Re: Thames Valley orders consolidation across the board (Feb. 22)
I applaud the drive that Thames Valley is undergoing to consolidate disparate systems. It will undoubtedly save them
money in the short and long term! But with 25 years of expertise in the industry, I have to wonder why they are bothering to have independent computers, which greatly introduce risk of security breaches and data subversion/theft. A thin client application service provider model would be more resilient to attacks and faster to deliver updates with a unified content menu on all computers. Further, risk is centralized where it can be much better monitored and protected at the core of the network.
Thin client computers can be older Pentium class machines to save money and prolong hardware life. Hardware spending saved can be redirected to easier-to-read LCD panels (with proper security cabling!), lending to more desktop space, reduced heat output and much less electricity usage, saving the board thousands of dollars a year in the budget.
Students and staff could also then be given 64 bit encrypted buttons (cost is about 50 cents each) that allow them to press their button and instantly log on to view their profile on ANY computer in the system and quickly identify their unique attributes and requirements (homework assignments, project status updates, fees due, books out, virtual cash available, stored projects for printing, school e-mail, etc., etc.). Plus, this is ideal for vending machines, cafeterias, parking, library books, security access to rooms/buildings and so many more uses that can even be viewed as revenue opportunities to help defray system costs and eliminate cash theft in schools. Even parents love it. They can view materials pertinent to their student/school based on their profile. Lost buttons are immediately deactivated (they can require a PIN also of course, if desired) and if found, easily reactivated for a new student. They are virtually indestructible and 100 per cent waterproof.
The possibilities are endless, and this is proven, working technology already in use in many school districts in the U.S. and around the world, not expensive space age stuff!
Senior Account Executive
Care Factor Computer Services Inc.
Re: Symantec CEO warns of ‘day-zero’ attacks (Feb 17)
It’s not surprising to me that the CEO of a company that makes its money from selling us security solutions would raise the alarm of increasing vulnerability to attack. What is surprising is an apparently contradictory trend I read about recently in an article by Grant Buckler in Computing Canada about patches which indicated that Microsoft’s Automatic Update had moved to once-a-month releases. McAfee automatic updates are usually weekly for retail customers like me, although to their credit I see that updates do arrive more frequently as needed. These “retail” updates are the only defence which the average consumer and small business has against attack.
I would be more interested in reading about how these large and well funded organizations are actually dealing with the threats, including appropriate counter-measures. Since the typical culprit is said to be a high school student in Montreal or an out of work programmer in Brazil, it’s a bit hard to understand why security is not more effective.
Kudos to my ISP Sympatico. I don’t believe I have ever received a virus e-mail or other attack since signing up for basic internet and e-mail last October. It appears they are effectively dealing with this at the server level.
United Way International Global Standards
Re: Feds respond to Auditor General’s IT security critique (Feb. 16)
I am a federal government employee who has a strong background in IT security. I am a Certified Information Systems Security Professional (CISSP) and also on the Advisory Board for intrusion detection of the Systems Administration and Network Security Institute (SANS), a world leader in IT security.
The main problem with IT security in the federal government is not that there is not enough spent on IT security, but that the expenditures go to “toys,” computer hardware and software that are bought as “”magic bullets”” for security without consideration that security is part of the business process of a department, not an add-on that can somehow make things secure.
IT security is too often a section within the IT function which sees it as an impediment to its mandate. Information is the lifeblood of most government departments, so the confidentiality, integrity and availability of that information should be central to the policy and procedures of a department, not just something to be added as an afterthought when developing departmental systems.
The Treasury Board, the RCMP and the CSE have provided lots of resources so that we could have good IT security, but departments have no incentive to implement these recommendations. Instead these are seen as “nice to have,” but there is no requirement to have any expertise in IT security. Most IT security groups within the government are operational, not policy. They look after the latest toys, but are not at a level to actually influence departmental policy and improve security.
In my department, there is no security policy group, just an IT security operations group that maintains the Internet firewall, installs anti-virus, etc.
The group that does systems planning has no security expertise. Security is seen as an impediment to the development of new systems because it asks nasty questions that can not be answered by vendors. The Departmental Security Officer (DSO) group has no expertise in IT. The IT security manager is also chief of operations. It is seen as somehow outside the mainstream of the department and so has little clout in improving security.
Re: Save the data (Feb. 8)
In reference to Mr Sander Smith’s letter, I have to disagree with his points.
There is no doubt that a reliance on pure digital safeguarding of one’s beloved information is dangerous. I disagree with his assertion of the 5.25” floppy drive. It took years for that drive to become obsolete. More than enough time to transfer files to alternative media. And how much information could you store on a 360Kb (or 1.2MB) media anyway? Might as well discuss the 8″” floppy that preceded it, or the cassette tapes on which data was stored when computers were first introduced!
Any critical business information is well past its prime if it was stored on a 5.25” floppy, and is surely no longer critical. If it was that critical, why was it not transferred to another media?
We have been told for the past couple of years that the 3.5” floppy is set to disappear. Mr. Smith, are you listening? Transfer all your 3.5” floppy information to another media. A CD maybe. Better yet, a DVD since that seems to be the best option for the foreseeable future.
As for all those word-processing applications that have come and gone, the .RTF format was developed to bypass the various proprietary formats that are so in vogue in our business. Use that format and you are assured that the file will always be readable, at least for the foreseeable future. I would recommend storing information on external hard drives. With the price of hard drives dropping, this is very practical.
But the problem is not one of media. It is that we store so much information that we forget what we have stored and where it is stored. The number of companies I know who have no idea what is stored on the hard drive of the person who just left the company is astounding. None of them have the time to find out either. You just keep the information on the servers just in case something comes up, which invariably does not. So the data just sits and waits for the inevitable wipe a few years down the road.
The media will keep changing and evolving. And the pack rats that we are, we will keep storing stuff on these media, just in case. My sister has a box full of black and white pictures that our parents left us. They are truly beautiful, except none of us know who any of these people are. The media is irrelevant to the problem. And the problem is the accumulation of a ridiculous amount of data.
The I.T. Group
Letters to the editor must include the writer’s name and company name along with an e-mail address or other contact information. All letters become the property of ITBusiness.ca. Editors reserve the right to edit submissions for length and content.