nigatech: يناير 2014

الجمعة، 31 يناير 2014

Why you should take the PRINCE2 course

PRINCE2 (PRojects IN Controlled Environments) is a project management methodology developed and used extensively by the UK Government. PRINCE2 is widely recognised and used in the private sector, both in the UK and internationally.

Firebrand is the only training provider in the world to offer both the Foundation and Practitioner certifications in just three days. Why should you take the PRINCE2 course? Here are the reasons:

Get top Project Management skills

With your PRINCE2 certification you’ll be confident and successful in managing projects within the workforce. Using PRINCE2 in your projects will give you common systems and procedures, making coordination easier. It provides you with greater control of resources, and the ability to manage business and project risk more effectively. You’ll make fewer mistakes, learn from those that you do make, and therefore save money and effort.

Improve your job prospects

A PRINCE2 qualification is a great addition to your CV. PRINCE2 is recognised as a world-class international product and is the standard method for project management. Many companies across the world require staff to be PRINCE2 certified, and thus your certification will definitely give you the edge over the competition.

What implementing PRINCE2 gives you

PRINCE2 provides your organisation’s projects:

A common and consistent approach
A controlled and organised start, progress and close
Flexible decision points
Regular reviews of progress against plan
Management control of any deviations from the plan
The involvement of management and stakeholders at the right time and place during the project
Clear communication channels between the project team, management, and the rest of the organisation
A route to increasing the project management skills and competences of the organisation's staff at all levels

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Avoid these 25 passwords if your data is precious

By Sarah Morgan

Many people make the mistake of using the same password for multiple accounts, including banking logins, social media profiles and e-shopping credentials. However, when that password is also ridiculously easy to guess, well that may unleash a data disaster.

Each year, SplashData releases its Top 25 list of most common passwords, also known as the “Worst Passwords of the Year”. This year’s compilation features a “great” victory, as ‘123456’ has finally claimed the #1 spot and forced ‘password’ to take the silver medal.

SplashData's "Worst Passwords of 2013":

Rank	Password	Change from 2012
1	123456	Up 1
2	password	Down 1
3	12345678	Unchanged
4	qwerty	Up 1
5	abc123	Down 1
6	123456789	New
7	111111	Up 2
8	1234567	Up 5
9	iloveyou	Up 2
10	adobe123	New
11	123123	Up 5
12	admin	New
13	1234567890	New
14	letmein	Down 7
15	photoshop	New
16	1234	New
17	monkey	Down 11
18	shadow	Unchanged
19	sunshine	Down 5
20	12345	New
21	password1	Up 4
22	princess	New
23	azerty	New
24	trustno1	Down 12
25	000000	New

According to SplashData, this year's list was influenced by the large number of passwords from Adobe users posted online by security consulting firm Stricture Consulting Group following Adobe's well publicized security breach. The company advises consumers or businesses using any of the passwords on the list to change them immediately.

Suggestions how to make your passwords more secure:

Use passwords of eight characters or more with mixed types of characters. However, even passwords with common substitutions like "3xc3ll3nt" can be vulnerable to attackers' increasingly sophisticated technology, and random combinations like "gr%7Jr5$" can be difficult to remember. One way to create more secure passwords that are easy to recall is to use passphrases - short words with spaces or other characters separating them. It's best to use random words rather than common phrases. For example, "cats cheese balloon" or "music_darkness_boom?"

As highlighted earlier, avoid using the same credentials for multiple websites. It’s very risky to use the same password for social networking or financial service sites. Use different passwords for each new website or service you sign up for.

Watch the following video for PCMag's take on the worst passwords for 2013 - starts at 3:53.

الاثنين، 27 يناير 2014

What is covered in the CISSP certification?

By Sarah Morgan

CISSP is an advanced level certification governed by (ISC)2. It is designed for information security professionals. As a CISSP, you’ll be an expert in developing, guiding, and managing security standards, policies, and procedures within your organisation.

CISSP is divided into 10 areas, also referred to as domains, known collectively as the Common Body of Knowledge (CBK).

Here’s what you’ll be covering in those domains, during your CISSP Bootcamp training:

Access Control

You’ll learn about concepts, methodologies and techniques to protect the assets of your systems against attacks.

Telecommunications & Network Security

This domain focuses on network structures, its components and methods to keep them safe. It also covers transport methods, communication channels and network security measures.

Information Security Governance & Risk Management

In this domain, you’ll learn how identify your organisation’s information assets. In addition, you’ll gain understanding of the development, documentation and implementation of policies, procedures and standards regarding:

Security governance and policy
Information classification and ownership
Contractual agreements and procurement processes
Risk management concepts
Personnel security
Security education, training and awareness
Certification and accreditation

Software Development Security

It teaches you about the controls that are included within systems and applications software, and the steps used in their development.

Cryptography

The Cryptography domain teaches you about encryption concepts, cryptanalytic attacks, as well as other principles, means and methods of disguising information.

Security Architecture & Design

This domain contains the concepts, structures, principles and standards used to design, implement, monitor, and secure, operating systems, equipment, applications and networks.

Security Operations

You’ll learn about controls over hardware, media and the operators with access privileges to:

Resource protection
Incident response
Attack prevention and response
Patch and vulnerability management

Business Continuity & Disaster Recovery Planning

If the worst happens to your organisation, you’ll need to react quickly, in order to recover as quickly as possible. In this domain, you’ll learn about recovery strategies, business impact analysis and disaster recovery processes.

Legal, Regulations, Investigations and Compliance

This domain addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.

Physical (Environmental) Security

The last domain covers threats and vulnerabilities, and provides preventive measures, that can be used to physically protect an enterprise’s sensitive information. You’ll learn about:

Site/facility design considerations
Perimeter security
Internal security
Facilities security

About the Author:

Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

An ideal starting point for your IT career: CompTIA A+ certification

By Sarah Morgan

CompTIA’s A+ certification is the ideal starting point for a career in IT. This qualification validates the skills required to excel in the role of a computer technician or support professional. The exams cover installation, troubleshooting and maintenance of PC components, mobile devices, laptops, operating systems and printers.

The exams you have to pass

In order to get your CompTIA A+ certification, you’ll have to pass two exams. CompTIA A+ Essentials (Exam 220-801) tests required competencies for an entry-level IT professional with the equivalent knowledge of at least 500 hours of hands-on experience in the lab or field. To pass this exam, you’ll have to demonstrate a good understanding of the basic functionalities of the operating system and basic troubleshooting methodology, and practice proper safety procedures.

The other exam you’ll have to pass is the CompTIA A+ Practical Application (Exam 220-802), which measures your working knowledge of practical use of current software and Operating System interface and features. It specifically covers the skills required to install and configure PC operating systems, as well as configuring common features (e.g. network connectivity and email) for mobile operating systems Android and Apple iOS.

How to pass your exams

To successfully tackle the challenges of the exam and get your certification, you should be prepared, focused and relaxed. Watch this video to see how you can do it:

If you are up for an even greater challenge, learn about our combined A+ N+ course and get two certifications in one go.

الخميس، 23 يناير 2014

Probando los Nokia Lumia en remoto

Bien... hoy era uno de esos días en que pensaba en lo mucho que quiero actualizar mi Lumia a otro, y al entrar a curiosear dispositivos a la página de Nokia entre a la zona de desarrolladores y allí como tal parece que siempre lo omití vi la opción de Acceso remoto a dispositivos.

Para quienes no conocemos el mundo específico de los Nokia Developers esto si que puede ser nuevo y la verdad que una buena herramienta, decidí explorar un poco y venir a contarles.

Lo primero a tener en cuenta es que solo me funcionó bien con Firefox. Internet Explorer 11 no funciona y como pueden ver en la lista Chrome ni siquiera está nombrado.

Al entrar puedes ver como tienes varios equipos disponibles para reservar.

Esto me pareció genial, claramente no todos tenemos para cambiar tan pronto de móvil, así que son recursos disponibles para poder probar nuestras apps.

Al entrar encontramos un emulador que claramente que ofrece la velocidad de estar trabajando por red y varios tools adicionales-

Cuando tu sesión está por finalizar te muestran una alerta

Pero puedes salir y extender tu sesión o reservar de nuevo.

Nada cambiará la experiencia de tener un equipo propio y más un Lumia, y lo digo con conocimiento siempre tuve otras marcas y ahora tengo Lumia y lo considero mucho mejor. Pero lo importante de tener herramientas como estas es que no estamos limitados como devs ante la tan cambiante evolución de estos dispositivos.

En fin, la herramienta tiene un manual de usuario, así que si tienen problemas no duden en usarla.

الأربعاء، 22 يناير 2014

Five Frequently Asked Questions about Six Sigma

By Sarah Morgan

By definition Six Sigma is a data driven, customer focused and result oriented methodology which uses statistical tools and techniques to systematically eliminate the defects and inefficiency to improve processes.

Where can Six Sigma be applied?

Six Sigma can be applied in any industry, such as manufacturing, service, healthcare etc.

Are there specific methodologies in Six Sigma?

Yes, there are. Six Sigma projects follow two project methodologies called DMAIC and DMADV.

DMAIC is used for projects aimed at improving an existing business process.

Define: Define the problem statement and project goal
Measure: Measure the current performance (baseline)
Analyse: Identify and analyse the root causes of the defects
Improve: Improve the process by eliminating defects
Control: Control and sustain the performance

DMADV is used for projects aimed at creating new product or process designs.

Define: Define the project goals that are consistent with customer needs
Measure: Measure and determine the customer needs
Analyse: Identify and analyse the root causes of the defects
Design: Design the process by developing it in detail in line with customer needs
Validate or Verify: Validate the performance and ability of the process to meet customer needs

What are the benefits of Six Sigma?

Those organisations that implement Six Sigma correctly achieve significant benefits that contribute to competitive advantage and to changing the culture in an organisation from reactive problem solving to proactive problem prevention. These benefits include:

For you

Improved knowledge and skills
Ability to use a wide range of tools and techniques
A widely recognised title

For your organisation

Bottom line cost savings (5%-20% of turnover per annum)
Improved quality of product or service as perceived by the customer (internal and external customers)
Reduction in process cycle times
Development of staff skills
Common language throughout the organisation
World class standard

What’s the difference between Green Belt and Black Belt?

The Six Sigma Green Belt course covers most of the common tools and techniques used in Six Sigma. While, the Black Belt course provides competence in advanced statistical tools and techniques that are used in major and complex projects.

What are the prerequisites for the Six Sigma certification?

There are no prerequisites for taking the Yellow and Green Belt certifications. However, in order to get the Black Belt certification, you must have your Green Belt.

For more information about the Six Sigma certifications, visit our Six Sigma course directory.

Top five resources to help you prepare for your PMP certification

By Sarah Morgan

PMI’s Project Management Professional (PMP)^® credential is the one of the most important industry-recognised certifications for project managers. Globally recognised and demanded, the PMP^® certification demonstrates that you have the experience, education and competency to lead and direct projects.

Nowadays, it can be hard to prepare for a certification of this magnitude, without having trusted sources of information. Here are our recommendations of five websites to help you prepare for getting your PMP.

Project Management Institute

PMI is the world’s largest not-for-profit membership association for project management. Their professional resources, including publications, surveys, blog posts and webinars empower more than 700,000 members, credential holders and volunteers in nearly every country in the world to enhance their careers, improve their organizations’ success and further mature the profession.

Prepare for your PMP certification with the help of PMI’s Knowledge Centre.

Deep Fried Brain

Deep Fried Brain is a blog, providing useful project management exam preparation material. In its repertoire you’ll find book reviews, frequently asked questions, sample exam questions, tips, study notes and more.

Get over to the PMP sectionand start preparing!

ProjectManagers.net

ProjectManagers.net offers a wide range of study material, including publications, free research results, live events, blog articles and job opportunities. Create your profile to stay up-to-date with the latest project management news.

How to Manage a Camel

“How to Manage a Camel is all about promoting better group thinking and a way of bringing together lots of conflicting opinions around the subject of project management.” On this blog, you’ll find the latest news and tips about project management. Furthermore, you can also exchange project management recruitment ideas, attend webinars and participate in project management related Q&As.

Firebrand Learn

Firebrand Learn is a free platform for self-study, designed to help you to gain knowledge and prepare for world renowned certifications in the IT Training, Project Management and Security sector.

Learn provides you with everything you need to prepare for your PMP certification. Head over to Learn and start reading about Project Scope Management, Project Cost Management, Integration Management, Project Risk Management and more!

الثلاثاء، 21 يناير 2014

¿Cansado de esperar a tu operador para probar los updates para devs Windows Phone?

Como publiqué antes en el blog, desde octubre de 2013 en el programa de desarrolladores de Windows Phone, tendremos la posibilidad de tener de forma temprana las a ctualizaciones de nuestros telefonos, siempre que tengamos una cuenta de desarrollador activa y tengamos el GDR2 (Amber) en nuestros dispositivos. Pero, ¿Qué pasa si estamos con un operador que tarda mucho en actualizar?

Muchos buscan vías alternas, la verdad es que después de haber dañado un móvil alguna vez, estos métodos no me quedaron gustando en absoluto, pero buscando esta vez resulta que hay una vía un poco menos "insegura"

Como advertencia recuerden que cualquier cosa que hagan a su teléfono es bajo su responsabilidad, por eso les cuento mi historia ya que no me fue muy bien pero hoy por fin tengo el GDR3 en mi móvil Lumia 820 que estaba en manos de un operador de esos que no planea actualizar nunca. No olviden además que perderán todos sus datos así que saquen backup de sus archivos.

Bien, los pasos son sencillos, muchos hablaban del Nokia Software Updater Retail, hay muchas fuentes de donde bajarlo, yo encontré la Url directamente del sitio de Nokia en un foro y por eso me arriesgue a actualizar desde allí.

Actualización Feb/2014: Este software ha sido publicado ya para ser descargado de manera legal en el sitio de Nokia http://www.nokia.com/us-en/support/software-recovery/

Después de descargarlo y conectar nuestro dispositivo, el identifica la versión que tenemos y la versión a la que vamos a actualizar y al finalizar la descarga simplemente procede a la instalación. Así de simple sin trucos ni nada adicional. La parte positiva de esta actualización es que no se trata de flashear la ROM, incluso al iniciar el teléfono se ve como se conserva todo lo que el tu operador pone por defecto y así no se pierde la garantía de tu teléfono. De todos modos les recomiendo leer el resto de mi historia, por que no todo es color rosa.

Hoy afortunamente por cosas de la vida repetí este procedimiento que ya habia intentado antes y funcionó, pero no fue así antes. Hace un mes quise intentar actualizar, y si bien el proceso terminaba con éxito, la actualización nunca mostraba un cambio en el número de la versión, quise pensar que no era ningún problema y realizé el proceso de actualización completo sin efecto alguno, repetí varias veces el proceso y nada pasó así que deje de intentarlo.

Para mi sorpresa pase todo este tiempo con un móvil absolutamente inestable que se bloqueaba por todo y por eso hoy decidí intentarlo nuevamente a ver si por un golpe de suerte funcionaba bien y así fue. El punto es que pueden pasarte muchas cosas por intentar procedimientos alternos, la decisión y el riesgo siempre serán tuyos, pero este parece un modo tranquilo de actualizarse a Amber, después de eso pueden liberarse de sus operadores y actualizarse al GDR3 con el programa para desarrolladores.

Muchos éxitos con la aventura.

الاثنين، 20 يناير 2014

The benefits of the Certified Ethical Hacker certification

By Sarah Morgan

Certified Ethical Hacker, or CEH, certification is one of the hottest picks for IT security professionals pursuing a career in penetration testing. However, it’s often overlooked as a viable certification option by most information security pros. Although the certification is a must-have for penetration testers, its benefits are not limited only to this small niche of professionals.

The CEH exam is a relatively new credential in the IT certification industry, but its importance and influence have grown quickly. Provided by EC-Council, the CEH exam was the first certification to bring the so-called dark side of IT into the limelight. Before the CEH exam, there was no certification that taught the methods and tools that hackers use to penetrate computer systems. The CEH exam focuses on how hackers find and exploit vulnerabilities. The course includes everything from the tools of the trade to ethics.

What many security professionals do not yet realise is that the benefits of studying for and achieving this certification stretch beyond the field of penetration testing and into everyday network and application security. In addition to meeting the regulatory standards for employment for many top security positions, you can gain a wealth of knowledge that is otherwise not easy to obtain. Besides your unique, new title, you’ll also get the following benefits, if you decide to get your CEH certification:

Understanding risks and vulnerabilities

The CEH course is made up of the following task and knowledge domains:

Task domains

System development and management
System analysis and design
Security testing
Reporting
Mitigation
Ethics

Knowledge domains

Background
Analysis/Assessment
Security
Tools
Procedures
Policy
Ethics

These domains are comprehensive and form a solid foundation for understanding how vulnerabilities affect organisations on a day-to-day basis.

Thinking like a hacker

The CEH course gives “white hat” IT professionals a glimpse into the mindset of a typical hacker. The focus of an IT professional is always on keeping bad guys out and maintaining secure systems. Over time, many IT pros develop a reactionary mindset. Battling with the bad guys will always involve reacting to threats and events as they occur, but it’s far more valuable and powerful to understand how the bad guys think and to be able to anticipate their moves. By learning the hacker mindset, you’ll be able to take a more proactive approach and see beyond current security tools and policies to know where and how an attacker might try to gain access to your network.

Learning how exploits evolve

Besides demonstrating the hacker mindset, the CEH course also provides valuable insight into the entire life cycle of an exploit. For many security professionals, the way exploits evolve to take advantage of vulnerabilities is a mystery. While security pros are trained to prevent and respond to known vulnerabilities, little attention is paid to the life cycle of the exploit itself, from its conception to its destructive use in the real world. The level of insight gained by becoming a CEH allows you to look at exploits and vulnerabilities objectively and to spot potential attack vectors and weaknesses before the hackers do.

Learning about the tools of the trade

Another overlooked benefit of the CEH certification is the amount of knowledge you can get regarding the tools of the hacker trade. While most IT pros have experience with at least some of the tools used by a CEH, they often lack the in-depth knowledge that’s required to use these tools for criminal purposes. Learning how malicious attackers use various tools allows you to better secure your networks, applications, and other assets.

To learn more about Ethical Hacking and its benefits, watch the following video with EC-Council President Jay Bavisi:

About the Author:

الجمعة، 17 يناير 2014

ProjectManagement.com and ProjectsAtWork.com join the PMI Family

By Sarah Morgan

As of 13 January 2014, leading project management organisations ProjectManagement.com, ProjectsAtWork.com have been acquired by PMI to deliver expanded access to knowledge and networking for professionals in project management.

“The combination of PMI, ProjectManagement.com, and ProjectsAtWork.com bring greater opportunities to the 51 million people around the globe who are engaged in the management of projects. Together, we will deliver access to more resources, better tools, larger networks and broader perspectives,” said Mark A. Langley, President and CEO of PMI.

What the parties expect

“We couldn’t be more excited to be part of the PMI family,” said Dave Garrett, CEO of Gantthead, which operates ProjectManagement.com. “They recognize the tremendous value that comes from encouraging an open environment for the sharing of knowledge. And now through our combined efforts, we will have many more tools and resources to make that happen.”

Content and points of view on ProjectManagement.com and ProjectsAtWork.com will remain impartial. Both sites will continue focusing on generating content through use of industry experts and facilitating global networking and knowledge sharing among practitioners at all levels, and across all regions and industries.

About Project Management Institute (PMI)

Project Management Institute is the world's leading not-for-profit professional membership association for the project, program and portfolio management profession. Founded in 1969, PMI delivers value for more than 2.9 million professionals working in nearly every country in the world through global advocacy, collaboration, education and research. PMI advances careers, improves organizational success and further matures the profession of project management through its globally recognized standards, certifications, resources, tools academic research, publications, professional development courses, and networking opportunities. As part of the PMI family, Human Systems International (HSI) provides organizational assessment and benchmarking services to leading businesses and government, while ProjectManagement.com and ProjectsAtWork.com create online global communities that deliver more resources, better tools, larger networks and broader perspectives.

Frequently Asked Questions about TOGAF

By Sarah Morgan

What is TOGAF?

TOGAF is a proven enterprise architecture methodology and framework used by the world's leading organisations to improve business efficiency. It’s the most prominent and reliable enterprise architecture standard, ensuring consistent standards, methods, and communication among enterprise architecture professionals.

What is an architecture?

By definition, an architecture is “the fundamental organisation of a system, embodied in its components, their relationships to each other and the environment, and the principles governing its design and evolution”. However, TOGAF does not strictly adhere to this definition. Depending upon its contextual usage architecture has two meanings in TOGAF:

A formal description of a system, or a detailed plan of the system at component level to guide its implementation.

The structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time.

Why do I need an IT architecture?

The primary reason for developing an architecture is that it provides the technical foundation for an effective IT strategy, which is the core of any successful modern business strategy.

Today’s executives know that the effective management and exploitation of information through IT is the key to business success, and the indispensable means to achieving competitive advantage. An IT architecture addresses this need, by providing a strategic context for the evolution of the IT system in response to the constantly changing needs of the business environment.

Furthermore, a good IT architecture enables you to achieve the right balance between IT efficiency and business innovation. It allows individual business units to innovate safely in their pursuit of competitive advantage. At the same time, it assures the needs of the organisation for an integrated IT strategy, permitting the closest possible synergy across the extended enterprise.

Why do I need a “Framework” for IT architecture?

Using an architectural framework will speed up and simplify architecture development, ensure more complete coverage of the designed solution, and make certain that the architecture selected allows for future growth in response to the needs of the business.

TOGAF plays an important role in helping to ease the architecture development process, enabling IT users to build genuinely open systems-based solutions to their business needs.

Who would benefit from using TOGAF?

Any organisation undertaking, or planning to undertake, the implementation of an enterprise-wide technical infrastructure for the support of mission-critical business applications, using open systems building blocks.

Customers who design and implement corporate architectures using TOGAF are ensured of a design and a procurement specification that will greatly facilitate open systems implementation, and will enable the benefits of open systems to accrue to their organisations with reduced risk.

What will my TOGAF credentials give me?

Enterprise architecture professionals fluent in TOGAF standards enjoy greater industry credibility, job effectiveness, and career opportunities. TOGAF helps practitioners avoid being locked into proprietary methods, utilise resources more efficiently and effectively, and realise a greater return on investment.

If you haven’t found the answer to your question, visit TheOpen Group’s FAQ site.

الثلاثاء، 14 يناير 2014

The benefits of a Microsoft Certification

By Sarah Morgan

Obtaining new certifications has several benefits, such as fuelling your new career and getting you a higher salary. With the rapidly increasing job opportunities in IT, certifications are the guarantee for your progress.

Get Hired

According to the findings of CompTIA, 91 per cent of hiring managers consider certification as part of their hiring criteria, while 86 per cent indicate IT certifications are a high or medium priority during the evaluation process. (CompTIA, Employer Perceptions of IT Training and Certification, January 2011 & Microsoft, Microsoft Certification Program Satisfaction Study, April 2012)

Knowledge is Power

Employee skill levels are directly affecting an organisation’s performance in key areas of IT. 75 per cent of managers believe that certifications are important to team performance. Companies with Microsoft Certified Professionals experience shorter server downtimes and greater productivity in the help-desk function.

Get Ahead

In a survey of 700 IT networking professionals, 60 per cent said getting a certification led to a new job. (Network World and SolarWinds, IT Networking Study, October 2011). Employers will choose a candidate with a certification over one who lacks it, when all other qualities are equal.

Many IT Managers agree that certifications demonstrate that an IT professional is devoted to their career. This is supported by CompTIA’s findings with regards to hiring managers’ perceptions on certifications:

59% of hiring managers said that it showed a candidate’s commitment to a career in IT
Another 61% said that certifications show subject matter expertise
While 58% think certifications demonstrate initiative.

Job Satisfaction

Certifications will secure your job, because they are rated highly in validating your skills and expertise. And at the same time, they will increase team productivity and performance, benefiting both you and your employer.

Improve IT Operations and Increase ROI

According to TechRepublic.com, 45% of employees strongly agree that when their employers pay for training and exams, it provides a strong incentive to stay in their jobs. Microsoft Certified Professionals are also more confident and productive. As an MCP you’ll know how to better utilise technology for your business by creating more secure and effective solutions – saving time and eliminate risk to your company.

About the Author: