The Ombudsman for the city of Detroit reports that a mistake in the finance department has resulted in almost 60,000 property tax bills with the wrong interest rate.
Further compounding this error is a situation whereby some residents received no tax bill at all, and others got two.
City Ombudsman Dorian Brown’s office has been swamped with calls:
“In an environment where we are told on a daily basis that the city is broke, it makes absolutely no sense whatsoever that the city cannot get their game together so that they collect money and collect it on time. Service delivery is linked to the resources the city has to provide them; this is outrageous that the city has not prioritizing the collection of tax money which is needed to provide the services we all deserve,” Brown stated.
It does seem rather incredible that the relatively simple matter of a tax rate cannot be applied to the servicing of tax bills. Further, computer-driven mailings have been going on for years – it shouldn’t be too challenging – in 2011 – to ensure a list gets satisfied through processing, yielding a very simple requirement…
…that one taxpayer/property gets one coherent bill.
It should not be difficult to review a few regs, laws, and standards, and then populate some fields, execute a data merge, and produce some bills and letters for mailing.
In my travels, I’m discovering more and more organizations, private and government, that are not improving in matters of timeliness, accuracy, and service when it comes to the maximum actualization of technology and available benefits. This is very troublesome.
It’s expensive correcting mistakes; mistakes hold proper systems, activities, and benefits at bay; and further, mistakes can cost an organization its reputation in very short order.
In the realm of an ever-tighter Business-Technology Weave, it is crucial to tune heads and pull everyone’s best game. Get on the ball – now. If you’re firing on all cylinders, good for you: Be certain to stay that way with the evolving plans, policy, training, and activities that will keep you there.
“It’s the year 2011, we’ve got all kinds of technology, we’ve got an administration that tweets for God’s sake, but we cannot manage to get tax bills out, and money is so desperately needed in this community; that’s a problem,” says Brown.
NP: Todd Rundgren, Runt, on original LP.
Don’t Miss the Obvious: Reason for care, training and awareness
According to Pingdom, internet users sent around 107 trillion e-mails last year. I dunno about you, but that doesn’t mean a whole lot to me unless I can see some sort of visual representation of that…
For a handy example for what a trillion+ e-mails might represent, check this site: PageTutor.com. Here, they’re explaining what one trillion dollars in $100 bills would look like. Simply substitute 100 e-mails for the $100 dollar bill in the example (while realizing that many e-mails are multiple pages, and frequently contain attachments, to boot!). The volume is staggering.
Unsurprisingly, Pingdom reports that most of the e-mails were spam! I think my Inbox/Junk Folder accounts for about 1.5 million of last year’s total.
However, I do have to troll for timely subjects for the blog, and in the course of casting far and wide, I do tend to accrue a few things I don’t need to receive.
That said, check out these stats (Source for all stats: Pingdom):
- As of June, 2010, there were 1.97 billion internet users
o 825.1 million in Asia
o 475.1 million in Europe
o 266.2 million in North America
o 204.7 million in Latin America/Caribbean
o 110.9 million in Africa
o 63.2 million in the Middle East
o 21.3 million in Oceana and Australia
Given that there are about 2.9 billion e-mail accounts around the world, it’s not too surprising that out of 294 billion messages a day, roughly 89 % were spam.
Some other interesting facts:
- About 152 million blogs worldwide
- Total websites: 255 million – 21.4 million more than the previous year
- Domain names? Comprised of:
o 88.8 million .com
o 13.2 million .net
o 8.6 million .org
o 79.2 million “country code” names, such as .uk, .cn, .au, etc.
Twitter and Facebook:
o 100 million new accounts added by Twitter last year.
o 175 million accounts as of September
o 25 billion Tweets sent in 2010
o 250 million accounts added in 2010
o 600 million accounts at the end of the year
With all of this activity, quite naturally, organizations and employees must be very careful – particularly when conducting business via these means – to be mindful of security, best business practices, and appropriate styles for communication and tone.
For “business” – a simple reminder from the BTW: Monitor what is being done in the name of your domain. The simplest example: Be certain that JohnQSmith@yourdomain.org is not sending mail or posting to blogs or articles anything that reflects poorly on business, clients, co-workers, supervision, etc.
Ensure employees are trained and refreshed about the perils for blending social networking and business. Some small and medium businesses utilize social networking for advertising, networking, and communicating – and do it very effectively. However, it is in these circumstances there is peril for a natural tendency to mix “friending” and “businessing.” Be careful.
Larger enterprises flat-out ban the use of social networks at work, and thus for any business being conducted through them. Be certain to know your organization’s Acceptable Use, Content Management and Security policies through and through. If you are the driving authority for these policies, make certain they are spec’d for 2011 and beyond…
For Business: Remember that any organization owns not only its technical enablements, such as the e-mail system and all supporting systems, but all content within those. It is your content to monitor; prudent business does not need to read each and every e-mail (impossible), nor does it need to spot check mail (excepting of course when HR and allied business supervision suspects employee malfeasance). Rather, your system should have alerts based upon words and phrases that can flag the appropriate organizational authorities so as to instigate investigation when necessary.
Of course, any measure of manual oversight and spot-checking is fine. That is up to each individual organization; based on need, size, volume of traffic, policing practices, and so on.
But above all, be efficient: Get some flags set, and train personnel and dispense policy – have each employee sign appropriate policies as having been read and understood and file them in their personnel folders.
NP: Sarah Vaughan – Sassy Swings the Tivoli. Original 1963 LP (Live at the Tivoli in Copenhagen – Sarah; Kirk Stuart,piano; Charles Williams, double bass; George Hughes, drums). Original Mercury LP. Class – and world-class.
In the wake of my two-part article earlier this month, Systems Security – Service, Success and Longevity; and its follow-on, Systems Security, Part II: Social Security Administration meets the real world, comes word of another government project with lessons for us all.
I truly don’t mean to pick on the Federal Government (they’re bigger than me). However, Government projects provide nice lessons for several reasons: The projects are projected on the maximum screen of national import, reporting, and observation. Further, they are projects that affect us all.
And being that we pay for them, we should benefit from them – we should demand benefit – that is our rightful expectation. However, even in the event of failures, we can perhaps yet realize a benefit: We can learn what to avoid from their mistake(s), and look to the legitimate paths for forward progressions and true solutions.
Just within the past few days, the Department of Homeland Security (DHS) announced that it is abandoning the present project to emplace a virtual security fence along our border with Mexico. The Secure Border Initiative (SBINet) is now a $3 billion program failure, and that is the huge, and sad, milestone. Homeland Security Secretary Janet Napolitano announced, “SBINet cannot meet its original objective of providing a single, integrated, border security technology solution.”
This specific virtual fence was to seal our nation’s border through use of cameras and sensors. As being crafted by Boeing, the system was to alert the U.S. Border Patrol as well as law enforcement authorities.
The project ran into technical difficulties. As the timeline stretched and technical problems increased, it was discovered that other companies had viable technology that was already available on the commercial market.
The conditions represented a failure of the Government’s to know exactly where it was. We’ve said before: Before plotting any project’s path and destination (it’s activities, deliveries and solutions), you must know where you are. You cannot possibly plot a destination – a solution – without a true begin-point.
Tell me how to get to Chicago; right now, in the Comments section to this blog. What is your ultimate question before advising me? “Where are you now?” In other words, from where am I departing?
Amazingly, the Federal Government could not have known, could not have surveyed effectively, “where it was.” If it did, it would have planned a project that leveraged readily available products and solutions, in supporting the ultimate solution.
At present, the plan is to use commercially available drones, thermal imaging devices, mobile surveillance systems, tower-based surveillance, and a measure of Boeing’s elements from the original project.
It’s interesting to note that the Chairman of the Senate Homeland Security and Governmental Affairs Committee, Sen. Joe Lieberman (I-Conn.), said that he hoped the “new route” chosen by DHS will be an improvement. Me too.
But consider “new route” – yes, this phrase reinforces our take on reaching a project destination: it involves a route, comprising a valid starting point, and a realistic destination. Properly mounted and managed projects have valid, known, beginning points, routes to destination, and the final arrival of a go-live: A serving solution. All, hopefully, done according to empirical measures, timely milestones, and monitored progression within an agreed budget.
Before mounting any major initiative in your organization, be certain to know:
Where You Are: Includes buy-in from all stakeholders; survey of what’s available in supporting solutions, what’s needed, what’s affordable, and what will be supported by governance.
Where You’re Going and How: An agreed project progression, with empirical measures, supported by tools and systems, along with the sanctioned “who” for doing “what.” All done with appropriate exposure and total agreements.
The Destination: Ensure the project delivers what is truly needed. Pin down stakeholders, Business and IT. Understand governance, and guidance, thoroughly. Reach the destination in a timely way: according to the project management plan; hit the go-live date.
Doing that requires a true project, true management of it, and the originating understanding of exactly where you were, and thorough understanding of where you’re going (where you need to go, according to the organization’s needs and aims).
DHS didn’t know where it was (by virtue alone of failing to make robust use of existing products – survey where you are by understanding the total swim you’re in). DHS didn’t craft a valid route to destination, and this particular version of the project will never arrive. DHS has started over.
Learn. In the next days, I’ll further outline some “Where We Are” factors, and more considerations in “Where We’re Going” when mounting projects.
NP: Herbie Hancock, Sextant. Original LP. Weird album.
Increasingly, business is conducted online. This is generally a good thing. Dispersed parties can weigh in efficiently – via phone conference, video conference, remote presentation, etc. The freedom and flexibility granted by removing travel time, and in granting a virtual presence to most anyone, anywhere, was unavailable a generation ago, and is very powerful.
However, today I’m not speaking about dispersed parties – nor the simple share of communications, and files, via e-mail, the web, or central data repositories.
I’m seeing phone conferences, even video chats and meetings, between colleagues in the same building – even on the same floor! I don’t know if they’re in love with their technical enablements or if some of them simply need to bathe more often… or what.
I like meeting and interfacing with people on a real-world basis. I want the face-to-face wherever possible, wherever feasible. I don’t know about you, but I feel a lot more confident when a colleague commits to something, shakes my hand, and looks me in the eye – to say nothing of a vendor or member of some allied agency.
I remember one organization where a vendor came in-house for a meeting, whereby all attendees were in the building – but found out it was online – and sat alone in the conference room to “attend”!
I think there’s also a threshold of another sort beyond distance, efficiency, and general demand of schedules – that threshold is an assessment for the benefits of a face-to-face vs. the demands of scheduling and assembling any particular team in the flesh: Whether a formal team, or an ad hoc one. People tend to be a little more cordial when meeting in person; a bit more compromising and accommodating.
When scheduling meetings, do not hesitate to put this advantage forth to the prospective participants. If anyone squawks about showing up, you have the added advantage that you can “accidentally” step on their foot. *
On this day: On this day in 1957, the Wham-O Company produced the first Frisbee.
* Note: Mr. Scott does not actually advocate stepping on people’s feet. The aforementioned action was for purposes of humor, and should not be mistaken for professional advice or guidance.
I can’t ignore this story. It seems an 11-page U.S. Government document, calling for “assessments” of vulnerabilities and “formulation of plans” in closing gaps, for the express purpose of preventing data leaks – has itself been leaked to MS-NBC. Understand that the following information is “out there” now. I’m not widening this leak – it’s an open pipe.
However, I would like to help. I was a Federal Employee once upon a time (U.S. Army). My own career benefited through training and education that was either conducted, or paid for, by Uncle Sam. Let’s examine (what we could call) this Anti-Leak leaked document – oh the irony:
The document’s language is arcane. For example:
Assess what your agency has done or plans to do to address any perceived vulnerabilities, weaknesses, or gaps on automated systems in the post-WikiLeaks environment.
Assess all security, counterintelligence, and information assurance policy and regulatory documents that have been established by and for your department or agency.
Assess your agency’s plans for changes and upgrades to current classified networks, systems, applications, databases, websites, and online collaboration environments as well as for all new classified networks, systems, applications, databases, websites or online collaboration environments that are in the planning, implementation, or testing phases – in terms of the completeness and projected effectiveness of all types of security controls called for by applicable law and guidance (including but limited to those issued by the National Security Staff, the Committee on National Security Systems, the National Institute for Standards and Technology).
And then assess the mess some more, I guess. Hey, we’re assessed! In examining this – what?… – cure?… fix?… stall?… blather?… we can see where clear thinking and plain language are far overdue.
You know what should have been “Bullet One” on this doc?
Within 30 days of receipt, all agencies will conduct Security Training Refreshers for all staff for the secure handling and distribution of classified and sensitive information, and the secure use of all associated systems, in accordance with… *.
*Here would be referenced all pertinent existing policies and security directives (hardly lacking, I can assure you).
Following bullets could indicate a subsequent review by the doc’s originating agency – presumably a controlling agency to all the other recipients. Further, a simple overarching scenario for security upgrades in accordance with best business practices shouldn’t be too difficult. From there, you can assess and review and implement to your heart’s content – but the U.S. Government doesn’t lack for documentation, regulation and control. But it does lack something else – consider:
It lacks, at present, proper execution of prudent security activity. The Wiki dump was a human act of willful disobedience to laws and regulations – by an individual.
When an individual, particularly one with a security clearance, is bent on doing harm to content, no amount of law, or regulation, or systems’ security controls are likely to stop that person – absent a paired human oversight and strong managerial control.
In addition to security refreshers, shrewd assessments of personnel, and allied system controls, there must be a strong exposure to all concerned regarding the simple peril in breaching data: For government, you’ll go to prison. In business, you’ll be fired – and maybe yet go to prison.
They caught PFC Manning. Security refreshers shouldn’t be shy about legal sanctions against transgressors – and further, reviews should state plainly that wrong-doers will be caught. (Whether you’re fully confident of that or not).
There is a lesson to business and IT here. Secure your organization’s content – get ahead of any potential breach. For all personnel: Train, review, train, review, train, review… find the schedule that suits your organization best in terms of affordability and returns – monthly, quarterly, semi-annually.
Constantly review systems, and survey for enhancements to security. Query vendors and value-added-remarketers. Then, take a break; it’s lunch-time here.
NP: Kinks, You Really Got Me, original ’64 Reprise LP. I could listen all day and all of the night.
In my last article, I spoke of systems security from a longevity perspective:
How long will the system serve? What are its prospects for ready adaptability to new platforms, interface with future technologies, it’s scalability, it’s capacity for “maximization of use”?
When engaging new vendors and associated products, ask them about their forward view – and do your own independent analysis: How well have their core products and services kept up? Do they lag then lurch forward? Look for efficient tracking with real world demands. Further, if by chance you’re going for leading edge stuff, because you must be on a leading edge, then it’s very critical to know how efficiently vendors lead, and twist with, change.
I also mentioned that an occasional complete change of systems was inevitable. (Read the initial article here if you haven’t seen it). Therefore, if nothing else, how readily can the organization transition to a new system? In the case of mission-critical applications, how readily can you prune, migrate and transfer content from an area of growing obsolescence to a new system?
Whatever you do, do not follow the Social Security Administration’s (SSA) example. According to their own Inspector General (IG), the SSA’s present National Computer Center is approaching collapse, a situation exacerbated by delays in readying and transitioning to a new data center.
The IG has identified several critical ongoing lags:
1. A slowdown in application modernization – whatever that is. Is that purposeful? An oversight of some sort? Akin to ignoring an elephant in the room – how do you not track applications and their suitability in a changing world?
2. An expanding workload that has apparently gotten ahead of planning and readying of the new center – the present center may be so strained so as not to be able to function by 2012. The new center’s readiness? Maybe 2015. Oops.
3. Lag in transitioning to web interface with customers. Hey SSA: It’s 2011.
4. Ongoing problems with VoIP system: Poor sound, dropped calls, long wait times. Fix ‘em; other agencies and organizations manage quite nicely.
My father use to tell me that you can learn something from everyone: From some folks, what to do; from others, what not to do.
You really have to wonder if these folks have any plans and policies that lead, with actual tethers to reality, in evaluating empirical and measurable things, for best progressions in just keeping up.
Especially for my small and medium business readers (SMB); start writing plans and policies according to best practices and standards. Frequently in smaller environments, business governance will take an informal approach to upgrades and progressions. Don’t be lazy and fall into that trap. Even if you write plans that sit in your drawer, get practiced in documenting and planning change – and take that facility with you when you move on and up in your career where that ability will be crucial to best protections and progressions.
Not too long ago, I wrote about an IT leader at an organization’s branch who had me write an Acceptable Use policy – even though higher headquarters had an umbrella policy. He felt it inadequate. He was smart to create a stronger, local, one – and even if not approved for use by HQ, he could at least wave it were there a subsequent breach or bad outcome: “Here’s what I wanted to do…”.
Spec yourself up – don’t wait.
As to the SSA – there is no adequate excuse. But there’s a nice lesson here – for those willing to learn…
NP: In a Sentimental Mood, John Coltrane, Jazz24.org. I love Coltrane.
In discussing security of systems, the emphasis is usually on physical security and an overall guarding of systems (and related content/process) from breach, damage and corruption.
There is another important aspect to “systems security” –that is, any specific system’s longevity and robust service to your organization.
Goal: Procure systems that will serve well into the future – perhaps “forever.”
I was rather surprised to discover that the FBI’s case management system, Sentinel, was yet experiencing problems. This is a critical post-9/11 project to automate and tie together important content, in leveraging it for successful prosecution of the war on terror.
Sentinel itself replaces a failed system that never really got off the ground: VCF; the Virtual Case File tracking system. Not much longevity; not much security, either for the system’s health, nor its anticipated service to our security.
Business stakeholders don’t like frequent system changes (nor do effective IT folks): churn represents whole new interfaces, steep learning curves, and expense. Did I mention expense?
Effective ongoing service and related deliveries is a part of any system’s security – and its longevity supports an effective part of overall business security.
Inevitably you must shop for new systems from time-to-time: this may be engendered by new lines of business, expansions of business that dwarf present systems’ capacity for upgrade or affordable modification, perhaps new applications that can consolidate processes – thus removing several systems and providing an attractive ROI in time. Of course, “systems” also means infrastructure, hardware, and related mechanisms.
When evaluating new systems of any kind, evaluate maximizations for use, scalability, costs vs. performance (ROI and TCO). Also evaluate the vendor and their track record in making best progressions and correct turns. Will their systems, and the one you’re looking at specifically, integrate readily to new technologies and upcoming changes to the total swim we’re in?
In other words, fight obsolescence right out of the gate, in securing your systems.
NP: Rough Trade, (for those who think young), vinyl. Side 1 not bad; Side 2 later.
What is the most critical element, or factor, in any system’s security?
In other words, what most influences its strength against breach, its level of invulnerability to corruption, its flexibility and scalability for new business circumstances and progressions?
That critical element is human beings.
Occasionally when I consult, I hear groans: Oh no – please tell us it isn’t so… human beings? That most volatile, transient, and intractable resource? Sure: Everything begins, proceeds, and ends with the employees – from CXO to intern.
Like it or not, people are our greatest challenge – and, I sincerely hope too, our greatest reward. We all love working with great people.
Whether procuring new systems, planning and changing existing ones, or just exercising a system’s day-to-day production, it all has to be done within the surety of best business/technology practices. And, in the vast majority of organizations, during the vast majority of time, things are done that way. But what of human error when it leads to poor business decisions? Or poor IT outcomes, and resultant poor deliveries or service to business?
What of harmful actions delivered by malfeasance? What do we need to consider in preventing bad outcomes, and in recovering from them once occurring – and what do we do to improve, and guard against recurrences?
When considering people and their vulnerabilities – and thus, vulnerabilities in and to systems – the leader must consider three things that can “breach” a person’s solid, stable, performance:
Internal state: Evaluate employees on their fit to the job; on their happiness in it; on their goals and aspirations; their overall morale…
Practices (that is, their ways of working): Naturally you must ensure the organization does its part in orienting and training employees. Also, measure individual employees general work ethic, standards of quality, adherence to care, attention to detail, etc. as to how effectively individual human practices fit to and support your organization’s best practices.
Surrounding environment: I doubt you’d work on your car on a frozen pond wearing ice skates. The proper environment, tools, and teamwork is crucial. Ensure people’s best chances for success – and therefore your org’s – by instituting knowledge-shares and ready access to the best tools; whether that’s programming tools, backup systems, content management, policy & procedures, planning, etc., be certain you’re up-to-spec in all functional areas.
Ensure you’re supporting your people through regularized education, training, and counseling. Then, stop looking at your people as human resources: It’s gonna be 5 o’clock – buy ‘em a dinner and be sure to tell them it’s from me.
NP: Bessie Smith, Empress of the Blues, original Columbia 4-disc 78 RPM set in original binder: C-31. Nice.
Budgets are tight, routinely cut… definitely not being raised except where absolutely, absolutely, necessary. Negotiations are probably often accompanied by begging. Back in my day, I occasionally heard shouting – until I promised to stop.
Obviously, today we must invest efficiently. Even in the best of times, there is never room for waste and wrong turns – or shouldn’t be. With appropriate survey, understanding of need, and fit of solution to the situation at-hand, you should be able to target deliveries effectively in delivering best systems and best solutions.
Of course, supporting best business practices means utilizing best delivery-to-business practices. Otherwise, it means nothing to deliver something on budget and on time – if it is not also on target.
The “solution” must solve.
Necessary is accurate survey by IT in making assessment of business needs and trajectories. Too, business must make timely and accurate exposures of anticipated changes. Depending on the size of your organization, have monthly or quarterly meetings expressly dedicated to change and implementations: The Business Implementation Team (BIT). At least have a schedule – if there’s nothing to discuss, the leader may cancel any particular regularized meeting: simple. But give BIT, and your organization’s managed forward progress, respect by having it on the calendar.
This team should view all business-IT activity as a four legged stool, the seat upon which everything, everything, rests. Those things include Accuracy, Efficiency, Success, Longevity, True Progression… Business.
The legs of that stool are: ROI; TCO; TtV; and StA. Respectively and briefly:
Return On Investment: Ultimately, you buy stuff – how soon does it drive and yield profit?
Total Cost of Ownership: All costs – initial outlay, upgrades, licenses/subscription costs, compliances with regulatory burdens, maintenance, and so on, and so on…
Time to Value: How soon is something a “player”? Whether servers, software or people, for example, how soon does anything begin delivering returns (on investment)?
Sweating the Assets: (StA) – Ah, you were wondering about this one, weren’t you? This involves wringing every measure of worth and performance from something – physical assets as well as people. Look to utilize things across various functional areas. Organizations frequently have redundant assets in various departments, when a central single “station” might serve. Another example: Organizations “over license” software and related things by as much as 20%.
Depending on the size of your organization, you may consider investing in asset inventory software; obviously it must save enough to not only pay for itself, but to generate a return. Break-even propositions do not present a return on investment.
Perhaps you’re tight on storage space – review your CM plan. “Extend the serve”: leverage the asset. Cast about for where else an asset can be utilized; look for things that can serve many functions, functional areas, similar lines of business, similar people by virtue of job roles, etc.
Hey: You can’t manage what you don’t know. Get a handle on your “asset base.”
It’s all about producing value for stakeholders. Once you have a reputation for producing value for stakeholders… for delivering returns to business… that reputation will make all the difference when budgeting IT for best business outcomes – difficult economic times notwithstanding.
NP: Alamode – Art Blakey – Jazz24.org. Smokin’
A recent news report got me to thinking. The report involved a claim that an Israeli “cyber unit” was responsible for a computer worm that attacked Iran’s Bushehr nuclear power station. The intent is to disable Iran’s nuclear war-making capacity and direct threat to Israel.
Israel is on record: Stating that it would be willing to mount a pre-emptive strike of this nature, in ensuring its own safety and continued existence. Therefore, it is not a stretch to surmise that the worm might be their work.
Not to discount issues involving mortal enemies whatsoever – but the story got me to thinking about something a little more local: What if business rivals, in the course of (comparatively) routine and mundane matters, decided to mount a cyber attack on a business competitor? Much more likely: What if it were a rogue employee who decided to take down a competitor? Or perhaps more likely still, what if a rogue former employee decided to mount cyber-war on his or her former company? All of this is not only within the realm of risk and possibility; indeed measures of these things have happened.
In the realm of risk (all together now), unmanaged possibilities become probabilities. And, left hanging, probabilities always manifest.
As I state in my book, I.T. Wars, an effective internal check-and-balance on unreasonable actions diminishes rapidly as the size of a considered group diminishes. Thus, smaller organizations, comprising small and medium business (SMB), may lack awareness, training, and oversight in catching trouble as it brews…
Or – governance in some unscrupulous organization may simply decide that it can get away with wreaking havoc on a rival (you wouldn’t believe what I observed when I was a car salesman back in my youth; I’m glad that I never, ever, ever, did anything nefarious – at least, that’s my story). To think that today’s, and particularly tomorrow’s, shenanigans won’t involve cyber manifestations is to be quite naïve.
What does this mean to us now? It is easy enough to mount virus attacks against entities – and to mask the origins of the attack. With ever more resources in The Cloud, and thus with fewer “brick-and-mortar” physical protections, organizations today must guard against attacks from a variety of potential origins, and from any number of directions – and those directions are leveraged via an exploding array of wired and wireless means.
Train your staff. Make known general prior prosecutions of individuals who have mounted attacks – there’s nothing wrong with that. Have your security personnel spec’d up-to-the-minute, and have them apprising your staff on a schedule that supports your comfort: monthly, quarterly, semi-annual training –
Security for 2011 and beyond: Get it going – get it improved. Get it delivered.
NP: John Coltrane, The Stardust Session, on LP.