article

links for 2006-09-16

by

Cyberinsurance, what’s that?

by

I recently (OK, apparently nearly two months ago!) had an interview with Darren Pauli of Computerworld on Cyber-insurance – insurance against ‘cyber attack’ such as denial-of-service attacks and and data loss. The article can be found here: http://www.computerworld.com.au/index.php/id;261018472;relcomp;1. and the pdf version can be found here.

My basic thesis that I tried to communicate to Darren – although I don’t know that I was all that successful – is that your window of opportunity for evil-doers is larger because virus-writers and ‘cyber-terrorists’ become aware, these days, of a vulnerability almost as soon (if not sooner) than the software vendor themselves. They therefore have more time to write software to attack the system before it is patched. This issue is compounded by issues of patch-issuers sticking to a ‘once-a-month’ patch regime that gives a window of a month for a vulnerability before it is patched (so if you launch your attack immediately after the patch was last released, you have better opportunity for success – er, business failure).

The problem with cyber insurance I think would be that the incentives are all wrong- if I buy insurance for my data, my incentive is to be a little more lax about my data protection (I’m the only one who can really impact it and make it work), and the insurer doesn’t want to take on this risk – so therefore they want their clients to implement security standards and approaches (and audit this) so that the insurer knows that a certain minimum standard is being met.

And, that’s difficult (and expensive) to do – just ask anyone in the US about Sarbanes-Oxley compliance for their information systems.

When the system’s tail wags the organisation’s dog

by

This article was written for BDO’s business briefing for Autumn 2003. The article is reflective of a common theme that we find – businesses often resort to writing software as a first resort rather than a last resort, and end up working even harder to make their business work. It’s not that I’m against homegrown software, but I do see it cause enough grief that I suggest clients have a Bex and a good lie down before developing their own software. The article is also published at http://michealaxelsen.com/blog/publications/articles/when-the-systems-tail-wags-the-organisations-dog/. Enjoy.

Read more

Blogging and job security

by

As with most bloggers, I am always fascinated to read of the faux pas that bloggers can make whilst blogging.  The rampant media attention paid to this issue – often ending up in the loss of said blogger’s job – is perhaps one of the biggest reasons (sensible) people are reticent about blogging. 

On the one hand, having a good complain at the family BBQ on a Sunday about your job is a good Australian tradition, but it isn’t done in a forum where it’s likely to get back to your boss.  The recent episode of la Petite Anglaise – who seems to have lost her job as a direct result of blogging, even though on the basis of her side of the story all seems a little unfair (although blogging about a sickie is NOT perhaps the most sensible job retentions strategy one could choose) – reminds us all that, in cyberspace, everyone hears you scream, for years and years and years, if you’re not careful.  

The article is written up online at Australian IT.

It does show though that the dynamic world of the workplace is still desperately catching up with the online world of technology.  I know that there are some graduates that we have interviewed recently who go home and blog about their interviews, how it went, and which firm (not necessarily ours!) they would prefer to be offered a job by.  I think that the danger of a de-identified blog is that you feel anonymous and warm and protected – and so write accordingly.  Trouble is – it’s easy to slip up and find that you are actually identifiable. 

For the former French employer of our British blogger, the issue is highlighted in that now, it seems, a likely legal battle will ensue with the result that at the very least the firm faces legal costs and is distracted.  There are a lot of issues around blogging, and the legal issues that relate to it.  Perhaps Belinda Thompson and I will co-write an article on this one – I know she’s done some research in the area for us.