That’s really interesting:

Impressive!

Roger

A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether we would be able to ramp up the communication channels and keep them up even if bad things happen (like the building has to be evacuated). By ramping up the channels, I was not necessarily interested in the technical side but in the people side. Especially as the key leaders of the incident teams were the ones running the exercise. So, you had the people who knew each other for years sitting there and just listening in.

If you think about it: Even if you know that you are on call for an incident response team, if you get a call from national intelligence telling you that something bad happens, how can you know that they are genuine? Just because they know the incident number? An interesting question we realized that we did not address it if the key people were not present. Now this is for a security-related IT incident.

Reading this article An Unsung Hero of the Nuclear Age scared me as it seems that this problem was not even solved launching nuclear missile. It asks a fundamental question:

How can any missile crewman know that an order to twist his launch key in its slot and send a thermonuclear missile rocketing out of its silo—a nuke capable of killing millions of civilians—is lawful, legitimate, and comes from a sane president?

So, even though the article is fairly long it is worth reading

Roger

A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes:

• Get to know the security update release process
• Learn how to evaluate risk
• See how to mitigate security risks
• Understand how quickly you need to apply updates
• Assess your update
• Get ongoing security

If you are somehow linked to the security update process in your organization, you should download it and look at it here: Microsoft Security Update Guide, Second Edition

Roger

It is kind of strange: I worked with some kids on Tuesday on online safety challenges and mainly we talked about Facebook, Netlog, Twitter etc. We had a lot of very good discussions with them about how to protect your privacy

Tonight we will talk to the parent’s of these kids and do our best to educate them as well. What I often say is that if the kids use Facebook, the parents should as well. I t might be “only” to understand how Facebook looks and feels – or to become a friend of the kids. This might be even one of the requirements for them getting online.

And then, I just stumbled across a decision chart whether kids should accept their parent’s friend request (I will not show my kids, please do not tell them ):

Roger

Forbes posted: The World's Most Ethical Companies. I quote:

The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World's Most Ethical Companies. The selection, open to every company in every industry around the globe, gives its winners an opportunity to trumpet their do-gooding ways. It is not a ranking, so they are all equally winners.

Nearly 3,000 companies were nominated--or nominated themselves--to be considered this year. The record-high number of nominations and applications demonstrates companies' desire to be acknowledged for high ethical standards. The 2011 list, which includes 110 organizations, is the largest since the award's inception in 2007.

and

The 110 companies that made the final cut this year include first-time recipients Adidas ( ADDDY.PK - news - people ), eBay ( EBAY - news - people ), Microsoft ( MSFT - news - people ), Colgate-Palmolive ( CL - news - people ) and 30 other newcomers. Thirty-one companies from last year disappeared, generally because of litigation or ethics violations, as well as increased competition from within their industries. Twenty-six companies have been recognized as a WME company for all five years, and 50 more have made the list at least twice.

In my opinion, something we can be very proud of!

Roger