How do you deal with things like re-tests and conflicting priorities for remediation? For example, client wants vulnerabilities patched in one week but the next maintenance window is for two weeks.
Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
We are in the same situation and we have data centers spread around the globe to deal with data privacy and jurisdictional considerations.
I could have made that more clear. We license Rapid7 and use their tools to conduct internal tests of the systems on a bi-weekly basis.
I am curious about this as well. What are the potential risks of maintaining focus on a point a few inches away from the eye for hours upon hours?
I work for an organization that hosts PII for a number of large public companies. We are constantly asked about vulnerability scans and about 50% of the clients want to scan our networks themselves. We do not allow that.
The compromise is that we conduct bi-weekly scans with Rapid7, and hire from a rotating list of third parties to conduct yearly vulnerability assessments of our applications and infrastructure. We make the high level results of those scans (number of vulnerabilities found) available to the clients. We also have to put up with the occasional fire drill like Heartbleed. During those situations, we deploy the patches as soon as we can test them, and then provide letters of attestation to any client who wants / needs one.
While some clients complain, they eventually come around when we explain to them that it is for their own safety and the protection of their information. We are in a situation where we retain data for companies who are in direct competition with each other. When push comes to shove, we sometimes have to explain that, "Just like we will not let you scan our network for vulnerability, we will also not allow your direct competitor to scan our networks either."
I have found that the best middle ground is to work with the developers and project team to set deadlines and project milestones. While down to the tenth of an hour estimates are not necessary, there have to be goals to hit.
The best managers are going to let the developers provide their own estimates, and then calibrate the timelines accordingly. Some people are good at estimating time. Others are horrible at it. The project manager needs to know their team well enough to account for those factors.
The of thumb that I have always worked with is double the estimated time. Under promise and over deliver. This does lead to some grumbling up front, "It is going to take HOW long?!" But after successfully delivering ahead of time, enough times in a row, people come around.
The biggest challenge is keeping people honest. Some people have a hard time admitting that they are not going to make a deadline. It is important to give those people room to fail, so long as they are responsible about it. "This deadline has some flexibility, as long as you give me 48 hours notice that you are going to miss it. Don't come into my office the day I am expecting a deliverable and tell me that you need another week."
The other side of that is having to be a good manager, and push back on the business team to give the developers room to work. "We told you we would deliver it by X and we are still on track to deliver it by X. STFU you about your cranky client whose expectations you cannot manage despite us being explicitly clear with you about what our timelines are. And no, we are not going to add that extra feature that you promised them but failed to include in the scope."
I really wished that I had discovered a few things earlier than I did. The first is Neuro Linguistic Programming. (Reading: Introducing NLP: Psychological Skills for Understanding and Influencing People by Joseph O'Connor) While it gets a bad rep as being the techniques people use to manipulate each other, I found that it was a solid 'instruction manual for the mind'. Some of the techniques in there made a very positive impact in my ability to learn, and I wish that I had had them in middle and high school when I was struggling with some of the AP work.
The second is eastern philosophy, specifically Taoist and Buddhist philosophy. (Reading: The Taoist Classics & The Classics of Buddhism and Zen by Thomas Cleary.) While technology is cool and all, hacking the body and the mind are way more fulfilling, interesting and beneficial. Some of the practices developed by the ancient masters like tai chi and qi gong are life long practices, and the earlier people get started, the more benefit they will eventually reap from them.
I believe that the majority people who read and contribute to Slashdot understand that our society is seriously ill. In many ways, our society is insane. It can be very isolating and confusing to hold different beliefs. It can be confusing to intuit that things are wrong, yet not understand why... or what the alternative is. I found those alternatives in ancient philosophies that can still be applied to the modern day.
To wrap it up. Children need to understand Neuro Linguistic Programming so that they can see through the bullshit that is constructed by the media, the marketers and politicians. Anyone can benefit from philosophies that espouse the virtues of self cultivation, health and just, balanced societies.
For the OP: Your daughter and wife will be okay. She has your DNA. They have both had your love. They are blessed that you were there to help bring her into the world, and to guide her development. They will miss you, your passing will hurt, but they will be okay.
Some species of birds and social insects routinely help raise another's brood. Even bacteria can cooperate, sticking to each other so that some may survive poison. If extortion reigns, what drives these and other acts of selflessness?
Lacking a human ego, the species in question naturally accept that they are all one and part of a larger whole. Therefore self sacrifice is innate because it leads to the survival of the whole.
I was not going to be the first one to say it, but the exact same thought passed through my head.
This guy has a wife with a serious illness AND a two year old child. His solution is to make it possible for his two year old to keep an eye on his wife.
What kind of long term trauma is that going to cause? "Now Sally, keep a close eye on your mom because it is on you to make sure that when she starts convulsing that you make sure daddy is aware of it." What kind of sick person puts that responsibility on a toddler?
Are you sure about that? They are cutting senior staff positions. A Director of community relations is probably a smart choice given that they are going through a massive transition. Do they really care what the old message to the community is? Can they even afford to care what the community thinks, or court their input at such a delicate time? While fan participation and buy in is important, it is doubtful that they are in a position to do anything meaningful with it right now, or in the near future. It would not surprise me if they fill the position again, probably internally, once they figure out what their new messaging is going to be.
The Director of Development is an odd one, but in a way it makes sense. If they had a solid development program, they would not be in dire financial straights in the first place. While they are losing a leadership position, it will be interesting to see if they fill the position internally, or go outside. An internal hire shows that they are committed to leveraging current talent to lead them in a new direction. An external hire shows that they have little faith in their current staff, and will very likely accelerate a talent exodus.
By and large, the public does not care. They certainly do not care enough to do anything about it.
If people really cared, it would take self sacrifice. People would have to refuse to go to work, for weeks, if not months. We would have to stop working long enough to really throw a wrench into the system. Not only that, we would have to some how convince others not to take our jobs while we are out there doing whatever it is we would do when we were proving to the government that we are not there to perpetuate their system.
Good luck with that.
Now, to be able to go through 13000 cases (each with multiple documents), each member of this hypothetical team will need to process 928 cases. How many can they process per day?
The relevant metric here is number of documents per case. On average, a trained reviewer is going to do about 2 docs a minute, or 120 docs an hour. Keep in mind, that is for a typical privilege review. They may be able to do it even faster if all they are doing is verifying redactions.
and search using OCR. But these cant be redacted as easily.
There are plenty of systems out there that can perform keyword searches and redact accordingly once the originals have been OCR'd.
First paragraph should read
"Progress is being made to address those concerns, and companies who can deliver successful SOLUTIONS are trying
Jeez I need to do a better job of proof-reading.
Should read "Progress Being Made in Renewable Energy Storage"