no more cubes

Blog

  • Risk Assessment Methodolgies

    • OCTAVE is a self-directed, interdisciplinary team, focusing on operational risk and security practices, performing risk analysis.
    • FRAP is a qualitative risk analysis approach that uses pre-screening to identify critical risk areas.
    • NIST is a qualitative risk assessment methodology established with healthcare in mind.
    • Failure modes and effect analysis” assess risk by examining the effects of failures on three levels.
    • CRAMM is an IT risk analysis method used in the British Government.

  • Methodological Frameworks

    • ISO 27000 is a series of of standards to manage information security
    • ITIL is comprised of a series of books aiming to improve IT service management and IT processes
    • COSO is a framework for financial reporting and disclosure
    • COBIT is a four domain model for IT governance and has 214 control objectives

  • Baselines, Procedures, Guidelines & Policies

    • Baselines define a minimum technical standard that should be maintained across the organization
    • Procedures are step-by-step instruction on how to comply with security requirements.
    • Guidelines give discretionary guidance on how to comply with security requirements best.
    • Policies define security requirements broadly.

  • email ain't work.

    email is one of my favorite topics when it comes to modern ways of working. There were a few articles on this blog concerning email to be abolished by major organizations in favour of social media (which won’t solve the underlying problem…)

    Communication is essential to most jobs, but so is productivity. Claire Diaz Ortiz wrote a nice comment on why it is both work and why it ain’t at the same time.

    email ain’t work.

    This is the opinion that I tend to prefer, coming from an engineering education. email will distract anybody trying to focus on some real problem, will create an obligation to do something non-productive. email can be considered something additional, that should not become the majority of the actual work. To send designs, architecture, plans or status updates, but it is for sure outside the scope of engineering centric job descriptions.

    unless you’re paid for it.

    The situation is much different should you work in customer support, service, sales or even product marketing or management. These roles live off the conversation with customers, clients, partners and peers, sometimes even competitors. These roles need to know what others, the market, wants to see as a product or a service, and this is something you can get off a drawing board.

    So it depends (a bit)

    After all, email has a very different meaning, depending on the role someone is in. Still the medium itself is very difficult to handle and too time consuming, even for roles depending on communications. Just imagine all the (obvious) spam, newsletters, notifications and so on. Not to say about the increasing practice to CC everybody and his brother. This is what makes email an ultimate productivity killer for everybody.

    In response to: Why Email Isn’t Work. (And Why It Is.).

  • Lessons Learneds – Flight Projects Directorate Code 400

    Raum- und Mondmissionen sind berühmt für hervorragendes Projektmanagement und so finden sich bei der NASA auch schöne Dokumente zu dem Thema. Besonders schön zu lesen sind die 128. von Jerry Madden, Retired Associate Director (400), niedergeschriebenen Erfahrungen (Lessons Learned) zu lesen. Bezüglich Meetings hat er eine ganze Reihe von Ratschlägen. Einer hat meine ganz besondere Aufmerksamkeit gefunden.

    115. Reviews, meetings, and reality have little in common.

    (more…)

  • Bügeleisen infizieren per WLAN PCs mit Malware

    (Chinesische) Bügeleisen infizieren per WLAN (russische) PCs mit Malware

  • Lightbeam

    Vor etwa einem Jahr hatte ich hier ja schon einmal Collusion. Lightbeam scheint dir Weiterentwicklung davon zu sein.

    [vimeo=http://vimeo.com/77340206]

  • Head-up display

    Garmin hat da ein tolles Gerät zum Autofahren. An sich fahre ich nicht so gerne Auto, aber da hätte ich sicher trotzdem Spaß dran. Man kann da ja sicher auch was anderes als Navigation anzeigen lassen. Kaufen kann man das Ding z.B. bei [amazon_link id=”B00DUYKY40″ target=”_blank” ]Amazon[/amazon_link]

    [amazon_image id=”B00DUYKY40″ link=”true” target=”_blank” size=”medium” ]Garmin Head-Up Display (HUD)[/amazon_image]

    via Boing Boing.

  • Zeitalter des Pseudoprivaten beginnt

    Früher wollte ich ja nie Sascha Lobo verlinken. Seit Edward Snowden und allerspätestens seit auch der BND am DeCIX alles mitliest, kommt mir das alles vor, als ob ich das immer öfter mal mach könnte. Es sind Monate vergangen, in denen die Nachrichten fast täglich voll sind von immer schlimmeren Fällen von totaler Überwachung. Trotzdem ist hier in dem gleichen Zeitraum nicht eine einzige verschlüsselte Mail eingegangen. Und auch sonst scheint die Resonanz überschaubar zu sein und wenn etwas zu hören ist dann ist es Gleichgültigkeit. Und Sascha Lobo fasst das nochmal zusammen:

    Kolumne Sascha Lobo: Zeitalter des Pseudoprivaten beginnt.

  • Hipster in Stone

    Fantastische Bilder alter Statuen, als Hipster angezogen: Hipster in Stone