Feeds

BOFH: Risky business

Contingency plan? Shine a light

  • alert
  • submit to reddit

Application security programs and practises

Episode 7

"All I'm saying," I say, trying not to lose my rag, "is that you don't have to keep all your email messages in their entirety."

"Yes, but I need my email as a record," the PR droid burbles.

"That may be, but you don't need a record of the 50 messages between you and the woman from the office across the road saying 'what do you want for lunch?', 'pizza', 'I don't like pizza', 'what about Indian?', 'we had Indian yesterday', 'ok, what about that sandwich place?', 'you always suggest the sandwich place', 'I like the sandwich place', 'I KNOW you like the sandwich place', 'well you choose then', 'I don't know, I just want to try something different', 'what about Mexican then?', 'I've got a meeting this afternoon', 'but you have Indian before you have meetings,', 'maybe I'll just get something from the cafe downstairs', 'don't be like that', 'don't be like what?', etc, EVERY BLOODY DAY!"

"Have you been reading my email?"

"Who would want to read that sort of email?"

"I don't know," he replies, somewhat defensively.

"Trust me, the email I'd be reading was 'I've got a friend who works for the lottery and they've discovered the balls are weighted in favour of the Fibonacci sequence minus 1 - whatever that means - and they can't fix it until after this week's 25 million draw'. That's an email worth reading."

"I... But I need to keep my email," the PR droid sniffs, deciding on repetition as an approach.

"Look. I don't care if you keep every email you ever send or receive - so long as they're not clogging up the mail store. And trust me, you're clogging up the mail store. You've only been here six months and already you're the second highest mail user with 17 gigabytes of mail"

"Is that a lot?"

"Uh-huh.

"So if I'm the second highest, who's the highest?"

"Administrator - but that doesn't count because no one reads that mail."

"So it's not that much of a problem?"

"It is - and I'm implementing auto archiving."

"Auto archiving? Have you gotten a green light from management for that?" he asks.

"Sent the memo yesterday," I say. "Rang legal this morning and they're OK with it so long as we don't lose your highly valuable lunch appointment conversations."

"But... I need my email."

"And you shall have it - only it'll be stored in an offline file and not in the mail store."

"So I'll still be able to read it?"

"Absolutely! Six months from now you'll be able to open your mail archive file and find out you had a sandwich yesterday. Because she's right - you always choose the sandwich place."

. . .

"That was surprisingly painless," the PFY says, moments later when the PR droid has left. "I thought he'd put up more of a fight."

"Yes, the key with users is to..."

I pause as the PFY looks up in response to the opening of the door.

"Hi, Kathy, Projects Office," she says, extending her hand. "I'm here about the archiving project."

"What archiving project?" I ask.

"The one to archive email messages?"

"That's not a project - in fact it's done. I clicked a couple of boxes, tweaked a few settings and it'll all happen like clockwork Monday morning".

"I didn't see a project plan," she says with just a hint of annoyance.

"No you wouldn't have - because as I said, it wasn't a project."

"It most certainly is! Did you do a risk analysis?"

"No."

"A costs benefits analysis?"

"Nope."

"A communications plan?"

"Not one of those, no."

"Contingency plan?"

"Nup!"

"Work plan schedule?"

"Uh... no."

"Review process?"

"Afraid not."

"Resource scheduling plan?"

"Nnnnno."

"Well you can't do it then! You can't do a project this risky if you haven't done the planning!"

"We don't know how risky it is - we didn't do the risk analysis, remember?"

"But you can't create a project plan until you've done a risk analysis!"

"That's OK because we didn't create a project plan."

"You can't have a project without a project plan!"

"It's not a project!"

"You're right it's not a project! I'm vetoing the change process until such time as a project plan is submitted!!" she snaps.

"We don't have a change process."

"Then get one - and a project plan!" she says, storming off to the Director's office.

"She was a bit volume 11 wasn't she?" the PFY says.

"Yeah - the projects office is pretty much staffed by those people who couldn't get into the workplace safety industry because they're too petty - so they spend their time trolling office gossip for the hint of some project they can insinuate themselves into and ride to a successful completion - albeit three weeks late because of the tangle of bureaucracy they bring with them."

"So what do we do - do a project plan or tell her to get stuffed?"

"It's a tricky question. On one hand we want to be good corporate citizens and on the other we don't want to show any sign of weakness or we'll end up having to fill out a change request form just to login of a morning. Bear in mind that these are the sorts of people whose sense of achievement is measured in reams of paper and time wasted."

"So what do we do?"

"Ordinarily we would give all the impression of complying with their requirements - printing boxes of documentation, revising specs, researching risks, scheduling resources and such."

"!!"

"Worry not. I have a project plan I used once or twice in the past that I'm sure I can tailor for this occasion..."

. . .

"It's a little thin isn't it?" Kathy asks, fingering the folder with disdain the next morning.

"Yes well, I look upon good project planning as establishing a broad framework from which to address the key strategic areas underpinning the successful completion of a holistic organisational change," I say, pausing briefly to fight back the nausea.

"Well, let's have a look at it then," she says. "Implementation plan: Click the mouse button on the ON radio button then click OK. Contingency plan: Click the mouse button on the OFF checkbox and Click on OK. You can't be serious?!"

"Of course I am - but read on, we did the analyses!"

"Risk Analysis. Issue 1, Contingency Plan A, Risk 0. Issue 2, Contingency Plan B, Risk 0. Issue 3, Contingency Plan C, Risk 0. Issue 4, Contingency plan D, Risk 0... This is just rubbish!"

"No it's not, I identified four issues and four contingency plans which quantified the risk like you wanted."

"What issues?"

"Risks."

"Yes, but what were the risks?"

"You mean what were the actual things I was worried about?"

"Yes!"

"Oh. I forget."

"And the contingency plans?"

"I don't recall the exact details."

"You..."

"But I have got a copy of them. In my car. I'll pop down to the basement later on this morning and get them for you."

"How about we all pop down right now?" Kathy asks, scenting blood.

"I... suppose we could."

. . . one lift ride later. . .

>slam<

"So here's the risk profile document," I say, handing over a page with four bullet-pointed paragraphs in six point Times Roman associated text. "And the contingency plans."

"I can't read it in this light, it could be anything!" Kathy snaps.

"Why don't we pop upstairs where the light's better?" I suggest.

"Why don't we stay down here and find a room with some lights," she says with a touch of sarcasm. "In case you grabbed the wrong document 'by accident'."

"I'm sure it's the right document," I say, passing the pages to the PFY to check. "Anyway, there's nowhere down here to read it."

"What about this room?" she asks, indicating a well-lit plant room with an open door.

"If you must," I say.

>SLAM!<

"Risk 1," the PFY reads from the light of the EXIT sign. "A lifetime of filling out meaningless paperwork to appease some glory-hogging control freak. Contingency Plan: The old 'unreadable text in the Basement Carpark with adjacent plant room' trick. Oh yeah - Risk 0."

>thump< >thump< >thump< >thump<

"Risk 2," the PFY continues. "The sound of thumping on the door..."

. . . ten minutes later in Mission Control. . .

"Risk 4. The Risk of being caught. Contingency Plan: Deny Everything."

"Risk 0," I say, popping the pages into the shredder...

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.