This blog has been written using only my Blackerry.

I’ve often wondered how someone could pull a fast one on the Secret Service (SS). If you’re still wondering what I’m on about, I’m talking about Tareq and Michaele Salahi. The couple strolled through the White House gates, past the secret service to crash a state dinner held by the Obama’s. The situation became a laughing spectacle when they posted pictures of their prank on Michaele Salahi’s Facebook page. While the rest of the world snickered on about the security breach considering how fanatical the US is about the President’s security arrangements, the whole affair has made Michaele Salahi a star overnight. Her Facebook page now shows her as a popular socialite and people can click the “Become a Fan” button to show their support for her. I think the whole issue is rather distasteful because you’ve got to be very desperate for attention if you gate-crash a state dinner event. I’m sure she could have shot to her present fame by doing something equally stupid like attempting to jump off a tree armed only with an umbrella. Obviously Michaele Salahi doesn’t seem to realize that she’s become famous for all the wrong reasons. I admit that the prank was quite clever and makes the SS look downright embarrassing but the timing of the joke was all wrong. You should never gate-crash a government related affair to try and make the head of state and his teams look silly. I certainly don’t see her getting any invitations anytime soon for any future state related events. If Michaele Salahi wanted fame, she’s now as famous as Paris Hilton for all the wrong reasons. The SS have a duty to protect the president and his close advisors from security threats and by using the state dinner as an opportunity to send out a message to the world is the last thing that should be on anyone’s mind unless you’re a weirdo and have no concept of reality and civility. Events such as this are semi-solemn and there is a high degree of responsibility that is expected from anyone attending. Perhaps future events will be screened even more carefully to ensure people who take hallucinogens and start thinking they’re pulling of the world’s biggest stunt will be barred from even getting as far as the portico.

I got accepted into the British Computer Society (BCS) this week. The BCS agreed to award me the Professional membership which is a good thing. I have always wondered if the world of IT has any sort of charter based courses and the BCS offers this. Of course I’m not eligible for the Chartered IT level and will probably need to wait for a year or so before I can apply for a Chartered status. The world of ICT is not simply about having a qualification and then going out to dace the world alone. If you’re an ICT professional and think along those lines, then you need to watch the 300 movie and see what happens to Leonidas and his band of merry men in the end – it pays to be part of a team that is dedicated and shares a common view. The average ICT professional will ignore membership to such clubs or societies. I think it’s very important to be a part of a professional society (not the Fiji one) which recognizes your talents and helps nurture your skills and helps you align your specializations in the right direction. The whole concept of being an ICT professional is to share information and ideas. Being in this field is about helping change processes for the betterment of the community and to provide support for growing ICT sectors which cannot initially access such resources. The BCS provides a high degree of support and professional investment into helping deliver information and resources to those who really need it. The BCS is continually working with stakeholders to identify areas of need and this is clearly demonstrated by the various groups and forums that are available where members can contribute ideas.

My area of interest now that I’m a member of the BCS is information security management (ISM) and management and alignment of business technology (BT) with business processes (BP). Both topics go hand in hand together. If you’re interested in alignment of technology with business processes then you need to have the right levels of information. You can’t have information simply being available everywhere because that makes a lot of people cross, particularly when the information relates to credit card numbers and dubious transactions on the Internet to dodgy sites. So how can we really ensure that users are able to have access to the right information while at the same time ensuring that BT is able to align with BP? It’s not simply about buying expensive new servers and sophisticated firewalls. It’s not about using your active directory to strengthen your group policies (GP) and the use access. Aligning BT with BP while being able to have a good ISM practice is often a hurdle most system administrators find hard to overcome. My belief is that ISM can be achieved when you align BT with BP. At this point you may think that just because you’re able to get all the BP mapped successfully means a good security management as the BP has mapped successfully. This is not always the case because in the real world when you begin to really align processes you will find that data can become exposed in places you least expected it. For example, during your alignment, your system may be able to generate sensitive reports which can be used by your competitors should they get their hands on it. I have seen systems which generate reports that can give a layman all the information they need to take down an organization. The key to ensuring that security is preserved in such scenarios is to ensure that the reports are secured and cannot be transported or replicated outside the company. There are moves now being made to integrate reports and other sensitive data into web pages which are secured inside a VB frame. This in turn enables programmers to prevent users from grabbing screenshots or even capturing the information on any media. The pages are generated on the server and information is not stored on the user’s machines anywhere. The report is discarded once the user closes the window. I realize that this may raise some questions about the ability to manipulate the reports for other reports and data extraction can become a pain but there are some companies which actually use these methods and they’re often considered very secure organizations and very effective organizations because everyone has access to only information that is required for them at their level and any additional adhoc reports have to be sanctioned by the appropriate stakeholders because the rule of thumb is “less is good” which when translated by security experts basically means that too much information given to users can often result in a lot of fingernail biting at the end of the day.

The ability to be able to align the right information to the right users is a balance that is unique for each organization and depending on the type of management you have (draconian or modern and understanding), the availability of information is something that will always be an issue that an ICT professional will need to deal with. I firmly believe that users who are always asking for unique reports of one kind or another are seriously inept at their jobs because it simply demonstrates their inability to use the existing reports and tools of trade to get their tasks completed. In such cases, you need to either start looking for a replacement or watch the staff carefully as he/she may be selling you out behind your back. All adhoc system reports must be sanctioned and signed off by the CEO before you release them to ensure that the organization’s stakeholders are aware of such requests.

So, in conclusion if you’re looking for a method to align BT with BP, you need to start at the ground level first and ask yourself if the user really needs all the information they currently have or should it be reduced to provide only that which is really necessary for that role.

Have a great week!

Share