January 15, 2008 - Volume 3, #5
Good Morning:
I hate crowds. Yes, I'm getting old. But the old days of standing
around without any room to move is just not interesting. Regardless of
whether I'm at a concert or party or anywhere else, if there are too
many people - I'm heading for the door. So I was very chagrined this
weekend, when I piled the kids into the van and headed over to the gym.
My
gym is fantastic. It's about a year old, absolutely huge, and they have
a great child center which will keep the kids out of trouble for two
hours a day, while I work out. I'm happy to say I'm still working out a
couple of times a week, and they make it a lot easier when I can win
points with the Boss by taking the kids with me on the weekends.
But I guess I'm not the only one to think the gym is fantastic. I could
hardly get a parking spot - and this parking lot is HUGE. Oh crap, my
gym has passed the Tipping Point and now I'm screwed. I hate waiting,
almost as much as I hate crowds.
But I didn't know the half of it. So I shrug it off and walk the kids
in. Through the ID check, no worries. All the way back to the child
center (which is literally as far away from the front door as can be -
which is a good thing, since most kids wouldn't be able to find their
way out if they did manage to escape the child center), and they are
FULL. Huh? This place is friggin' huge - how can the child center be
full? Nope, it's full.
And now I'm pissed. Even with my new Zen persona, I still can get a bit
hot under the collar sometimes. And this was one of those times. How
friggin' hard would it have been to just call to the front desk and say
they were full or within 10% of capacity? Maybe even map out a few
options for parents hoping to get a work out in, like sit in the cafe
for a while and have a juice on them? Unfortunately that would have
required thinking. So instead I was surprised when I walked into the
child center and then I got pissed and I growled at the 16 year old
behind the desk.
The little things make a big difference. I then went up to the front
desk manager and calmly (for me anyway) suggested a new process when it
does get crowded on weekends. I tried to explain that it's all about
managing expectations and that the little things go a long way towards
keeping happy customers. The manager nodded his head, made some notes,
and probably ignored me.
But that's OK. There will be maybe another 3 or 4 weekends like this.
January is tough because all the fat bastards decide they need to get
back in shape as their New Year Resolution. Like me last year. They
pile into the gym and annoy all the folks that are there consistently
through the year. Then they lose interest, sprain their ankles, or
decide it would be better to have a plate of chicken wings. So by
March, all will be back to normal - the gym will be empty and I won't
have to worry about skirting the crowd.
I just need a little patience. A commodity I have precious little of.
Have a great day.
Huge crowd in line image originally uploaded
by HarlanH [1]
Technorati: Information
Security [2], CSO [3],
Security
Mike [4], Internet
Security [5]
 [6]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [7] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [8]  [9] |
Top Security News
NetworkWorld
profile highlights the downside of having very technically literate
adolescents [10].
Those meddling kids basically figure out ways around the system.
Whether it's cheating
on tests using iPods and the like or skirting the web filter and
surfing some bad mojo, the kids seem to have the system by the, well
you know. If you are tasked with protecting these environments, what do
you do? I'm not sure there is a lot to do. A determined and skilled
adversary (even if they can't even drive yet) will get around your
defenses. Thus, it's critical to monitor your networks, so you know if
a device has been compromised. And it's critical to enforce the
policies. I know it's harsh to think about a kid being expelled for
inappropriate Internet use, but the reality is there is HUGE liability
if kids are exposed to stuff their parents don't think is cool. Ask
Julie Amero about that.
Link to this [11]
Mr. Rogers (Grimes) neighborhood [12],
his weekly column focuses on the fact
that users can still get hurt, even if they run as a standard user
(without admin privileges). Right, malware isn't the biggest threat
out there, it's users doing stupid things that puts their identities at
risk, opens up bank accounts to be looted, and in general is a very bad
thing to do. But to be clear, running with lower privileges DOES HELP.
Without admin privileges the amount of damage that can be
done by a virus or worm is pretty contained. Obviously it's not a
panacea, since nothing is. Roger thinks he has a
potential answer to this issue, but won't tell us about it until next
week. I'm not a real patient guy, so that is kind of annoying.
Link to this [13]
HP's CIO and his efforts to remake the IT
systems of the monolith [14] makes a great point
about making a commitment to a new set of systems. There is no half
way, which is why when I speak to some end user companies and they
always have excuses why some security processes are not rolled out to
the entire company, I push back a bit. Security is a lowest common
denominator activity. The bad guys are doing reconnaissance on
EVERYTHING. So strengthening some areas, and others not so much is not
a recipe for success. The bad guys will find your weak points, so make
sure those weak points protect stuff that isn't that valuable. Yes,
I'll repeat myself for the 10,000th time. Focus your efforts on
protecting the most important stuff, and yes, you should know what that
is in your environment.
Link to this [15]
The Laundry List
- Deal: Perimeter acquires SECCAS and gets into the weird capital letter abbreviation game. It's actually a messaging archival service, which makes sense if an organization can get their arms around sending regulated data off-site. - Perimeter eSecurity release [16]
- Unisys gets into the predictions game. Nothing really interesting here, although evidently banks will have a problem protecting info and social networking is going to have privacy issues. MOO. - Unisys release [17]
- StillSecure offers Vernier customers a mulligan with a dollar for dollar credit. BTW, these promotions rarely work, but make the field happy. - StillSecure release [18]
Top Blog Postings
http://taosecurity.blogspot.com/2008/01/defensible-network-architecture-20.html [19]
Link
to this [20]
http://1raindrop.typepad.com/1_raindrop/2008/01/go-wide-and-dee.html [21]
Link
to this [22]
http://andyitguy.blogspot.com/2008/01/is-your-information-security-program.html [23]
Link
to this [24]
http://sm-blog.securitymike.com [25]
Check out the
latest on
the Security Incite blog
http://blog.securityincite.com/ [26]
Read the
most recent Daily
Incite
http://securityincite.com/security-incite-rants/daily-incite [27]