I can sit in a room by myself for any length of time, and not go stir crazy. There ARE things to think about.
I say this indicates 'well adjusted'-ness,
I am well adjusted.
Am I normal ?
Not everybody has the talent to be a good author (I don't fool myself). Some writings get muddled, and some responders simply interject confusions.
The topic(s) of ‘data privacy rights’, why they are needed, and including who is subject to adhere to regulations concerning them, why they are subject, when they are subject, and the regulations themselves, all deserve to be logically discussed.. ....Because there ARE regulations. -Regulations concerning information that a person or other entity may hold [about] another person, or other entity, which, if obtained by an unauthorized 3rd party, could be used in an unauthorized manner. (If you legitimately [authorized] collect and save someone else's information, you have a responsibility to protect that information from unauthorized access, viewing, collection and\or use. And, generally, authorized for your use does not authorize you to authorize any other person or entity.)
The Ops’ title is: - “Employee-Owned Devices Muddy Privacy Rights”
- Business and Tech headlines lately are loaded with mentions about, and references to such things as, “Bring your own device to work(BYOD)”, “Commercialization of Corporate IT”, etc., etc., which talk about employees using their own devices to access work-related assets, for different reasons.
As is pointed-out in various comments above, the persons or entities that are subject to the aforementioned regulations are required to take ‘reasonable steps' to comply with those regulations.
It is NOT reasonable to ‘assume’ an employee’s personal device is and will remain to be ‘in compliance’ with the subject regulations, therefore, it is NOT a ‘reasonable step’ to openly allow employee-owned devices access to the internal information.
The computer systems we saw on television, Star Trek and the like, will one day govern us; but not yet.
As it does become costlier to 'keep all data', regarding business data, when using a data or document 'classification' method which identifies data that poses greater risks for the organization, regulatory and\or legal, or in unnecessary costs, once the data can be moved from 'riskiest' to 'least risky', maybe then it becomes acceptable to introduce the 'unknown' of 'where' the data is located, (if you keep it, at all), but surely not while the data is classified as 'risky'.
Concerning stored data, one way or another, one or more of these requirements comes into play: "confidentiality, integrity, availability", or sometimes "authenticity"
If you are seeking 'proof' of any one of these concepts regarding the data, at any of the varying stages of consideration, how can you, or your service provider, prove it if there is a question of "where" the data resides?
Where tiers are possible in service, service is tiered. This is not new. This is good business.
For residential-class service they charge X and they block the port.
For business-class service they charge X + and they unblock the port.
there's nothing 'unfair' here, the contract defined the tiers. You do not 'own' the network, nor the access to it. You have a contract for access to use the network, and you agreed to fine print in the contract. The fine print states that if you want to run a web server, or email server, you must purchase business-class service.
move along now. there is no story here. It has been this way
I am not necessarily pro-Dell, but I am for making money, so I learned 'contracts' -(IANAL) When you call a 'Hardware' company for tech support regarding 3rd party SOFTWARE that the hardware company did not install on the hardware you bought, and so therefore could not have had the opportunity to configure their hardware for that software, how would it be profitable for that company to support you? It could not be. MOSTLY because if they did that for you, they'd also have to do it for everyone else, but mainly because [you contracted with them to provide tech support based upon the hardware and software configuration that you purchased] YOU made the contract for their services. If they were expected to provide unlimited services to you, no matter what you did, then they would have been justified to charge you for that.
It's common knowledge that Dell is a hardware company, not a software company. If they tried to charge you for support of software they did not 'build', you'd really get heated. -They would not be able to alter the software to your configurations, so what would you be paying for ?
Also, 'increased service' above your warranty -just because its relatively soon after you made your purchase, is not kosher, either.
There is no 'Service' without 'contract', and 'Contract' is two-way, never only one-way.
On another note - I can say from experience that had you purchased your upgrade from Dell based upon the system as it was sold (you had that choice), they would have slip-streamed all necessary drivers into your installation CD and the entire upgrade process would have been pretty quick. Also, Dell does not abandon their hardware because you change the software. They would continue to provide hardware support as best they could based upon the contract. -Its just that when you change the operating system, sometimes the hardware then needs new drivers and setting configurations TO WORK. So if you expect them to work (provide service) on what you did not pay for, who would it be getting the short end of the interaction? any company's shareholders would have lots to say about that business model.
here's a freebie, although I need to eat:
I say offer 3 levels of service; full, consult for pro se, with\without 'forms' - normal full service OR consult for pro se with your assistants completing forms, OR consult only and client gets\fills out forms by self (unbundled services) - after consult counsel fills out check list of topics counseled and client files that with paperwork - more clients due to other types of services offered, more exposure for full services offered, satisfies the court - counsel and client sign waiver for 'counsel only' - no continuing representation without new agreement - this has been on my mind since the 80's see my linkedIn posts: http://www.linkedin.com/in/counseltechnologyinc
I was thinking the scenario was as follows:
1. He was employed as the sys admin and as such had obtained the focus to be the top person responsible for protection of the network.
2. His reluctance to give up the passwords was caused by his position that those people wanting the passwords were unskilled and had proposed not-safe activities on\to the network and
so he deemed it the safest move he could have done to save himself from being responsible for any resulting damages, as well as to protect the network, not to cough them up.
3. His employer then searched for the passwords, which should have been accessible by someone else in the chain of responsibility, and received none because said employer had not
already had in place the safeguards necessary to avoid this very situation (which, ultimately, is what created the situation in the first place).
4. He then continued to refuse based upon the reasoning stated in #2, above, after speaking to (people) claiming, mostly, "principals" as reason-enough, but also that the use of the
network was not being 'denied', -so how could they charge him with denial of service, AND based upon the fact that he was doing, in every aspect of consideration, EXACTLY as he had
always done regarding his position and protection of the network, based upon the processes and procedures and safeguards in place during his entire time of employment.
5. Employer found itself in awkward, perhaps embarrassing predicament and could not, based upon the man's 'principals' (which were cause for him to be hired into the position to begin
with) force him to allow the not-safe-for-the-network access, and decided to go with what the State wanted to do, prosecute the man as an example.
6. He was arrested and charged under CA's new laws.
7. He lost.
No mention of improprieties in the actions of the court have been heard, so what is there to 'appeal'? "All" should now be 'noticed' of this possibly happening to them. All should now be prepared to 'give-up' your principals when\if it comes out that your employer is\has been slacking in its responsibilities regarding this type of situation. (which may also mean disqualifying yourself for REAL responsible jobs in the future.)
All should take note to make sure that the job you are in, and all future positions, is one where the employer IS already taking the safeguards.
A true 'data disaster' would have to be defined to include:
1) loss of data (including minor and major losses)[data is gone].
2) loss of integrity of that data [the current data cannot be authenticated].
3) loss of use of the data, even temporarily [loss of access].
4) loss of the confidentiality of the data [unauthorized exposure of the data, including unauthorized capture].
5) Unauthorized USE of the data.
--->> whether the loss is for an individual or a larger organization can not be a consideration in the definition.
the definition would include such loss as may caused, directly or indirectly, by authorized possessors of the data AND unauthorized possessors of the data.
Data Disaster.
HOW TO PREVENT DATA DISASTER . . should be a topic
biometrics is harder to maintain than one would think (and therefore harder to use).
in my experience, once enrolled onto a system, BOTH, a system hardware change and a system SOFTWARE change, can corrupt the file(s) holding the biometric data.
The fix is easy for me, -just turn off the biometrics BEFORE making such changes. But for Jane and Joe user, who don't understand how or why to control 'automatic up-dates', biometrics become just too much to deal with.
(this is posted before I look at anything already posted below the post it is attached to)
I concur here with Ivmond01. We're no longer in the 80's or 90's, so uninformed, unchecked internet use doesn't make sense, no matter what OS you may be using. And, Yes, of course the attack vector may be changing (again)(routers and modems). -What else does an informed user expect?
-Perhaps we do need to think about internet licenses, for both the user and the machine!!! ( -:
MA is trying to protect its' citizens and their rights. All States probably have requirements TO DO this exact thing (make laws that protect its citizens). If they are not required to act upon obvious 'wrongs' to its citizens (failure of PII gatherers to protect that information from being used\misused in ways not authorized by the owners [the citizens]), who is the citizen to turn to for protection?
This subject should be a 'common sense' thing but just isn't, MOSTLY because of financial reasons (which happens a lot in business). This law is requiring thoughtful consideration of everything about 'information technology', including the consequences of not thinking about it all, and pulling organizations away from just thinking about ROI and 'ease of use'. Most gatherers of PII admit that the owners of that PII are entitled to protections against unauthorized\misuse of their PII, but for financial reasons the gatherers argue that requiring them to be the protectors is just not fair to them.
This idea that MA is going towards cannot be considered a bad thing, so what is all this other arguement about ?
over a year ago, this post "Security by compliance is obviously not working. We need to stop thinking about information security and start thinking about information risk management. Compliance should be approached from a risk management, and not a purely technical, perspective. You need to do information security not to meet compliance but to protect the business. There is a huge difference between those two methodologies. We need to identify, govern and manage IT risk for security, and therein realize compliance." see it at
http://www.linkedin.com/myprofile?trk=hb_tab_pro
I just got here and haven't read the other responses, but . . . if you are seriously asking that question, obviously you are not familiar with your compliance requirements.
In the US, Verizon Telecom is the only source of the fiber optic signal all the way to the premises. And no matter what your devices seem to be capable of, Verizon does not provide, for normal residential or business accounts, fiber signal past their optical network terminal. So, you can't use a true fiber signal on your devices in the house supplied from Verizon Telecom.
Fiber is not yet ready for installation 'in the house', is it? Are there any normal household devices that will hook straight to fiber ?
'lemme no
Thanks
Slashdot Mirror
all OS'es get bugs and viruses. why is this still questioned?
in the beginning . . . windows defender was not getting signatures from same places as everyone else
fiber to the house is wonderful, but i can't wait to get fiber in the house!
I can sit in a room by myself for any length of time, and not go stir crazy. There ARE things to think about. I say this indicates 'well adjusted'-ness, I am well adjusted. Am I normal ?
Not everybody has the talent to be a good author (I don't fool myself). Some writings get muddled, and some responders simply interject confusions. The topic(s) of ‘data privacy rights’, why they are needed, and including who is subject to adhere to regulations concerning them, why they are subject, when they are subject, and the regulations themselves, all deserve to be logically discussed .. . .. .Because there ARE regulations. -Regulations concerning information that a person or other entity may hold [about] another person, or other entity, which, if obtained by an unauthorized 3rd party, could be used in an unauthorized manner. (If you legitimately [authorized] collect and save someone else's information, you have a responsibility to protect that information from unauthorized access, viewing, collection and\or use. And, generally, authorized for your use does not authorize you to authorize any other person or entity.)
The Ops’ title is: - “Employee-Owned Devices Muddy Privacy Rights”
- Business and Tech headlines lately are loaded with mentions about, and references to such things as, “Bring your own device to work(BYOD)”, “Commercialization of Corporate IT”, etc., etc., which talk about employees using their own devices to access work-related assets, for different reasons.
As is pointed-out in various comments above, the persons or entities that are subject to the aforementioned regulations are required to take ‘reasonable steps' to comply with those regulations.
It is NOT reasonable to ‘assume’ an employee’s personal device is and will remain to be ‘in compliance’ with the subject regulations, therefore, it is NOT a ‘reasonable step’ to openly allow employee-owned devices access to the internal information.
The computer systems we saw on television, Star Trek and the like, will one day govern us; but not yet.
As it does become costlier to 'keep all data', regarding business data, when using a data or document 'classification' method which identifies data that poses greater risks for the organization, regulatory and\or legal, or in unnecessary costs, once the data can be moved from 'riskiest' to 'least risky', maybe then it becomes acceptable to introduce the 'unknown' of 'where' the data is located, (if you keep it, at all), but surely not while the data is classified as 'risky'.
Concerning stored data, one way or another, one or more of these requirements comes into play: "confidentiality, integrity, availability", or sometimes "authenticity" If you are seeking 'proof' of any one of these concepts regarding the data, at any of the varying stages of consideration, how can you, or your service provider, prove it if there is a question of "where" the data resides?
Where tiers are possible in service, service is tiered. This is not new. This is good business. For residential-class service they charge X and they block the port. For business-class service they charge X + and they unblock the port. there's nothing 'unfair' here, the contract defined the tiers. You do not 'own' the network, nor the access to it. You have a contract for access to use the network, and you agreed to fine print in the contract. The fine print states that if you want to run a web server, or email server, you must purchase business-class service. move along now. there is no story here. It has been this way
I am not necessarily pro-Dell, but I am for making money, so I learned 'contracts' -(IANAL) When you call a 'Hardware' company for tech support regarding 3rd party SOFTWARE that the hardware company did not install on the hardware you bought, and so therefore could not have had the opportunity to configure their hardware for that software, how would it be profitable for that company to support you? It could not be. MOSTLY because if they did that for you, they'd also have to do it for everyone else, but mainly because [you contracted with them to provide tech support based upon the hardware and software configuration that you purchased] YOU made the contract for their services. If they were expected to provide unlimited services to you, no matter what you did, then they would have been justified to charge you for that. It's common knowledge that Dell is a hardware company, not a software company. If they tried to charge you for support of software they did not 'build', you'd really get heated. -They would not be able to alter the software to your configurations, so what would you be paying for ? Also, 'increased service' above your warranty -just because its relatively soon after you made your purchase, is not kosher, either. There is no 'Service' without 'contract', and 'Contract' is two-way, never only one-way. On another note - I can say from experience that had you purchased your upgrade from Dell based upon the system as it was sold (you had that choice), they would have slip-streamed all necessary drivers into your installation CD and the entire upgrade process would have been pretty quick. Also, Dell does not abandon their hardware because you change the software. They would continue to provide hardware support as best they could based upon the contract. -Its just that when you change the operating system, sometimes the hardware then needs new drivers and setting configurations TO WORK. So if you expect them to work (provide service) on what you did not pay for, who would it be getting the short end of the interaction? any company's shareholders would have lots to say about that business model.
here's a freebie, although I need to eat: I say offer 3 levels of service; full, consult for pro se, with\without 'forms' - normal full service OR consult for pro se with your assistants completing forms, OR consult only and client gets\fills out forms by self (unbundled services) - after consult counsel fills out check list of topics counseled and client files that with paperwork - more clients due to other types of services offered, more exposure for full services offered, satisfies the court - counsel and client sign waiver for 'counsel only' - no continuing representation without new agreement - this has been on my mind since the 80's see my linkedIn posts: http://www.linkedin.com/in/counseltechnologyinc
remember these posts and in 2025 look back at them.
the earth is a closed system folks
EVERY closed ecological system eventually burns itself out. We learned that in the 3rd or 4th grade, when looking at ant farms.
of course, after posting I read http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html [networkworld.com] for the details, and maybe my thinking has changed somewhat, BUT, not as to the employer being ultimately prepared with proper polices and procedures. more coffee!
I was thinking the scenario was as follows: 1. He was employed as the sys admin and as such had obtained the focus to be the top person responsible for protection of the network. 2. His reluctance to give up the passwords was caused by his position that those people wanting the passwords were unskilled and had proposed not-safe activities on\to the network and so he deemed it the safest move he could have done to save himself from being responsible for any resulting damages, as well as to protect the network, not to cough them up. 3. His employer then searched for the passwords, which should have been accessible by someone else in the chain of responsibility, and received none because said employer had not already had in place the safeguards necessary to avoid this very situation (which, ultimately, is what created the situation in the first place). 4. He then continued to refuse based upon the reasoning stated in #2, above, after speaking to (people) claiming, mostly, "principals" as reason-enough, but also that the use of the network was not being 'denied', -so how could they charge him with denial of service, AND based upon the fact that he was doing, in every aspect of consideration, EXACTLY as he had always done regarding his position and protection of the network, based upon the processes and procedures and safeguards in place during his entire time of employment. 5. Employer found itself in awkward, perhaps embarrassing predicament and could not, based upon the man's 'principals' (which were cause for him to be hired into the position to begin with) force him to allow the not-safe-for-the-network access, and decided to go with what the State wanted to do, prosecute the man as an example. 6. He was arrested and charged under CA's new laws. 7. He lost. No mention of improprieties in the actions of the court have been heard, so what is there to 'appeal'? "All" should now be 'noticed' of this possibly happening to them. All should now be prepared to 'give-up' your principals when\if it comes out that your employer is\has been slacking in its responsibilities regarding this type of situation. (which may also mean disqualifying yourself for REAL responsible jobs in the future.) All should take note to make sure that the job you are in, and all future positions, is one where the employer IS already taking the safeguards.
A true 'data disaster' would have to be defined to include: 1) loss of data (including minor and major losses)[data is gone]. 2) loss of integrity of that data [the current data cannot be authenticated]. 3) loss of use of the data, even temporarily [loss of access]. 4) loss of the confidentiality of the data [unauthorized exposure of the data, including unauthorized capture]. 5) Unauthorized USE of the data. --->> whether the loss is for an individual or a larger organization can not be a consideration in the definition. the definition would include such loss as may caused, directly or indirectly, by authorized possessors of the data AND unauthorized possessors of the data. Data Disaster. HOW TO PREVENT DATA DISASTER . . should be a topic
biometrics is harder to maintain than one would think (and therefore harder to use). in my experience, once enrolled onto a system, BOTH, a system hardware change and a system SOFTWARE change, can corrupt the file(s) holding the biometric data. The fix is easy for me, -just turn off the biometrics BEFORE making such changes. But for Jane and Joe user, who don't understand how or why to control 'automatic up-dates', biometrics become just too much to deal with. (this is posted before I look at anything already posted below the post it is attached to)
I concur here with Ivmond01. We're no longer in the 80's or 90's, so uninformed, unchecked internet use doesn't make sense, no matter what OS you may be using. And, Yes, of course the attack vector may be changing (again)(routers and modems). -What else does an informed user expect? -Perhaps we do need to think about internet licenses, for both the user and the machine!!! ( -:
MA is trying to protect its' citizens and their rights. All States probably have requirements TO DO this exact thing (make laws that protect its citizens). If they are not required to act upon obvious 'wrongs' to its citizens (failure of PII gatherers to protect that information from being used\misused in ways not authorized by the owners [the citizens]), who is the citizen to turn to for protection? This subject should be a 'common sense' thing but just isn't, MOSTLY because of financial reasons (which happens a lot in business). This law is requiring thoughtful consideration of everything about 'information technology', including the consequences of not thinking about it all, and pulling organizations away from just thinking about ROI and 'ease of use'. Most gatherers of PII admit that the owners of that PII are entitled to protections against unauthorized\misuse of their PII, but for financial reasons the gatherers argue that requiring them to be the protectors is just not fair to them. This idea that MA is going towards cannot be considered a bad thing, so what is all this other arguement about ?
over a year ago, this post "Security by compliance is obviously not working. We need to stop thinking about information security and start thinking about information risk management. Compliance should be approached from a risk management, and not a purely technical, perspective. You need to do information security not to meet compliance but to protect the business. There is a huge difference between those two methodologies. We need to identify, govern and manage IT risk for security, and therein realize compliance." see it at http://www.linkedin.com/myprofile?trk=hb_tab_pro
there's a MS-sponsored paper that states that users are RATIONAL to reject all security advise like running updated antivirus. see: http://blogs.techrepublic.com.com/security/?p=3275&tag=nl.e036 which has a link to the .pdf of the paper
I just got here and haven't read the other responses, but . . . if you are seriously asking that question, obviously you are not familiar with your compliance requirements.
In the US, Verizon Telecom is the only source of the fiber optic signal all the way to the premises. And no matter what your devices seem to be capable of, Verizon does not provide, for normal residential or business accounts, fiber signal past their optical network terminal. So, you can't use a true fiber signal on your devices in the house supplied from Verizon Telecom.
I asked the original question. I guess I haven't been paying attention..
Fiber is not yet ready for installation 'in the house', is it? Are there any normal household devices that will hook straight to fiber ? 'lemme no Thanks