IT Management

Disaster Recovery Planning Made Simple

by

Disaster recovery and contingency planning have been highlighted in the past week as the biggest issue since sliced bread started getting mouldy, as Hurricane Katrina hit NOLA hard and fast. In its wake was left the startling realisation that even the richest country in the world can have infrastructure devastated and destroyed by the forces of nature. The cost of the disaster is $US100 billion and climbing, with a significant part of that the IT Infrastructure.

And the week prior to that was the Zotob worm, which shut down Holden’s processing plants for a day (estimated costs: $A6,000,000 and yes, I checked the zeros).

In the IT context, both these events show that there is an increasing reliance upon information technology, and clearly business continuity plans are going to be top of the charts again for a while for our clients. This also comes back to IS Strategy and Governance procedures for clients. The facts bear out the old adage that luck is the residue of good planning – good IS Strategies and Business Continuity planning will help business A survive and business B not.

Probably a future cause celebre fot IT Disaster Planning – although some would perhaps suggest that it has worked too well – has been www.directnic.com, which is an ISP operating in a New Orleans downtown skyscraper that has maintained its connection to the internet throughout the disaster. Its biggest problem now is that it is getting many hits from around the world because people are blogging about it (just as I am now) which is causing some stress on their connectivity.

They have also maintained a blog about the disaster throughout, as reported by The Register and located at /mgno.com.

Interestingly, at least partly because of this blog, the ongoing debate about the issues related to blogs and their journalistic integrity has now tended to swung in favour of the humble blogger who, as johnny-on-the-spot in a time like this, tends to report what they see rather than filter it through the eyes of a journalist – which is both its strength and its weakness, clearly.

Life Is Tough, but it’s Tougher when You’re Stupid

by

On Friday I attended (with John Halliday, our Director of IS Audit, and several clients) a presentation by Internet Security Systems on “State of Security: An X-Force Briefing”.

This was, to say the least, interesting, and it is fascinating to have a little chink of insight into the cloak-and-dagger side of information security. The presentation was somewhat American – if you are Australian you’ll know what I mean, if you’re American you’ll wonder what the fuss is about. Suffice to say, the presentation was a little militaristic and “X-Files”, but it works in getting the message across, and their deep and undying devotion for “moronic hackers” that are “dumb and stupid” is clear. The cloak-and-dagger effect is reinforced through their regular assessment of the internet’s security condition: as of this writing we are at “AlertCon 1”.

They are clearly doing some good work in the area of operation system vulnerability detection and prevention for their clients. You are rather left with the impression that the only good hacker is a hacker behind bars, but then if you are wanting someone on your side on issues relating to technical IT Security, I don’t think you could ask for a better ally.

Quote of the day, reflecting a rather hard-nosed view of the world and a message to users that they need to be proactive in managing their information:

“Life is tough, but it’s a whole lot tougher if you’re stupid”

Kind of says it all, really.

Password Security and You

by

I have been running a poll at the top of the blog now since it started, so it’s probably time to change the poll.

However, before the results of the poll are obliterated and forgotten, I thought it was useful to just quickly record how well those readers passing through thought their colleagues treated password security:

So, in a completely unscientific study, it rather indicates that most people consider password security to be of no consequence (50%) – which at least is consistent with what we all understand to be the case anecdotally.

Bone ITIL Moments

by

I note that the blog I referred to the other day (erp4it) has a link to an article discussing the application and history of ITIL in the United States (BTW, it stands for “Information Technology Infrastructure Library”).

I seem to be falling over ITIL a lot these days – in IT Governance work and other areas – so it’s probably useful to note the source of all things ITIL: www.itil.org/itil_e/index_e.html.

Open Source Issues in Business

by

The presentation I gave on Tuesday night (regarding commercial issues with open source) touched somewhat on the legal issues around open source licencing, although not a great deal. I did, after all, only have an hour or so, and a legal issue is not always a commercial issue – until it all ends in tears and winds up in court, that is.

Part of my research found this paper on the web entitled “Open Source Issues in Business“, which looks at the legal issues of using open source in your business. It does have a US-law approach, which anyone in Australia will tell you is “interesting and unique”, which would not be a positive thing to hear if it was a first date. However, the US legal regime tends to want to impose itself wherever it can go, and is having a darn good go at it wherever a “free trade agreement” goes.

So, there it is – “Open Source Issues in Business“. It’s instructive to quote the conclusion for your information:

“Circling back to the two hypothetical scenarios posited at the beginning of this article of a company desiring to protect is proprietary software code and hoping to make a profitable distribution, and a company that simply wants to use open source software for its internal operations: in each case, the software may be “free” but free lunches usually come at some price and so does “free” or open source software. Both companies need to learn more before consuming their free meal, and to consider that various issues that we have discussed here.”

As always, feedback is welcome.