Monday, August 29, 2005

Life Is Tough, but it's Tougher when You're Stupid

On Friday I attended (with John Halliday, our Director of IS Audit, and several clients) a presentation by Internet Security Systems on "State of Security: An X-Force Briefing".

This was, to say the least, interesting, and it is fascinating to have a little chink of insight into the cloak-and-dagger side of information security. The presentation was somewhat American - if you are Australian you'll know what I mean, if you're American you'll wonder what the fuss is about. Suffice to say, the presentation was a little militaristic and "X-Files", but it works in getting the message across, and their deep and undying devotion for "moronic hackers" that are "dumb and stupid" is clear. The cloak-and-dagger effect is reinforced through their regular assessment of the internet's security condition: as of this writing we are at "AlertCon 1".

They are clearly doing some good work in the area of operation system vulnerability detection and prevention for their clients. You are rather left with the impression that the only good hacker is a hacker behind bars, but then if you are wanting someone on your side on issues relating to technical IT Security, I don't think you could ask for a better ally.

Quote of the day, reflecting a rather hard-nosed view of the world and a message to users that they need to be proactive in managing their information:

"Life is tough, but it's a whole lot tougher if you're stupid"

Kind of says it all, really.

Thursday, August 25, 2005

Bigger, Better, Business Intelligence

SearchCIO's Wayne Eckerson has has just issued an article on "Five Things You Should Know about BI" (where, if you don't know, BI stands for Business Intelligence).

In essence, he is confirming the maxim that people issues are what get in the way when it is time to play in the world of business intelligence: Politics, Lack of available tools, Culture, Costs, and Business volatility are the prime culprits.

It is interesting though to note Philip Howard's viewpoint (from Bloor Research) over at in his article "Do We Need Bambi?" - where Bambi is built around a hypothetical merger of "Business Activity Monitoring" and Business Intelligence.

As if we didn't have enough acronyms in IT - now they're breeding.

Friday, August 19, 2005

Copernic Desktop Search Tool - More Thoughts

In an earlier post I discussed my search for a desktop search tool in some detail, and promised that I would have a later post with some reasons why you wouldn't use Copernic (or indeed any other search tools).

This is that post.

Since the earlier post was written I have noticed that it was picked up by Copernic and added to their "blogs and user posts" page. Which is fine by me, but here are some of the potential problems of these technologies.

Firstly, if you do download your own software and install it you fear the wrath of God in the form of your systems administrator if your network policy indicates that software can only be installed by IT Support. Which is a fair enough requirement on their part - a network is a subtle and fragile thing, and the last thing it needs is you blundering all over it - so get permission from your administrators!

May I also suggest that if you download it anyway and install it, you don't then blog about it :=).

Some problems these tools cause for networks include:
  • Increased Network Traffic: These tools regularly (every four days or so) go out and crawl the network directories you nominate, and index the files it finds. This increases network traffic and although the tool is fairly low-footprint on your own PC, on the network server it can cause a bit of grief (which, in a large organisation, you will not be thanked for if you bring down the server). This is particularly a problem if you have LOTS of people on your network creating similar havoc.
  • Slower Performance: These tools work by grabbing files you work on and indexing them as you save them - that is how they pick up files you work on rather than waiting for four days. There can be a small drop in performance - but probably not noticeable - in your local PC. Copernic in particular seems to play nice with the PC in its context.
  • Storage Access Networks: Oh dear - if you use Copernic and set it up to crawl through 1 gigabyte of old documents sitting on a storage access network (say, slower, older, but larger capacity, network drives mapped seamlessly to your network drives), these SAN's decide that you've opened the file (which you have) and promptly move it all back to your smaller, faster network drives that are meant for active files only. And that is a great way to see if your system administrator can physically turn purple, given the storage margins many organisations run with these days.
  • I Can't Believe It's Not A Document Management System: Well, actually I can. Copernic Desktop Search Tool is a good, personal, tool for finding files quickly. It is not an EDRMS, and is not really a scalable solution to fit organisational requirements of an EDRMs. Be aware that Copernic and its peers are not intended as EDRMS solutions. By the same token, it's a lot easier and less overhead than having to profile and fill out the metadata for documents before saving them (which is what EDRMS' rely upon) - but of course the downside is that your searching abilities and strategies need to become a lot more sophisticated to find anything. And of course these days EDRMS tools are really migrating/integrating to content management systems and thus delivering your content to the web in a managed framework - again, something Copernic will never do.
Having said all that, I am now using it but pointing it to my local drives where most of the havoc can go away. The negatives really relate to desktop search tools in general rather than Copernic in particular, which continues to be a reliable tool as far as I am concerned.

There are probably a couple of other issues that will come to mind - but I can't think of anything more at the moment.

Friday, August 12, 2005

Password Security and You

I have been running a poll at the top of the blog now since it started, so it's probably time to change the poll.

However, before the results of the poll are obliterated and forgotten, I thought it was useful to just quickly record how well those readers passing through thought their colleagues treated password security:

So, in a completely unscientific study, it rather indicates that most people consider password security to be of no consequence (50%) - which at least is consistent with what we all understand to be the case anecdotally.

Friday, August 05, 2005

Disparity between corporate and IT governance implementation: survey

CPA Australia has a story on its website of a survey by HP Australia of IT Governance being out of alignment for businesses. The research wasn't carried out by CPA Australia (or even the ITM COE) - it was carried out by HP - but it is an indicator of the ITM COE's effectiveness in bringing this to the business agenda (where CPA Australia is firmly ensconced).

This story was also picked up by CEO Online.

Telstra - Not Alien Freaks, or Just Good Customer Service?

As a postscript to my earlier post regarding a Telstra Bigpond user who was stuck on the wrong plan, a follow up invoice for about $580 (yes, that's right!) was received for June (the May one was about $350).

According to the contract, this is how the world should look, of course, but to pay nearly $1000 for a total of about eight gigabytes of download would seem a little bit of sheer bastardry when, for the same period, a different contract (for another $0.90 to the monthly fee) could be had under which it would cost less than $120 for 10 gigabytes.

Fortunately my colleague is a seasoned negotiator, rang, was honest with the call centre person and just used the silence tactic at his end of the phone and just plain didn't hang up. Eventually he got $320 of the bill waived - probably because it was going to blow out the daily KPI for the poor person at the end of the phone.

Thursday, August 04, 2005

Bone ITIL Moments

I note that the blog I referred to the other day (erp4it) has a link to an article discussing the application and history of ITIL in the United States (BTW, it stands for "Information Technology Infrastructure Library").

I seem to be falling over ITIL a lot these days - in IT Governance work and other areas - so it's probably useful to note the source of all things ITIL:

Wednesday, August 03, 2005

Goodbye Password, Hello Security!

Hot on the heels of Microsoft's man-of-the-moment comments on passwords - he suggested you should write down passwords down in a "very secured place" rather than forcing users to remember umpteen dozen passwords - comes this article on suggesting that the password has had its day.

An interesting thought, yet to be proven, and until we see some true standards there I think we'll have the password for a while longer. Of course, I continue to live in fear that one day I will forget all my passwords and I will simply cease to exist.

Postscript: a recent anecdote of a client who accidentally encrypted an assignment at uni through vainly bashing at the keyboard is a salient lesson to those of us who have ever wanted to take a computer out back and teach it a lesson.