetary movement.
So we designed disruption and delay
protocols and have been tested by the
US military and here in Europe with the
support of the EC. This is very robust,
its running on the space station and
the spacecraft Deep Impact, which has
just completed a rendezvous with the
42
ITNOW December 2011
Hartley 2 comet in November 2010.

The next issue is getting this
standardised and we hope all
spacefaring nations will use these
protocols to allow interoperability either
during the primary mission or, if not,
afterwards so that the spacecraft can
become a relay node in a planetary
network. So, by the end of the century we
could have a real interplanetary network.
Now we are starting to think about
how to do an interstellar mission. This
is much harder.
Larry Page recently took over from Eric

Schimdt as CEO of Google, what impact
do you think this will have on the
company, will it take more risks?
Google has already shown a real appetite
for risk-taking. It accepts its OK to shoot
high and not be afraid to fail. We dont want
you to fail all the time, but its OK to try
things. With Larry I think Google will continue to increase the pace in which we try
things out.
What site or app that you have seen
recently has impressed you most?
Rather than particular apps, let me
mention a trend Im quite excited about.
Here I think you call it the internet
of things, we in the US call it the smart
grid. What we are seeing is more devices
becoming internet-enabled.
Buildings are becoming instrumented,
people are becoming instrumented and we
have internet-enabled appliances, offices
and cars. Once you have this collection of
communication devices, you could allow
third parties to interact with them.
So we could, to take a trivial example,
go to a provider and say we want this kind
of content on my mobile, iPod, iPad, home
entertainment system and so on and that will
be done for you automatically by the system.
Security, environmental controls and
so on can all be done by third party
interveners, which opens up opportunities
for new businesses.
There are more key industry interviews at
www.bcs.org/interviews
HEALTH INFORMATICS
DIGITISED
HEALTHCARE
With so many recent proposed changes to the NHS health care system, and so much criticism of
health informaticians from all quarters, Matthew Swindells, Chair of BCS Health, reports on how BCS
is involved with improving the standing of health informatics professionals.
In the weeks that have followed the
government announcing, yet again, the
termination of the National Programme for
IT, health care informatics professionals
have asked me whether informatics has
failed in the NHS and where the
profession goes from here. My answer has
been that far from failing, informaticians
have a great deal to be proud of and that
the NHS needs the information and IT
professionals to step forward now more
than at any point in the past.
Since the government statement in
September, which was splashed in the
national press, ministers have made a
number of more nuanced statements,
reflecting BCSs policy position, (as
mapped out in our response to the
information strategy consultation), that
the national programme has had some
great achievements like the Spine and
Choose and Book, but has failed to deliver
the integrated health record vision and
it is now time to move towards a more
devolved and flexible approach.
BCS Health has continued to try
to represent the best interests of the
informatics profession, the NHS and the
public by being critical when appropriate
but positive whenever possible.
We have criticised the Department of
Health for delays in the publication of the
information strategy and for the absence
of a CIO on the NHS Commissioning Board,
whilst continuing to provide support to the

officials drawing up the NHS information
strategy and those working to develop the
DH approach to the informatics profession.
We have launched a campaign
alongside ehealth Insider to see the
creation of chief clinical information
officers (CCIOs) across the NHS.
Informaticians and clinicians must work
side-by-side to implement information
systems that will simultaneously improve
patient care and productivity. This
campaign has achieved recognition with
support from Royal Colleges, vendors and
the Department of Health.
And we have continued to work to
encourage the development of thinking
around informatics. Justin Whatling, BCS
Health Vice Chair for Policy and Strategy,
has recently spoken at a Kings Fund
Conference on health informatics and I
have had the pleasure to speak at the
Southern Institute for Health Informatics
Conference and at the BCS Assist Autumn
Conference. The attendance and speaker
lists at these conferences demonstrate the
extent to which informatics is increasingly
centre stage in NHS debates and so it
should be.
In this time of upheaval and cost
cutting in the NHS it is crucial that health
informaticians, wherever they work, make
the case for a smarter, better NHS. If the
NHS attempts to deliver the savings that
are demanded by squeezing the existing

system without profound reform, we all
know that the result will be service and
quality reductions. As in other industries,
using information and technology to
fundamentally change the relationship
with the consumer and the way in which
the service runs is the key to a better,
cheaper NHS.
We know that use of proactive
population health targeting and evidence
based best-practice can lower the total
cost of health care whilst improving
outcomes, but that the adoption of
evidence is tortuously slow, resulting in
unjustifiable variations in quality and cost
of care. This is bound to be the case as the
rate at which new knowledge is created
and the complexity of care pathways are
too great for clinicians to be able to keep
up with, making memory-based, paper
recorded care an absurdity in the 21st
century.
The challenge for informaticians at this
time is to be brave in making the case
for information-led commissioning and
digitised health care from the home to
the hospital, embedding evidence-based
decision support into the workflow so that
every patient can expect to receive best
practice and be a partner in their own
care. Now is not the time for faint hearts.
www.bcs.org/health
December 2011 ITNOW
43
FOR
DESIGNED
AGEING
As the world has an ever more active, aging population, developments are being made to assist people by adapting the clothing that they wear to help keep them safe.
Trends in population growth show that the
proportion of persons over the age of 65
is increasing and in the United Kingdom,
this group now comprises over 16 per
cent of the population.
Paradoxically, advances in health
care and technology compound this
demographic trend by increasing the
survival rates of clinical procedures and
illness. As a result there is an increased
burden on pension provisions, health and
social care services as well as community
and family resources.
Liam Burns and Ian Cleland of the
Smart Environments Research Group,
University of Ulster (part of the Design
for Ageing Well Consortium), explain how
smart garments could make the ageing
process easier for all of us.
It is important that persons over 65
adopt a positive lifestyle approach to
44
ITNOW December 2011
health and wellbeing. The World Health

Organisations policy on active ageing
is one of: optimising opportunities for
health, participation and security in order
to enhance quality of life as people age.
Thus it is important to promote confidence
in maintaining activity levels.
Department of Health guidelines
recommend 30 minutes of moderate
or vigorous activity at least five times a
week in order to achieve and maintain
health benefits. However, between 6070
per cent of elderly persons do not reach
the recommended levels. The reasons
that impact upon older adults likelihood
of undertaking recommended levels of
activity include:

Socio-demographic status: activity is

less in adults with lower incomes.
Education: persons with higher
educational levels are more likely to

exercise.
Life style choices: persons who
habitually undertake exercise in their
younger years are more likely to carry
on exercising in their older years.
Design for Ageing Well1 is a universityled research project that aims to

encourage older adults to carry out their
recommended physical activities by
developing comfortable outdoor clothing
in relation to shape and fit, coupled with
technology to promote confidence and
enhance the experience. In order to obtain
user requirements for a smart garment,
walking groups and members of the
University of the Third Age were surveyed.
The summary requirements are shown
below. Feedback included: to improve
and maintain physical health, to control
weight, to assist cardiovascular health and
HEALTH INFORMATICS
to help improve dexterity. Social wellbeing

was identified as an important reason.
Participants wanted to maintain and
establish social connections, have fun and
feel like they had achieved a goal.
Other reasons included: walking the
dog, a cheap form of exercise or simply
that they were told to do so by their health
care professional.
Requirement
Walker %
Keep me in
contact with a
group
54.2
Tell me where my
group members
are
26.2
Keep me warm
88.1
Cool me
71.4
Help me navigate
54.8
Call for help if I

fall
52.4
Protect me if I fall
50
Tell me if I overexercise
4.8
Tell me distance
covered so far
54.8
Tell me where
the nearest bus
stop is
23.8
Tell me where the

nearest facilities
are
38.1
Monitor my health
16.7
Interact with my
mobile phone
35.7
Interact with my
portable music
player
2.4
User requirements and percentage of

respondents elicited from questionnaires
distributed to walkers. N=50
Information and communication technology
Technology can be used to monitor
activity, health and provide certain safety
precautions. In order to monitor gross
activity, accelerometers may be used.
These are small and can be integrated
into a garment. In relation to monitoring
the users cardiovascular health, low power

electrocardiogram (ECG)/heart rate sensors
can be used. The Shimmer platform2 offers
a small sensor mote that contains a threelead ECG board and tri-axial
accelerometer. It connects (using the
common Bluetooth protocol) to a mobile
device. In order to make the system both
wearable and easy to use, textile electrodes can be knitted into the garment,
using conductive yarns that will act as the
electrodes for recording heart rate.
Feedback may be provided via a
smartphone and a small watch-like
device (Live View). This allows significant
information to be displayed to the user
either by audio, visual or haptic feedback.
The phone may be used as a navigation
tool, incorporating maps and a global
positioning system (GPS) module. It also
enables the user to maintain contact with
group members as well as the emergency
services should the need arise.
The phone can also act as a processor
and storage device for the information
coming from the wearable sensors. Soft
switches (Fibretronic3) can be used to
control the functions on the phone. These
soft switches are textile-based controls
(buttons) that can be connected to a
number of portable devices.
Other technical advances in the area of
textiles allow the garment to offer cooling
and warming functions. These include
advances in wicking, which draws moisture
away from the skin, to fabrics that offer
insulation by trapping the air in the garment
and using the wearers body heat to maintain
a temperature. Warming technologies can be
integrated into the garment.
information that can enhance the users

walking experience.
By using these technologies in
conjunction with custom-fitted clothing it
is possible to create a smart garment that
can record health information, provide
navigation and GPS tracking, record gross
activity and offer some safety precautions
for the active ageing. This prototype, still
a research project, can guide the user to
destinations, identify some health-related
metrics (heart rate, number of steps) and
review all of the data recorded.
The garment can provide the user
with increased confidence to undertake
activity, which is key to positive health
and wellbeing. Design for Ageing Well
is conducting trials with focus groups
to determine user satisfaction with the
garment system, as part of a user-centred
design process. The research is in an
evaluation period and users are currently
testing the overall system. A longer term
objective is that a smart garment will be
adopted by specialist outdoor clothing
manufacturers as a commercial product
for the emerging active ageing market, to
mirror the advances in sports clothing.
A smart garment prototype

In order to develop appropriate clothing for
the active ageing a series of 3D body scans
may be taken of body shapes. From these
scans it is possible to manufacture
clothing to match and conform to the
changes in body shape associated with the
ageing process. The clothing system
consists of a close-fitting base layer,
insulation mid-layer and protective outer
layer. Within these layers technology is
integrated to monitor and record
References
1. Design for Ageing Well is funded by New
Dynamics of Ageing Research Programme,
www.newdynamics.group.shef.ac.uk
2. www.shimmer-research.com
3. http://fibretronic.com
Design for Ageing Well participants:

Smart Clothes and Wearable Technology
Research Group - University of Wales,
Smart Environments Research Group
University of Ulster - University of the
Arts London - London College of Fashion,
Institute for Health & Social Care Research
- University of Salford, University of
Brighton.
www.bcs.org/health
December 2011 ITNOW
45
SAFETY
FIRST
While IT is transforming healthcare practices and procedures throughout the UK, a significant
proportion of the NHS relies on outdated paper-based processes. These are not just wasteful and
inefficient, they are putting lives at risk, says Dr Paul Shannon FRCA MBA, Consultant Anaesthetist,
Doncaster and Bassetlaw Hospitals NHS Foundation Trust.
Staggering numbers of people are
harmed and killed by medical errors, the
World Health Organisation said in early
2011, with mistakes having an impact on
one in ten patients. Little wonder that the
organisation is warning that patient safety is
an endemic concern.
This is not new. In 2004, the National
Patient Safety Alliance described the risks
that arise from our complex health care
system, warning evidence shows that
things will and do go wrong in the NHS;
that patients are sometimes harmed no
matter how dedicated and professional
the staff.
But while individual errors might be
found to be due to the mistakes of one
or more people, the tired doctor or the
overworked nurse, its invidious to blame
healthcare staff for the WHOs endemic
46
ITNOW December 2011
concern. Why blame humans when we

deny them the tools that can help cut the
risks of error and improve patient safety?
Why tell staff they have to pull their socks
up when there are solutions already out
there that can improve their working
lives and make the care they provide that
bit better? Electronic systems, wisely
designed and implemented, can help
reduce risks in a variety of ways and
heres how.
Constraining human error
To err is human, as the poet and essayist
Alexander Pope said almost exactly 300
years ago. We can see examples of this
every single day in every single health
care setting. The common types of individual human error are lapses and slips, that
is, errors of omission (I forgot to do some-
thing I shouldve done) and commission (I

did something I didnt mean to do). The root
causes are many, including such
contributing factors as fatigue, distraction,
lack of knowledge, poor communication
and even deliberate wrongdoing.
Electronic systems dont suffer from
many of the frailties of humans. Where
they can replace tedious, repetitive,
high-speed and complex tasks currently
performed by people, they can improve
safety. Electronic systems are logical.
Steps can be made compulsory: no cutting
corners or skipping items by mistake.
Think of buying an airline ticket; you must
follow the prescribed sequence or else you
cant complete the task.
There are many examples where
there is evidence to show improvement
in patient safety; here are just a few:
HEALTH INFORMATICS
electronic crossmatch of blood; electronic

monitoring and voice prompts to
enhance hand-washing, thereby reducing
nosocomial infections; prompts and
pauses. A prompt mandates or reminds
the user to do something, e.g. Kenyan
HIV compliance, vital signs monitoring.
A pause introduces time for reflection or
confirmation. Do you really want to do
this? Cutting out that human element or
even prompting us to think a moment can
and does save lives.
Hardwiring quality
With the best will in the world no doctor or
nurse can know everything. Theyll have
strong and weak points in their knowledge
and skills. They have good days and bad
days, like the rest of us. Health IT can help
direct care and ensure that the patient
stays on the right track, that he or she
receives all the appropriate care in a timely
manner: right thing, right way, right time.
Again, illustrations are plentiful. Enhanced
communication across care boundaries,
for example, can provide integrated care,
vital for things like safeguarding, and also
helps to overcome the fragmentation of
care delivery.
Formal clinical decision support is
also hugely useful, for example, with
programmes such as ePrescribing
improving the quality and safety of patient
care. Informal support such as Medline,
and even Google, is also proving its worth.
Electronic systems are great for tracking
patients along pathways of care, improving
hospital care planning from well before
admission to long after they return home.
They can also help in implementing care
bundles (groups of interventions which,
when implemented together, have a
synergistic effect on a disease pathway or
patient outcome).
Improved decision making
Having the necessary information about
a patient is essential to good clinical care.
Having that information at your fingertips,
when you need it, and easily accessible,
helps avoid pitfalls and promotes bespoke
decisions. Forewarned is forearmed. The
patient feels valued, listened to and at the
centre of your attention. The full

recording of clinical observations (such
as vital signs and early warning scores)
facilitates medicines reconciliation and
enhances continuity of care. After all if the
notes are consistent and trustworthy, then
they will be trusted by the next clinician
who treats the patient.
And when things do go wrong
Electronic systems are terrific at
discovering the source of problems
because they allow data to be captured
automatically. Coding systems, such as
save the same questions being asked over

and over again.
It all adds up
The use of electronic systems in health
care is already embedded into everyday
practice. It would be inconceivable to contemplate providing modern health care
without such essentials as patient
administration systems (PAS), picture
archiving and communication systems
(PACS) and theatre management systems
(TMS).
In many parts of the NHS, however,
But while individual errors might be found to be due

to the mistakes of one or more people, its invidious
to blame healthcare staff.
SNOMED CT and ICD11, aim to overcome
ambiguity in language by providing terms
that have defined meaning. If information
is captured it can be investigated, analysed
and presented in meaningful ways. This
provides the possibility for remembering
and learning from mistakes (retrospective analysis), providing a real-time picture
of how things are (current status, dashboards) and how things are likely to be in
the future (prediction).
Here are just a few examples of how this
is working in practice:
automated adverse event detection
can spot medication errors and
infection risk;
automated critical incident reporting
makes it easier to flag when things go
wrong;
data mining can identify complex
correlations and novel associations
that would otherwise never be seen;
population surveillance can aid with
establishing the safety of products or
interventions, such as vaccine safety,
and also monitor the spread of
infection or progress of epidemics.
There are many more examples
benefiting all aspects of health care. These
range from supply chain management,
ordering the right stuff on time and without
unnecessary duplication, to making sure
patient information is recorded properly to
paper-based and manual processes still

dominate and it is in this area that most
patient safety issues occur. The time is
now ripe to exploit health care IT fully
in the NHS in order to reap the patient
safety benefits. These systems, properly
implemented, can provide the step-change
in patient safety that everyone knows we
need, but which has proved extremely
difficult to bring about in practice.
Simply encouraging health workers to pull
their socks up doesnt work, and why should
it? Theres only so much longer that we can
make excuses for not implementing these
changes.
Pope was quoted earlier in this article, but
perhaps we should look instead to Seneca,
whose words were probably the inspiration. A
couple of millennia ago, he is believed to have
said that: Errare humanum est; perseverare
diabolicum.
This translates roughly as making
mistakes is human, but carrying on with them
is devilish and not in a good way. We know
that people make mistakes. We know that in
healthcare, these mistakes can have serious,
even fatal, consequences. We also know that
judicious use of IT can reduce the risks. Can
we really afford to carry on regardless?
www.bcs.org/health
December 2011 ITNOW
47
Enhance your professional skills

Browse our comprehensive range of business and IT books to help your
business and career development.
Telephone +44 (0) 1793 417 440 or email bcspublishing@hq.bcs.org.uk
MTG/AD/1113/1011
www.bcs.org/careerbooks
LEARNING AND DEVELOPMENT
OPINION:
TRAINING OR
LEARNING?
Jooli Atkins, Chair of the

Learning and Development SG
and BCS blogger, gives her view
on a
long-standing question.
Theres been quite a debate recently about

whether were in the business of training
or learning, particularly with the change
last year in BCS when the Information
and Technology Training Specialist Group
became the Learning and Development
Specialist Group. Add to that the recent
changes in the Institute of IT Training,
resulting in their rebranding as the
Learning and Performance Institute and
the debate continues.
The way I see it, learning describes
what we are there to achieve and training
is one of the ways in which we can achieve
it. The whole point of what we do, however,
is to help people to learn in order to make
a difference for themselves and their
organisations. So the way in which that
learning is achieved is not as important as
the results of the learning and the impact
that has.
Our role, as learning and development
professionals, is to facilitate learning; to
create an environment in which people
can learn, whether thats in the classroom
or online. Learning is, after all, a voluntary
activity, so we have no control over
whether or not people learn. What we do
have control over, however, is their access
to the right learning at the right time for
the right reasons and thats what we
should focus on doing.
In IT thats even more important than
ever, with the UK IT skills gap widening
and budgets being cut all the time. We
need to make sure that we use every
opportunity to engage with the business
customers of our IT products so that
they get maximum return on their IT
investment and were in a great position to

be able to do that just by doing our jobs.
We provide the bridge between
the systems and their users, with our
technical knowledge and business
understanding. Although there are those
who have mourned the loss of IT Training
as a specific title, in my opinion, to do our
jobs properly we need to step out of the
perception of training as the solution and
become an integral part of the change that
organisations are going through in order
to survive. Holding on to our dearly held
technical titles is not going to help that.
We have always had a perception
problem in both IT and training. The IT
department doesnt usually see training
as being part of what they do and the L&D
department doesnt see learning IT as part
of what they do. We need to become more
visible in both arenas and we can only do
that by proving the value of what we do.
We know that we can make a difference
to the way in which IT and computing
benefits organisations and its about time
we started shouting about it.
The much anticipated change in the
SFIA skills in Learning and Development,
with their expansion and move to the
Business Change category will help
increase our profile in the IT profession,
but its now time to deliver on our promise
as part of the business change team.
We can make a difference, by facilitating
learning through all its varied delivery
mechanisms, including training.
Jooli blogs at www.bcs.org/blogs
December 2011 ITNOW
49
OF THE
STAY AHEAD
CURVE
ITIL procedures have been adopted by a wide range of organisations and departments worldwide
to help enable improved skills and efficiency, quality assurance and business maturity. ILX Groups
COO, Eddie Kilkelly MBCS looks at how best to use this knowledge across the organisation to
improve the way companies work.
In todays tough economic climate,
organisations need to be increasingly
efficient with how they operate, to ensure
they dont get left behind in the storm.
We are all aware of the multitude of
business technologies that now exist
promoting increased productivity; from
document management and workflow
processes, to cloud-based applications
and back-end servers. Even smartphones
have sent the humble mobile phone to
the storage cupboard in the name of
efficiency.
A tech-savvy iWorker generation
is on the horizon whereby workforces
will begin to expect high specification
hardware, connectivity and 24-7 database
access, to allow them to work with ease
at any point in time and from all locations.
Some UK councils have installed iPads
in waste collection vehicles to help
reduce paperwork inaccuracies and
losses (1), and police officers can simply
load smartphone applications to identify
criminals on the spot (2). Technology really
is extending to all lines of work, and the
50
ITNOW December 2011
evolution is showing no signs of slowing

down.
In essence, the opportunity now exists
for businesses to become more productive
than ever before. However, despite all
the technological advances, the shortest
route to productivity lies with ensuring
the workforce is capable of using the
technology to its full potential; a pressure
point for HR and IT departments in all
types of organisations.
As such, organisations need to ensure
that they are continually referring to
industry best practice to improve even
the most standard of functions and keep
ahead of the curve, whilst implementing
appropriate training and guidance for
employees.
After all, new technologies can prove to
be complex for the IT manager let alone
the user.
Adopt, adapt... advance
The constantly evolving ITIL procedures
provide an internationally accepted
approach to IT service management. By
providing best practice advice it acts as a

current and practical guide for all types of
organisation.
Though originally published in 1989 as
a set of public sector guidelines in the UK,
the ITIL publications have taken many key
learnings from different sectors across
the world and as such have become an
internationally recognised tool that all
companies can adapt to fit their own needs.
It is not just IT departments that can
benefit from adopting ITIL principles. We
have already seen how the fundamental
messages it promotes can be adopted
and adapted across all public and private
sector departments, with a framework
including strategy, design, transition,
operation and continual improvement for
IT services.
These are principles that should be
addressed and adopted by all office
departments at any given time to ensure
that the company is continually looking
forward.
In order to embed this best practice
approach and the skills the organisation
LEARNING & DEVELOPMENT
It is not just IT departments that can benefit from

adopting ITIL principles. We have seen how the
fundamental messages it promotes can be adopted
across all departments.
needs, HR and training managers need

to understand best practices and the
roles and responsibilities within project
teams. Something that ITIL practitioners
strongly advocate is that IT services must
be aligned to overarching business needs
and that they underpin the core business
processes across all departments. It is,
therefore, important for internal training
departments to ensure they are aware of
all functions across the company.
Obtaining the insight within
Many introductory courses are available to
help increase awareness of specific
methodologies, helping companies climb
the ladder to success.
These courses come in a range of
formats from e-learning, instructorled training and bespoke in-house
programmes. Ideally HR professionals will
have undertaken the courses themselves
to be able to consult with wider teams
throughout the company. When selecting
an ITIL course it is most valuable to ensure
it covers the recent 2011 revisions to the
library, so that teams are prepared for

future changes as early as possible.
Aside from the training itself, it is
important that both IT and HR managers
work more closely with all department
managers and become an integral part of
internal change projects.
In gathering this insight it can help
the company progress by identifying
pressure points or areas from an
outsiders view and apply their expertise
to streamline processes. From the HR
managers point of view, forming this close
working relationship can ensure the right
employees are equipped with the right
skills, at the right time.
Something to learn from
There is certainly a lot to learn from ITILs
successful formula, and these learnings
can lead to similar positive results for
other departments and businesses
irrespective of their sector or functions.
No matter what industry, best practice
service management makes good business
sense. Following best practice guidance
will also improve efficiencies, improve

skills, improve services and improve
delivery across a business.
What we have found is that in order to
achieve business-wide service excellence,
service management techniques trialled
and refined in IT can be used throughout
the full life cycle of services and
organisation-wide.
Once this is addressed and all
departments are running as efficiently as
possible, companies will find themselves
ahead of the curve and thriving well into
the future.
References
1. www.bbc.co.uk/news/uk-englandmanchester-14718065
2. www.dailymail.co.uk/sciencetech/
article-1286831/Police-use-iPhoneapp-identify-suspect-takingphoto-face.html
www.bcs.org/learning
December 2011 ITNOW
51
SHAKING UP
TRAINING
New research into training for enterprise resource planning (ERP) systems implementation found
that a different approach is needed to the way employees are trained to avoid potentially costly mistakes. With this in mind Christina Torrington, Optimum Technology Transfer, reports on research
conducted by Kingston Business School, which points to the fact that ERP systems are demanding a
shake up of traditional IT training methods.
The Kingston University study points out that

employee training is one of the most
critical aspects in successfully
implementing an ERP system. But it warns
that the traditional reliance on last minute,
task-based keyboard training, focused just
on ensuring staff can do their jobs after
go-live, can be counter-productive.
The report, by Dr Stephen Gourlay,
Reader in the Leadership, HRM and
Organisation department of Kingston
Business School, argues that training has
a much wider role to play in positively
52
ITNOW December 2011
influencing employees to adopt a complex

new ERP system from the outset.
Conversely, the study notes that there
are consequences to inadequate training.
Poor or insufficient training has been
identified as a cause of serious problems,
if not failure, in some ERP projects, with
additional post-implementation training
required to rectify issues.
Gourlay reasons that implementing
a new ERP system has a huge impact
on all areas of an organisation. It entails
considerable change in roles, jobs and
LEARNING & DEVELOPMENT
tasks, so most, if not all, employees, from

the boardroom to the back office, will
need some training on the system at some
stage.
Customised training
Gourlays research recommends that user
training is customised as different groups
of employees require different types of
training at different times. The study has
also found that training is more effective if
it goes beyond a focus on how to use the
systems functionality to include an
understanding of how it has changed
business and work processes and what
effect an individuals actions have on
others work. Research shows this wider
approach can help to break old habits and
develop employees in new directions.
The report highlights the importance
of factoring training in throughout
the process, from the early project
planning stages, to pre-, during and
post-implementation delivery, followed
by refresher training as the system use
beds down. As more functionality and
modules are added, training needs to
evolve to ensure continuous improvement
in how the system is used to maximise
efficiencies for the organisation.
The Kingston research concludes
that training is concerned not just with
influencing individuals but how whole
groups of people approach their work. It
suggests that taking a broader, not just
task-based, approach also helps both with
knowledge transfer between employees
As a follow up to the initial research

project, the university has also undertaken
various interviews with organisations to
review their ERP implementations and
identify the main challenges in delivering
training to all involved. The findings
support a previous report by the university
The study found that training is more effective if it

goes beyond a focus on how to use the systems
functionality to include how it has changed processes
that identified a need for organisations to
take a comprehensive strategic approach
to training when planning to implement an
ERP system.
Challenges
The two most common challenges cited
by the organisations interviewed were:
Inadequate communication (of the ERP
system), creating resistance and fear
amongst end users and inadequate and ill
timed delivery of training (courses).
Of these, inadequate communication
of the ERP system is probably the easiest
to rectify, whereas inadequate and ill
timed delivery of training courses requires
slightly more resources in terms of time
and money.
A comprehensive, all inclusive
training strategy that incorporates clear
communication channels to all roles and
levels of the organisation is crucial.
When developed as an IT and HR
initiative and in advance of the actual ERP
Poor training has been identified as a cause of

serious problems, if not failure, in some ERP projects.
and retaining expertise within the
organisation.
The report has been sponsored by the
IT skills consultancy Optimum. Managing
Director Sarah Kirk, said: Our experience
has always been that where organisations
regard user training as part of their
investment in an ERP system, rather than
a cost associated with it, they are far more
likely to see real business benefits. But we
wanted to know if independent research
backed that up.
working at a screen. At best, they are

viewed by their employers as someone
who is not comfortable with IT, but is
likely to proactively wrestle with new
technologies to comfortably integrate it
into their role and day-to-day working
practices.
system integration, it is one of the keys

to unlocking the fear of end users and
changing perceptions of how the new
technology will benefit them.
Instructor led training has been
historically used as a sticking plaster to
bridge the gap between end-users and the
new system. Yet it does little to distil the
fear and resistance from end-users.
Anecdotal evidence suggests that the
common perception of an end-user by
organisations is a faceless, lone employee
At worst, they are viewed as IT illiterate,

keen to find short cuts or ways to override
using the system. These perceptions do
not combine well for the resultant training
on the new system, particularly when
instructor led training courses are typically
delivered post-implementation.
Hence the concept of the end-user
would be more useful if conceived more
broadly than is currently the case, and the
university will be working with Optimum to
find appropriate approaches to identify the
end user perceptions and attitudes.
End-users are critical to the success of
ERP implementation. Whilst traditionally
we have thought of clerical and other staff
being end-users of systems, ERP systems
make everyone an end-user as they
change everyones jobs.
Anticipating user fears and needs,
and building training in to all phases of
ERP system implementation is the key to
ensuring a smoother overall process, and
better results.
Sarah Kirk concludes: The report and
interview research does support our
view that the best results come from a
sustained ERP training programme that
wins employees early buy-in and then
continues to build their skills as the system
evolves.
Note: The research which inspired this
article was conducted by Dr Stephen
Gourlay, Amanda Rosewarne, Sunitha
Narendran and Dilys Hinkson of the
Kingston Business School.
www,bcs,org/learning
December 2011 ITNOW
53
LEGAL
infringement of their copyrights, the
applicants therefore needed to get an
order against BT (and then other ISPs).
It is hard to quantify the extent of online
copyright infringement. The court cited two
studies. One, by Ipsos MediaCAT, estimated
the overall loss from film piracy at 477
million and the overall loss from television
piracy at 58 million in the UK in 2009. A
study by Tera Consultants found that the
audio and audio-visual industries in the UK
lost almost 670 million revenues in 2008
to physical and digital piracy, significantly
more attributable to digital piracy.
WEBSITE BLOCKING
IT lawyer and past BCS President Rachel Burnett examines the

recent Newzbin case.
In July, BT was ordered by the High Court
to block access to the Newzbin 2 website
on grounds of copyright infringement. This
is the first time this kind of order has been
made. BT is the largest UK ISP, with over
5.3 million internet subscribers.
The Newzbin 2 site was set up for
members, providing links to a lot of
illegally-copied material, including films,
music and computer games, found on
Usenet discussion forums.
The action was brought by six film
production companies or studios - 20th
Century Fox, Universal, Warner Bros,
Paramount, Disney and Columbia
Pictures - representing the Motion Picture
Association of America. They are owners
or exclusive licensees of copyrights in
films and television programmes. It was
supported by four other organisations:

54
British Recorded Music Industry Ltd BPI,

representing UK record companies;
ITNOW December 2011
International Federation of the

Phonographic Industry, representing
the recording industry worldwide;
the Association for UK Interactive
Entertainment, representing almost
all major companies involved in the
development and publication of video
games in the UK;
the Publishers Association,
representing UK book publishers.
The application followed an injunction

against Newzbin Ltd. to stop copyright
infringement, the claim having been
brought by the same applicant film
companies. This was in respect of an
almost identical website, in terms of
design and operation, at the same URL.
That website stopped operating. But
then the Newzbin2 site started up at the
same location, working in effectively the
same way as before, but offshore. To
be able to prevent, or at least reduce,
Infringed copyright
BT had to have actual knowledge and the
court found that BT did know that users of
Newzbin 2 infringed copyright, in particular
of the applicants copyrights, and that the
users included BT subscribers.
BT told the applicants that it did
not support or condone copyright
infringement, but to avoid business
exposure and potential liability, it required
a court order before it would block a service.
BT prefers this approach, where the
defendants have been found in breach
of copyright, rather than the approach
specified under the Digital Economy Act
2010 (an Act rushed through in the final
days of the last government).
One element of this act requires ISPs to
suspend individual users internet access
in circumstances where they are found
to be illegally downloading copyrighted
material (three strikes and out).
However, Ofcom, the UKs
communications regulator, has stated that
the procedure will not work. Meanwhile
the government has announced proposals
to legalise format shifting, that is, to allow
consumers to transfer content from CDs or
DVDs to a different format such as an iPod.
The actual judgment at http://bit.ly/
o9N0nw is interesting, as it sets out
the procedure adopted by the studio
claimants, the legal remedies available,
explains the background to the claim, the
law and the reasons for the judgment.
It shows that rights holders can prevent
proven online infringement, and have
the infringing material cut off at source.
Similar orders will be sought against the
other significant ISPs in the UK.
www.bcs.org/legal
GAMING
IN PRAISE OF
KINECT
Having been a keen gamer ever since my brother and I got a ZX Spectrum for Christmas in 1982, I am
really enjoying watching my children get the gaming bug says Henry Tucker MBCS.
All those years ago, when loading a game
meant connecting up your tape deck,
hoping you had the tape in the right
position, typing in the launch command
and then pressing play, I do remember
sitting down and playing the occasional
game of Hungry Horace with my mum, but
that was about all the gaming interaction I
had with my parents.
But then multiplayer gaming hadnt
really been invented; it would have been
impossible for two people to try and control
our famished friend when you consider all
you had was keyboard controls and how
small the Spectrums keyboard was. Then
there was the size of the TV that we used;
14-inch sets arent really very good for
single-player, let alone two-player games.
Now though gaming is very much a
living room, family-orientated past time.
With larger TVs and controllers that even
children like my three-year-old son can

use, gaming is a lot of fun. I do remember
that even loading games on the Spectrum
was hit and miss and that sometimes
games just wouldnt work. This can
happen now, of course, but starting games
is now so easy. The loading times too are
momentary in comparison.
So this brings me on to the latest game
I am playing with my children. At the
moment my daughter loves Once Upon A
Monster, a Kinect game for the Xbox 360.
Kinect, I think, is the perfect system for
children. Although they pick things up
really quickly, they can find the controllers
a little too big sometimes. With the Kinect
they are the controller and, as long as the
Kinect has been set up properly, they can
get into it really quickly.
So there was my daughter walking
through a forest as Elmo, sitting on
Marcos shoulders, ducking under low

branches, putting her arms up to catch
things and then jumping to go over
streams and fallen trees.
Kinect, of course, isnt the first motion
controller and my daughter has played on
the Wii a bit. Even that though requires a
certain amount of manual dexterity that
can be beyond younger players. Being
seven, she does all the moves really easily
and picked up the control scheme quickly.
Dont get me wrong, the Wii can be a lot
of fun, its just that a lot of the time it is still
just a controller.
With the Kinect you dont even need to
hold a controller to start it, just say Kinect
and you are into the menu screen where
you can select what you want.
www.bcs.org/games
December 2011 ITNOW
55
HEROINES
OF
TECHNOLOGY
Until recently youd have been forgiven for thinking that

there were only two women of note in computing - Grace
Hopper and Ada Lovelace. There are, of course, many more
as Dr Hannah Dee MBCS explains.
WOMEN
If you ask people to name a woman in

computing, these are the first two names
that come up - events and awards named
after a woman are called the Hopper this
or the Lovelace that (with the notable
exception of the BCS Karen Sprck Jones
Lecture). Grace (or to give her her full
name, Rear Admiral Grace Murray Hopper)
is the favourite of American audiences
and Ada (Augusta Ada King, Countess of
Lovelace) is favoured by us Brits.
Ada was the daughter of Byron, the
poet, and to counteract the effect of
his dangerous poeticism, Adas mother
encouraged her to study mathematics. She
became friends with Charles Babbage and
in some notes written in the 1840s she
described what today is recognised as the
worlds first computer program. She was
also the first writer to discuss the possibility
of computers doing things other than
just calculations, having realised that the
symbols manipulated by machines could
represent letters, words or even music. She
was bled to death, aged 36, by physicians
trying to treat her uterine cancer.
Lovelace Day
Ada Lovelace Day is an international
blogging day during which people write
about women working in science, engineering and technology whove inspired
them. This was launched by Suw
Charman-Anderson, who says I started
Ada Lovelace Day in 2009 because I was
fed up of all of the conversations which
lamented the lack of women but didnt do
anything about it. Every time a technology conference has an all-male line-up, it
reinforces the idea that there arent any
women out there and, when challenged,
conference organisers quite often say they
havent heard of any women they could
invite (the Ive only heard of men excuse).
On top of this, theres research
suggesting that women and girls respond
better to female role models and as Suw
notes role models are created quite
simply by talking about women whose
achievements we admire. Therefore Ada
Lovelace Day tries to raise the profile of
women in computing, taking away the Ive
only heard of men excuse and providing
people with a broader set of role models.
If we all, men and women, write a blog
post about an inspiring woman, then the
inspiring women will be easier to find. It
doesnt matter who the subject of your
blog is; she can be your teacher, a famous

scientist or even your mum (although do
try not to write about Ada or Grace, as
weve all heard of them already).
This year Ada Lovelace Day was on 7
October and, as usual, people all over the
world blogged about inspiring women. This
year there were also celebrations across
the globe where people got together to
listen to talks, run training sessions and
generally do geeky stuff with women. As
with blogging, the face-to-face events are
about the women in tech, but theyre not
just for women in tech. Men are invited and
are very welcome to come along and get
involved too.
In London, BCSWomen hosted two
from her Radio 4 show It Is Rocket Science

talked about the Mercury 13 and getting
women into space. Sue Black, BCSWomen
founder, then spoke about the power
of social media and about the saving
Bletchley Park campaign. Gia Milinovich
showed some cool soft-circuits technology
with Lilypad Arduino microcontroller
boards sewn into clothes (LEDs embedded
in jumpers? Zips as switches? Its
electronics, Jim, but not as we know it).
Sarah Pascoe did some stand up,
Helen Arney sang some funny, geeky
songs accompanied by the ukelele. Then
to finish the formal part of the evening,
space scientist Maggie Aderin-Pocock
gave a guided tour of the universe - stars,
She was also the first writer to discuss the

possibility of computers doing things other
than just calculations.
events at the BCS Southampton Street
offices. The first of these was an Android
fun day, looking at the use of AppInventor
to create simple Android apps. This was a
hands-on workshop and by the end of the
day everyone had made at least one app.
App in a day
Its hard to make the next Angry Birds
in just one day, but attendees gained the
basic skills and most importantly they
learned what questions to ask to take
their mobile app dev to the next level.
Apps invented and prototyped included
a compass for the blind, a kids game to
teach the alphabet and an SMS based
phone answering service. This event was
put together by Karen Petrie (Dundee
University) and Hannah Dee. Over 60
people signed up and judging by the
feedback received, this is an event that
BCSWomen will be running again.
For the evening event, we were lucky
to have the comedienne Helen Arney on
board who put together a truly inspirational
line-up. Tied together by the hilarious
compere Kate Smurthwaite, we had seven
performers ranging from academics
through to stand-up comediennes. First
up, Maggie Philbin talked about ways
to get kids interested in technology and
engineering through her TeenTech project
that links up real engineers with school
kids challenging perceptions on both sides.
Then Helen Keen - who you may know
galaxies, space and all.

In the words of Maggie Philbin: The
Ada Lovelace event at BCS was a fabulous
evening, a really powerful and eclectic
gathering of women in tech. I never pass on
the opportunity to bang the drum for women
in this area - for all the well publicised
reasons we simply dont have enough
women at top level in IT. Like many others, I
think its worth making sure this changes.
I for one wont have any difficulty finding
the heroine I write about on Ada Lovelace
Day 2012 - Ive just seen eight wonderful
women in tech live. My problem will be
choosing just one.
To find out more about BCSWomen, check
out www.bcs.org/bcswomen - membership is free and open to all women BCS
members.
To find out more about Ada Lovelace Day,
check out http://findingada.com - theres
a mailing list and all sorts of other useful
information.
To find out more about BCSWomen
events, even if youre not a woman in IT,
you can like us on Facebook, follow us on
Twitter @BCSWomen and check out our
videos on:
www.youtube.com/bcswomen
December 2011 ITNOW
57
FROM THE BLOGS

IT STRATEGY IN HARD TIMES
Adam Davison MBCS CITP is the author of the new IT Strategy blog: www.bcs.org/itstrategy
There is a particular pleasure in developing
an IT strategy when the times are good. Of
course, everyone still talks about efficiency
and delivering extra value, but the reality
is that when funding is plentiful the focus
tends to be more on growth and innovation
than on squeezing every last drop of value
out of the IT spend.
In the same way, however, developing
a strategy for IT during difficult times
presents a particular challenge and, in its
own way, can also present an opportunity.
Tough, sometimes quite unpalatable
decisions have to be made. The previously
unthinkable might have to be thought.
However, when the right decisions are
made, IT has the potential to do more than
maybe any other part of an organisation to
get it through the hard times and back onto
a steady course.
Hard and fast rules are difficult to set
for what to do in these circumstances as
it will, of course, depend upon the precise
details of the situation, but a good rule
of thumb would always be: prioritise,
prioritise, prioritise. What is truly core to
your operations and what is not? You will
need to be ruthlessly honest about this.
Always ask the question: if we just stopped
doing this, what would happen?
Similarly, look at your investment
plans. It is seldom a good idea to stop

all investment, but work out which
ones are either critical from a capability
maintenance point of view, or critical
from an organisational priority point of
view and which are not. Of the nots, can
they be deferred, or maybe even killed off
completely? Again, a good way to approach
this is to set an extreme scenario: if we had
to reduce our project programme by 50 per
cent what would be keep and what not?
This can really clarify your thinking about
what is really important.
As far as operational costs go, now
is a great chance to push through
innovations that might be resisted at
other times. Pushing suppliers for extra
savings. Looking for areas to contract out.
Simplifying processes. Persuading your
organisation to buy into programmes of
standardisation. These options may or
may not be politically palatable, but hard
times can provide the impetus to push
through changes which would, in better
times, be resisted or seen as unnecessary.
Always look for the opportunities.
Most of all, in the words of the late,
great Douglas Adams, dont panic. In
my experience, knee-jerk reactions are
seldom helpful. Always work on the
assumption that, in the long-term at least,
this situation will not endure and therefore

consider the strategic as well as the
short-term consequences of any decision.
For example; increasing the length of
time for replacement cycles for desktop
equipment and postponing an expensive
operating system upgrade may make
perfect sense to allow you to squeeze that
little bit more value out of your existing
investment. Agreeing to put a complete
hold on any replacement and / or upgrades
might be helpful in the short-term but will
almost inevitably lead to an even bigger
headache further down the line.
Finally, be honest with your people. Dont
be unnecessarily alarmist, but when staff
understand the sort of issues you are facing
and the sort of pressures the organisation
is under and are, themselves, asked to
share in the challenge or responding, it is
amazing what ideas can come up. After
all, it is usually the people at the coal face
who really know where the problems
are. At this time, more than at any other,
make space for people from all parts of
your organisation to put their thoughts
and suggestions forward and make sure
that all such ideas are, at the very least,
acknowledged and appreciated. After all,
you never know what you might learn!
WIBBLE: PROJECT EYE BLOG

Sometimes there are classic comedy
moments that we remember fondly. We
revel in their silliness and laugh out loud, and
I challenge you to see how many comedic
gems you can recognise in this post. Yet
sometimes we need to see the serious side.
After another damning project failure report
on FiReControl, is anyone still laughing?
The FiReControl fiasco is the latest high
profile public sector project failure, not
counting the hilarious NPfIT. Yeah baby, the
official NAO enquiry report says it got into
trouble because of a lack of stakeholder
consultation, a rushed start and lack of
appropriate oversight procedures, lack
of leadership and poorly managed use
of consultants, and failure to resolve
58
ITNOW December 2011
contractual issues. And just like that it

was cancelled in December 2010 at a
cost of loadsamoney for taxpayers.
D'oh! More than just a wafer thin mint
to be sure.
So what have we learned? Aha!
Perhaps they wouldn't let it die early
enough? I don't believe it was the only
failing project in the village. It did not
go out on a hi-de-hi. It was certainly
another fine mess, and not done in the
best possible taste. But calm down,
the government is trying to minimise
project losses now. The Major Projects
Authority has a cunning plan for future
projects, and this may lead to better
things. We really want to see those
assurance fingers. And hopefully shut that

door on future catastrophic project failures.
Yeah, I know, I want that one. It would be
super, smashing and great. How very dare
they and nice to hope so, to hope so nice.
Am I still bovvered? Yeah, but no, I didn't
get where I am today by skipping on the
finer details.
If you want to read more then you can
go to the NAO website.
And for something completely different,
you might just want to stick two pencils in
your nostrils and wait for the report on the
next big project failure.
www.bcs.org/projecteye
THE COMPUTER JOURNAL
Below are some extracts from BCS, The Chartered Institute for ITs eminent academic monthly
The Computer Journal, published with Oxford University Press.
Recognising Algorithms Using Language
Constructs, Software Metrics and Roles
of Variables: An Experiment with Sorting
Algorithms.
Ahmad Taherkhani, Ari Korhonen, Lauri
Malmi
This paper focuses on algorithm
recognition (AR) where the problem is
to recognise and classify algorithms to
obtain an abstract understanding of the
source code. The main goal is to extend
the application of program comprehension
(PC) in automatic assessment tools, and
to develop methods that can automatically
recognise algorithms from source code.
Since AR is undecidable, the problem
and the scope are reduced to a particular
group of algorithms and the matching
is not required to be exact, but simply
to be statistically reasonable. First, the
concepts of PC and AR are introduced
and compared. Then, the AR method is
introduced, based on the static analysis
of the source code using statistics of
language and software complexity metrics.
Algorithms are converted into vectors
of characteristics which are identified
and extracted from these algorithms.
These vectors are then processed by
the recognition process. This proposed
method has been applied to five commonly
used sorting algorithms and a prototype
analyser is developed to automatically
compute and convert algorithms into
characteristic vectors.
Learning data from 70 different
versions of the five sorting algorithms
was collected and passed to the analyser
and it is shown how the algorithms can be
differentiated by their characteristics. An
experiment has been carried out on all five
sorting algorithms in order to evaluate the
performance and accuracy of the method.
A total of 217 different algorithms were
tested and the results analysed.
Blind Watermarking of Colour Images
Using Karhunen-Loeve Transform Keying
Alessandro Basso, Davide Cavagnino,
Victor Pomponiu and Annamaria Vernone
Digital watermarking is an embedding of
secret information and has three

components: an embedding procedure, an
extraction algorithm and a watermark.
A watermarking system is either
non-blind, semi-blind or blind depending on
the use it makes of the original image and
the watermark in the extraction process.
Only blind watermarking schemes
can be successfully used in security
applications whose purpose is to prove
ownership of digital media.
Furthermore, if the watermarking
scheme is robust, this would provide
further protection of ownership rights
against illegal distribution. However,
there is currently no scheme that is
highly secure and able to preserve image
quality, since there are trade-offs between
robustness, imperceptibility and security.
To guarantee the robustness and still
preserve the quality of the original image,
a new watermarking scheme for colour
image is proposed and is based on the
Karhunen-Loeve transform (KLT) whose
basis images used in the transform are
not related to the images being marked
but are from an image that is the secret
key used in the watermarking scheme.
After an introduction to KLT and
related work, the proposed watermarking
method is introduced through a number
of steps: a) the computation of a set of
KLT eigenvectors of meaningful secret
images, b) the embedding of a watermark
into a colour image, c) the detection of
a watermark, and d) the computation
of the pseudo-random sequence of the
watermark used in the embedding process.
For experimental results, the authors
first motivate two parameters (the
construction of a feature set and the
choice of a strength factor), which help to
achieve an optimal compromise between
the quality of the watermarked image and
the robustness against attacks.
The robustness of the proposed
scheme is then tested for performance
against non-geometrical attacks and then,
three types of attacks are performed to
test the efficacy of the proposal against
geometrical attacks.
Finally, a discussion of
security considerations
is given.
The Computer Journal

The Computer Journal has published
advances in the field of computer
science for over 45 years.
Section A: Computer Science Methods
and Tools publishes the more general
computer science papers.
Section B: Networks and Computer
Systems accommodates papers
covering all aspects of networks,
including architectures, protocols,
security, operation and performance.
Section C: Computational Intelligence
covers topics including artificial intelligence, machine learning, robotics,
fuzzy logic, neural networks and
swarm intelligence.
Section D is new and covers Security in
Computer Systems and Networks
More information about The Computer
Journal is available on the Oxford
Journals website. To sign up for an email
table of contents alerts,
submit your paper online, browse article
abstracts, download full text articles (if
your library has a subscription), search
across articles by author or keyword,
access the 40-year archive and more.
Members can get heavily discounted
subscription rates:
www.bcs.org/cjournal/subscribe
ITNOW December 2011
59
REVIEWS
BOOKOF
THEMONTH
Business Model
Generation
Alexander
Osterwalder & Yves
Pigneur
Wiley
288pp
ISBN
9780470876411
23.99
10/10
This is more than just a book about

business model generation; it is also
a practical toolkit for business model
innovation, driven by a unique concept
and approach for describing,
visualising and assessing business
models, called the business model
canvas.
The canvas is made up of nine
building blocks, which together describe
the rationale for how an organisation
creates, delivers and captures value,
otherwise known as their business
model. The building blocks consist
of: three blocks for key input (i.e.
partners, activities and resources);
three customer-focused blocks (i.e.
key segments, relationships and
channels); two blocks for key costs
and revenues; as well as a central
block for value proposition, all of
which are laid out on a single-page
model diagram, or canvas.
The simplicity of the business
model canvas is at the heart of
the beauty and power of this book
because it can be used to describe
essential concepts of any business
model in its entirety in a single
diagram. This is clearly illustrated
by the inclusion of innovative and
disruptive business models from the
usual suspects, e.g. Amazon, Apple,
Google and Skype, as well as some
equally powerful, but perhaps lesser
known, examples from SMH (makers
of Swatch), Nestle and Daimler.
Jude Umeh FBCS CITP
60
ITNOW December 2011
Windows Small
Business Server 2011
Administrators Companion
Charlie Russel and Sharon
Crawford
Microsoft Press
832pp
ISBN 9780735649118
45.99
10/10
Windows Small Business Server (SBS) is
available in standard and essential
editions. The authors cover the standard
edition, which is designed for small
businesses with up to 75 users.
SBS 2011 is a 64-bit architecture with
the administrative task performed within
an integrated console. The move towards
a 64-bit architecture is heavily influenced
by memory management, improved
performance, security enhancements and
capitalising on virtualisation. There are
concerns including driver issues, hardware
and software compatibilities.
Before progressing to installing SBS
the authors explore planning the network
infrastructure, surveying the business
Prince2 in Plain English

Steve Tofts
Benchmark Training and
Development Ltd
114pp
ISBN 9780956462923
19.99
9/10
This book is useful as an
introduction to the
official Prince2 manual
for preparation for the Prince2 examinations,
for those playing a part in Prince2 projects
and for those looking for real world examples
of using Prince2. It may also prove useful
to those who are new to project management
and looking for an off-the-shelf project
management framework, as well as those
who want a detailed understanding or
overview of Prince2 in action.
The four elements of Prince2 are
well covered. There are ten chapters,
with a chapter on each of the basics,
the principles and the processes, and a
separate chapter on each of the seven
themes. This does seem bizarre at first, but
tailoring is discussed throughout the book
needs and factor into their

planning the resources required,
i.e. network type, network devices,
diagramming the network, server
hardware, naming conventions,
storage, fault tolerance and security.
The authors proceed to take the
reader through a descriptive visual
journey of the installation and
migration process.
It then navigates through
managing users. SBS 2011 has two
group types: security and distribution.
The authors address share and file
permissions, storage management, print
server management, managing computers
and software updates, configuring backups,
configuring and managing email, remote
web access, group policy administration
and customising SharePoint (as SBS
2011 standard comes with SharePoint
Foundation 2010). They complete the
walk-through by focusing on performance
monitoring and disaster planning.
The book is comprehensive in its
coverage of the topics.
Uma Kanagaratnam MBCS
and the relevant principles and

processes are also covered in each
of the seven themed chapters.
The two separate A3 coloured
charts, a 140 term six-page
glossary, the four real-world
everyday example projects, good
graphic illustrations and 113 pages
of A4 with a decent sized font size
make this a very readable and
useful resource.
The four example projects really
do bring home the point that Prince2 can
be tailored and applied to any project.
The only negative comment I would
make about the book is the number of
typos, punctuation, missing word and
other errors.
The approach in the book is to highlight,
in bold, items which have an entry in the
glossary. Unfortunately this convention is
not strictly adhered to throughout.
This is a must-buy book for anyone
wanting an introduction to Prince2 or
sufficient working knowledge of Prince2.
Kawal Banga MBCS CITP
Lifehacker: The Guide to

Working Smarter, Faster,
and Better (3rd ed)
Adam Pash, Gina Trapani
Wiley
504pp
ISBN 9781118018378
19.99
8/10
The typical IT professional
finds themselves faced with
constant work demands, large amounts of
information to absorb, a constant need to
learn new things and a limited amount of
time to do it.
This constant need to take in information
as well as the desire to learn new things
results in a number of productivity books
like this one, aimed largely at the IT
professional.
The book combines a lot of good ideas
for working more productively with
ideas around using technology in a more
effective manner to manage time. The
book is not aimed at a hardcore technical
readership, but has tasks that are ranked
at easy, medium and advanced to allow
the less technical reader to use the tips
best suited to their skillset.
There are sections on controlling
Nursing Informatics and the

Foundation of Knowledge
(2nd ed)
Dee McGonigle and Kathleen
Garver Mastrian
Jones & Bartlett Learning
638pp
ISBN 9781449631741
$72.95
9/10
This book is a guide for students to the
history of healthcare informatics, current
issues, basic concepts and management
applications.
Dee McGonigle is professor of the
Online-MSN Programme at Chamberlain
College of Nursing and Editor-in-Chief of
the Online Journal of Nursing Informatics.
Kathleen Mastrian is associate professor
and programme coordinator for nursing at
Pennsylvania State University and senior
managing editor of the online journal.
There are contributions from, mainly US,
experts but also some from the UK.
As is to be expected, reference to
national organisations, legislation, reports
and most of the examples and case studies
are specific to the US, but the principles
email, organising your data,

automating repetitive tasks,
using your smartphone more
effectively, backing up data and
guarding against crashes and
malware, using the web more
productively (which mostly
involves not getting distracted
by sports news and YouTube)
along with less technical sections
on thinking clearly and avoiding
distraction.
There are similar books
in the marketplace and there is an
understandable amount of repetition here,
with a number of the solutions being
very similar to those in books like Mind
Performance Hacks or Pragmatic Thinking
and Learning.
However this is a much thicker and
longer book and there is enough new and
original material here to make it worth
purchasing.
I have already managed to see some
benefits from implementing a few of the
suggestions in here, although, as with
any book like this, the real benefits only
arrive when you make the effort to put the
solutions into practice.
Introduction to the ISO/

IEC 20000 Series. IT
Service Management
Jenny Dugmore and
Shirley Lacy
BSI
216pp
ISBN 9780580728464
48
7/10
and much of the practice apply

anywhere.
Chapters are well laid out,
incorporating objectives, key
terms, summary, questions
and references with plenty of
practical examples and case
studies. It is very readable.
New chapters added in this
second edition include technology
and patient safety, system
development life cycle, workflow analysis,
simulation and bioinformatics. This edition
also comes with an access key to a
companion website.
This gives study aids for each chapter,
adds further questions for each chapter
and includes other learning activities.
This is certainly a comprehensive guide
to nursing informatics with extensive
references, glossary and index. It is
targeted at US students, but still has a
great deal of value in the UK.
It is a bit pricey possibly for a lot of
students, but an essential resource for the
library.
This book is intended to introduce

readers to the full set of standards in
the 20000 series, which it certainly
does. However, not all the standards
in the series have been formally
published as many of the newer
ones are only available as technical
reports, which somewhat limits their
appeal.
There is also a companion book by
Lynda Cooper that is devoted to the
differences between the 2005 and
2011 editions, which is priced at 36
and so to fully understand the new
20000 series youll need to pay 84.
Anyone wanting a definite guide
to the 20000 series will be a little
disappointed as the full set of
standards are not yet available. BSI
also publishes the code of practice as
part two of the 20000 series for 100
and there is an inevitable overlap
between this code of practice and the
book being reviewed here.
The style of this book makes it
very readable as there are good
explanations of terms and the
chapters are peppered with useful
key points. What you can also learn
about from this book are the new
clauses in ISO 20000 on such topics
as process governance, the need for
a service catalogue and controlled
acceptance tests as well as the
partial alignment to ITILv3 processes,
such as release management
becoming release and deployment.
This is a must-read book for all
existing holders of ISO 20000 as
recertification to the newly published
standard will be required when
current certificates lapse.
I feel the publication of this book
is slightly premature as the full ISO
20000 series will be much more
significant than the parts described
here and the cost of everything to
explain 20000 is high.
Sheila Bullas MBCS CITP
Peter Wheatcroft FBCS CITP
Nick Dunn MBCS CITP
December 2011 ITNOW
61
COMPUTER ARTS
gaining a Masters in Fine Art from Leeds
Metropolitan. Coming from a mixed
background, she feels she never belonged
solely in either category (painting or
multimedia) and so looks for ways to
combine both. She does admit, however, that
this approach was an unusual one among
the students when she was at university.
DIGITAL
POST-POP
Credit: It Could Be You by Marina de Stacpoole, Lambda C-type print, 36 x 49cms, 2011, copyright the
artist, reproduced with permission
This months artist turns pop art on its head

and gives us a digital take on painting that
forces us to confront an uncomfortable
truth about modern life. The British artist
Marina de Stacpoole enjoys playing with
puns on popular culture. The title of this
work, It Could Be You, is both a reference
to the National Lottery strap-line and a
comment about homelessness.
The scene being played out in the lower
left is taken from the popular American
television series Desperate Housewives.
The use of the digital medium allows
the artist to manipulate material from
different sources using collage to create a
slick, highly-finished look. The three figures
are set against a stage she has created,
a surreal, other-worldly landscape. This
is a rich, highly-coloured environment
more typically found in computer games
animation. Marinas use of landscape
is secondary however as she is more
interested in setting up a juxtaposition
between photographic realism and
abstraction in this case a rather
startlingly acidic backdrop that throws the
concerns of the foreground into high relief.
The underlying message of the work,
a comment on homelessness, is in stark
contrast to her glossy, polished surface,
which is reminiscent of advertising.
Surface is clearly an important element in
62
ITNOW December 2011
her work and in this piece she further plays

with the flatness inherent in both the art
object and the computer medium, by adding
a three-dimensional aspect to the picture.
She starts with the landscape which she
says acts as a device to draw the viewer
in. Visually, the images I digitally create
are based on photographs I have taken on
trips to Asian landscapes. This practice
has now extended to local scenes of
London, especially parks. South America is
now in my sights to explore in this way for
future work.
This is combined with scenarios
from the contrasting world of film and
television, particular those with strong
narratives, as well as objects in our
everyday surroundings. Using paintbrush
tools in Photoshop she digitally paints
over the images. A laser print is produced
onto the surface of which she glues
jigsaw puzzle pieces to match the image
underneath. These are then painted by
hand on top using enamel paints (this
is just visible here in the top left). This
gluing is a new technique for her and is an
attempt to achieve a painterly look.
As a graduate of the Multimedia
Arts course at Liverpool John Moores
University, Marina went on to explore
the challenge of incorporating digital
techniques into traditional painting
Popular culture
Marina has found that it can be more
acceptable to use imagery filtered through
popular culture to get across her
critical views and passivism. An earlier
work, Childs Play (2008), used an image of
a mass-produced green plastic toy
soldier to address the relationship
between childrens toys and war (such
as the violence inherent in many computer games). Childs Play can be seen as a
descendent of Random War (1967) a
plotter print by one of the great American
computer art pioneers Charles Csuri.
Random War was a comment on the
Vietnam War and featured graphics
(drawn by Csuris own coding) depicting
toy soldiers, now in the collection of the
Victoria & Albert Museum.
Marina explains, Socio-political themes
are intrinsic to all the projects I pursue. I
am currently exploring globalisation and
disconnectedness in a hyper-real world.
This point of enquiry, emerging through
collage, asks the viewer if entertainment
as art can be radical. These raise
questions of what constitutes the natural
in a postmodern world and how much
does cultural conditioning answer for.
Marinas art works are parodies of
the times we live in, the current political
landscape of credit crunch, public sector
cuts, phone hacking, rogue-trading,
tax-dodging and the ultimate effect that
such shady goings-on have on our society.
Catherine Mason is the author of A
Computer in the Art Room: the
origins of British computer arts 1950-80.
For more information on the
computer arts including events visit:
www.computer-arts-society.org/
More about this months artist:
www.axisweb.org/seCVPG.
aspx?ARTISTID=13663
1038_itlaw_advert_hp_ma_Layout 1 02/08/2011 10:37 Page 1
ESSENTIAL BUSINESS READING

This comprehensive guide offers managers, IT professionals
and students a valuable understanding of the IT-related legal
issues regularly faced by businesses.
In plain English, this fully updated new edition explains the most
relevant legal frameworks and gives examples from actual case
law to illustrate the kinds of issues that commonly arise.
A MANAGERS
GUIDE TO IT L
AW
2nd
Edition
Jeremy Holt and

Jeremy Newto
n
New chapters include:

Cloud computing
Open source software
WEEE regulations
Freedom of information
29.99
Available online at: www.bcs.org/itlawbook and at all major booksellers and ebook suppliers
Tel: +44 (0)1793 417 440 Email: bcspublishing@hq.bcs.org.uk
881_master_itnow_qp_ma_Layout 1 23/08/2011 11:37 Page 1
BE MASTER OF
YOUR TIME
MTG/PROM/1038/0911
ISBN 978-1-906124-75-5
10% discount for BCS members
Master the Moment is the

most complete book on time
management Ive seen.
Brad Stock President of the
American Chamber of Commerce
in Lyon, France
Time management is a
learned skill, and we can all
learn from this book.
John Sadowsky author and
leadership coach
12.99 11.69 with BCS membership discount

ISBN 978-1-906124-73-1 December 2010
www.bcs.org/books/timemaster
Available online at: www.bcs.org/bookshop
and in all good bookshops.
Tel: +44 (0)1793 417 440
Email: bcspublishing@hq.bcs.org.uk
FRIENDS IN
HIGH PLACES
The Rt. Hon Danny Alexander, Chief Secretary to the Treasury, tells PCGs Jim Cassidy
about his respect for the UKs freelancers.
The career of the present Chief Secretary to
the Treasury has always been about scaling
new heights. Just seven years ago Danny
Alexander had one of the highest placed
jobs in Britain working for the Cairngorms
National Park in charge of selling the rugged
beauty of Britains highest mountain range.
Today he has scaled the political heights
and holds one of the loftiest positions in
Britain, but he has left behind the granite
peaks and now sits on a mountain of debt
inherited from the economic downturn in
2008.
The likeable Oxford-educated Scot has
his feet firmly on the grounds when he
looks at the challenge before the nation and
believes with a passion that freelancers
have a vital part to play.
Danny Alexander is MP for one of the
UKs biggest constituencies, Inverness,
Nairn, Badenoch and Strathspey and is seen
by many as the glue that has helped the
coalition between Conservative and Liberal
Democratic parties bond so effectively.
64
ITNOW December 2011
Sitting in his office overlooking St

James Park his mop of red hair bobs up
and down in agreement when you ask the
importance of this growing sector to the
economic recovery of the country?
Taking the decision to work for yourself
is an incredibly courageous move and
I have a huge amount of respect and
admiration for those who take it.
With an estimated one in seven
UK workers now choosing to work for
themselves freelancers are an important
and growing part of the UK business
community. Whatever guise they come
in, freelancers bring flexibility and talent
to the work place and make a significant
contribution to the UK economy.
In todays economy, more than ever,
the flexible and skilled workforce that
freelancers provide plays a key role, allowing
companies to change the way they work
more easily when needed and bringing more
people into the labour market.
I believe that in the face of global

economic risks our deficit reduction
plan is providing the broader conditions
necessary for such sustainable growth
and will help drive the private sector-led
recovery.
Cutting red tape
He is sympathetic to claims from freelance
workers, especially when they first decide
to make the work/lifestyle choice and
become freelancers, is the amount of red
tape they are faced with.
As a government were committed to
cutting down on bureaucracy and red tape.
As part of this weve launched the Red Tape
Challenge, under my Liberal Democrat
colleague Vince Cable in his department
of Business, Innovation and Skills. Vinces
department will be looking at 21,000
regulations and assessing which ones are
working and which ones arent so that we
can get rid of those that put unnecessary
burdens on business and workers.
PCG
business and workers.

Of course we need to balance this
carefully so we dont compromise
necessary protections for individuals.
But by reducing the overall burden of
regulation, we will save business time and
money and free them from having to deal
with administrative and legal complexities.
Turbulent times
Having earlier commented on the flexibility
of freelancers I wanted to know how much
committed to improving and expanding

opportunities for this kind of working.
Through the right to request flexible
working already in place, many parents
and carers have already benefited from
more scope to balance their personal
and working lives. And the vast majority
of employers already offer at least one
form of flexible working to their staff. But
concentrating specifically on your question
yes, it is something where we recognise
more could be done. Thats why we launched
As a government were committed to cutting down

on bureaucracy and red tape. As part of this weve
launched the Red Tape Challenge.
But were also working to stem the

flow of new regulation. This includes
of an asset the Minister felt this flexible

army of workers were in these turbulent
economic times?
In todays economy, more than ever,
the adaptability and talent of freelancers
is incredibly important in the way they
support the labour market and flexibility
for companies. We are supporting
the economy through our credible
deficit reduction plan, which is vital for
sustainable growth and will help drive the
private sector-led recovery. But alongside
this were determined to rebalance the
economy so that we no longer overly rely
Flexible working improves productivity and increases

overall levels of participation in the labour market,
making a contribution to increasing employment
and decreasing benefit dependency.
a new one-in, one-out rule, meaning
we have to identify an existing piece of
regulation to be scrapped for every new
one proposed; a strengthened role for the
Regulatory Policy Committee to review
the costs and benefits of new regulation
proposals, and a three-year moratorium
on domestic regulation for microbusinesses and start-ups.
In Europe were working with other
member states so that a non-legislative
approach is considered first and to ensure
that new laws are more rigorously justified
to avoid increased costs and burdens on
on some sectors at the expense of others,

but that, through the actions set out in our
plan for growth we can ensure sustainable
growth is shared across the economy.
You are quite clear about the benefits
of the sector, but could you envisage
a time when government could make
flexible working easier and perhaps make
it simpler for companies to adopt and
nurture a flexible workforce approach?
Flexible working is key in supporting the
patterns of modern day workers, benefiting
both employers and workers. We recognised
this in the coalition agreement where we
a consultation earlier this year proposing

that all employees should have the right to
request flexible working. We want to bring
about cultural change so that more adaptable
working practices are the norm.
But more than this, flexible working
improves productivity and increases
overall levels of participation in the
labour market, making a contribution to
increasing employment and decreasing
benefit dependency. Increasing the
opportunities for people to work in this way
will support our plans to reduce the deficit
and help promote growth.
As he strolls down Whitehall you realise
the height of Danny Alexander, his mop
of red hair passing just below the red
traffic lights; in the last few months there
are those who believe he is head and
shoulders above many who have gone
before him.
Perhaps it was that early training on the
Cairngorms but he seems at ease in the
rarefied atmosphere of Whitehall treading
carefully when the going gets rough.
Friends in high places takes on a whole
new meaning when dealing with Danny
Alexander and the UKs freelancers can
be safe in the knowledge they are held in
high esteem by the Chief Secretary to the
Treasury.
www.pcg.org.uk
December 2011 ITNOW
65
LEFT OF THE INSIDE BACK COVER

BLAST FROM THE PAST
The Computer Bulletin December 1961
Some things dont seem to change, other
things change a lot the editorial comment, Are we lagging? took a look at
whether in the UK we were lagging behind
Europe because of disillusion in clerical data processing and realignment of
endeavour. A 1961 version of matching the
IT function to business strategy?
COBOL was discussed as an automatic
coding language, alongside
Rands Flowmatic,
Honeywells Fact,
Ferrantis Nebula and
IBMs Commercial
translator. Companies and
languages come and go.
Some stay.
Its always fascinating
to see the latest tech
described. The Electronic
(!) Computer Exhibition
1961 included a listing for
Computer Engineering Ltd, who showed

an 8,500 machine boasting a 4,096 words
(32 bits) drum store. The operating cycle
time is such as to give an addition time
of 0.612 milliseconds and a multiplication
time of 10 milliseconds. Since elements of
the machine are transistorised there are
no serious cooling problems.
If only the same could be said of my
MacBook.
LETT
TIMEERS FR
S PA OM
ST
PUZZLE
A BCS Member has sent in our first
puzzle. No prizes, but kudos will be
given to the first one to complete it!
Hailstones
The so-called hailstone sequence of
positive integers progresses according
to the following rules:
n (even) => n / 2
n (odd) => 3n + 1
For example, a starting value of 10 will
generate the following sequence:
10, 5, 16, 8, 4, 2, 1
In this case the sequence contains 7
terms; and, according to the Collatz
conjecture, will always reach 1.
Challenge: Write a program to calculate
the mean sequence length for all
starting values under 100,000. Answer
in the next issue of ITNOW
xkcd
Reproduced from the excellent xkcd.com

66
ITNOW December 2011
From an entry level IT

role to CIO were the
only learning provider to
take you there
Whether youre looking to climb the career ladder, develop
specific skills or create career pathways for your IT staff,
The Open Universitys flexible approach to learning can
meet your personal or professional needs.
Our courses range from IT professional practice,
enterprise software development, information security
management, systems integration, computer forensics
and project management, to awards in IT business and
management including our triple accredited MBA.
You and your employees can study outside of working
hours using the latest learning technologies alongside
ongoing support from us. Many courses are work based,
so what you learn one day can be applied the next.
Did you know?

Our courses range from introductory and short courses
through to formal qualifications and are mapped to
industry-developed frameworks such as SFIA, CIO
Executive Council Pathways and IISP
We provide IT skills to maximise the impact of
technology at every level
We are the largest and fastest growing Cisco Academy
in the UK and among the top UK universities for
computer science
Our flexible study method minimises workplace
disruption and maximises results
Develop your workforce
www.openuniversity.co.uk/bcs
corporate-enquiries@open.ac.uk
0845 366 6053
Quote: LANAAB
INSPIRING LEARNING
The Open University is incorporated by Royal Charter (RC 000391), an exempt charity in England and Wales and a charity registered in Scotland (SC 038302).
RecognITion
Chartered IT Professional
status (CITP) sets you apart,
demonstrating that you possess
the knowledge, expertise,
business skills and dedication so
vital to the modern IT profession.
Apply for Chartered IT
Professional status today
The benchmark of IT excellence
www.bcs.org/citp

It Now Magazine

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

It Now Magazine

Transféré par

Droits d'auteur :

Formats disponibles

T H E

Moving your career forward:

CAREERS AND SKILLS

FIGHTING FIT FOR IT

44 DESIGNED FOR AGEING

All prices include postage. For subscribers

LEARNING AND DEVELOPMENT

To copy otherwise, or to republish,

The opinions expressed herein are

BCS The Chartered Institute for IT

Copying: Permission to copy for

Printed by the Wyndeham Group, UK.

Jim Norton BCS President

doi:10.1093/itnow/bwr048 2011 The British Computer Society

Winners of the 2011 IT Industry Awards presented at a gala evening in London.

ITNOW December 2011

It also highlights the extent to which

public, not-for-profit and commercial

Rowley Regis. David Miliband defeated his

We know that our professional members

December 2011 ITNOW

doi:10.1093/itnow/bwq049 2011 The British Computer Society

ITNOW December 2011

Top 10 IT roles applied for on Jobsite

December 2011 ITNOW

GETTING TO GRIPS WITH

Projects can be very tough

In small doses, stress provides a useful

The good news is that stress is triggered by the

ITNOW December 2011

pattern respond to stress at work by going

CAREERS AND SKILLS

abstract mathematical summation of third

I recognised that this feeling had started

In my view, panic around deadlines is

Panic around deadlines is poor project

back end of the project when there is no

NLP for Project Managers: Make

December 2011 ITNOW

doi:10.1093/itnow/bwr050 2011 The British Computer Society

We all know that digital literacy

With so many organisations depending on

For me, computer science is the new Latin.

ITNOW December 2011

What about the teachers and the

CAREERS AND SKILLS

coming together of art and technology.

science can offer. What IT can do in the

of digital literacy, but the core academic

The application of computer science in, for

when in China there are a million

What progress is being made and what

This article is based on a video round

The full video is at: www.bcs.org/video

As IT proves its business value,

ITNOW December 2011

Can membership of a professional body

Licence to practice for IT?

CAREERS AND SKILLS

Christine: Its not just what you know but

A key point in a relationship to see professionalism

than a specific competence. We have seen

doi:10.1093/itnow/bwr052 2011 The British Computer Society