myDigitalLife Blogs

Blogs about Digital, Lifestyle, current news and opinions
Tags >> boxee
Aug 15

3rd Party Security - The big question

Posted by SecurityGeek in Untagged 


Monday, August 13, 2007

3rd Party Security - The big question

As happens in the "Blogworld" I read a blurb in the Daily Incite which then linked to a good Blog entry by Andy It Guy which in turn linked to a really good PDF document by Rebecca Herold who has more letters after her name than in her name.

While we are so busy concentrating on our own security structures (You are, aren't you?) how do we make sure that our partners are protecting our data?

There are several places where this is important

Aug 07

The Wall Street Journal only got one (major) thing wrong.

Posted by SecurityGeek in Untagged 


Tuesday, August 7, 2007

The Wall Street Journal only got one (major) thing wrong.

The Wall Street Journal, published by Dow Jones & Company published an article that had a few of my peers quite upset.

Particularly upset was my brother-from-another-mother Andy the IT Guy. I call him that because although we are thousands of miles apart we have similar jobs and usually see eye to eye on matters. His post on the issue is here. In the post he links to other bloggers who rip the article to shreds.

I leave it up to the dedicated reader to follow all the links and get acquainted with the article and see why it has upset Andy and several others. Go do that now...I'll wait...


If you are reading this I hope you clicked the above links and read up on the comes my 2c.

The article got it exactly right except for 1 major issue and it is in the title!

It is not the IT department that is trying to stop you doing all of those things, it is the security department.

In fact, in most companies if you are quick (and you have to be quick) you'll see that IT guys are the guys who break the rules the most. Find the geek with the long black coat and chances are he is the guy running the phantom MP3 server that everyone knows about but doesn't exist.

Now that that is cleared up, you may ask: so what? Information Security department...IT department..who cares? But it does make a difference. IT has a mandate from Management to keep the servers humming and the information flowing - thats their job in a nutshell.

Information Security has a mandate from Management to make sure that the company does not leak information and does not break the law. The Information Security guys are also not the ones who make the rules, they may make suggestions but the guys who sign off the policies and rules are Management (read: your boss, his boss, etc etc up to the CEO). The rules you are breaking are the rules set down not by IT but by your boss.

Some of the rules (such as rules 1,2,3) are actually made to stop the top level guys from going to jail or at least to stop the company from being at the receiving end of some expensive legal problems. You can be sure that they would not take kindly at having these rules broken.

Obviously I am all for freedom of the press but just know who sets the rules and who signs off on them - its not IT.

Aug 06

Can your business survive without petrol?

Posted by SecurityGeek in Untagged 

This is a copy of a blog entry I wrote in my blog on Friday, August 3, 2007

Can your business survive without petrol?

So, yet another strike and another risk to your business.

It felt like I was in Zimbabwe this morning. I had to queue for Petrol. I'm not saying it is as bad as Zims because the queue was only 5 cars long and there was petrol available when I got my turn. I did put in more than I usually do.

I was lucky because I take LRP; the station I went to had no unleaded.

If you have a large corporation what would you do if 70% of your staff are unable to travel into work every day? Can they work from home? Can your VPN handle the load? Do you know your business well enough to work out who should come in to work, who should dial up or connect over VPN and who should just take a few days off?

If you have a small business can you afford for your staff not to come in and to do their work from home. Can you afford your client/customers not to come visit you? Can you afford not to visit them?

One of the aspects of Information Security is availability and most large companies have a plan for Disasters (note the capital - we are talking floods and earthquakes) but not for small issues like lack of fuel. Most small businesses run on gut feel - they will deal with that bridge when they come to it. The bridge is now here and it is Business Continuity.

The most difficult thing with Business Continuity is that it forces us to take a look at our assumptions. We assume that we can buy petrol whenever we want to get us in to work. We assume that while there we can have access to water, food, toilets, electricity, fairly comfortable working environment (Goldilock's not too hot and not too cold), email, our data, the telephone network, etc, etc. Business Continuity is basically the process of saying "what if something is missing" and anyone can do it. Usually the owner or the business people are the best at doing it because they understand the business and how it works.

It can get a little more complicated when multiple things are not available.This is very likely for many businesses at the moment. If you have no electricity and no diesel for your generator, what can you do? Work from another site where there is electricity, but then chances are you will be using more fuel to get there.

Is it worth making your staff come in later to avoid rush hour in the hopes that their petrol will last longer? The humane aspect also comes into this issue in that if the strike lasts long and petrol is scarce will you let your staff save their petrol for family emergencies?

The strike is 3 days on and the negotiations are happening. Hopefully there will be no issues at all except some minor inconvenience and some bad Zimbabwe comparisons. I will then take off my Chicken Little hat but in the mean time: don't panic but have a plan.

Jun 21

MDL is a twoheaded horse

Posted by SecurityGeek in Untagged 

... that is to say that I'm really excited by it, it looks interesting but I'm not sure exactly what I'm supposed to do with it.

I'm writing this in the hopes that the community may read it and some of the digital-life-people too and explain to me what this thing is all about.

I'm not a web 2.0 newbee or technologically backward either.

I pretty much learned to type when I learned to write and have been on the In'ernet since before there was a web 1.0.

I have facebook account and am linked in. I have two blogs, one which is limping along and another that is doing very nicely thank you very much.

I have a zamatomu account and a feedburner account. And I tie all of this together with my personal website.

"Good for you" I hear you say sarcastically.

I am excited by the fact that this is joined to itweb which has a great following in the IT industry, but are there non-geeks out there using this service? when I write my blog, who is my target audience?

Who are you?

On a more technical note, the site is very confusing and it took me a long time to work out that I could write a blog in the first place. There is a lot of clutter. Facebook has a lot more features but makes it obvious where to go and what needs to be done. blogger is very simple to configure and start using.

It is not obvious what "Media Mall" is, what "Citizen Zone" is, what "Digi-Fides" are... I may find all of this interesting but I don't know what it all is.

So, hopefully I'll get some response and I'll become a happy MDL user. Or, I'll just go back to all my other services.
Hmmm..that was very negative..sorry...but without criticism one doesn't develop.

Member Login