TechMiso

Information Assurance remains a growing field of expertise, maturing on an almost daily basis. The industry has exploded over the last 10 years even though the concepts of IA has been around since as early as the 1960’s. Although the industry and its practitioners continue to evolve, those in upper-management have a difficult time fully grasping the core principles. As in many areas of management these days, there are far too many gun-shy managers who are more concerned with appearances and perception than properly mitigating risk to the networks they are charged with protecting.

Information Assurance, like any job where managing risk is involved, is about tough decisions. Almost all information assurance choices are not cut and dry, not black and white. Security versus convenience. The vast majority of IA work resides in that gray area, where a case can be made for either argument.

The deciding factors are similar to traditional security models, with risk topping the list. Is the risk, whether small or large, acceptable? Determinations are based on a successful evaluation of the threat. Is it credible? Easy to exploit? Etc…

Risk management is a huge domain of information assurance, and one that practitioners take seriously. IA professionals regularly complete risk assessment and continually evaluate the threat. These opinions are likely regularly compiled in to reports and or briefed to management so they can make informed decisions.

How does this affect information security specifically?

Unfortunately, most in upper management subscribe to the cover your ass mentality. In the majority of cases, upper managers are far more concerned with their careers and peer relationships than pulling the trigger on difficult decisions. When it comes to brass tacks, many upper managers will weasel their way out of a tough decision to save face with their peers.

This is what I have aptly dubbed the, “I don’t want to be a dick” syndrome of information assurance. Managers, whether directly involved in IA or charged with rendering a verdict based on risk assessments performed by IA staff, opt not to make the tough, right decision. Instead, they choose to accept unnecessary risk because they don’t want to be perceived as a dick by those within their organization.

Simply put, in their eyes it is easier to maintain good working relationships with their peers than to properly protect the network. In this day and age, when networks are constantly under attack from unknown, unforeseen vectors, it is important to make tough decisions, otherwise such decisions may have unintended consequences in the future. Playing the CYA game in IA is not an adequate security posture even though it may be a popular route with ones peers.

Adding unnecessary risk to a network is dangerous and can lead to bad things(tm), especially if not properly managed. If upper management is content with taking the easy route then the IA team is going to find it exponentially more difficult to protect the network. Displaying weakness when making IA decisions is tantamount to a General displaying weakness on the battlefield – the enemy will exploit those vulnerabilities to the organizations detriment.

While it is important the IA team not be perceived as the “network Nazi’s” it must not be accomplished by evading complicated decisions when the risk is unacceptable. If there is a valid threat then the decision, while not necessarily inline with the desires of the end-users, should be fairly obvious. IA must not be a roadblock to productivity, however legitimate security concerns must be addressed rather than ignored.

So how is the “Dick” syndrome mitigated?

As I mentioned at the beginning of the article, information assurance decisions are rarely black and white. They are often times difficult, complicated and thorny. In many cases, the choices will likely piss off the end-users who will look for ways around the policies implemented by the IA team.

Being perceived as a dick is fairly easy to mitigate. Listen to your end-users and make them believe you truly care about their operations and productivity. They need to understand that their thoughts are taken in to consideration when the IA team performs risk assessments. Even though the decision to implement may not go the way they desire, if they feel as that they are part of the process then they will understand in the end.

Consistency is key. When IA decisions are constantly going back and forth it sends the wrong signals. End-users feed off of consistency and should come to know what to expect from their IA team. Fear of the unknown is one of the reasons end-users perceive their IA team as the bad guys. Inconsistency leads to uneven application of IA policies, which in turn causes confusion for the end-users. Never send mixed signals.

“NO” can not always be the first answer. When an IA team automatically responds to inquiries with “no” that ends up causing more harm than good, even if the request must be disapproved. This links back to what I mentioned about allowing the users to feel as if they are part of the process. An automatic “NO” answer is decidedly against such a mantra.

Conclusion

IA, like many professions, has its ups and downs, and is filled with days where you may feel like an asshole even though you desire to assist the end-user. Unfortunately, doing the right thing is not easy – it’s tough because the very people who you are providing a service to are staring at you, awaiting a helpful answer.

If you are charged with making difficult IA-related decisions you must think of the risk to the network before anything else. Relationships with peers, with supervisors, with subordinates, must be placed on the back burner. Failure to do so because you “don’t want to be a dick” is dereliction of duty. Placing unacceptable, unnecessary risk to the networks is self-serving and precarious.

Possibly Related Articles:

1. Information Security Basics
2. New Facebook Layout is a Challenge for Management
3. iPhone Sorely Needs Better App Management
4. Flaw In Defense Contracting Of Information Technology Staff
5. Web vs. Desktop Task Management Systems

<script type="text/javascript"> // <![CDATA[ (function() { var links = document.getElementsByTagName('a'); var query = '&'; for(var i = 0; i < links.length; i++) { if(links[i].href.indexOf('#disqus_thread') >= 0) { links[i].innerHTML = 'View Comments'; query += 'wpid' + i + '=' + encodeURIComponent(links[i].getAttribute('wpid')) + '&'; } } document.write('<script charset="utf-8" type="text/javascript" src="http://disqus.com/forums/techmiso/get_num_replies_from_wpid.js?v=2.0' + query + '"><' + '/script>'); })(); //

Ever felt like getting your karaoke on but found yourself to be miles away from the nearest karaoke bar? Ever feel like singing off-key with your BFFs but found yourself to be in a totally different country? Ever go camping and suddenly feel the need to play Rock Band? Never fear, technology comes to your rescue! Mobile carriers in Thailand and USA have what they call a ‘mobile karaoke solution’, enabling users to karaoke over the phone. I kid you not. Just in case there weren’t enough people who think they’re awesome singers when they’re actually not.

Developed in collaboration by NMS Communications, Grammy Thailand and Golden Dynamics, the arrival of mobile karaoke was hailed as the future of the Idol franchise. Like a mini Rock Band, you can sing along to a song over the speakerphone and overlay the recording with your own voice. Just in case that isn’t enough, you can send the whole thing to your friends, and the song can be set as your ringtone. Or your husband’s, just to remind him of your existence everytime someone calls.

What should be less surprising to me but totally wasn’t, is that this isn’t a new application. In 2003, Nokia showcased a mobile karaoke application called air.karaoke developed by Alatto, but totally failed to make an impact on the karaoke world, despite marketing it only in Asia which should be like shooting fish in a barrel.

The next step was, of course, a TuneWiki application which allows you to do all that and then some, clearly because TuneWiki isn’t being sued enough for things like publishing lyrics online. TuneWiki is available for both iPhones and Blackberry in both paid and free versions, but sadly no version is as yet available for Symbian users. TuneWiki even lets you search for other TuneWiki users in the area, just in case you’re walking down the street and feel the need to do a duet, I guess.

So seriously, just in case you ever feel that you need to rock out at the top of your lungs while air guitaring, you totally can. But before I say goodbye to my ears and eardrums respectively, here’s a community service message: Sometimes when your family tells you that of course, dear, you have a lovely voice and you could totally be the next Mariah Carey/Jamie Foxx/Beyonce, they’re just telling you that to make you feel good and so that they can tick the box next to ‘Be A Supportive Family Member’ on their ‘Being A Good Person’ list in their head. I beg of you, listen to reason.

Possibly Related Articles:

1. Does U.S. Mobile Carrier AT&T; Rule All App Store Applications?
2. Finding Your Blogging Voice
3. Apple Giving Up On the iPhone Push Notification Service?

]]>

Macintosh is better than Windows, and Microsoft is run by idiots. Appleʼs software is open source whereas Microsoftʼs software is all closed source and therefore it sucks balls. You wonʼt get any friends when using Windows, whereas youʼll be the most popular person in the world when using Mac. Simply said, Mac is so much better than Windows.

Does this sound familiar? It probably does since most of us had to deal with Apple fanboys at least once. It gets even worse when you try to explain to them why they are wrong since they simply refuse to accept the fact that they donʼt know anything about Apple or Macintosh at all. What makes me even more angry is that whenever you finally manage to get the time to explain to them theyʼre wrong, all they say is “Youʼre just a Windows fanboy”. Excuse me? A Windows fanboy ? Werenʼt you the fanboy screaming about how great Apple is, while at the same time not being able to name a few Apple computers besides the iMac and Macbook?

But it doesnʼt stop there. Not only are the fanboys a problem, but Apple itself is a problem as well. Since the beginning they have fought for open platforms which would give the user freedom to use the technology in pretty much any possible way. In fact, this was one of the main things Apple advertised in the early days. Remember the 1984 Apple commercial in which a rebel throws a hammer through a screen thatʼs brainwashing people? It stands for the freedom of technology and how to use it. Exactly the opposite is happening now 25 years later.

Take a look at Macintosh and the iPhone OS. Both are closed source (with some open source parts). On top of that, all iPhone applications have to first be verified by Apple. Mac OS X [luckily] doesnʼt have those kind of restrictions, mainly because itʼs nearly impossible to restrict applications for a desktop operating system. Nevertheless, Apple is still doing the opposite of what they told people they would do.

Mix fanboys with a hypocrite company and you end up having a very, very bad day. Obviously Apple fanboys arenʼt the only fanboys, Windows and Linux fanboys are just as worse. I remember a person from a party who claimed that Ubuntu is the best operating system since it was so damn secure. I didnʼt even bother to reply since it was already hilarious enough. Another common mistake that people make is that they think Macintosh computers are for design related work only. Truth is, almost any Windows application has a little (or big) brother that runs on Macintosh. The only downside of a Macintosh is that there arenʼt that many games available for it.

Face it, Mac is better than Windows. My writing skills rock and yours suck. After not having written for more than a month I decided I had to make a comeback, and whatʼs better than writing an article about the best operating system in the world.

Possibly Related Articles:

1. Apple Responds to Microsoft Accusation that Macs are Too Cool
2. Microsoft Announces Foray into Retail Store Sales Ala Apple
3. Apple And Microsoft Still In Love After 25 Years
4. Microsoft Drops 3-App Limit, Publishes Strict Windows 7 Netbook Limits
5. Microsoft Training vs. Apple Training – Part II (of II)