Showing posts with label Incident Management. Show all posts
Showing posts with label Incident Management. Show all posts

March 19, 2015

What Type Of IT Error Was That?

So true story...

One of my collegues was giving me a status on an IT problem in the office. 

With a very straight face, he goes, "Yeah, it was an I.D. 10 T error!"

I'm just looking at him with a sort of blank face (I must have been emanating something like, "What are you talking about Willis?")

And he repeats, "An I.D. 10 T error...uh?"

Ok, one more time, I haven't had my coffee yet.

So he goes dotting his head, "What you haven't heard about an I.D. 10 T error?"

"All right, you got me...What is an I.D. 10 T error."

And as I'm saying it out loud and visioning it on paper, his little joke is out of the box.

Hey cut me some slack, I'm a Jewish kid from the Bronx and so I innocently say, "An IDIOT Error?"

Now he's nodding his head up and down in excitement, "An end user--IDIOT--error!"

And he starts laughing his head off. 

Ok boys and girls in IT...rule #16 of office etiquette, please don't call the end-users, idiots.

Back to customer service (and sensitivity) training for some of the jokesters on the team... ;-)
(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

March 7, 2014

We're Giving It All Away


Nice little video from Mandiant on "The anatomy of a cyber attack."

Despite the typical firewalls, antivirus, and intrusion detection system, cyber attacks can and do penetrate your systems.

This happens through social engineering (including phishing attempts), automated spam, and zero-day exploits.

Once inside your network, the cyber attacker takes command and control of your computers, surveys your assets, steals user names and passwords, hijacks programs, and accesses valuable intellectual property. 

Mandiant performs security incident response management (detecting breaches, containing it, and helping recovery efforts), and they are known for their report "APT1" (2013) exposing an alleged significant government-sponsored cyber espionage group that they state "has systematically stolen hundreds of terabytes of data from at least 141 organizations."

Another fascinating report on a similar topic of advanced persistent threats was done by McAfee on Operation Shady Rat (2011) that reveals over 70 organizations (governments, commercial entities, and more) that were targeted over 5 years and had terabytes of information siphoned off. 

The overall risk from cyber espionage is high and the McAfee report states:

- "Every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact."

- "What we have witnessed...has been nothing short of a historically unprecedented transfer of [intellectual] wealth - closely guarded national secrets...disappeared in the ever-growing electronic archived of dogged adversaries."

In short we can't keep a secret--we're putting endless gobs and gobs of our information online and are not adequately protecting it in cyberspace, with the result that our adversaries are able to access, exfiltrate, disclose, modify, or destroy it.

In short, we're giving it all away - why? 
Share/Save/Bookmark

December 3, 2009

Federal Computer Week - Discussion of ITIL and EA

Services listed under ITIL and enterprise architecture models are
different in nature, said Andy Blumenthal, chief technology officer at
the Bureau of Alcohol, Tobacco, Firearms and Explosives, who did not
speak on behalf of the agency.

“When we talk about services in an EA context, we refer to those that
are used for mission and business purposes,” he said. “In contrast,
ITIL-type services are underlying support functions to the customer,
such as problem identification and resolution. An example of an EA
service versus an ITIL service would be a document management solution
versus a help desk or network management function.”

...

“Traditionally, architecture efforts have been notorious for being an
ivory-tower effort that results in shelfware,” Blumenthal said. ITIL
proponents also tend to be squirreled away in data centers and not
inclined to consult with architects.

A cultural shift is necessary, Blumenthal said. Enterprise architects
in particular must become more user-oriented if they’re going to stay
relevant in a changing technology environment, he added.

To read the entire article go to:
http://fcw.com/articles/2009/12/07/comparing-ea-and-itil.aspx


Share/Save/Bookmark

June 15, 2008

Emergency Incident Management and Enterprise Architecture

When a disaster or emergency strikes, who is in charge—federal, state, local, or tribal authorities? Police, fire, rescue, medical services, public works, environmental response professionals? Who has jurisdiction? How is incident response coordinated?

“The National Response Framework (NRF) presents the guiding principles that enable all response partners to prepare for and provide a unified national response to disasters and emergencies. It establishes a comprehensive, national, all-hazards approach to domestic incident re

  • describes how communities, tribes, states, the federal government, private-sectors, and nongovernmental partners work together to coordinate national response;
  • describes specific authorities and best practices for managing incidents; and
  • builds upon the National Incident Management System (NIMS), which provides a consistent template for managing incidents.” (http://www.dhs.gov/)
National Incident Management System:

  • While most emergency situations are handled locally, when there's a major incident help may be needed from other jurisdictions, the state and the federal government. NIMS was developed so responders from different jurisdictions and disciplines can work together better to respond to natural disasters and emergencies, including acts of terrorism. NIMS benefits include a unified approach to incident management; standard command and management structures; and emphasis on preparedness, mutual aid and resource management.” (http://www.fema.gov/)

Government Technology’s Emergency Management Magazine, Spring 2008, reports that “only willing partners coming to the table, treated as equals, will prove effective in establishing a national standard for incident response.”

Why are there so many issues in coordinating incident response?

  1. Miscommunication—“the ideal scenario is that everyone uses the same system and terminology when responding, which allows disparate agencies to come together quickly and avoid miscommunication when confusion ultimately rules—during disasters.”
  2. Jurisdictional egos—“Jurisdictional egos can become involved, along with personal history and interagency ‘baggage.’…it can be messy at best, especially as leaders emerge, each wanting to highlight their agency’s accomplishments and not be superseded by another.”
  3. Lack of interagency and cross-jurisdictional training—“We need joint training, planning and exercises with all potential partners if we’re ever going to fix the issue of unified command…[additionally, there is a] lack of practice in how, in larger, cross-jurisdictional responses, the elected officials aren’t used to working in tandem with other jurisdictions during emergencies.
  4. Subordination is not in the law—“It is not in our nature and governance for one jurisdiction to subordinate itself to another, especially in crisis. As such, the solution will need to be the establishment of mechanisms that allow for joint action via a coordinated response.”

As a citizen, I frankly do not care about responders’ terminology, egos, training, or distaste for subordination—when there is a true crisis, I (like I believe any sane person) wants help to come, come quick, and come effectively. I want lives saved and property safeguarded.

From an enterprise architecture perspective, I acknowledge the challenge that we face in coordinating incident response among a broad spectrum of stakeholders and emergency response experts. However, at the same time, I cannot help but marvel at the current federated system of emergency response. I believe that emergency response needs to mature to one where there is absolute crystal clear chain of command and a solid, unified approach to dealing with disaster. All necessary and appropriate resources need to be brought to bear to help people in disaster and a coordinated response is a must.

Certainly, while there are technical issues in establishing common data standards, mechanisms for information exchange, interoperable systems, and securing these, it seems that the biggest issue is cultural. People and agencies are continuing to function in a siloed mentality despite the clear need for a unified approach to dealing with disasters as well as with the large, complex, and global problems that we face. I believe that this only underscores the need for “enterprise architecture” and that it is becoming more and more obvious that each of us doing our own thing is not going to enable us to solve the great issues of this century.


Share/Save/Bookmark