The November/December 2008 issue of BackBone Magazine has an excellent “Focus on Security” section. The primary message is simple - all of your employees need to be your Security Guards. The millenials won’t allow us to stop social media useage in the workplace. Given that, your only hope is a well-trained employee population. Check out the “Focus on Security” section in this issue.

Experts encourage education as opposed to avoidance.

RB

For most IT Managers, the thought of scheduling volumes of IT professionals into classroom ITIL courses is unthinkable and not practical. This feeling may be grounded in environmental concerns or travel logistics. It may be grounded in budget issues - at $1500 to $2000 per person, ouch. It may be grounded in time allocation concerns - 3 days out of the office, yikes.   Or, it may be grounded in results - do people really retain much after 3 days of boot camp style ITIL Foundation training?

More likely your concerns are grounded in most of the above.

To start, I would suggest that you need to get EVERYONE speaking the same language. From the front lines up to the Executive, a simple interactive ITIL awareness module, easily distributed (and tracked) across your entire IT organization. Keep it to 30 minutes or less, and it needs to be engaging, considering the nature of the topic. All too often online learning is not much more than a manual in electronic format. Search for the best!

From there, your education plan may target those that require a more in-depth understanding of the ITIL processes. Consider a blended approach. It may be viable for some learners to spend the 3 days in a classroom. However, for large IT enterprises with a high volume of learners needing to be ITIL Foundation certified, an interactive online program, easily distributed around the globe may be the order of the day. To add a live instructor component, this virtually-trained group may benefit from organized, live exam-prep sessions with a certified instructor. Again, this could all be done virtually, or schedule into a classroom.

Other supplemental resources could include global discussion forums bringing together learners who are simultaneously preparing for the exam. In addition, study notes exist to assist the learners.

And don’t forget about the tools. Your tool/systems training should be a blend of process and tool training. These are not mutually exclusive, yet most organizations train the tool outside of the processes (and visa versa). Integrate the learning strategy.

Avoid the “bums in seats” mentally that so often prevents sustainable, green and cost-effective learning. Implement a blended “virtual” model for education and you are on your way to strategy that aligns with today’s buzz: It’s Green. It Costs Less. It’s Less Time Intensive. It’s Sustainable (a Corporate Education must). And as more and more IT shops embrace the virtual employee, you will be ahead of the curve and ready.

Good luck!

I have arrived at a number of dead ends in my quest to determine if an environmental education program for corporate employees exists.     It seems to me that an effective awareness (or orientation) online course on what it means to be a Green Employee would be the order of the day for most organizations seeking to move the enterprise to an new level of eco-friendliness.   As with other enterprise awareness foundational programs, it seems that the time is right to get everyone speaking the same language, to enhance the awareness of the issues, and to be a catalyst in changing behaviour. 

If it is out there, I can’t find it.

Rick

Congress is shocked that companies like Google (and Yahoo! and Microsoft and AOL… the list goes on) are using cookies to track where us web surfers go in order to serve up better ads.

I think Microsoft gave the best response - silence.

Are you kidding me?

One of the foremost authorities on all things web and tech, is Harvard Professor, Nicholas Carr. Nicholar raises an important question here about what protocols we are to follow when information is separated from the data that encodes it.

With Google, Microsoft, Amazon and others all racing to build data centres to support the cloud computing model, how much weight can we give the physical resting spot of the data when, in a world of accessibility, the more important feature becomes the keyholder… and better yet, the keyholder’s street address?

Update: The ITIL v3 Study Notes have been removed from Scribd.com. We will look to create a new set of study notes that meet the OGC specifications right away… STAY TUNED!

B Wyze Solutions (a MindMuze partner) has published a comprehensive set of study notes for anyone attempting their ITIL v3 Foundation certification. I have to say - they are pretty thorough and from my experience, it’s been tough finding resources like this out on the web.

Enjoy!

Here is an excerpt from a recent SearchSecurity.com article that we found interesting…

If 2006 began the trend of researchers launching ‘month-of’ flaw disclosure projects, 2007 was the year such projects ceased amid a rising wave of criticism among those who thought it was more about ego than better security

“Software vendors are notorious for taking months or years to produce a security patch,” said Metasploit Framework creator H.D. Moore, whose Month of Browser Bugs in July exposed 31 browser holes, most affecting Microsoft’s Internet Explorer. “The ‘Month-of’ projects put pressure on the vendor to address an issue in a reasonable amount of time. In my experience, nothing produces a patch faster than a published exploit.”

LMH, the researcher behind the Month of Kernel and Month of Apple bugs, said, “It’s better to have someone disclosing your security flaws than having them known by the bad guys, only. This pushes the vendor to change its procedures and policies for vulnerability handling and disclosure. And that’s where users benefit.”

But with the Month of Apple Bugs now underway, some security bloggers are criticizing the disclosure projects as something designed more for press attention than better security.

That’s not to say the critics don’t find some value in what the researchers are doing.

The Security Curve blog, for example, takes on the issue of press attention while still finding value in exposing Apple’s security holes.

The full article is here.