Qualitative risk assessment of RFID

Below is a short qualitative risk assessment of RFID (Radio Frequency Identification) I have pieced together.  In order to highlight strengths, weaknesses and benefits.

May it help you come to a conclusion on how would you deploy this technology while minimizing its risks?

Category Risk Impact Probability Affects
Customer QoS for customers declines because decrease in staff Medium Low Customers, Company rep.
Customer Customers may be dissatisfied with change Medium Medium Company rep, customers
Fraud Scale to RFID Fraud Low High inventory
Fraud Hackers making there own RFID tags High Low Revenue, company rep, emp trust
Inventory Management Mis-tagged or no RFID tag High Medium Inventory, revenue
Employees Adaptability Very High High Employee trust
Employees Lose or trust Medium Medium Employee loyalty
Employees strike Low Low Company rep, employee loyalty, revenue
Employees Productivity to meet new expectations Medium Low Inventory, company rep, customer loyalty
Pricing Lack or pricing from no supervision of ID creator Low Medium Revenue, company rep.
Pricing Inconsistencies Medium Medium revenue
Pricing Scanners not scanning all items Low Low Inventory, revenue
Inventory Management Mis-counts or stock and poor inventory control Medium Low Inventory control
Technical Issues RFID not functioning Very High Medium Data, company rep, employee trust, customer trust.
Technical Issues RFID limitations Medium Low data
Technical Issues Lack of knowledge for RFID or when system goes down High Medium Customer loyalty, company rep.
Technical Issues Designing Standards and processes Medium Medium Employee trust
Inventory Management RFID supplies not delivered on time Low High Inventory, customers, inventory
Inventory Management Lack of knowledge for RFID inventory processing Medium Low Employee, company rep.



  • Become a leader through technology
  • Improve process flow
  • Customer satisfaction by adding value to customer services


  • Lack of technical support knowledge
  • RFID tagging on devices and produce
  • Major inventory fluctuations
  • Internal fraud
  • Damage to reputation of RFID is not effective


  • Better real time data and additional data to make assumptions by
  • Possible opening to new market segments

Cost would be on schedule and worth the cost if all negative risks had a contingency plan. Costs can be fixed in the system and validated during pilot program to ensure cost consistency.



Amber Russell, Curt Ireton, Damon Mulligan, Jan Bondoc, Tyler Rudolph. (November 2009). Risk Management Plan. RFID Implementation for Fresh Foods. Retrieved from http:// www.curtireton.com/Assets/Fresh_Foods_Risk.pdf



Risk Assessment of Cloud Computing

Below, I have  Performed a short qualitative risk assessment of cloud computing that may be used as guidance for any company thinking of moving to the cloud.  Showing some of the strengths, weaknesses and benefits?


Risk Description Probability Impact Risk Affects
Lock-in Difficult to migrate from one service provide to the next. High Medium Company Rep., Data, Service
Loss of Governance Loss of some control  to CP and unknown roles Very High Very High Company rep, data, customers trust, service
Compliance Challenged Compliance with regulations and certifications Very High High Certifications, fines
Business Rep Loss Poor Service harms business during transition. Low High Company rep, service,  data
Cloud service Terminated Poor provider, lack of understandable terms N/A Very High Rep, trust, emp loyaty, service
Provider Acquisition Mergers and buy-outs of CP N/A Medium Rep, customer trust, emp exp, intellectual property, data, service
Supply chain Failure Lack of supplier redundancy Low Medium Company rep, customer trust, data, services
Technical Risk Over/under provisioning Medium Medium Access control, company rep
Malicious Insider Abuse of high privileges Medium Very High Company rep. data, employee and customer trust
Intercept Data in transit Weak encryption, vulnerabilities in cloud Medium High Company rep. data, intellectual property
Insecure/Ineffective deletion of data Proper sanitization or data Medium Very High Sensitive data, personal data
DDoS Distributed Denial of Service Attack Medium High Cloud Interface, Network, Customers, Company rep, service
Data Protection Staorage in multiple locations High High Company rep, data, service
Not part of CP Network Breaks Medium Medium Service
Social Engineering Lack of security & awareness Medium High Intellectual property, data, emp & customer trust, reputation.
Natural Disasters Lack or recovery plan Very Low High Back-ups, all of the above


Strengths & Benefits:

  • Security measures are cheaper when implemented on a large scale.
  • Data is replicated in multiple areas – increasing redundancy and independence from failure.
  • Local network problems are less likely to have global side effects.
  • Larger scale systems can develop more effective incident response capabilities.
  • Threat management is increased since the larger corporations that own the cloud can afford the generalists to deal with specific security threats that smaller companies cannot.
  • Reduces cost of running personal servers
  • Access to better technology

Weakness and Costs:

  • External CP will depend on network bandwidth
  • Integration of variety of software, integration can be very costly
  • Different configuration panel controls, learning curve for IT department
  • Configuring mixed modes between physical, virtual & cloud
  • Reports on performance could be hidden
  • May not integrate with current management controls


Alex Gutman and Martin Perlin. (February 2011) 8 Cloud Building Conditions You Need for Taking your Data Center to the Next Level. www.evolven.com. Retrieved from: http://www.evolven.com/blog/8-cloud-building-conditions-you-need-for-taking-your-data-center-to-the-next-level.html

Daniele Catteddu, Giles Hogben. (n.d. Cloud Computing Risk Assessment — ENISA. Retrieved from http://www.enisa.europa.eu/act/rm/files/…/cloud-computing-risk-assessment

Naushad K. Cherrayil. (October 7, 2011). Cloud computing is the future of networking retrieved from http://gulfnews.com/business/technology/cloud-computing-is-the-future-of-networking-1.886905

Model View Control




Model View Control (MVC)  is a 3 level architecture that decouples the interface from navigation and application behavior, mostly because keeping the applications together creates a huge mess when it is time to redesign you program. MVC patterns will simplify implementation and greatly enhance re-usability. It should always be used in O.O.P. (object oriented programming)


The term Model stands for Data Module Objects, it holds all the application state information (ie data) and all operations that can modify the data.

A model is a computational approximation or abstraction of real world process, entity, or system. An example is the shopping cart when you order an item on-line using e-commerce. It would hold the information of the order number, what is being ordered, the quantity being ordered, and all the code that could interact with this data usually in SQL code. It is also called business logic and provides the connections to the data source as well as to the controller.


The view contains the interface functions, it is the GUI code. It will produce all the visual components of your program. It provides the access to the data and processing logic to the user.

It needs to allow the user enough functionality to provide the user with the tools the program is being developed for.

The view is tied into the Data model, if you delete an item from a shopping cart it will be removed immediate or upon a page refresh usually from an Event Object handler that contains the change and then updates the cart to show a page in HTML with the previously deleted item gone.

For an inexpensive home server try a Linux server with Apache Web-server, a MySQL database and PHP coding. All the software can be installed for free.


As its name implies, the controller component controls the overall flow. The controller code interacts with the view and model components to deliver a modular yet integrated solution.

It is the Controller that accepts input from the user in a particular modality, interprets that input (the interpretation may depend on the View), and invokes the appropriate operation on the Model.

For example, when the Controller detects a mouse click event on the “remove” button of an item it invokes the remove operation on that item. Any state changes that this operation causes on the

Model are sent by the Model to the registered Views via events. The controller component is normally written in Java and implemented as a Servlet.

 MVC usage rules

In order to support reusability, the interactions which do occur should be well defined and the dependencies between the elements (M-V-C) should be minimized. One of the goals of the MVC pattern is to enable the combination of a single Model with multiple Views and Controllers. The MVC pattern ensures that the Views are kept synchronized. When the Controller recognizes a valid command from the user’s input, it invokes the corresponding method on the Model. The

Model verifies that the operation is compatible with its current state, executes it and changes the state of the Views correspondingly. The views, as they have registered themselves as observers, get now informed about the Model’s state change and update their rendering correspondingly.

 The dependencies must be kept minimal

To support multiple views and controllers the dependencies must be kept minimal.

 Note: A is said to be dependent on B when the code of A embeds knowledge about B.

This leads to the following rules:

  1.  The Model does not have any dependency on Views or Controllers.
  2.   A View depends on its associated Model. It has to know the structure of the Model’s state to be able to render it.
  3.   A View does not have a dependency on Controllers. Therefore several different Controllers can be associated with the same View.
  4.  A Controller depends on its associated Model and View. The Model defines the operations the Controller can invoke and the View defines the context in which the Controller interprets the user input. This makes the Controller tightly coupled to the View.

 The interactions must be kept minimal

Another precondition to support multiple Views and Controllers is to keep interactions minimal.

In particular a Controller must never directly affect the rendering of its associated View. Instead user input must make a complete round trip through the Model before its effects become visible in the View. This rule guarantees that a state change updates all Views and that the Views remain synchronized. Often implementations with a single Controller violate this rule because of sloppy

thinking: “I already know that this state change will occur, and therefore do not need wait for the Model to tell me about it”. This is wrong for two reasons:

1. The Model can veto the operation for some reason. The operation will not occur.

2. Other Controllers may concurrently invoke operations on the Model. Some other operation can slip in between, which fundamentally changes the rendering and makes any assumptions about it invalid.

In addition it is impossible to extend such shortcut implementations later with additional Controllers.

 The MVC pattern in Web applications

Although the MVC pattern was originally devised for the organization of fat client GUI libraries, it has in the past several years received widespread acceptance as a suitable architectural pattern for implementing Web based solutions, too. Its structure has been applied, (with limitations), in recent Web applications. This is not surprising, since in both cases the separation of concerns is the driving force behind architectural choices.

 Extending the MVC pattern to distributed applications

Although the MVC pattern was originally devised for GUIs running on a single machine, it can be extended relatively straightforward to distributed systems, where some interfaces between Model, View and Controller may cross the network. The placement of the Model, the View and the Controller then becomes a crucial issue.

The client-centric approach puts all three functions: Model, View and Controller on each client device. The Model, which exists conceptually only in one instance, is “replicated” among the devices. A replication protocol keeps the copies of the Model synchronized.

The server-centric approach puts both Controller and Model on a server. The client devices contain only the Views.

 Why you should MVC

  • Separation of data from presentation

Drawbacks on MVC

  • Is not easy and requires planning
  • Thorough testing and more files needed
  • May overkill small applications

3 Reasons for BI

So you have been working with business intelligent tools for a while but when confronted by the COO on why you think they would be a good fit for your company you cannot figure out how to explain it to him/her.Here I have posted and describe three arguments you may use to persuade a business of the general value that Business Intelligence offers to most companies.

 1. Make faster decisions

BPMS LifecycleBI helps make better quality informative decisions at a faster rate than was done in the past.  It is not just for the IT staff, it is used by managers, executives, and consumers. One of the finalized reports in BI is the dashboard that allows for instantaneous perception of enterprise, departments and individuals performance, by bringing key metrics in a nice-looking and instinctive graphic interface. The best portion of a well advanced dashboard is the capability to drill down to underlying reports and apprehend what factors are contributing to good and bad performance. Another basic feature about dashboards is they permit you to effortlessly and constantly observe for exceptions, and alerts operators when to take action.

2. Report on the Now not the past

market BIWhile most reports can show you what has happened in the past, BI analytics can alert you to what is happening now and send out an alert. BI can also extrapolate possible future outcomes as well and all from a central location so that there is no relying on several different user reports from spreadsheets. The consistency of views is offered between all users because if the automatic data inputs. Because most of BI is automated, the accuracy of the data is also easier to trust. It is imperative for a corporation’s success to have detailed analysis of a corporation’s customers, business environment, stakeholders, business processes, competitors and several other sources of potential valuable information.

2. Future Insight

Bi dashboard exampleBI can offer future insight with predictive tools  so besides just viewing past and present information, you can also get a feel for what may happen in the future. Forecasting possible outcomes also gives  users the ability to be proactive.  Data mining allows analytics to be run on information that may have hidden patterns. Through simulations and collecting seemingly unrelated data, information can be revealed on what be approaching.


With BI you can increase employee productivity,  by empowering  employees with up-to-date reports that will help business decision making capabilities. Your business processes can be easily manage corporate wide from one spot. Relationships with business customers increase as well as the ability to increase market share, the companies IT department can reduce resources which reduces costs and helps deliver a more flexible department for developing and deployment of future cycles. The best way, in my own opinion, would be to provide several case examples from several different organizational implementations, from large scale to small, depending on what business you are trying to convince. If you are dealing with someone more tech savvy, then instead of just using dollars and cents, you could move on to actual business models that can help realize a business strategy.

Going Back to School

      This post informs of academic progression at college and the steps necessary to start, graduate and move on to a better job.

 Price of College Increases Every Year

Before you can take any classes you really have to decide if you are in it for the long haul. If you can’t afford the high rates of tuition plus unexpected charges, you should look into applying for financial aid, scholarships, and loans.

Technology has increased several folds since the 90’s, so has the way a college can educate its students. Because of the availability of alternative classes available to students that already have careers and/or families and are finding it easier to finish colleges.

In preparing this report I have spoken with financial counselors, academic counselors, and other students on what needs to be done in order to achieve your degree of choice as easy as possible. I already hold three associate degrees in Networking, Programming and Computer Applications, a bachelors in Computer Science and a Masters in Information Systems Management. I worked full time through all of these degrees, while raising 4 children.

 What Do You want to be doing 5-10 Years after College

 better jobsBefore you start taking classes you need to get a better understanding of what you like. Many people enter into fields of study just to change later on. There are several places online and at college campuses that will help guide you on the best career choice for you. Once you now what you want to do you can use that career choice to decide what type of education and diploma is necessary to pursue your future goals.

 The best place to start is always at the beginning. Before going back to college you should now what you want to do after college. Don’t chase dollar signs, it is best of you have a calling, a true desire to be in the field you choose and then pursuing a degree that will support this decision. Wither you have past experience or not.

 Extended Learning

 libraryThe nationwide availability of college programs gives busy working adults the opportunity to stay current in there chosen field and gives the additional education needed to advance in their career.

Available classes range from professional certificates to associate, bachelors, masters and doctoral degrees. Classes are offered in a variety of formats including evening and weekend classroom instruction, interactive television, mixed classroom instruction and online delivery as well as completely online instructions.

Were to get Help


The above address offers a list of classes by cities, selecting a city at or near your location will link to a page that will display programs available in that area. Make sure to call the student service office to verify if the program you are interested in is going to be available in the future. While pursuing a BS in Computer Information Systems (which is no longer available in my hometown), there was not a high demand and the satellite classes were moved to the closes major city area and I ended up having to drive 50 miles one way to class at night 2-3 times each week to complete my degree (WORTH IT).

Before you register you might want to know how close the nearest satellite campus is were you want to take classes and what they offer.

College counselors are usually available at least once a semester to help plan a course schedule. Find out when and make sure to schedule an appointment in advance.

 Preparing Your Finances

pile of moneyThere are numerous financial aid programs for students who need financial assistance. Programs are offered under federal, state, and institutions. Most people in middle class homes or lower income usually meet most requirements. Federal loans are also offered to supplement income or tuition while going to college.

I believe that you have to gamble a little in life and I rather bet on myself than a two dollar lottery ticket. That is why I have applied for the federal subsidized

loans to help pay for expenses while I go to college. I believe that I will be able to acquire a better paying career faster with a BS or masters than without.

As of July 2007 the total cost to take full time classes each semester plus expenses costs $8,893.00 and is expected to rise another 7% for the tuition each year. A lot of this expense can be minimized by living at home and finding books online. Still a lot of money no matter who you are but there is ways to work around some of the price that I will presenting.

 Applying for Financial Aid

 College prices are increasing at more that twice the rate of inflation for more than 20 years, the ability of many students and their families to pay for higher education is becoming national concern. Student financial services are becoming more critical in the college financial problem.

In order to be considered for financial aid you must first be admitted to a college. Make sure that you have completed your tax return and have a copy of it nearby. Then go to www.fafsa.ed.gov to apply for financial aid. It is necessary to do this as soon as possible since it could take at least 4 weeks to be approved and be contact by the college of your chose. There are also several reference guides that deal with merit, scholarships and other funding at most local and community college libraries.

Remember that you’ll need to fill out a new FAFSA before March 1st of each year. By meeting the priority deadline of March 1st, you can receive the maximum financial aid package you qualify for. If you don’t meet the priority deadline you may receive a lesser amount than you expect. Also if you want to check your financial aid status and see if there are any holds you can go online at most colleges and check.

Look for related links:

  1. student services
  2. student records
  3. student financial aid

 Student Loans

Another way to go is with federal loans, depending on what type of loan you apply for it could be have little no interest rate. Some don’t even charge interest until after you graduate. If you are considering applying for government backed loans, you will have to take loan entrance counseling and fill out a promissory note.


There are several scholarships offered that vary by academic, financial need and community status. Most scholarships are awarded after summiting a summary on why you are requesting the scholarship.

Planning for Classes Well In Advance

 Not all classes are available at the same time or fit in with your schedule. The good news is that there are several night, weekend, and online classes that are design to fit all types of schedules. There are several guides and personnel that can help you develop a schedule of courses that fit to your schedule. Most classes can be taken at the nearest community college at a third the price of a 4 year college.

 When going back to college or attending for the first time as an alternative student you have to realize that it is an important lifestyle decision and that it will be stressful on you and your family.

family silouette In fact your ability to succeed depends a lot on how well your family co-operates, and is willing to be supportive and patient while you are away & studying. Make sure to thank them and appreciate what they are doing for you whenever possible.

Building your class schedule can be completed completely online using tools available at most colleges, even community colleges. Once you have a student number you will be able to access these sites. Always remember that taking these classes is a high priority. Failure in one class can affect you whole degree since graduating depends on your GPA not to mention the lack of available tuition assistance if your GPA falls.


 I have tried desperately to find online when class registration begins and have failed each time. I can tell you on average class registration starts 4-5 months before the first day of class and that you should speak with a college representative around that time because they may be able to give you an exact date and help you register.

 Developing a Course Schedule



As I previously mention advisers are usually available at each regional site every semester. Call you regional office to find out when your adviser will be visiting and to schedule an appointment. Talking with an adviser can save you a lot of time and money when planning on how to take your classes. It is not easy to know when classes will be available on-line and you usually need an academic adviser to admit you into the class you want to take. Pursuing my Masters, the student adviser was main person I talked to until I had to create me final thesis.

It is important not to overdue you first semester if you are a returning student. Maybe take one class for a semester and if it seems easy than take 2 or 3 the next semester. An important step when taking these classes is to talk t0

students who have taking the class before. They will be able to tell you if it was hard or easy and what the instructor expects.

 Finding Time for Everything

hard workingIf you are an alternative student it is usually because you have a family that you just can’t leave and go back to college full time. Going back to school as an alternative student is not just stressful for you but to your family to.

Keep your significant other informed, let her know as much as possible about what your learning and why it is important to there future. Remind that person that you would not be able to go to college at all if it wasn’t for there help with the kids. Make sure that if you have children that you let them in on what you are doing also. I let my family know that I was doing this to better not just my life but theirs also. Homework and classes on top of working 40+ hours a week and any other activities is really stressful but you have to make time for your family also. Try to finish your homework during the week even if you don’t get to watch your favorite TV show it is more important to have your Saturdays a little open to enjoy with friends and family so you don’t get burned out.

If you don’t think you will be able to finish an assignment on time you could talk to an instructor about getting an extension. Most college instructors realize that you have a job and are working harder than the regular student and want to help you find ways to achieve your degree. Even if this doesn’t sound like fun I have used some of my vacation days just to finish large assignments before they were do,

your not a teenager anymore you just can’t pull an all-nighter, doing so could jeopardize your job when you fall asleep at work.

Prepare for Post-College

 Congratulations on Graduating but you still need to find a job. Start by building a resume, finding a job, and preparing for that first professional interview.

2013 pay and unemployement

I added a graph to help motivate you a little more on getting your chosen degree. It shows the average  income levels & nu-employement based on education. The survey was done by the National Bureau of Labor and Statistics and published in 2013.

Education compared to Annual Income

 Creating a Resume

 A polished resume is crucial after graduating. Employers usually prefer a short to the point 1 page resume that contains all the pertinent personal information. Try to cut out the least important information to make it fit to one page. If you don’t have much work experience in your graduate field make sure to include your college degree at the beginning of your resume.

There are several places online that will help build your resume and even critique it for you. Check with you local community college also, there is usually a job placement counselor who is available and can be very useful. Check with the MyFSU student services tab online to find more information on job placement and resume building after graduation.

 Finding a Career

job search Most career searches are done online. Some of the best places to look online are:

Make sure to tell all your family and friends that you have graduated and looking for a new job. Some of the best positions near you will be found through social networking. You might of heard the expression “It doesn’t matter what you know, It’s who you know that matters.”


I was offered several ways to achieve academic success which lead to professional success and a better life. I hope that I have made it a little easier to understand some of the steps in order to achieve success.

There are also several contact and extra information that are readably available on-line that you can pursue at you own leisure.

I do not believe that college is the only way, some very intelligent and not so have made it just by following their dreams.

A lot of positions require a higher degree of education…but not all.

 Works Cited

 Cassidy, Daniel J. The Scholarship Book 12th Edition. New York: Prentice Hall Press, July 2006

“Education and Income”. National Bureau of Labor and Statistics. 2002: 1-2

Gottesman, Greg. College Survival. New York: Prentice Hall, 1992

Osborne, AJ. Part-time clerical worker, Student Service Office for Extended Learning, Room 107. 20 April 2007

“University Center for Extended Learning: Ferris State University.” Ferris.edu, 07 July 2007, <http://www.ferris.edu/ucel/index>

Upcraft, Lee; Gardner, John; Barefoot, Betsy. Challenging and Supporting the First Year Student. California: Jossey-Bass, 2005

Risk Management Planning

Risk Management Plan

Risk Management Planning

Risk management typically follows four stages in an iterative process. These are identification, assessment, planning and monitoring. They should be followed at project start-up and then monitored in response to change, completion of project stages. One of the main reasons why risk-management activities fail to deliver as well as they should is because they get treated as a one-time exercise. Once the full heat of the project battle is underway, plans and contingencies get left to gather dust on the shelf. This is a sad waste; the initial assessment will have helped identify where the project is most at risk and will have helped focus attention on how to mitigate these risks (or accept them). However, the lack of monitoring allows new risks to emerge, or old ones to grow more serious, without anyone actually noticing. It then comes as a surprise that the roof has fallen in on the project.

indentify risk

The above picture demonstrates the dimensions of where risk comes into play when dealing with project risk management that must be dealt with.

Identification of Risk

Identification is the first step. Ideally, it involves asking anyone and everyone (within reason) to identify any risks they consider might apply to the project, a checklist may be involved like the one on the next page.

Question/comment Yes/no
Has a complete risk identification/assessment/planning exercise been conducted?
Is there an ‘owner’ for this process?
If not, have all the areas of risk been considered? As below:







For all the risks identified, is there a realistic assessment of impact and probability?
Have these risks been ranked (prioritized) according to impact and probability

Identifying and classifying risk.

probability of occurrence

Risk Analysis

Once risk has been identified they can then be rated according to severity and probability. Normally, this is done on the basis of low, medium or high for both categories as seen in the above diagram.

We try to base on ranking the risks according to combined impact and probability. The first filter employed would be to eliminate all the very low risks. These need only be considered if their ranking changes in the future, it is not a good thing to to simply file and forget risks. The ranking process can then be applied to give increasingly higher profiles to high-impact/probability risks. During this assessment process, we could associate/review ranking numbers with the impact on budget and time. This can then be used to keep a track of how risks evolve with time as a result of project progress, risk reduction and contingency plans, plus events in the outside world.

 Risk Response

Following on logically, once the nature of the risk has been fully assessed, the next step is to develop a plan for dealing with each risk. These typically include: ignore it, take mitigating action to reduce the chance of it happening or minimize the impact, and have a contingency plan in case it actually comes to pass.

These are the four main solutions to risk for when they can potentially occur:

1. Avoidance

Includes not performing an activity that could carry risk. An example would be not buying a property or business in order to not take on the liability that comes with it. Another would be not flying in order to not take the risk that the airplane were to be hijacked. Avoidance may seem the answer to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining) the risk may have allowed. Not entering a business to avoid the risk of loss also avoids the possibility of earning profits.

2. Reduction

Involves methods that reduce the severity of the loss or the likelihood of the loss from occurring. Examples include sprinklers designed to put out a fire to reduce the risk of loss by fire. This method may cause a greater loss by water damage and therefore may not be suitable. Halon fire suppression systems may mitigate that risk, but the cost may be prohibitive as a strategy.

3.   Retention

Involves accepting the loss when it occurs. Risk retention is a viable strategy for small risks where the cost of insuring against the risk would be greater over time than the total losses sustained. All risks that are not avoided or transferred are retained by default. This includes risks that are so large or catastrophic that they either cannot be insured against or the premiums would be infeasible. This may also be acceptable if the chance of a very large loss is small or if the cost to insure for greater coverage amounts is so great it would hinder the goals of the organization too much.

4. Transfer

Means causing another party to accept the risk, typically by contract or by hedging. Insurance is one type of risk transfer that uses contracts. Other times it may involve contract language that transfers a risk to another party without the payment of an insurance premium. Liability among construction or other contractors is very often transferred this way. On the other hand, taking offsetting positions in derivatives is typically how firms use hedging to financially manage risk.

 The risk identification, assessment and planning stages need to be re-evaluated when things change. This can either be done by having regularly timed reviews (with the overhead that you might have reviews when you don’t need them). Alternatively, risk reviews can be implemented whenever there is a request for a change, however trivial, or by setting criteria that determine the extent of the reviews according to the extent of the change.

Risk Monitoring and Control

The monitoring process will be to systematically tracks and evaluate the effectiveness of risk handling actions against established metrics. Monitoring results may also provide a basis for developing additional risk handling options and approaches, or updating existing risk handling approaches, and reanalyzing known risks. In some cases monitoring results may also be used to identify new risks and revise some aspects of risk planning. The key to the risk monitoring process is to establish a cost, performance, and schedule management indicator system over the program that the program manager and other key personnel use to evaluate the status of the program. The indicator system should be designed to provide early warning of potential problems to allow management actions. Risk monitoring is not a problem-solving technique, but rather, a proactive technique to obtain objective information on the progress to date in reducing risks to acceptable levels.

“Best practices” acknowledges that all of the traps have not been identified for each risk issue. The traps are intended to be suggestive, and other potential issues should be examined as they arise. It is also important to recognize that sources and types of risk evolve over time. Risks may take a long time to mature into problems. Attention must be properly focused to examine risks and lessons learned.

Lessons learned should be documented so that future project managers can learn from past mistakes.

From past companies, and education, I have developed  risk management plans. That included risk management planning, identification of risk, risk analysis, risk response (including avoidance reduction transfer and retention), and risk monitoring and control.

As I find time, I will post more information.


Andersen, Erling S.; Grude, Kristoffer V.; Haug, Tor.; Katagiri, Mike.; Turner, J. Rodney
Goal Directed Project Management: Effective Techniques and Strategies
3Rd Ed. / Edited By Mike Katagiri, Rodney Turner. : London ; Sterling, VA : Kogan Page, 2004.

Ben-David and T. Raz An Integrated Approach for Risk Response Development in Project Planning; The Journal of the Operational Research Society, Vol. 52, No. 1 (Jan., 2001), pp. 14-25

Kerzner, Harold; Project Management: A Systems Approach to Planning, Scheduling, and Controlling : New York John Wiley & Sons, Inc. (US), 2001.

Nickson, David.; Siddons, Suzy;Project Disasters & How to Survive Them;: London ; Sterling, VA : Kogan Page, 2005.

Smith, Nigel J.; Managing Risk in Construction Projects : Oxford ; Malden, Mass. Blackwell Science, 1999.


Develope a Web Based CMS Using PHP

Download this File Here

The Content Management System (CMS) is a web based application using a Linux Server,
Apache Web-server, MySQL Database, and PHP Programming Language (LAMP). The
objective of managing users, and information in any given network environment can only be
hindered by the creativity of an information technology professional and not by technology. The
main objective of this thesis is to develop the early development steps of a LAMP software bundleCMS. By creating the
building blocks for developing, and taking into consideration basic methods for creating the core
platform of a CMS for further development. All information gathered, and experience gained will
assist with developing and offering my own personal e-commerce business solutions in the future
and to obtain additional business and practical knowledge in an open source software and ecommerce.
Continue reading

Enhance VIM

While VI has been used for years, in current Linus & iOS systems a lot of people have resorted to using Vim.

There are a lot of tricks to Vim that can make it easier to use. Some may not be active by default and I wanted a chance to introduce some of them to you. One in general that I have found very useful.

set background=dark

Lets start by making sure that you have the packaged “vim-enhanced” installed on your system. Use one of these steps from a terminal prompt to install it.

Mint/Ubuntu (Debian) sudo apt-get install vim-enhanced

Fedora (redhat, centOS) sudo yum -y install vim-enhanced

OpenSuse (Suse) sudo zypper install  vim-enhanced 

If one of these does not work or your operating systems is different, there are several other options for installing packages. Try the GUI option as well.

The best way to modify settings in Vim is to have the .vimrc file (Vim Run Command file) in your home directory.

cp etc/vimrc  ~/.vimrc

Open the file,

vim ~/.vimrc

From here you can fix all sorts of text editor effects in Vim.

Just remove the ” from the comment in order to use it.

The one that made a difference for me was.

set background=dark

This is a GREAT setting if you are working in Vim and have a dark background.

It will change what you see from this:

Vim background not set.

“set background=dark

To this:


set background=dark

set background=dark

Making it very easy to see commenting, now there are several ways to change the config file and in the last image you can read some of the ones in the file we copied (cp) over.

Besides being able to read things better know I also like it when the cursor is in t he same place from the last time I was in the file. Another on on the top of the list is the ability to scroll the cursor with me mouse.

Play around with the file, you can always delete it and start from the beginning again if you mess it up to bad.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

404 Webpage Fix for WordPress and Host Gator

404If you are getting this error, use this fix but make sure to shut off any WP applications that may be causing it! Not to go into specific details cause it is a pain in the neck but certain applications that can-rewrite urls for different browsing experiences are really messing up within WP.  Selectively de-activate apps and wait to see if it works.

I cannot remember the name of the app that was doing it  or I would tell you.

This is a quick fix i found that worked from yongee.hubpages.com and just wanted to make sure that the information gets spread around and to acknowledge that it does work.

Modify your .htaccess file, or rename it .htaccessOLD and start from scratch with a new .htaccess file.

    # BEGIN WordPress

    ErrorDocument 404 /index.php?error=404
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [fusion_builder_container hundred_percent="yes" overflow="visible"][fusion_builder_row][fusion_builder_column type="1_1" background_position="left top" background_color="" border_size="" border_color="" border_style="solid" spacing="yes" background_image="" background_repeat="no-repeat" padding="" margin_top="0px" margin_bottom="0px" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="no" center_content="no" min_height="none"][L]

    # END 

   ## This kept giving me 404 ERRORS with WORDPRESS and HOSTGATOR GRRRRRRR ###
   ##WordPressRewriteEngine On
   ##RewriteCond %{HTTP:X-WAP-PROFILE} !^$ [OR]
   ##RewriteCond %{HTTP_ACCEPT} application/vnd.wap.xhtml\+xml [NC,OR]
   ##RewriteCond %{HTTP_ACCEPT} text/vnd.wap.wml [NC]

This has only happened for me with Host Gator. Nothing wrong with HG, they have the best support I have worked with.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Digital Forensics

 forensics              Reviewing the concept of anti-forensics, which can be described as being:  “…more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you” (Berinato, 2007).  The ultimate fear is that the rise of anti-forensics tools and techniques could make any data collected suspect, and that it jeopardizes the validity of any forensic investigation (or at least makes them so cost-prohibitive that they will seldom be feasible).  Throughout this paper we will look at what these tools and techniques are – from new developments in the field intended to conceal illegal activity to traditional anti-forensic methods to wipe data when old equipment is sold or no longer needed.  We will likewise examine the potential impact to the future of forensic investigations, as this could make the probability of a conviction extremely low.

Case studies

     After painstakingly searching several sites in the attempts to find documentation of successful anti-forensics stories and tools that were used, attempt came up pretty empty. While there are a few stories that share how people have tried to fool digital forensic experts, the fact is that no one is going to report that they were successful in fooling digital forensic investigators because they want to be able to fool them again in the future. Even the digital forensic investigators are not willing to relinquish case stories on what they found and the conclusions that they were able to come to so that they can stay an expert in their field. Some of the following stories were what I was able to find. If you ever find any interesting stories like explosives rigged into computers, or magnetic doorways, I would be interested to hear about it. Lastly I included information on how anti-forensics could be useful for personal use, in order to keep your personal information safe.

     With the amount of digital forensic cases that have been posted after the initial commencement date of this research paper, suggests that the amount of information that will be available within the next year will be an exponential growth from the amount that is available at present.

     Additionally I have come to the conclusion from reading several discussions and online expert opinions that while EnCase is the chosen digital forensic tool of use to get a broad overview of the file system, it is only one of the primary tools in an arsenal of tools that usually has a few other tools dropped into the mix and only through suggestions of peers and trial and error will you be able to decide what are the best tools for you to use.

     Just like some people to use torrents to collect illegal free music, movies, and books, pedophiles are using the same technology to spread child pornography to other pedophiles. The city of Trenton, N.J. tracked the digital fingerprints of pornographic pictures as they left one person’s computer and followed it to the next IP address and was willing to follow pictures for a total of 27 adults. One of the adults was arrested promptly before the others when officers found out he lived above a daycare facility.

     Out of the 100 state troopers and 3 months of hard work, the time came to collect the computers from the felons and extract the digital forensics necessary to convict the 27 individuals for the federal offense of either creating or having possession of child pornography. The traceable factor was the electronic watermark that was imprinted on each image. Making each image traceable on individual’s computers and also the routes the images would take on the internet. Artifacts were left on computers that were proof that the images were downloaded and viewed even if the images were deleted, just like a fingerprint on a murder weapon, it should be easy to convict each person.

The most anti-forensic material that was used by one of the culprits was heavy duty magnets that were installed in the shoes to erase the hard-drive of incriminating evidence. Yet with all the networking detective work, the magnets in the shoes probably just helped proof his guilt.

     Because the images were shared on a peer-to-peer network, every person involved in the arrest will not only be charged with possession of child pornography but also of distribution of child pornography because most torrent downloads automatically start uploading to other users who request the same data(Fletcher, 2012).

     30 year old Higinio O. Ochoa, a member of the hacker group Cabincr3w an offshoot of anonymous, was arrested after he posted an image of his girlfriend from an iPhone to Twitter. What he neglected to take into account was the GPS tagging EXIF metadata that was imprinted on the image. When the FBI viewed the metadata on the image, it effortlessly pointed to his girlfriend’s house in the outer-Melbourne area. Because of the image, I cannot post the actual image to this research paper but I can tell you that there was a message on it that his girlfriend was displaying, it read, “PwNd by W0rmer & cabinCr3w <3 u B(commented out)’s!”. All EXIF data had been wiped from the photos posted online.

     I was not able to find any current digital forensics tools that would look for coded messages, just encrypted messages. One helpful post I found from a digital forensics expert suggests that by using Unicode escape sequence messages, that you could possibly circumvent most digital forensic tools, unless it is a professional smart enough to check for the. For an example, \u0048 \u0045 \u004c \u004c \u004f , spells out HELLO.

     Fortunately there are people that are trying to close the gap for digital forensic tools lie Pavel Gladyshev of the UCD School of Computer Science and Informatics located in Texas, is working on a project to develop tools that will not only search for raw binary data for keywords but also search for possible character encoding to include ASCII, UTF-8, UTF-16, and UTF-32 that might have escape sequences embedded in it.

Anti-forensics for Your Protection

     Some people might jump to conclusions that by using anti-forensics to protect your information imply that you’re trying to hide illegal information. That is not always the case, sometimes it is useful to use anti-forensic tools in ordinary daily activities to protect against malware that targets devices like smartphones (Storm, 2011). Take for example the mobile forensic solutions offered by the company Cellebrite that are able to extract deleted data from all smartphones and tablets. While most information gleaned is produced from a hardwired connection, it is possible for devices to attach wireless through infrared or Bluetooth signal. The ability to access data remotely from a smart device makes forensic devices dangerous for the general populace because they may be used for criminal activity or spying (Bloomberg 2012).

      Companies like WhisperSystems (www.whispersys.com), make it a little bit harder for government and criminals alike to easily take data from your smart device by providing full disk encryption, network security tools, encrypted backup to the cloud, and selective permissions. Not only will anti-forensics software encrypt you data but it can also encrypt your text messages and voice calls if the other person is using the same software, if they are not it will still encrypt the data on your phone. This protection is not just necessary from a direct attack but also by malware that might disguise itself as an application you really want on you device.

    In the near future, I will be testing mobile digital forensic tools at Ferris State University and will test to see how well at least one of the free anti-forensic tools work during class and plan to come back and add more on forensics and security.


Berinato, S. (2007, June 8). The rise of anti-forensics. Retrieved from http://www.csoonline.com/article/221208/the-rise-of-anti-forensics

Bloomberg Government, (March, 2012) IPhones to BlackBerrys Cracked by Cops Using Digital Forensics. Cellebrite mobile data secured. Retrieved 4/18/2012. From http://www.cellebrite.com/news-and-events/mobile-data-news/335-iphones-to-blackberrys-cracked-by-cops-using-digital-forensics.html

Fletcher, J. (April, 2012). N.J. investigators track digital ‘fingerprints’ on shared images to nab child pornographers. The republic of Columbus Indiana. Retrieved 4/18/201, from http://www.therepublic.com/view/story/CPT-CHILDPORN_7786030/CPT-CHILDPORN_7786030/