Resource Library

The triple constraints model has been one of the main staples for teaching project management for as long as I can remember. The model is generally represented by a triangle with Scope on the horizontal leg, Time on the left leg, Cost or Resources on the right leg an...

No matter what book or manual you use to study for the CCNA examination, you will see various protocols and processes referencing an RFC. And, although frequently referenced, the RFCs are seldom actually included in the documentation. So, the logical question becomes...

ASA and PIX software version 7.0 introduced the configuration command nat-control which didn’t exist in previous versions of code. Although training course material for both the SNAF (Securing Networks with ASA Fundamentals) and SNAA (Securing Networks with ASA Advan...

There are some common misconceptions on the part of some of my students as to how VPN sessions are established from either a remote location or remote user to the ASA firewall. In particular, a “gray area” seems to be when the attributes from the tunnel group are app...

Project procurement activities are often managed by specialists. By this I mean that the procurement department takes over responsibility for purchasing and contract management from the project manager. As a result of this separation of responsibilities, the steps and stages of procurement are often poorly understood by PMs. In this and the next few blog submissions, I will attempt to shed light on procurement activities and relate these activities to the PMI PMBOK.

I recently was presented with the challenge of logging ALL of the pertinent connection, disconnection, and termination messages associated with the Cisco SSL AnyConnect client without overwhelming the syslog capture display with extraneous messages. This blog will br...

The flexibility, reduced cost, and mobility of cloud computing have made the concept a hot topic. Before implementing this method of computing, however, it is important to consider the security of the "cloud." In this white paper, you will learn some of the risks and benefits of cloud computing to be sure it is the right solution for you.

The subject of this week’s post was actually prompted by a question from a former colleague.  Soon after the PIX Firewall added support for IPSec Virtual Private Networks, a command was added to the command-line, sysopt connection permit-ipsec. This command was subse...

Private networks are under constant threat of attack, even when steps have been taken to "secure" them. The large volume of malicious codes, and their ability to evolve and adapt, requires security professionals and common computer/internet users alike to be mindful of their actions and constantly play defense. This white paper focuses on 10 common ways that malicious code can penetrate a network. Knowledge of these methods and the ability to recognize them are the first steps in preventing them from succeeding in harming your network.

Occasionally as I'm teaching a Cisco training class, I get an idea for a blog post and it happened again this week. The Securing Networks with ASA Fundamentals curriculum is mostly based on the Adaptive Security Device Manager (ASDM). While the class describes the us...

A feature common to IPSec Virtual Private Network implementations throughout the Cisco product line is Perfect Forward Secrecy (PFS). This optional additional component is now a default supplied configuration setting with the Adaptive Security Device Manager (ASDM) I...

As any network administrator will tell you, the ASA Security appliance (as well as its forerunner, the PIX) are capable of generating massive amounts of log messages, especially when the firewall/security appliance is set to log messages at debug level to the syslog...

No matter which IT field you're working in, there are several skills that are useful for every IT professional to know. Here, seven experienced IT professionals working in the networking, programming, project management, and security fields, share what they believe a...

In this webinar, the first of two based on our Cybersecurity Foundations course, you will examine the following topics: verifying users and what they can access, ways a user can be validated to computer and network resources, how cryptography is used to protect data, symmetric and asymmetric encryption and hashes.

In this webinar, the second of two based on our Cybersecurity Foundations course, you'll build on what you learned in the first of the series, Protecting Your Network with Authentication and Cryptography.

Planning for a cyber disaster makes recovering from one much easier. Still, as important as disaster planning is, it's often overlooked or put off until it is too late. In this webinar, Global Knowledge instructor Debbie Dahlin discusses planning for the unexpected -- whether the unexpected means a simple power outage, a network security breach, or a major natural disaster. She'll discuss risk analysis and risk management techniques and explain the importance and process of creating a business continuity plan. Using a fictional company as an example, Debbie will walk you through the disaster planning process a security professional should use, and she will provide simple tricks to reduce your company's downtime before, during, and after a disaster.

An attacker needs to destroy evidence of his presence and activities for several reasons like being able to maintain access and evade detection (and the resulting punishment). Erasing evidence of a compromise is a requirement for any attacker who wants to remain obscure and evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process.

In this hour-long webinar, security expert and Global Knowledge instructor Phillip D. Shade will provide insight into the emerging network security science of network forensics analysis, a.k.a. security event analysis and reconstruction. Using case studies, you will examine the role of data retention in network forensics analysis, and you will learn about applying forensics analysis techniques to handle application-based attacks, VoIP call interception, and worms, bots, and viruses.

Your business has been hacked, leaving you with a persistent bot; now what? In this hour-long webinar, security expert David Willson will discuss ways you can eliminate the threat in an act of self-defense or defense of property. As new laws are explored, old ones amended, and solutions sought, you'll take a look at thinking outside the box to give the good guys the advantage-or at least a fighting chance.

In my last post I discussed aspects of problem management in the context of a real-life situation regarding the first vehicle I owned. In that scenario, and throughout this series of posts, I’ve demonstrated a real-life situation from a standpoint of the incident and problem management processes that ITIL describes.

The term "life cycle" implies two things: that a process is perpetual and that the sequence of events is obligatory or uni-directional. There is no beginning or end to a life cycle and the sequence of events cannot change. A seed cannot go directly to being a mature plant nor revert back to the blossom stage.

During a recent ITIL foundation class, a student asked an interesting question. She wanted to know: “What is the difference between a project and a service?” To be honest, I haven’t spent much time thinking about this distinction. However, I think that those of us who practice ITIL consulting and training should have good answers to questions such as this. Here’s how I answered this question.

IT departments have multiple opportunities and challenges as a result of the Bring Your Own Device (BYOD) invasion. The most common opportunity is to reinforce enterprise network security from both the inside and the outside. Supporting BYOD also offers more monitoring and tracking of activities that provide a more detailed view of network traffic flow. Alternatively, it will be a challenge for some IT departments to give up control over which devices may access their enterprise network. Another challenge will be to have the users doing configurations for network access, which adds human error to a crucial part of the process. The opportunities and challenges BYOD represents are real. Enterprises must make their network infrastructure BYOD ready to meet the onslaught.

Everyone has been involved in a learning program or project that has not delivered its intended impact. Across organizations, remarkably similar but preventable missteps are made in needs identification, learning strategies, program development and implementation.  Instructor Tom Gram, Senior Director of Professional Services at Global Knowledge, will present six classic mistakes learning professionals make that reduce chances for success along with evidence-based practices to help prevent them. 

Lessons learned is a theory, or conclusion, based on evidence at a given time and describes what went wrong (as well as what went right) throughout the lifecycle of a project. Although it’s completed during the project closeout process, it should occur during the entire project lifecycle to ensure all information is captured and documented. Consequences of not having a project review of lessons learned are the increased likelihood of repeating actions that might have caused:

Knowledge Management examines how we acquire, organize, manage, share, and utilize knowledge and information. The Internet gives us an overwhelming amount of information on a daily basis — and the volume of information available is growing rapidly! One of the biggest challenges for individuals and organizations involved in project management is to make the best use of this knowledge and information so they can operate more efficiently, improve decision making, and sustain a competitive advantage.

There is a reason why the Agile methods are becoming mainstream. They can work! Although every Agile practice is not necessarily appropriate for every organization, each practice has delivered real value to many organizations, and some Agile practices can be used by anyone! This four part series explores twelve ways in which the Agile methods are valuable. I’ll bet that you will find more than a few that could be valuable for you!

For several years, most news articles about a computer, network, or Internet-based compromise have mentioned the phrase "zero day exploit" or "zero day attack," but rarely do these articles define what this is. A zero day exploit is any attack that was previously unknown to the target or security experts in general. Many believe that the term refers to attacks that were just released into the wild or developed by hackers in the current calendar day. This is generally not the case. The "zero day" component of the term refers to the lack of prior knowledge about the attack, highlighting the idea that the victim has zero day's notice of an attack. The main feature of a zero day attack is that since it is an unknown attack, there are no specific defenses or filters for it. Thus, a wide number of targets are vulnerable to the exploit.

We already covered the first three of the twelve advantages of Agile software development. These three advantages focus on team development and refining the process. Advantage #4: Motivated Development Team The positive relationship with a reasonable and satisfied customer is only one of the reasons why many developers prefer to work on Agile projects. The other main contributor is that they tend to value working in self directed teams (which the Agile methods require for success).

ITIL describes a service portfolio as a collection of the overall set of services managed by a service provider. A service portfolio describes a service provider’s boundaries and promises across all of the customers and market spaces it serves. I like to think of a service portfolio as describing the past, present, and future collection of services offered by a service provider. The figure below shows a high-level view of a service portfolio.

In a recent post, I gave an overall description of a service portfolio and the key components of a portfolio. Here, I will describe how a cloud services provider might implement an ITIL service portfolio. A cloud services provider will regularly have a set of services under development, a set of service in live operation, and a set of services that are retired.

Risk is something we deal with on a daily basis. Living in New Jersey and having the occasional storm, I’ve recently performed my own risk assessment determining the value of certain assets and activities and made a decision on what I was willing to spend to reduce risk to what I perceived as an acceptable level. My management of risk was a rather simple case. Sure, in my revised business continuity plan for my home, I’ll make sure that I have more D cell batteries, have my garage door adjusted so it opens manually again, more food I can heat on a stove and that doesn’t rely on refrigeration, and finally I’ll consider a whole house gas generator that uses natural gas, which has always been available to power critical systems like the sump pump in my basement. What if, however, I was a really large business? One with lots of components and interdependencies that require a tight integration in order to succeed? How and where can a large volume of information necessary to management, business continuity, and disaster recovery be correlated and communicated to those individuals who, because of their roles and responsibilities, need to make the critical decisions regarding the management of risk?

Rather than looking back over the past year, organizations and individuals need to start assessing cybersecurity threats that lie ahead in the New Year. While there is always the chance for a new threat or risk to be unearthed this year, often the risks of the New Year are predicable from the trends of attacks from the previous year. However, other factors need to be considered as well, including new technologies, new software and applications, mobility, etc. Here are my predictions of the areas to watch for new security threats. When it comes to cybersecurity, we have a lot to look out for, take precautions against and be paranoid about.

Enterprises, whether they are commercial, non-profit, or government entities, are operational organizations that operate through the execution of hundreds of processes. The quality of these processes affects every aspect of the enterprise and these processes are rarely static. Business Process Analysis (BPA) is the discipline of examining processes so that they may be changed to align with enterprise objectives.

As mentioned earlier, one of the most useful pieces of guidance that ITIL provides relates to the categorization of suppliers. ITIL describes four categories of suppliers:

Course director Jim Thomas explains how our custom labs, which utilize external hosts, ISR routers, and DMZ, provide a real-world environment for students.

This paper proposes a unifying model for project plans. A distinction will be made between the outputs of project planning and the project plan itself. The significance of this distinction is to allow projects of all types to be described at a high level, in a common language, regardless of the type of analysis used to develop the plan.

While the last few years have brought about many great advances in IT and network technology security and risk management have a critical point. There is a host of new concerns the IT security manager must be concerned with, including social networking, mobile, cloud, and information sharing. This has unleashed a new wave of change and potential risk. Risk management is required to deal with these emerging technologies and should provide the rationale for all information security activities within the organization. You can think of risk management as the process of ensuring that the impact of threats and exploited vulnerabilities is within acceptable limits at an acceptable cost. Risk management requires the use of countermeasures. Countermeasures can include any process that serves to reduce threats or vulnerabilities.

Global Knowledge instructor Doug Notini discusses the benefits of our FIREWALL 2.0 - Deploying Cisco ASA Firewall Solutions course.

For a project manager (PM) who has served as a military officer on a battalion or higher staff, the parallels between the military decision-making process (MDMP), the orders production process, and project management doctrine prescribed by the Project Management Institute (PMI) are difficult to ignore. Both the MDMP and the processes outlined in A Guide to the Project Management Body of Knowledge—Fifth Edition (PMBOK® Guide) are iterative in nature, allow for the introduction of changes to the original plan, assign tasks and responsibilities, and involve the concept of managing the scope of the operation or project.

Dell SonicWALL's CSSA (Certified SonicWALL Security Administrator) exam is an open book, online certification exam that certifies a student’s understanding of the SonicOS Unified Threat Management (UTM) operating system. The exam tests a student’s network security knowledge, and their ability to use the GUI menu structure for configuration of standard network security scenarios.

Constant change in the technology landscape has been mirrored by the steady evolution of information security. The current information system environment is increasingly complex, comprising storage, servers, LANs/WANs, workstations, Unified Communications, Intranet, and Internet connections.

Now that we have looked at the similarities and differences between the first two steps of the military decision-making process (MDMP) and the project management processes from the planning process group that align with them, it’s time to take a look at the third ste...

You have spent money on software and hardware, implemented best practices, and believe you are secure, right? You may have overlooked the weakest link: your employee. Many breaches occur as a result of an employee mistakenly clicking on a link or visiting a site that allows a virus to be unknowingly downloaded, giving hackers access to your network. Today, a well-trained workforce is a necessity and may even be your most important cybersecurity tool. In this webinar, security expert David Willson will discuss how many breaches have occurred and are occurring, the tools and techniques hackers use to trick employees into clicking on links or opening attachments, and how to prevent such behavior.

Organizations are moving strongly toward Bring Your Own Device (BYOD) access, bringing outsourced activities back in-house, and finding ways to make use of the growing amounts of data flowing in from many new sources such as social media. These factors create an increasing shift in required and desired skills showing up in IT departments. Hiring and salary surveys, such as the 2014 IT Skills and Salary Survey from Global Knowledge and Windows IP Pro, TEKsystems' 2014 Annual IT Forecast, Foote Research Group's 2014 IT Skills and Certifications Pay Index, Computerworld's annual Forecast survey, Robert Half Technology Survey, and information from the US Bureau of Labor Statistics, Futurestep, Mondo, GovLoop, and Dice have presented a developing picture of the IT skills that will be in demand in 2014. Here, in survey order, are the top 10 major skills and why they made the list.

Today, every project comes with limited resources and an impossible timeline. You have to prioritize, but how do you determine what's most important? The answer is to do more than just prioritize. You have to fully understand your company's strategic direction and make every action align with that strategy. In this hour-long webinar, project management expert Yvan Bastien will show you how to reach that full understanding and make the kinds of informed decisions that lead to success.

According to Cisco marketing, Dynamic Multipoint VPN (DMVPN) “will lower capital and operation expenses, simplifies branch communications, reduces deployment complexity, and improves business resiliency.” Okay. But what is it, really, and why should we care?

Effective requirements collection at the outset of the project is the key step that will ensure that the project manager can deliver what is actually expected. In this respect, the business analyst must become a key ally and advisor to the project manager. Most project managers are not trained business analysts, so taking advantage of the skill set that a business analyst can offer can greatly enhance the possibility of project success.

Communication is vital within projects and contributes significantly to project success. PMs and BAs have important—and different—roles. Let's take a look.

Does your company have a risk management program? In this hour-long webinar, cybersecurity expert and Global Knowledge instructor David Willson will explain why you should. In light of recent breaches at Target, Nieman Marcus, Michaels, Yahoo, and a growing list of others, we're learning that FBI Director Mueller was right when he said getting breached is not a matter of if, but when. While having a risk management program may not prevent a breach, it can certainly lower the risk of one, ensure compliance, and reduce or even eliminate your liability if a breach does occur, enabling you to recover quickly and to protect your reputation. Beyond explaining the importance of a risk management program, David will tell you how to implement one, including conducting a basic risk assessment, policies you'll need, and training your workforce.

Whether you're a Project Manager or a Business Analyst, you can certainly relate to a situation where you've felt like your cohort on a project was from a completely different planet! This panel discussion webinar between our PM expert, Ori Schibi, and our BA expert, Cheryl Lee, will explore some of the misconceptions that each role has and learn how to play nicely with each other in the project world.

As an IT professional you deal day in and day out with securing operating systems, patching software, installing and configuring firewall and routers But what about the physical infrastructure? Do you understand how simple techniques can allow theft of your company resources? In this session we will discuss how to reduce the possibility of loss of data and equipment. Physical security may not be part of your job but you should be aware and having discussions with the personnel who are responsible. Or does Physical Security become one of your job responsibilities? Come to this session and learn about one of the most important and yet least thought about areas of security by IT professionals.

Securing corporate information can be a challenge, considering the numerous technologies and platforms that need to be protected. One technology that definitely helps achieve secure data is public key infrastructure (PKI), which enhances the security of data by using advanced access methods and making sure the authenticity of the data flow is preserved.

Global Knowledge Course Director Samuel Brown introduces the Work Breakdown Structure and why it matters to project management.

Samuel Brown, project management instructor and consultant, has taught Global Knowledge courses for more than fifteen years. In this video clip, Samuel discusses Global Knowledge's unique and effective approach to helping students prepare for PMP certification.

Kirsten Lora, Global Knowledge Senior Product Director, discusses the benefits of our IT Project Management course.

The project manager (PM) and business analyst (BA) have to be key allies in the management of any project. That can be difficult when project work is duplicated because of the overlapping tasks defined by the International Institute of Business Analysis (IIBA®) and the Project Management Institute (PMI®). Still, as long as roles are clearly defined and understood, the two can cooperate and collaborate, instead of competing. In this hour-long webinar, Global Knowledge instructor and PMP-certified project management expert Daniel Stober will explain how to delineate the roles.

This power session is an introduction to Managing Stakeholder relations. It offers new ways of managing and dealing with projects, which focus more on communications, understanding stakeholders' needs and managing their expectations, as well as learning about organizational politics and culture, and performing value-add activities. It provides a practical approach to managing issues that matter most for project success - communication, stakeholder expectations, risk, change and quality; so that the scope, schedule and cost end up on target, achieving the desired outcomes for the organization.

Have you ever Googled yourself to see how much of your personal information is online? In many cases it can be pretty scary and include things like your home address, phone number, likes, dislikes, etc. One young man searched for himself and found all of his banking information online. In that case it turned out to be a mistake by a bank employee, exposing the banking information of 86,000 customers.

Increased interconnectivity via machine-to-machine (M2M) communications, the IoE, and smart systems holds profound implications for how business trends continue to evolve. In terms of M2M growth, key developments in security will be essential, from the design and manufacture of devices to more robust cloud security and ensuring the integrity of wireless data transmissions. Without these safeguards in place, organizations and industries that rely on M2M will continue to place themselves at risk.

You are a problem. You are a risk to your employer. The actions you take and the activities you perform at work, online, and even in your personal life put your employer at risk. You need to know how you are a security risk to the organization and what you can do to reduce or eliminate those risks. In this paper, I discuss ten common risky behaviors that typical workers engage in and what you can do to avoid being the weakest link in your company.

In this hour-long webinar, Global Knowledge instructor and PMP-certified project management expert Daniel Stober will look beyond the triple constraint model and focus on the true essence of project success: stakeholder satisfaction. Many project managers (PMs) fall into the familiar habit of managing based on the constraints of time, cost and scope. While all of these are important, managing them effectively doesn't guarantee project success if the PM fails to conduct proper stakeholder management. To manage stakeholders effectively, the PM has to set expectations. Once expectations are set, the PM must influence the perception of project performance with the stakeholder. Tune in as Dan explores methods you can use to accomplish that goal.

In this series, we are looking at six things that can trip up project managers. We’ve covered the hazards of overcommitting, how to provide feedback, the importance of taking responsibility, staying focused, and what leading from the front can actually look like. Finally, we’ll take a look at handling team input.

The bad guys just keep getting better! No matter how much patching and tweaking we do, the bad guys' constantly changing tactics and techniques continue harming our networks, stealing and damaging data, and just generally screw things up. What motivates someone to do such terrible things in the first place? How have these hackers changed and improved? What kinds of attacks are popular now and why? In this hour-long webinar, security expert, former hacker and Global Knowledge instructor Phillip D. Shade will provide insight into understanding the latest hacking techniques, what the current threat landscape looks like, and suggested countermeasures to mitigate threats. He will include specific examples of the current threat landscape, including data mining, social engineering cyber threat terminology, man-in-the- middle attacks and Denial of Service (DoS) attacks.

Pen testers beware. Whether you believe you know and understand all the potential legal issues, read on. First of all, a penetration test or “pen test” is a method that’s used to evaluate the security and/or vulnerabilities in a network. This test is normally conducted externally wherein the tester is attempting to hack a network or computer. Breaking into computers and networks is illegal under the Computer Fraud and Abuse Act (CFAA), and depending on your activities and other factors, other federal laws and state laws may be broken.

One of the main weapons of organized crime on the Internet is the use of junk email, also called spam. Hackers use spam for a number of purposes such as selling counterfeit products (medicines, particularly) to steal your personal or financial information, or to infect your computer with spyware and malware. This malicious software can then hijack your computer and your Internet connection to help propagate itself.

Business Continuity and Disaster Recovery (BC/DR) planning is the process of developing the plans, processes and procedures to respond to the range of incidents. We start with understanding the essential functions of an organization, called Business Impact Analysis (BIA). In life, we set the same priorities: protection of family and friends, shelter, food and water and other life-giving essentials.

Times are changing. Attacks are becoming much more sophisticated and hackers are exploiting human vulnerabilities to gain access to enterprise networks and private information. Employees and end users want to help protect your company's sensitive data, we just need to motivate them as to why they should care. By educating your employees on security best practices and current human vulnerabilities, you can take a step forward to ensuring you're not a part of the many organizations that are breached.

Many security breaches over the last year have taught us new lessons (or clarified ones we should have already learned). This paper reviews these key issues and focuses attention on 10 responses that we all need to adopt in our approach to security in 2015.

Discover the ways in which cybercrime occurs in three realms: individual, business, and governmental. Learn what you can do to protect yourself and your organization.

Mobile payment systems have solid promise to become the dominant means of financial transactions, but there are some hurdles to overcome. Apple Pay might be the dominant force today, but Google Wallet and others are not far behind. The year 2014 was when digital and mobile payment systems became known to a wide range of the general population, while only techno-enthusiasts were aware of the options in the four to five years prior. Thus, mobile payment systems are not new, but customers and merchants are quickly adopting them now that they have become popular. It still remains your responsibility to thoroughly research any mobile payment option before implementing it. It is your money and you have the burden of ensuring that it has the best protection possible.

A Dynamic Multipoint Virtual Private Network (DMVPN) can be used with other networks like Multiprotocol Label Switching (MPLS), but streaming multicast is accomplished quite well using "Default" and "Data" Multicast Distribution Trees (MDTs) with MPLS.

In many organizations, the Program/Project Management Office (PMO) is viewed as purely a cost center, so it becomes marginalized by additional layers of bureaucracy, oversight and cost. But the essence of the PMO and portfolio management in general is to add value to the organization. So how do organizations reconcile the cost of the PMO versus the value it adds? The short answer is to flip the conversation on its head and talk about the PMO as a revenue driver rather than a cost center. In this hour-long webinar, Global Knowledge PMP-certified senior product manager Daniel Stober will explain how, by focusing on efficiencies gained and reduced waste, you can shift the conversation from the PMO being a necessary evil to the PMO being critical for organizational success.

Young adults unable to find work, employers unable to fill jobs, a recent GAO study that reported substantial declines in telecommunication expertise — there has been a lot of news about the pervasiveness of skills gaps, their causes, the actual impacts and what to do about them. It’s rather confusing, because the term “skills gaps” has been hijacked to politicize an extremely wide range of issues.

Complexity has always been a part of projects. But today, globalization, new technologies and changing markets have combined to add to the complexity. Today's projects have more stakeholders, more ambiguity and more politics than ever, and project managers need new tools and approaches to succeed. Join Alexander Stanisic and Michelle Moore of Global Knowledge for an information-packed hour on how to manage the complexity of the 21st-century project.

The tools described in this white paper are essential PM tools. Tools that will best be used, regardless of the project, are the WBS, communication model, and the precedence diagram. The other tools will be needed depending on the project.

Good global project managers develop their own competencies, and those of their team members. We can use technology to bridge distance, but also focus on the human aspects of culture, work habits, management style, English as a mandated language, communication, and uncertainty. Perform a self-assessment and assess your team members, then look for on-the-job and other improvement opportunities. A good way to learn more about how to overcome these challenges is to become involved in the international community.

In this blog series, we'll get you up to speed on using the key tools listed in the PMBOK® Guide. First up, Work Breakdown Structure (WBS).

Most project team members report to a functional manager who controls their assignments, performance appraisals, raises, bonuses, etc. Until recently, project managers (PMs) had little input into any of these processes. In this paper, learn how a PM working in a functional or matrix organizational structure can get team members to perform.

In this blog series, we'll get you up to speed on using the key tools listed in the PMBOK® Guide, including Decision Tree Diagrams.