The Intersection of human Factors, Acidents, Security and BusinessSpafford Global Consulting - A Technology Business Consultancy Focusing on Human Factors, Accidents and Security
People are the key to success!


The News - August 17, 2008

"It is not hard to learn more.  What is hard is to unlearn when you discover yourself wrong. ” –  Martin H. Fischer

Top Picks

Before the Gunfire, Cyberattacks
“Weeks before bombs started falling on Georgia, a security researcher in suburban Massachusetts was watching an attack against the country in cyberspace.”,0,5922456.story
[ They make the keen observation that this might be the first multi-layered attac
k wherein a digital offensive preceded an armed invasion.  The author also points out that Georgia’s relatively light Internet connectivity may have minimized the potential damage.  Now, compare this to the US where even SCADA systems are accessible, albeit increasingly via VPNs, SSL and other security measures, through the public Internet. ]

Amazon Green
In a sign of the times, Amazon is creating a green portal for people to find environmentally friendly products for their everyday lives including lighting, computers, etc.  It’s very interesting to see their approach.  One that caught my eye is that they have a section called “Your Green 3” wherein the user gets to “pick 3 green products you wish everyone had. Then on the right side of the screen they list the nominees – reusable grocery totes, fluorescent lights, push lawn mower, bikes, the Kindle, solar power, etc.  They even have Green Buying Guides on the left side navigation bar.  Even if you don’t plan on buying anything, and they do make it oh-so-easy to do so, stop by and see what they are doing from a marketing perspective.

Another Inconvenient Truth
“The message is simple enough: America's financial condition is a lot worse than advertised, and dumping it on future generations would be not only economically reckless but also immoral.”  

Book Recommendation

The Fifth Discipline:  The Art & Practice of the Learning Organization by Peter M. Senge
This book is a classic on the need for organizations that learn.  He covers the need for a shared vision, how to foster creativity, team learning, personal mastery and offers a primer on systems thinking.  He’s a great writer and the book is a very worthwhile read.          
This book is such a seminal work that there are many resources providing insights, reviews, etc. regarding it.




IT Audit / Internal Audit / Compliance

Phantom Menace
“Not all short lists are worth being on. The Securities and Exchange Commission (SEC) announced rules on July 15th to restrict short-selling of 19 financial stocks.”

E-discovery still confounds companies and their lawyers
“E-discovery is incredibly expensive, time-consuming and fraught with error. If you botch it, your company may lose its case in court and be sanctioned with heavy fines for failing to produce all the required information. And your lawyers can get hauled before the bar association for ethical breaches if their client (that's you) fails to meet its legal obligations.”,289142,sid14_gci1324329,00.html?track=sy160

Energy told to tighten cybersecurity policies
“The Energy Department's inspector general on Thursday released an audit of the department's certification and accreditation procedures for national security information systems that revealed a number of potentially serious weaknesses.  Auditors concluded that the problems were similar to those that led to the theft of classified information at Los Alamos National Laboratory in 2006. ‘In our judgment, the findings in the report suggest the department could be at risk for similar diversions,’ they wrote.”
The audit report is at:  

IT Process Improvement / Quality Management

Pepperweed Process Model
IT organizations under pressure to conduct process improvement efforts, whether for compliance, security, or operational requirements, are often challenged to find proven cost effective guidance. Pepperweed Consulting has created an integrated process model that has been developed via real world experience at fortune 1000 organizations over countless engagements and made that hard won knowledge freely accessible. 

Pepperweed Consulting has released its core process intellectual property for free download that covers the following processes: 

·         IT Governance Processes - IT Asset Management (ITAM), Financial, Program and Project, and Portfolio

·         IT Management Processes - Availability, Capacity, IT Service Continuity, Continuity Operations, Service Catalog, and Service Level

·         Control Processes - Change, Configuration, and Release

·         Operations Processes - Event, Incident, Request, Problem, and Knowledge

·         Security Processes - Access, Information Security Management System (ISMS), and Security Operations  

Pepperweed believes that by setting forth this collection of integrated baseline information technology processes will enable process improvement on a scale not previously possible. By providing this documentation, the foundations of proper management and control are laid enabling IT to focus on its mission of creating and protecting value. 

By registering at, a compressed zip file can be downloaded that contains the documentation for all of the processes listed above. 

Note – A revised version of the process model was released the week of July 28th.  If you downloaded the model previously, this release reflects an edit pass that was conducted on some of the content to improve clarity, correct mistakes, etc.

Build or retrofit Green Data Center – Get Cash Back
“Sec. 179D of the IRS Code provides a significant deduction for the cost of energy-efficient improvements to commercial property.  With an estimated 4.5 million existing commercial properties in the U.S. and with 14% of U.S. cities with populations of at least 50,000 having mandated green standards for new commercial buildings and dozens more poised to follow, the 179D tax deduction could help mitigate the average 3-7% cost difference in building green.”  

Security and Risk Management

Premier 100: Confessions of a corporate spy
“A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars.”,_malware_and_vulnerabilities&articleId=100252&taxonomyId=85&intsrc=kc_top
[ Definitely read this one.]

Global Trail of an Online Crime Ring
“As an international ring of thieves plundered the credit card numbers of millions of Americans, investigators struggled to figure out who was orchestrating the crimes in the United States … their very own informant”

Goodbye, Passwords. You Aren’t a Good Defense.
“Computer security experts say that choosing hard-to-guess passwords ultimately brings little security protection. Passwords won’t keep us safe from identity theft, no matter how clever we are in choosing them.”

Eyeballing the Security of Application Service Providers
“ASPs must be treated like a trusted business partner as they become the guardians of your website and sensitive customer information. Their security MUST be a priority requirement. If they are insecure, your business is insecure. It's just that simple.

NIST SP800-60 Revision 1
Released August 14, 2008
Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes) - Volume 1: Guide Volume 2: Appendices

Brain will be battlefield of future, warns US intelligence report
“In a report commissioned by the Defense Intelligence Agency, leading scientists were asked to examine how a greater understanding of the brain over the next 20 years is likely to drive the development of new medicines and technologies.”

Researchers use browser to elude Vista memory protections
“Two security researchers have developed new techniques that bypass the memory protection safeguards in the Windows Vista operating system through the use of browser exploits.”,289142,sid14_gci1324395,00.html?track=sy160#

Torvalds: Fed up with 'security circus'
“Linus Torvalds, creator of the Linux kernel, says he's fed up with what he sees as a ‘security circus’ surrounding software vulnerabilities and how they're hyped by security people.”

NYC's Plan To Track Everything That Moves
New York City authorities are in the process of building a multi-layered security system that will allow police to keep tabs on every vehicle that enters the city using the latest imaging and radiation detection technologies. But some security experts don't believe the project, believed to cost in excess of $120 million, will actually improve the Big Apple's security posture.”  

Healthcare / Bio-Informatics / Care Delivery Organizations (CDOs)

Techies find niche in health care field
“If the nation's health care system continues to move toward wider adoption of health information technology, it could need 40,000 more health IT professionals to do it, according to research by Dr. William Hersh, a professor of health informatics at Oregon Health & Science University.”

The Hospital of the Future
“Sure, your organization offers sophisticated, compassionate care. But the patients of tomorrow will want much more than that. Here’s how some hospitals are creating facilities for a new vision of healthcare.”  

Human Error / Safety / Environment

American Airlines fined $7.1 million for safety violations
“Federal regulators announced $7.1 million in fines against American Airlines on Thursday over maintenance issues and problems with its drug- and alcohol-testing programs”

Ocean 'dead zones' becoming global problem
“Diaz and co-author Rutger Rosenberg report in Friday's edition of the journal Science that there are now more than 400 dead zones around the world, double what the United Nations reported just two years ago.”

Environmentalists Prompt Nuclear Power Wake-Up Call
“What did the nuclear power industry get for playing footsie with the ‘greens’ on global warming? A knife in the back, it looks like. The greens now are saying that emission-free nuclear power may actually contribute to climate change.”,2933,404185,00.html

Scientists split on ice melt impact
“Will global warming cause the Arctic to be ice-free in the summer within five years?  Yes, say some scientists, who warn that the ice melt is occurring faster than previously predicted and will cause major environmental damage, ranging from changing weather patterns to rising sea levels which will threaten scores of Pacific islands and low-lying areas. “

Flu vaccine makers ship more doses earlier
“Flu vaccine makers have begun shipping their products already, earlier than usual, and for the first time every strain included in the vaccine is new”  

Global News / Business / Economics

How Fuel Subsidies Drag Down a Nation
“When countries adopted bad economic policies in decades past, only their own citizens paid a price. In today’s globalized economy, however, the burden falls more broadly.”

Europe's energy source lies in the shadow of Russia's anger
“While a spokesman for the EU commission says the situation in Georgia meant that the EU 'had no time to waste' in dealing with energy security, the instability of the region covering the SCP threatens to scupper Europe's policy of diversifying its energy supply, giving Russia a much stronger hand. This is chiefly due to the undesirable nature, as Europe sees it, of the most viable alternatives - Iran, whose nuclear programme is a bone of contention, and Iraq, whose current instability is cause for great concern.”

Posh Parties Show a Beijing Awash in Capitalism
“Wealthy Chinese have been throwing glamorous receptions and trendy, celebrity-filled parties for years. But with the Olympics, Beijing is reveling in the most lavish display of capitalism, commercialism and celebrity the Communist Party has ever seen.“  

US News / Business / Economics

Consumer prices shot up in July
“Consumer prices shot up in July at twice the expected rate, pushed higher by surging energy and food costs. The latest surge left inflation running at the fastest pace in 17 years.”

Two Large Solar Plants Planned in California
“Companies will build two solar power plants in California that together will put out more than 12 times as much electricity as the largest such plant today, the latest indication that solar energy is starting to achieve significant scale.”

Airlines Add Fees, Trim Frequent-Flier Benefits
“On the back of a year of skyrocketing oil prices most airlines have made announcements that they will add a fuel surcharge or fee when booking award tickets.”  

Technology & Science

'Slow' light to speed up the net
“The net's speed limit comes about not in transporting information, but in routing it to its various destinations.  Metamaterials could replace the bulky and slow electronics that do the routing, paving the way for lightning fast speeds.”

Rat-brain robot aids memory study
“A robot controlled by a blob of rat brain cells could provide insights into diseases such as Alzheimer's, University of Reading scientists say.”
[ The striking thing for me is that they are teaching/training the cells and they are working in tandem with the robot. ]

Intel: Energy costs for running PCs could drop
Intel is going to release a chipset with a remote wakeup capability to allow the triggering of sleep and wake remotely to save power.



Copyright (C) Spafford Global Consulting, 2004-2008. All Rights Reserved.