The Word is Not Enough

Council languages - if it ain't English, we can't cope

2008-11-03T18:52:19Z

First, Swansea council mess up the translation of one of their signs: the Welsh says ""I am not in the office at the moment. Send any work to be translated".

Now, English councils are banning everyday Latin phrases, like 'vice versa' and 'via'.

It's worrying, isn't it?

SC Magazine: Extending the ROI on information security expenditure

2008-11-03T16:09:11Z

Can you help with the following article? This article will be appearing in SC Magazine. SC features on specific technologies and trends are designed to inform IT security professionals about the state of the art in that area.

Deadline for leads is 7th November 2008. Email me or leave a comment below.

Extending the ROI on information security expenditure

How Information Security Professionals (ISP) can ensure that their investment in technology, people and consultants actually pays off. What are the best ways to ensure they get value for money, please the CEO and CFO and improve security - all at the same time?

The conundrum of being an effective information security professional is that if you do a good job then there aren't any tangible results -- you can only point to reduced or zero breaches. If the baord sees that the company seems to be insulated from attack it may be hard to get agreement for increased spend or bigger teams.

The problem is that the board doesn't see what you see. They don't know that you and your team are working 14 hours a day just to keep up with the waves of attacks and patching old systems.

So how does the CISO?

- Devise a budget

- Model the likely level of attack for the next four quarters (risk assessment)

- Audit current system architectures

- Work out how much to spend

- Get the best value and deals from vendors and consultants and resellers

- Prove to the board that without the investment and spend required the company would suffer monetary loss

- prove what the ROI would be on security spend

What skills does a CISO need to do all this? Are there any software tools available that can help? Can consultants help?

Should information security actually be exempt from proving ROI as it is necessary in the same way as physical security like alarms, fire exits, CCTV etc which most of the time are redundant to the functioning of the company's core business.

Box 1 recessionary times
This feature has become all the more topical given the current financial crisis and the impending recession but there are two schools of thought at the moment. One is that security spend will hold up as it's the one area that business cannot afford to skimp on because attacks may increase. Others however think that it is unlikely and that spending will be squeezed on security and at the very least legacy systems will be patched and made to last and 2009 budgets will remain static at best - cut at worst. What is the truth about all this? Who is right?

Box 2 CASE STUDY
An interview with a CISO or CSO from a well known business about how they configured their budget, got buy-in from the board and possibly devised a system to prove ROI on their architecture, policies and staff.

Highbury payouts at last

2008-10-17T13:14:10Z

Well, it's nearly been three years coming, but finally BDO Stoy Haward have started paying out the monies owed from the Highbury ring-fenced fund.

A letter arrived in this morning's post with a cheque for the full amount I was owed by Highbury for work on iCreate in January 2006. According to the letter, the trustees of the New Credit Trust applied to the court for an order confirming the beneficiaries; the court made the order on the 8th September and they're now paying out.

Once the Trustees have completed all initial distributions, they will be contacting those parties who potentially have further Trust monies outstanding to them in order that they may prove whether their debt falls within the Trust period, which was from 12 December 2005 to 20 January 2006

Hopefully, everyone will get their cheques through soon then.

August holiday

2008-07-31T11:00:02Z

I'm going to be on holiday from Friday 1st August for a fortnight. If you leave a message on my voicemail or send me an email, I'll get back to you as soon as I can when I return.

Picking a gym

2008-05-06T15:34:17Z

Finding the right gym is something of an artform. I'm not sure I've mastered it though. I spent a good week or so investigating the local gyms, ended up joining one in London Bridge and I'm not sure I made the right decision.

Virgin Active - Strand
Very nice. Very shiny. Lots of machines. Has a relatively small pool. Most of the free weights were available. Just hideously expensive, not quite as easy to get to for me as ones near London Bridge and the membership person wasn't very helpful. You also have to fill out a whole lot of forms to even get a trial. Towel service extra. Men's toilets were a bit nasty.

Fitness First - Beckenham
Good equipment. Good use of space. Helpful membership person. Towel service extra. Just a little bit soulless and very hard to get to by train and public transport.

Virgin Active - Bickley
Easy to get to if you're going by train from Victoria, since it's near Bickley station. Great facilities. Lovely pool. Massive number of machines and free weights, including the fabled power plates. Has a good café. Nicely priced too. If it had been better located, I would have joined this one (and still might).

Fitness First - Cottons (London Bridge)
The one I actually joined. Reasonably priced (compared to Virgin Active - Strand anyway). Has a smallish pool. However, it's always busy; the front of counter staff and membership staff don't seem to care; they messed up my health check-up booking so I never got it; the pool flooded the lower levels; I've been turfed out once because they were closing the gym at 3.00pm to connect it back up to the National Gird; almost all the doors have been taken off the men's lockers (I don't know why); they gave me someone to set up a training programme who had never used half the machines; and it closes at 6pm on Saturdays and Sundays (I was turned away at 5.30pm). And all that in only the last fortnight. Towel service included though.

Going to Wales for the weather

2008-04-14T09:02:00Z

Weather in London

Weather in Wales

What's up there then?

Pancake Day excitement

2008-02-05T12:41:22Z

It's Shrove Tuesday today. Does it say something about me that I'm more excited by the thought of Pancake Day than I get about my own birthday?

Christmas subs joke

2007-12-22T16:14:26Z

Q: What are Santa's little helpers called?
A: Subordinate Clauses

Christmas break

2007-12-20T14:27:13Z

I'm going to be on Christmas break between the 22nd December 2007 and the 1st January 2008. You can send me an email or leave a message on my voicemail and I'll get back to you on the 2nd January.

Shots of Paris

2007-12-06T10:24:20Z

We went for a short weekend in November before the EuroStar switched over to St Pancras. Here are some piccies:

The Pompidou Centre from a couple of different angles

]]> The Hotel de Ville

Notre Dame Cathedral

And from a different angle:

I have no idea what this was, but it looks good, doesn't it?

Payout in two months for Highbury ring-fenced fund?

2007-11-30T12:43:53Z

After quite a long break, I've spoken to Chris Coles of BDO again about progress on paying out on the ring-fenced fund to Highbury creditors. After admitting that paying out by Christmas last year was hopelessly optimistic, he now thinks BDO should be able to pay out within a couple of months. He says:

“Because of the way it was set up, it raised some complicated issues. At first view, it was simple and quick, but it's just delayed it.”

There are still some technical issues to overcome to with tax liability and determining whether there are any separate classes of creditors, but BDO has definitely been appointed by the courts to deal with the issues.

Not sure how much to rely on that “two months” thing with Christmas coming up, but fingers crossed it won't be too much longer now.

Switched away from Dataflame at last

2007-11-30T12:39:12Z

The observant among you may have noticed that I've changed web host. Goodbye Dataflame, hello LivingDot. Dataflame finally pushed me over the edge by locking down the permissions on my cgi-bin for a week while I was on holiday (without telling me) then locking them down again for two days while they did testing, simply because I was running Movable Type for this blog (and my other blogs).

LivingDot has the virtue of being a preferred partner of Six Apart, the company that makes Movable Type, and while the performance on their servers isn't as good as Dataflame's, the server occasionally times out on some requests and they're a little more expensive, they have several advantages

They let you use SSL encryption on email in a way that's compatible with Microsoft Entourage
They let you support a huge number of domains (50 I think) on your server at no extra cost
They actually know what Movable Type is and how to support it.
Large numbers of MySQL databases to call your own

The only hassles I had with the move was a couple of files that somehow got left behind; and problems getting my old MySQL databases copied over (leaving some strange characters on entries that used £s, “s, …s and Greek script). Otherwise, all is good and happy again.

A few shots of Cardiff

2007-11-30T12:11:03Z

I went to Cardiff in October and stayed on the bay for a few days. Here are a few shots, cos it's a really lovely place - I can't wait to go back!

]]> St David's Hotel and Spa:

Inside Cardiff Castle:

The wetlands and nature reserve:

SC Magazine: How to achieve security buy-in from your staff - without pain

2007-11-30T11:32:18Z

This feature is designed to help information security professionals educate company employees about the importance of security awareness and employee responsibility.

]]> An often overlooked part of an ISP’s role, but if properly managed and implemented, security awareness can prevent incidents such as laptop losses as well as make employees’ working lives easier and reduce costs. It will include key tips and strategies and interviews with industry leaders and training organisations.

PLUS: How to work with other departments like HR to improve awareness and company security and the ten most important facts a workforce should know about information security.

This article will be appearing in SC Magazine. SC features on specific technologies and trends are designed to inform IT security professionals about the state of the art in that area.

Deadline for leads is 10th December 2007. Email me or leave a comment below.

Away on holiday

2007-10-21T10:42:09Z

I'm going to be away on holiday from Sunday 21st October to Wednesday 24th October. But if you leave a message on my voicemail(s) or send me an email, I'll get back to you as soon as I can.