The PCI Data Security Standards will update to Version 1.2 as of December 31, 2008, when Version 1.1 will "sunset". On October 1, the PCI Security Standards Council released version 1.2, which did not change requirements, but provided additional clarity and flexibility and addressed evolving threats. Windows IT Pro provides a nice summary table detailing the changes between version 1.1 and 1.2.
The end of Wired Equivalent Privacy (WEP) wireless security
The major practical change that I found in PCI v1.2 is that new implementations of WEP security in Wi-fi Internet access are not allowed after March 31, 2009. Current implementations must discontinue use of WEP after June 30, 2010. WEP is a popular security option for Wi-fi installations, however, it became obsolete in 2004 with the completion of the Wi-Fi Protected Access (WPA) standards, and WEP is dangerously vulnerable. Nevertheless, WEP remains the default option for wireless security with many Wi-fi routers.
If you haven't migrated your Wi-fi networks away from WEP yet (or if you are still using unsecured Wi-fi), make it one of your New Year's resolutions to update your wireless security.
Happy New Year
2008 marked my ten-year anniversary working on Certain Registration (originally Register123). I wish you all a Happy New Year and best of luck in 2009.
Wednesday, December 31, 2008
Monday, December 08, 2008
EIBTM 2008 in Barcelona
I worked our booth at the EIBTM 2009 show in Barcelona last week. This is a well-managed show (they use Certain Events for attendee management and 1-on-1 appointment scheduling) and I noticed several differences between it and the comparable shows in America (such as MPI and HSMAI).
Comparing European to American Shows
The show layout was more like a World's Fair than a trade show. Every country and major European city had huge multi-level booths with all sorts of give-aways and theme-based networking areas. I visited the real Oktoberfest in September and the Munich booth was a scaled-down dead ringer for the beer houses. The free booze (for attendees) starts at 10am and goes through to 6pm (1800) every day.
EIBTM has less of an educational component than you see in the U.S., however, prospects spend a greater time speaking with staff at the booths and understanding the products. I rarely give even a brief demo at shows in the States; typically a 30-second elevator pitch is all you get before scanning the attendee's badge. At EIBTM we had a dozen prospects each day who would sit in our booth for 15-30 minutes and watch a full sales demo. Attendees made appointments with exhibitors and then they showed up on time!
The show was more work for the booth staff, but the leads generated were higher quality and further along in the sales cycle.
Lift Conference = Events 2.0?
My favorite session was the annual technology debate with Corbin Ball and Laurent Haug. The debate was less interesting to me than Laurent's description of the Lift Conference.
A group of bloggers, academics, and entrepreneurs got together and designed this conference from the attendees up - with no marketing budget, no brand awareness, no budget for technology infrastructure, and complete openness (anyone could see anything). A few years later, they have a very successful conference that combines the best of traditional face-to-face meetings and new technology.
Although the conference completely relies on technology before and after the event (there is only online registration and no paper documentation or advertising), they try to minimize the use of technology on-site. They found that a room full of people fiddling with their laptops and web phones actually decreased social interaction (yes, to technology people this is a surprising conclusion), and they are better off without those for 3 days.
They also found that complete openness does not scale. In early years, the seminar planning page would have 10-15 proposals and attendees would comment and vote on the speakers and topics they wished to hear. As the number of proposals expanded to dozens and hundreds, this method began to suffer - very few people will invest hours review all proposals and so the ones listed at top tended to get the most votes.
Comparing European to American Shows
The show layout was more like a World's Fair than a trade show. Every country and major European city had huge multi-level booths with all sorts of give-aways and theme-based networking areas. I visited the real Oktoberfest in September and the Munich booth was a scaled-down dead ringer for the beer houses. The free booze (for attendees) starts at 10am and goes through to 6pm (1800) every day.
EIBTM has less of an educational component than you see in the U.S., however, prospects spend a greater time speaking with staff at the booths and understanding the products. I rarely give even a brief demo at shows in the States; typically a 30-second elevator pitch is all you get before scanning the attendee's badge. At EIBTM we had a dozen prospects each day who would sit in our booth for 15-30 minutes and watch a full sales demo. Attendees made appointments with exhibitors and then they showed up on time!
The show was more work for the booth staff, but the leads generated were higher quality and further along in the sales cycle.
Lift Conference = Events 2.0?
My favorite session was the annual technology debate with Corbin Ball and Laurent Haug. The debate was less interesting to me than Laurent's description of the Lift Conference.
A group of bloggers, academics, and entrepreneurs got together and designed this conference from the attendees up - with no marketing budget, no brand awareness, no budget for technology infrastructure, and complete openness (anyone could see anything). A few years later, they have a very successful conference that combines the best of traditional face-to-face meetings and new technology.
Although the conference completely relies on technology before and after the event (there is only online registration and no paper documentation or advertising), they try to minimize the use of technology on-site. They found that a room full of people fiddling with their laptops and web phones actually decreased social interaction (yes, to technology people this is a surprising conclusion), and they are better off without those for 3 days.
They also found that complete openness does not scale. In early years, the seminar planning page would have 10-15 proposals and attendees would comment and vote on the speakers and topics they wished to hear. As the number of proposals expanded to dozens and hundreds, this method began to suffer - very few people will invest hours review all proposals and so the ones listed at top tended to get the most votes.
Monday, November 03, 2008
Meetings Technology Expo in New York City
I'm speaking twice at the Meetings Technology Expo in New York City on Wednesday, November 12th. Please come by if you're able to and introduce yourself to me.
Security for Web 2.0: Staying on top of new Issues in Meetings Technology
9:15am-10:15am
Just when you thought you had a lock on data security with your meetings management software, along comes social networking, webcasts, and all the web 2.0 applications – wikis, blogs, forums. As with any technology, security issues are always a chief concern among technology users and providers. In this session you will learn what you need to know to keep your data privacy intact and what new security issues surrounding new technologies are on the horizon.
Session Take-aways:
The APEX Toolbox: Bringing Standards to Event Management
4:45pm-5:45pm
Discover how to improve your communications with vendors while enhancing your overall professionalism by using the recently released APEX Meeting & Event Planning Toolbox, a project of the Convention Industry Council. Learn what is on the horizon that will allow the industry to electronically transfer event management files.
Session Take-aways:
Have checklists when preparing an RFP, rooming list or event specifications Learn how to develop your own RFP and event specifications Learn what application developers are currently developing toward the APEX standards Discover the soon to be released APEX Power Shop for event professionals
Security for Web 2.0: Staying on top of new Issues in Meetings Technology
9:15am-10:15am
Just when you thought you had a lock on data security with your meetings management software, along comes social networking, webcasts, and all the web 2.0 applications – wikis, blogs, forums. As with any technology, security issues are always a chief concern among technology users and providers. In this session you will learn what you need to know to keep your data privacy intact and what new security issues surrounding new technologies are on the horizon.
Session Take-aways:
- What you need to know about protecting your customer information
- How to evaluate the security of your vendors
- Top 10 Things you should do Right Now
The APEX Toolbox: Bringing Standards to Event Management
4:45pm-5:45pm
Discover how to improve your communications with vendors while enhancing your overall professionalism by using the recently released APEX Meeting & Event Planning Toolbox, a project of the Convention Industry Council. Learn what is on the horizon that will allow the industry to electronically transfer event management files.
Session Take-aways:
Thursday, October 02, 2008
Amendments to Americans with Disabilities Act Broaden Coverage, Portend More Employment Litigation
Last week, President Bush signed into law amendments to the American Disabilities Act (ADA). Effective January 1, 2009, these changes broaden the definition of "disability", and large employers should expect an increase in employee disability claims.
ADA and Section 508 Compliance for Web Sites
For the most part, event planners outside of the Federal government ignore ADA compliance for their Web sites and online registration forms. Looking at the history of ADA applicability to the Web, a trend is becoming clear:
1. Originally, only public Web sites of U.S. Federal Government agencies had to comply with ADA Web guidelines.
2. Later, enforcement extended to state and local government Web sites if those agencies accepted federal funds (as most do)
3. Recently, Target v. National Federation of the Blind set a precedent that commercial Web sites must be ADA compliant if the site is accessible to the public
4. Now, these new ADA amendments broaden the definition of disability in the employee-employer relationship. This makes me think that soon employee-only Web sites (such as Intranets and employee event registration forms) may soon fall under ADA regulation.
What to do as a Meeting Planner?
I don’t hear a lot about ADA compliance in the meetings industry press or trade shows, but I think now is the time for organizations to create long-term plans for all of their Web sites to become compliant with the international W3C Web Content Accesibility Guidelines (which include the U.S. ADA and Section 508 guidelines).
I've previously described our strategy at Certain for doing this.
ADA and Section 508 Compliance for Web Sites
For the most part, event planners outside of the Federal government ignore ADA compliance for their Web sites and online registration forms. Looking at the history of ADA applicability to the Web, a trend is becoming clear:
1. Originally, only public Web sites of U.S. Federal Government agencies had to comply with ADA Web guidelines.
2. Later, enforcement extended to state and local government Web sites if those agencies accepted federal funds (as most do)
3. Recently, Target v. National Federation of the Blind set a precedent that commercial Web sites must be ADA compliant if the site is accessible to the public
4. Now, these new ADA amendments broaden the definition of disability in the employee-employer relationship. This makes me think that soon employee-only Web sites (such as Intranets and employee event registration forms) may soon fall under ADA regulation.
What to do as a Meeting Planner?
I don’t hear a lot about ADA compliance in the meetings industry press or trade shows, but I think now is the time for organizations to create long-term plans for all of their Web sites to become compliant with the international W3C Web Content Accesibility Guidelines (which include the U.S. ADA and Section 508 guidelines).
I've previously described our strategy at Certain for doing this.
Monday, September 15, 2008
Online Registration and Housing Technology Presentation
Continuing my recent road trips, I had the opportunity to present with Jim Gowell from Passkey at the new Event Technology Expo within the HSMAI Affordable Meetings National program on September 10, 2008 in Washington D.C.
Online Registration and Housing Technology - Do More With Less
Online Registration and Housing Technology - Do More With Less
Below are a copy of our slides.
Friday, September 05, 2008
Online Travel Systems for Meetings presentation at MTE in Washington D.C.
Wednesday last week, I had the opportunity to present at the Meetings Technology Expo in Washington, D.C. On short notice, Paul Paone asked me to fill in for the Meetings Travel session, so I created a new presentation based on my experience integrating Meetings and Travel systems.
Unlike much of the marketing hype around "Travel Integration" systems, I've found that sometimes inexpensive process modifications can achieve the universal goals of unified meeting-travel reports and proper travel expense assignment for meetings.
Online Travel Systems for Meetings
Below are the slides from my presentation. Click on any image to see a larger version.
Unlike much of the marketing hype around "Travel Integration" systems, I've found that sometimes inexpensive process modifications can achieve the universal goals of unified meeting-travel reports and proper travel expense assignment for meetings.
Online Travel Systems for Meetings
Below are the slides from my presentation. Click on any image to see a larger version.
Thursday, September 04, 2008
Security for Web 2.0 presentation at MTE in Washington DC.
Yesterday, I had the opportunity to present at the Meetings Technology Expo in Washington, D.C. I modifed my Web Security presentation from the Chicago show to include "Web 2.0" technologies. I loosely define "Web 1.0" as technology where the site owner pushes content to a user. "Web 2.0", by contrast, includes technologies where the site owner provides a platform that allows users to publish, consume, and interact with each other in a community. (For example, Blogs, wikis, social networks, forums, etc.)
Security for Web 2.0
Below are the slides from my presentation. Click on any image to see a larger version.
Security for Web 2.0
Below are the slides from my presentation. Click on any image to see a larger version.
Subscribe to:
Posts (Atom)
