Test automation has been adopted and used effectively in the IT industry for over a decade now. One of the core objectives of using test automation - along with conventional testing - is to repeatedly test certain actions, logics, and business functionalities with the end goal of increasing the effectiveness, efficiency, and coverage of the software in test.
Topics: Automated Testing
In Part One of my blog series aimed at breaking down each section of Online’s security policy, we looked at some general best practices surrounding the development of a security policy. This included answering the question of “why develop a security policy?” and went into detail about developing the scope of content contained within. Now let’s take a look at the roles needed to implement an effective policy.
The intercom at the airport speaks the truth as it periodically repeats the mantra “Security is Everyone’s Responsibility”. If security is everyone’s responsibility then even the best written security policy is nearly worthless if it doesn’t include a section pertaining to roles and responsibilities.
There has been a lot of discussion about the need to have an end-to-end plan to manage your security threats and vulnerabilities. It is easy to agree that our plans need to start at identification and continue through to remediation and we might quickly agree that the first step is to effectively identify the threats. What is far more difficult, is determining how these threats and vulnerabilities are identified; unfortunately, in the increasingly complex enterprise environments of today, this task can be incredibly difficult and in some cases, nearly impossible.
Earlier this week a new spambot emerged, targeting no less than 711 million email addresses. Basically, the spambot delivers malware called Ursnif into the victim's inbox and is capable of stealing personal information such as login details, passwords, and credit card data.
The name of this spambot, “onliner”, is a touch disappointing, a bit ironic, and of course has no relation to us whatsoever. At Online, our team (our employees) are known as Onliners.
The PCI Security Standards Council sent out a communication to all Qualified Security Assessors (QSAs) this past week saying they are raising the number of industry certification requirements for QSAs from one certification to two (effective 2019). While I have been in strong favor of almost everything that the council has done to evolve the PCI standard and program, I have concerns with this change for QSAs and what they will mean to our clients.
Online infuses the right amount of security into everything we do – I like to refer to this approach as our “special sauce.” Security is not just important to our Risk, Security, and Privacy (RSP) practice (which lives, breathes, eats, and sleeps security), it’s important to our entire company. We have built security in to our development processes, our service management practice, our customer/digital experience offerings, our internet of things (IOT) offerings, and our cloud-based (AAS) service offerings.
Test automation has been adopted and used effectively in the IT industry for over a decade now. Some of the core objectives of using test automation, along with conventional testing, is to repeatedly test certain actions, logics, and business functionalities with the end goal of increasing the effectiveness, efficiency, and coverage of the software in test. However, as the use of test automation has become more and more extensive over the last decade, some myths associated with automation testing have arisen and are in need of addressing. Online’s team of QA experts have banded together to dispel some of these myths and to ensure that anyone looking to utilize test automation knows that it is about far more than just looking for software defects.
Topics: Quality Assurance
One of my favourite cult classic movies was an obscure, but star studded picture called Mars Attacks. In the movie, Jack Nicholson plays the President of the United States trying to make peace with the vicious Martians. In his final scene, he makes an impassioned speech to the Martian leader with his final line being “why can’t we all just get along?” The Martian leader’s response was a tear and an “Ack-Ack,” followed by killing President Jack.
This scene is all too often paralleled in real life, with the opposing roles played by Security and IT. While they may not vaporize each other, they do operate under diametrically opposed missions. Security’s job is to keep the company safe – full stop. If they had their way, access to systems would be very tightly controlled and an almost weekly patching routine would be implemented, slowing the enterprise to a crawl. IT on the other hand is tasked with keeping the company up and running. They view patching as a necessary evil that consumes precious time and resources that they could focus on more innovative projects.
We’ve all seen the multiplying factor used in advertisements. It’s a strategic way of highlighting a data point to attract attention by saying that something is [blank] times more [blank] than another. For example, a simple Google search resulted in numerous six times factor results. I’ll share a few of the more obvious ones for fun:
Topics: Change Management
A lot has been said and written about the importance of “Employee Recognition,” but we don’t hear too much on the topic of “Employer Recognition.”
Eleven years ago, we learned of an Employer Recognition program called Best Workplaces in Canada. An organization called Great Place to Work evaluates companies on five disciplines – Pride, Camaraderie, Credibility, Respect, and Fairness – and creates Top 50 lists (by country and company size). What appealed to us about this program was that 67% of a company’s overall score is determined by the company’s employees through an anonymous survey.