Freely Foster | The Blog

15-Nov-2010

Lessons in phishing
2-Nov-2010

Presentations can be lethal!
10-Mar-2010

Flash - boom - bang
17-Feb-2010

iPhones and ITIL^®- is there a link?
4-Feb-2010

Information Security Management Principles

Lessons in phishing

The money is gone! Out of your account! The bank should have protected you! The fraudsters are to blame Your IT department should protect you! The anti-virus you forked out good money for should have picked it up! Guess what? The money is still gone!

So now you start with the phone calls. Trying to sort it out at the bank. Trying to figure out if you have insurance for this. Russell IT'S TOO LATE!!!

I often ask myself - what can I do for the community? Become a police reservist? Volunteer at Helen Joseph during public service strikes?

I am sending you this mail to protect you. (almost like a reservist - right? :))

Listen up! Here are the top three rules for keeping your money out of Eastern Europe and in your account where it belongs!

Lesson 1
When you receive a mail from:

A bank, money transfer agency, VISA, MasterCard, Pay Pal, Google, Microsoft, the Pope or the Queen of England,

asking you to:

verify, confirm, click, update, double-click, comply, check, triple-click, validate or block - click click,

because you have:

lost money, are owed money, someone is stealing your money, you owe money, you don't want to lose your money, check your money, we respect your money,

and:

security is paramount, your safety is our concern, we have your best interests at heart, we are responsible, and wait for it..... GOVERNANCE,

you must:

Find a key on your keyboard - close to home key, page-up, page-down and the insert key are usually close by, looks like DEL or Delete, and,

Hit it. Hit the delete key. Hit hit hit. Do it now!

Lesson 2
See lesson 1

Lesson 3
See lesson 2

I would love to give you more information on the subject, but right now I just received a mail that I won the UK lottery, and I just need to verify my bank account details quickly, and they will transfer the money! I am a lucky guy! I am rich!

Prof King coming to FM!

Advertisement
The one and only Judge (ret), Prof, Mervyn King will be our guest at an exclusive Corporate Governance workshop on the 3rd of February 2011 in Sunninghill!

This 1/2 day seminar will allow you to get up close and personal with Mr King while he discusses the state of Corporate Governance in South Africa, and takes you through the high level aspects of the KING III report.

As you can imagine, Mr King is VERY popular and as a result seating is VERY limited :)

Early bird bookings are now open. I have attached a brochure and a booking form if you would like to attend. I will be in the front row, I will keep a seat next to me for you :)

Regards

Download the Brochure

Presentations can be lethal!

I recently attended a conference in Pretoria. During one of the sessions I found myself biting my hand!

Not because I was hungry... but because I was desperately trying to stay awake!

Honestly, it was the worst presentation I have been to in a long time! (Worse than Idols auditions J)

As I was chewing on my 20th mint (my hand was getting sore), I decided that when I get back I am definitely going to share some tips with you. I have done plenty of presentations in my life, and over the years I have found what works for me and what doesn't. I am not saying I am the world's greatest presenter, but I sure know a bad one when I see one.

If any of these work for you, let me know, I would be keen to hear.

OK, here goes!

You can't do a presentation without PowerPoint!

Rubbish! Too many people rely on PPT as a safety net. Try doing a presentation without PPT one day - just see what happens. Don't worry about remembering your words - practice what you will say the night before.

Watch this video

Put all the info on the slide in case someone didn't hear what you said, and then they can read it.

Eish - then you should have emailed the slides to me and I could have saved myself precious time instead of you reading it to me. Keeping slides uncluttered with text also means that people will be less likely to steal your slides for their own presentations.

Here is an example of a PPT I did at SMEXA.

Stand Still! You will distract the audience.

If you are dead - yes. And if you are - then your audience will also soon be J Move around! Back - forward - to the side, walk! Let everyone get a view of you from a different angle. Just be careful of walking the same steps all the time (looks like you are rehearsing for the first dance at a wedding!)

Presentations are serious - no jokes!

That's a joke! You need some humour. I don't mean "A horse walks into a bar and the barman says, "Why the long face!"- I mean make comments on the material or relate it to a story or even better current affairs.

A presentation is a monologue

Encourage participation. Ask questions. Get feedback by show of hands. A presentation where there was some kind of participation is always more memorable than a "death by PowerPoint!

There you go. I hope this will come in handy one day. And remember this is a public service in the interest of healthier audiences! No charge J hehehe!

One last thing before I go, did you know Foster-Melliar offers a wide range of courses other than Service Management? It might not be your cup of tea, but I have included it here just in case. If you know of anyone who may be interested - please forward the mail on to them.

Take care

Flash - boom - bang

We were in bed. The whole family – sleeping. Outside it was raining – hard (for a change). The next second the room lit up like a police raid, and a deafening crack! .....then silence.....

They say that people who have near death experiences can often smell popcorn. Well, I must have been dead – because I could smell popcorn!

“Go and check if everything is ok!” Princess said.

With my heart in my hand, (I caught it when it left my body), and stars in my eyes, (Not the kind you are thinking of), I rushed downstairs to check the damage. I switched on the PS3.......booting.....booting.....loaded! Phew! There is a God!

“Yes, love. Everything is fine.” I went back to bed.

The next day the extent of the carnage revealed itself! I called OUTsurance immediately.

“Thank you for calling OUTsurance – you are speaking to [name deleted for security purposes], how may I assist you”

“Yes, I would like to register a claim please”, I said – voice trembling. Why does that happen? It’s like a lie detector test. You are so nervous they must think you are lying.

“What happened?”

“Lightning” I said.

“When did this happen?”

“Last night, at about 4am”

“So that was today then?”

What? Not today – yesterday. 4am last night - this morning..... MMmmm there was a reason I took maths at school.

“Where were you when this happened?”

What? Where would a person be at 4am the previous morning? Or is that this morning?

“In bed”

I thought to myself – if she asks me with who, I’m going to crack!

“What was damaged?”

“My printer, my DSTV decoder, the Satellite Dish, my PC, the telephones, my ADSL router, my network switch”.......and the list goes on.

“We do not cover the Dish, Mr Steyn”

What? How can they not cover the dish? That’s probably the second thing that gets hit – after the aerial. Mmmm that’s exactly why they do not cover it.

Clever OUTsurance.

You see, it’s all about risk management. Once you have assessed the risks you face, there needs to be a balance between the cost of removing the risk Vs the cost should the risk materialise. For example, best practice teaches us that there are a number of responses to how we deal with risks.

They include:

Accept the risk (i.e. do nothing)
Mitigate the risk
Transfer the risk
Avoid the risk

The appropriate response comes down to the business impact and costs involved. So many people (especially in IT) think that risk management and disaster recovery are the same. The way you address the risk is to have offsite facilities for data, and disaster recovery. Not true.

Managing risk is a multi faceted discipline which includes:

Identifying the assets (crown jewels) of the company
Identifying their value
Assessing the risks
Putting controls in place
Monitoring
Measurement

I was without TV for a month! It was hell! So I have learnt my lesson! I now have a lightning conductor, surge protection on the plugs, a UPS and power voltage regulator and a 3 metre copper rod in the ground connected to the house’s power.

And that’s just for the PS3!

We hope to see you on one of our events soon!

Warm regards,

comment on this >

iPhones and ITIL^®- is there a link?

ITIL^® v2 has been replaced by the newer "Better" ITIL^® v3. V2 is being withdrawn. Is V2 worthless now?

I recently got an Apple iPhone. No, not the 3Gs (which is the latest one), just the 3G. Not the 3G 16gig, just the 8gig. The smallest one. The cheapest one.

And...you ask?

And..I am happy!

The conversation in the iStore in Clearwater mall went something like this:

"Here is the latest model Sir. It is a 3Gs - and it is white!"

"MMmmmmm, lovely", I said. "How Much?"

"R10,000.00"

"Gulp" I said. "Do you have anything in black?"

"We have the 3Gs in black. It's R8,000.00"

"Gulp! Any other colours?"

Eventually we settled on the plain old - stock standard 3G. Sure, it doesn't have a compass. And it doesn't have a white skin. And it doesn't have SPEED! - But what it does have is...... Me as an owner!

You call me cheap! I call me clever
So what does this have to do with ITIL^®? You ask.

Well, I'm glad you asked! Sure there is a new version of ITIL^®. But when you look under the bonnet, is the old version defunct simply because there is a new version? No! Of course not!

Sure there are newer features and broader coverage in v3, but at the end of the day, where is your company at? Are you even ready for v3 yet? Most of the companies that are adopting ITIL^® are happy to address CMDBs, Incident Management, Problem, Change and Release management, Service Desks, etc - first. All the stuff that is covered in v2! And if you are on a tight training budget - you need to know that ITIL^® v3 WILL cost more. It's new!

I am not saying there is anything wrong with v3, don't get me wrong! It is awesome! All I am saying is make the decision not on features, but rather on need.

There is still time to get the knowledge that v2 has to offer. Even though the OGC announced the withdrawal dates last year. See the press release here. I suppose that Apple too will announce the end of the road for the iPhone 3G sometime soon. I am glad I got mine before the announcement!

If you want to do it though, don't wait too long. The universe has a way of messing with you when you are on tight timescales. Not to be negative, but you need to plan for enough time for a retake if you don't make it first time.

For those who would prefer to do the v3 route to expert instead, we are launching an exciting alternative to the V2 managers programme in March this year. It will be aptly named "The ITIL^® Expert Programme"! I came up with the name!

So what did I eventually pay for my iPhone?

Mmmmm? What are the chances Princess will get to see this post? Rather mail me, I'll tell you in private!

We hope to see you on the programme!

Warm regards,

comment on this >

Information Security Management Principles

John “rug rat” Smith added you as a friend on facebook

So now I am thinking..... Do I know this person? I am sure I must know him. We have 30 friends in common! Eish, he must be legit.... right?

Well, maybe. I once got a friend request from a girl that swore she knew me from “the days when..”. Man I tried to remember – there were some parties and disco’s... could it be? Nooooo couldn’t be. Or was it...... I think I remember.... So I clicked on the “add friend” button....

Wrong move! Let’s just say she was not who I thought she was.... ok we leave it there....

So! Anyway...

What does this have to do with Information Security?

Well, I am surprised you ask! EVERYTHING! How many times do companies get caught up in protecting computers, and shared drives, and email accounts and SPAM and VIRUSES, and and and...

And don’t they get it? What are you protecting? A R6000 Rand computer?

You are protecting competitive advantage over your competitors.

You are protecting market share.

You are protecting IP!

OK, so what does that have to do with F ace book or T witt er or anything else? Mmmm... Everything?

With the rise of Social Networking, Corporates respond quickly and easily. BLOCK IT! Done! Easy! Errr, so how do you block someone’s home PC? How do you block the Internet Cafe. When does the realisation set in that Social networking is the now – not the future?

Ahhh I remember the days – Email was a luxury. The domain of managers. Life was simple; e-mails consisted of “Dear John. How are you? I am fine. This letter, mail thing is cool hey? Please send a letter or mail back! Sincerely Piet.” Seriously! It was like that.

10 years later – all staff have access. Policies are in place. Archiving is an audit requirement. It is a business tool!

This is the way that F ace book, t witt er, m y sp ace, linke d in, pl axe o, and all the other social tools will go. This is the future!

Question is .... will you be ready? Will you wait too long?
We will be discussing these and other issues / challenges surrounding Information Security in our next “Information Security, Management Principles” event in two weeks time.

We would love to see you there.

PS: I can spell Facebook and twitter, but your SPAM filter can’t...

Regards,