Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
“Last month, our IT and information assets generated $20 million in revenue in support of 15,000 people using 350 applications. To accomplish this feat, over 32 million connections were attempted across our systems and we applied specific control measures an average of 2.4 times per connection to ensure the completeness and accuracy of our transactions. As a result, over 4 million connections were blocked instantly for not meeting our basic requirements (with 99.75 percent success rate) and we identified 1,700 suspect connections that required further analysis. We ultimately determined that five of those 1,700 were attempted intrusions which we subsequently acted upon according to established procedures. There were no losses associated with the incidents.”
“Last month’s activity has brought to light… Continue reading: My Dream Metrics Status Report
[One of my first Trend Watch essays circa 2000 or whenever Dr. Laura - the queen of saying "no" - was popular]
Dr. Laura: “Hello Kate, you’re on the air”
Kate: “Hi, Dr. Laura, thanks for taking my call. My security dilemma is that I would like to open a port in our firewall…”
Dr. Laura: “ No. Absolutely not.”
Kate: “ But let me explain…If we make this connection to our business partner, we can save $1.2 million in the first 6 months!”
Dr. Laura: “You can make excuses all you want, Kate, but what you are asking is reprehensible, not to mention against policy. [click]. Hello, Nick, you’re on the air.”
Nick: “Hi, Dr. Laura, my security… Continue reading: Dr. Laura as Information Security Officer
Mike Rothman of Securosis stirs things up a bit with his “Risk Metrics are Crap” post. This type of exercise forces participants to make public commitments. In itself, this is not a huge deal since many positions of those in our space are relatively well documented already, however, anyone familiar with Cialdini knows that commitment serves to reinforce positions and not promote compromise or learning. Not surprisingly, nobody changed sides. In fact, nobody moved an inch (or maybe that’s a “teeny-tiny bit” for those quant-averse participants).
More importantly, nobody is budging because there is nothing new here. Mike simply took semi-random potshots at risk quantification, used a lot of potty language and then sat back. Perhaps the most… Continue reading: Attention InfoSec Pros: measuring risk is in your future
My buddy George at InformationWeek suggests that security breaches have negative impact on the brand. The notion of a “brand” is something I find very interesting wrt security, if only that I have heard many, many times from security folks that what we are doing is “protecting the brand” or some similar assertion to George’s.
I frequently find the reference to brand a bit specious and my first inclination is to point out that if the security person is the only one worried about brand value, then brand value doesn’t really matter to the organization in question. If you think about it, most companies just aren’t important enough, or big enough, or global enough, or whatever to have a brand… Continue reading: Does Brand Matter in Security?
So my son saw an option in the settings for his Flip-like video camera that said “Format SD card” and assumed it meant format the video he took to save it to the SD card. Having never in his life had to format anything (except maybe Word documents), he didn’t realize that all data would be (essentially) lost in the process.
Continue reading: Changing the meaning of words… sort of
|
|
