<![CDATA[[SecurityRatty] tag: donna]]> http://securityratty.com/tag/donna Mon, 23 Jun 2008 11:09:22 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Random Killing on a Canadian Greyhound Bus]]> http://securityratty.com/article/bc4696b6a26761ebc94ae2e2e488c3b0 http://securityratty.com/article/bc4696b6a26761ebc94ae2e2e488c3b0 After a random and horrific knife decapitation on a Greyhound bus last week,

does this surprise anyone:

A grisly slaying on a Greyhound bus has prompted calls for tighter security on Canadian bus lines, despite the company and Canada's transport agency calling the stabbing death a tragic but isolated incident.

Greyhound spokeswoman Abby Wambaugh said bus travel is the safest mode of transportation, even though bus stations do not have metal detectors and other security measures used at airports.

Despite editorials telling people not to overreact, it's easy to:

"Hearing about this incident really worries me," said Donna Ryder, 56, who was waiting Thursday at the bus depot in Toronto.

"I’m in a wheelchair and what would I be able to do to defend myself? Probably nothing. So that’s really scary."

Ryder, who was heading to Kitchener, Ont., said buses are essentially the only way she can get around the province, as her wheelchair won’t fit on Via Rail trains. As it is her main option for travel, a lack of security is troubling, she said.

"I guess we’re going to have to go the airline way, maybe have a search and baggage check, X-ray maybe," she said.

"Really, I don’t know what you can do about security anymore."

Of course, airplane security won't work on busses.

But -- more to the point -- this essay I wrote on overreacting to rare risks applies here:

People tend to base risk analysis more on personal story than on data, despite the old joke that "the plural of anecdote is not data." If a friend gets mugged in a foreign country, that story is more likely to affect how safe you feel traveling to that country than abstract crime statistics.

We give storytellers we have a relationship with more credibility than strangers, and stories that are close to us more weight than stories from foreign lands. In other words, proximity of relationship affects our risk assessment. And who is everyone's major storyteller these days? Television.

Which is why Canadians are talking about increasing security on long-haul busses, and not Americans.

]]> Mon, 04 Aug 2008 02:19:40 +0000 security tighter security airplane security greyhound bus security measures security anymore abstract crime statistics travel rare risks applies Random Killing on a Canadian Greyhound Bus <![CDATA[Do we need a farm system in the security industry?]]> http://securityratty.com/article/9bd54e0c74e4d7f5590217159a48aeec http://securityratty.com/article/9bd54e0c74e4d7f5590217159a48aeec Just read a good article by Lisa Vaas on Computerworld titles "When security staffers fail up". The article talks about some of the challenges that are faced by companies trying to provide proper security. While one of the issues is "bundled badness" which I will talk about later, the bigger problem that Lisa writes about is the profile of our security administrators. It is a familiar story I am afraid. Security people don't do a good job of "humanizing" themselves. Their peers don't understand what they are trying to accomplish and too often we speak in geek terms and try to dictate how people conduct business. As a result we are the "people in the way".

The next thing Lisa hits on is the obsession with certifications. Too many people think having a CISSP is the be all and end all of security. First of all, you can't hire enough of them and many of them don't have the practical business experience to take it to the next level. Than there is the security "prima donna". They just think they are smarter than everyone else and too many tasks are below them as to elementary. We have all met these types before as well.

Quickly on the "bundled badness" thing. Lisa rightfully points out that in spite of Mike Rothman's feelings to the contrary, though CIO and CFO types like to buy the bundle and get the jack of all trades suite cheaper than buying best of breeds individually, at the end of the day it is hurting our security. If you are really serious about securing the environment there is a world of difference between buying the bundle of goodness versus best in class tools.

Ultimately though, what are we to do about getting better security pros in the workplace? Do we need to change the certification process? Should companies have a different profile of who they hire for security positions. Do we need to develop some sort of farm system where security pros can cut their teeth and learn their craft, like the guilds and apprentices of yesteryear? The construction industry used to work like that. Maybe we should consider it too?

]]> Mon, 21 Jul 2008 12:17:30 +0000 security security administrators security staffers fail security positions security people security pros lisa hits people lisa Do we need a farm system in the security industry? <![CDATA[IT Operations Management Audience Polls at the Gartner Conference]]> http://securityratty.com/article/ed3926a9edd61b10b292d826e31778ec http://securityratty.com/article/ed3926a9edd61b10b292d826e31778ec Gartner IOM Greetings from the Gartner IT Infrastucture, Operations & Management Summit 2008 – in warm and humid Florida!

A couple of notes from the first day’s  keynote address “IT Operations Management Scenarios: Trends, Directions and Market Landscape” by Donna Scott – VP and Distinguished Analyst at Gartner Research.

Donna: Today customers are looking for 100% availability for their externally facing business systems. Five 9’s are no longer enough. They expect IT to deliver the right services at the right cost with the right service levels.

My aside: How many of you are like me? When I listen to analysts or read the research, part of me is always asking – how applicable is this to me now? How rooted is what they are saying in the practical day-to-day operations that our customers need help with now? Well, how short-sighted of me.

Donna: “Best-in-class organizations manage through the day-to-day turbulence of change but also keep an eye on the long-term nirvana of IT operations management.” And that creating a continuous optimization culture is necessary to improve over time – this needs to be baked into the corporate IT culture. Food for thought for all of us.

Interesting quick polls of the audience – some results were surprising; some were funny; and some were validating.

I. What are the Top 3 pressures on IT Infrastructure and Operations Management:

1) 24 x7 availability: 82%

2) Business continuity and disaster recovery: 70%

3) Cost reduction and/or cost management: 67%

On a personal note – supporting/deploying SOA came in at the bottom of this poll. Enough said.

II. What grade would you give the IT Infrastructure and Operations Management vendors?

A 1%

B 14%

C 49%

D 17%

F 4%

Last year – the average grade ended up being C- so the grade went up slightly this year.

III. What IT Infrastructure and Operations Management vendor are you most confident in to help achieve “ERP for IT”? (Dave will cover this topic later this week.)

HP 20%

IBM 16%

BMC 16%

CA 4% (lingering bad rep?)

Microsoft 8%

Oracle 4%

EMC 4%

Other 5%

And the winner was “NONE OF THE ABOVE” with 23% of the responses.

ShareThis

]]> Mon, 23 Jun 2008 11:09:22 +0000 operations operations management operations management vendors operations management scenarios operations management vendor gartner donna practical day-to-day operations gartner research IT Operations Management Audience Polls at the Gartner Conference