Domain: lanifex.com
Stories and comments across the archive that link to lanifex.com.
Comments · 6
-
Re:Platitudes, platitudesI fully concur with the above comment, and strongly recommend adoption of the ISO27001 series of standard (there is also ISO27002, 3, with more to come.)
I've written a paper on how to approach this, available here (PDF.)
I was disappointed by the title, since it hints at security convergence -- but completely fails to explore the space where my company is active, which is integrating physical security monitoring (alarm systems, environmental controls, UPS monitoring) with data security controls (IDS, network autodiscovery, scanning at Layer 2, 3 and 4), etc.
-
Security resources
Security is indeed a thankless task, but if you manage it properly, you can get proper recognition.
First, one of the keys to security is Risk Assessment. Either do it yourself (using the OCTAVE methodology), or hire outside consultants to guide/mentor you through the process.
Next, learn a little about security. Join SANS, take the CISSP training/exam, or become an Information Systems Auditor (COBIT, CISA are relevant.)
I wrote a brief introduction to security (released under GNU Documentation License) for those who wish to learn the basics of Risks, Controls, etc. Just read chapters 1 and 2.
If you wish to start documenting your systems, check out my Database of Managed Objects.
It's also a great idea to make friends with the Auditors in your company. Find out what you can do to make their jobs easier. Talk to your Chief Security Officer (if you have one, then the job of security is halfway to success!)
As others in this thread have posted, DOCUMENT EVERYTHING. Always follow the chain of command (unless something clearly illegal is involved.) Don't violate your ethics, and keep improving!
--
cheers
Paul Gillingwater -
A different answer
OK, I'm experienced in this area. I have started three businesses (the second one was an ISP, in 1989!), and am now running a business that is doing very well selling solutions based on open source software. We've even released a few open-source software packages, which are reasonably popular, to give something back.
I've got a BA in Management, a BSc in CompSci, and an MBA -- but I don't claim to know it all, indeed, far from it. I've been writing software for hire since 1978, and still enjoy doing it, but these days I spend more time on marketing and product development. I won't recapitulate all the great advice in this thread. What I will do is give a piece of advice that will tremendously improve your business networking contacts -- TAKE UP GOLF! -
It's Life-long education, not the MBA that mattersOK, let's get the Geek qualifications out the way first. Writing code since 1973, Perl, C, PHP, etc. RHCE certified. Security Analyst. Internet guru. Started New Zealand's first commercial ISP in 1989. Released open source code since 1986.
Now on to education. BA Management. BS Computer Science. And an MBA (no emphasis, but Marketing is more my focus than Finance.) I've started three businesses, have worked for three multinationals (Philips, HP, Reuters) and even worked for the United Nations for 8 years, building secure Internet infrastructure. I now own and run a small business, doing consulting and building web sites for fun and profit (http://www.lanifex.com) in Vienna, Austria.
What have I learned from my MBA? Well, lots of great stuff. Finance of course. Marketing, especially Global focus. Strategy, analysis, HR, communications, etc. And from all this stuff, I've distilled three things that matter:
- Life-long learning is an attitude.
Start learning, and never stop. It doesn't really matter whether you study for an MBA, or Origami, but keep learning. You'll improve your own life, and that of the people around you. - It's the people that matter.
When you do a classroom MBA (which I did) you make a lot of great contacts. These are the people who will help you in future business. Cherish them. - It's not all in books
You can learn some theory from the books, but the best way to learn is by trying things, and see what works for you. Leadership is innate, although you can learn a few tricks.
--
Paul Gillingwater - Life-long learning is an attitude.
-
I'm hiring now in Vienna, AustriaWell, I've just started a small open-source software company, and we need programmers with PHP/TCL/ACS/Midgard/LAMP/Oracle/Perl/LDAP/XML/Jav
a /SQL skills.Based in Vienna, Austria--however language is not a problem as we mostly use English, and so do our customers, and will help the right person to get a visa. Salaries are not great, but you'll have fun, and get plenty of benefits and holidays if you're willing to work with the team.
See out site: http://www.lanifex.com and drop me an e-mail at paul@lanifex.com if you're interested.
--
Paul Gillingwater -
At last -- a real Microsoft operating system
I wrote an Opinion piece on the great Windows 2000 versus Linux debate a couple of months ago. Basically, for those who don't want to follow the link, I said that Microsoft has for the first time in its existence actually released an operating system. Everything that preceded W2K (with the possible exception of SCO Xenix, to which Microsoft made a significant contribution) has been a hack upon a bogosity upon a program loader--albeit, one that captured the market needs, and which has been wildly successful. As someone who has worked professionally with computer operating systems since 1978, I have seen that there are certain fundamental requirements within data center operations for stability, security, reliability, manageability flexibility and maintainability. In fact, the key word here is "ability"-- and without those abilities, IT professionals are prevented from delivering a high standard of service to end-users. For the first time, Microsoft has really come out with a product that meets those needs, and for that I applaud them. Fore more, follow the link.
--
Paul Gillingwater