* Posts by RJX

5 posts • joined 8 Jul 2009

Security needs to learn from the aviation biz to avoid crashing

RJX

Re: Until someone has to go to jail for doing it wrong?

I spent a quarter-century in corporate aviation maintenance, avionics and electrical specifically. I then moved into IT and was absolutely appalled at the practices. I still am 20 years later.

One "threat of jail" that actually worked was Sarbanes-Oxley in the US. SarBox had the threat of jail for the CEO and CFO.

Due to our fiscal year end date we were in the very first group that had to comply. The CEO and CFO were in learning mode a lot. A lot of sloppiness was corrected because of the threat of jail. The same thing was experienced when I worked for a bank in IT security years later.

In aviation, the way cockpit voice recorders and flight data recorders got the blessing of the airline pilot union was a federal law guaranteeing that neither could be used in enforcement actions.

The ISACS in the US are good for info sharing but sharing needs to lead to learning and too often companies do not care until they get smacked upside the head by an incident.

Oracle to release on-prem software usage tools to prep cloud switch

RJX

Yeah, no kidding. That was the first thing to pop in my mind as I read that article. But I've experienced it myself. Managers become so enamored with a vendor that they refuse to look at alternatives. Then they retire and the new person is appalled at how much the company is paying, finds a new vendor/product, and hundreds of thousands of dollars or more are saved annually.

At one company that used AT&T forever, the telecom manager finally retired and the new person, who had experience from other companies because they had not been there for decades, was totally shocked. They started auditing the AT&T invoices and finally convinced AT&T to send in their own person to audit their own invoices. (AT&T refused to believe her audit.) There was a quarter of a million dollars in overcharges found by the AT&T person. Per year.

It's kind of like home and auto insurance companies. Once you finally get upset at the price increases and begin looking at alternatives, you discover you've been way over-paying for less coverage.

BOFH: Putting the gross in gross insubordination

RJX

Kind of hard for a satellite to track someone inside a building. You'd have to nuke the whole building from orbit.

RJX

Exactly, that's the beauty of it. Apple devices will warn you if they detect you're being tracked by an AirTag that's not yours. Android devices have a scanner app available but it must be run manually.

CompuServe signs off

RJX

Trivia: Why were no digits higher than 7 used in CS IDs?

Because the original computers used by CompuServe used octal and not hexidecimal.

Regards,

72270,650

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022