|
Dear CIO/IT managers,
This
CPTTM CIO newsletter is to bring useful news to you, CIO/IT managers in
Macau, for references without obligations, so that you can do your jobs
easier and better! Hope you like it. if you'd like to unsubscribe or
recommend your friends to subscribe, just email me at kent@cpttm.org.mo.
Old
issues
are available here.
Topics in this issue:
Updating
your ITIL knowledge to v3
The version 3 of
the popular IT service management framework, ITIL, was released
in mid 2007. Here are the major enhancements:
- The concept of ROI is pervasive in all parts of
it. The result is, we'll be able to sell ITIL to our
management.
- It is now more prescritive. The result is,
we'll have more concrete guidelines on how to implement ITIL.
- It is no longer assumed that a single IT
department provides all the services. Instead, entities such
as outsourced service providers, support personnel in business
departments are also considered. That result is, ITIL will be closer to
the reality we face and thus is easier to apply.
- Services truly become the primary focus instead
of individual processes. That result is, we will get a clearer picture
of the life cycle of services, from strategy to design, transition and
operation.
To learn such new enhancements in details or upgrade your existing ITIL
foundational certificate to v3, join our ITIL
V3 Bridging Workshop.
Lessons
learned from a virus infection
About a week ago the files
on our Cyber-Lab file server were infected by a virus. Not
just data files but also executables and was spreading to users'
computers. It was a very serious issue. How did it happen? Normal users
don't have write permission to executables. We believe it
happened when we used the personal notebook of one of our
administrators to perform an annual data archive to DVDs and that
notebook was carrying a virus. This is striking to me because I just
couldn't have imagined an IT administrator who couldn't keep
his own computer virus free. In a review, we concluded with
the following lessons:
- Human is the weakest link in information
security. IT administrators can be just as weak as normal users. How to
screen them (who are weak?) and repair them (make
them stronger)? To screen them, I've asked all our colleagues to fill
out a secuirty awareness questionnaire. To repair them,
education is not enough. It is necessary to actually observe and
correct their behaviors in controlled scenarios, e.g.,
emailing them interesting looking programs (games.exe) to see if they
will bite. This is a lot of work as it is a continuous effort,
but I guess it is not as much as work if you have rebuild
your servers, lose all your data, have it stolen by hackers or
apologize to your customers for infecting them with a virus.
- Least privileges. We shouldn't have granted the
account for archiving full permission. All it needs is read permission.
If you'd like to have a copy of our secuirty awareness
questionnaire, let me know.
What
do they mean to us? Here is my personal take for the MySQL deal:
- MySQL is getting a stronger backing. You
probably won't be blamed for choosing it.
- SUN is another step closer in transforming
itself from a hardware company into an open source company (Open
Solaris, Star Office, Glassfish, Netbeans, MySQL). Along with Novell
and IBM (which
just licensed Lenovo to make X-servers), there seems to be a
trend: Hardware and operating systems are becoming commodity
and companies in these businesses are transforming to open
source models for survival. What will happen to Microsoft next?
- SUN competing with Oracle. In the past Oracle
recommended people to run its database on Solaris on SUN's hardware.
As Oracle is now pushing Linux (its own Oracle Linux)
on Intel servers, it is natural for SUN to find database
software to run on Solaris on its hardware.
For the BEA deal:
- The big question is that as Oracle now has two
similar middleware products: BEA WebLogic and Oracle Application Server
10g, which one will it stand behind? If you're using one of them or
planning to, you may need to gather some more information about the
future roadmap.
- Just like hardware and operating system, the
middleware market is also turning into a commodity (JBoss, Glassfish or
even Tomcat).
ARCserve
Backup criticized as insecure
A security company, Secunia, criticized
the popular ARCserve Backup software as "inherently insecure".
It is sarcastic that this software has anti-virus and encryption
built-in. If you're using it, you may want to take extra security
measures.
Upcoming courses
for CIO/IT manager
There is no course for CIO/IT managers
for the moment, but there are some courses your
kids may enjoy:
Feedbacks
Any
questions, ideas or experiences to share? Contact me at
28781313 or kent@cpttm.org.mo. We also
have two other newsletters: Network
administrator newsletter and Software
developer newsletter, your staff may like to subscribe.
Until
next time,
Kent
Tong
|
