Feeds

BOFH: Risky business

Contingency plan? Shine a light

  • alert
  • submit to reddit

Reducing the cost and complexity of web vulnerability management

Episode 7

"All I'm saying," I say, trying not to lose my rag, "is that you don't have to keep all your email messages in their entirety."

"Yes, but I need my email as a record," the PR droid burbles.

"That may be, but you don't need a record of the 50 messages between you and the woman from the office across the road saying 'what do you want for lunch?', 'pizza', 'I don't like pizza', 'what about Indian?', 'we had Indian yesterday', 'ok, what about that sandwich place?', 'you always suggest the sandwich place', 'I like the sandwich place', 'I KNOW you like the sandwich place', 'well you choose then', 'I don't know, I just want to try something different', 'what about Mexican then?', 'I've got a meeting this afternoon', 'but you have Indian before you have meetings,', 'maybe I'll just get something from the cafe downstairs', 'don't be like that', 'don't be like what?', etc, EVERY BLOODY DAY!"

"Have you been reading my email?"

"Who would want to read that sort of email?"

"I don't know," he replies, somewhat defensively.

"Trust me, the email I'd be reading was 'I've got a friend who works for the lottery and they've discovered the balls are weighted in favour of the Fibonacci sequence minus 1 - whatever that means - and they can't fix it until after this week's 25 million draw'. That's an email worth reading."

"I... But I need to keep my email," the PR droid sniffs, deciding on repetition as an approach.

"Look. I don't care if you keep every email you ever send or receive - so long as they're not clogging up the mail store. And trust me, you're clogging up the mail store. You've only been here six months and already you're the second highest mail user with 17 gigabytes of mail"

"Is that a lot?"

"Uh-huh.

"So if I'm the second highest, who's the highest?"

"Administrator - but that doesn't count because no one reads that mail."

"So it's not that much of a problem?"

"It is - and I'm implementing auto archiving."

"Auto archiving? Have you gotten a green light from management for that?" he asks.

"Sent the memo yesterday," I say. "Rang legal this morning and they're OK with it so long as we don't lose your highly valuable lunch appointment conversations."

"But... I need my email."

"And you shall have it - only it'll be stored in an offline file and not in the mail store."

"So I'll still be able to read it?"

"Absolutely! Six months from now you'll be able to open your mail archive file and find out you had a sandwich yesterday. Because she's right - you always choose the sandwich place."

. . .

"That was surprisingly painless," the PFY says, moments later when the PR droid has left. "I thought he'd put up more of a fight."

"Yes, the key with users is to..."

I pause as the PFY looks up in response to the opening of the door.

"Hi, Kathy, Projects Office," she says, extending her hand. "I'm here about the archiving project."

"What archiving project?" I ask.

"The one to archive email messages?"

"That's not a project - in fact it's done. I clicked a couple of boxes, tweaked a few settings and it'll all happen like clockwork Monday morning".

"I didn't see a project plan," she says with just a hint of annoyance.

"No you wouldn't have - because as I said, it wasn't a project."

"It most certainly is! Did you do a risk analysis?"

"No."

"A costs benefits analysis?"

"Nope."

"A communications plan?"

"Not one of those, no."

"Contingency plan?"

"Nup!"

"Work plan schedule?"

"Uh... no."

"Review process?"

"Afraid not."

"Resource scheduling plan?"

"Nnnnno."

"Well you can't do it then! You can't do a project this risky if you haven't done the planning!"

"We don't know how risky it is - we didn't do the risk analysis, remember?"

"But you can't create a project plan until you've done a risk analysis!"

"That's OK because we didn't create a project plan."

"You can't have a project without a project plan!"

"It's not a project!"

"You're right it's not a project! I'm vetoing the change process until such time as a project plan is submitted!!" she snaps.

"We don't have a change process."

"Then get one - and a project plan!" she says, storming off to the Director's office.

"She was a bit volume 11 wasn't she?" the PFY says.

"Yeah - the projects office is pretty much staffed by those people who couldn't get into the workplace safety industry because they're too petty - so they spend their time trolling office gossip for the hint of some project they can insinuate themselves into and ride to a successful completion - albeit three weeks late because of the tangle of bureaucracy they bring with them."

"So what do we do - do a project plan or tell her to get stuffed?"

"It's a tricky question. On one hand we want to be good corporate citizens and on the other we don't want to show any sign of weakness or we'll end up having to fill out a change request form just to login of a morning. Bear in mind that these are the sorts of people whose sense of achievement is measured in reams of paper and time wasted."

"So what do we do?"

"Ordinarily we would give all the impression of complying with their requirements - printing boxes of documentation, revising specs, researching risks, scheduling resources and such."

"!!"

"Worry not. I have a project plan I used once or twice in the past that I'm sure I can tailor for this occasion..."

. . .

"It's a little thin isn't it?" Kathy asks, fingering the folder with disdain the next morning.

"Yes well, I look upon good project planning as establishing a broad framework from which to address the key strategic areas underpinning the successful completion of a holistic organisational change," I say, pausing briefly to fight back the nausea.

"Well, let's have a look at it then," she says. "Implementation plan: Click the mouse button on the ON radio button then click OK. Contingency plan: Click the mouse button on the OFF checkbox and Click on OK. You can't be serious?!"

"Of course I am - but read on, we did the analyses!"

"Risk Analysis. Issue 1, Contingency Plan A, Risk 0. Issue 2, Contingency Plan B, Risk 0. Issue 3, Contingency Plan C, Risk 0. Issue 4, Contingency plan D, Risk 0... This is just rubbish!"

"No it's not, I identified four issues and four contingency plans which quantified the risk like you wanted."

"What issues?"

"Risks."

"Yes, but what were the risks?"

"You mean what were the actual things I was worried about?"

"Yes!"

"Oh. I forget."

"And the contingency plans?"

"I don't recall the exact details."

"You..."

"But I have got a copy of them. In my car. I'll pop down to the basement later on this morning and get them for you."

"How about we all pop down right now?" Kathy asks, scenting blood.

"I... suppose we could."

. . . one lift ride later. . .

>slam<

"So here's the risk profile document," I say, handing over a page with four bullet-pointed paragraphs in six point Times Roman associated text. "And the contingency plans."

"I can't read it in this light, it could be anything!" Kathy snaps.

"Why don't we pop upstairs where the light's better?" I suggest.

"Why don't we stay down here and find a room with some lights," she says with a touch of sarcasm. "In case you grabbed the wrong document 'by accident'."

"I'm sure it's the right document," I say, passing the pages to the PFY to check. "Anyway, there's nowhere down here to read it."

"What about this room?" she asks, indicating a well-lit plant room with an open door.

"If you must," I say.

>SLAM!<

"Risk 1," the PFY reads from the light of the EXIT sign. "A lifetime of filling out meaningless paperwork to appease some glory-hogging control freak. Contingency Plan: The old 'unreadable text in the Basement Carpark with adjacent plant room' trick. Oh yeah - Risk 0."

>thump< >thump< >thump< >thump<

"Risk 2," the PFY continues. "The sound of thumping on the door..."

. . . ten minutes later in Mission Control. . .

"Risk 4. The Risk of being caught. Contingency Plan: Deny Everything."

"Risk 0," I say, popping the pages into the shredder...

Choosing a cloud hosting partner with confidence

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.