Tuesday, October 16, 2007

Another post on the wall

I've just read another of those posts that should be framed and hung hanged on a wall.This post from Anton Aylward is great, even with he just stating something very obvious. Super ninja risk analysis initiatives sometimes make people forget about the basics, even if the expected results of the RA is knowing that those basic things should be treated first!Some pieces of the post are very interesting, like this analogy: "So it gets to be, if you’ll pardon the analogy, like worrying over the diseases of civilization like Alzheimer’s, Osteoarthritis/Osteoporosis, ALS, Macular degeneration, diseases due to over-rich diets, Senescence in general when you don’t have a adequate diet or clean water to drink."His closing remark is also simple and perfect: "Lets worry about the baseline before we try to address the esoteric."This reminds me of a case I saw. I arrived in a place with lots of expectations about deploying risk management processes and policies, but end up starting by removing root access and providing individual accounts to system administrators, enabling logs, installing critical patches on servers and setting passwords for those pesky "sa" users.Talking about risk management at that time was the same thing as talking about healthy food habits to someone who is dying from a bleeding cut.And, just to mention, it was funny to deal with problems I mentioned above and hear from the auditors that "users should change their passwords each 30 days and not 90". :-)