Security Basics mailing list archives
RE: MSIS research
From: Dan Lynch <DLynch () placer ca gov>
Date: Mon, 14 Nov 2011 13:41:48 -0800
[mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com Sent: Monday, November 14, 2011 11:50 AM To: security-basics () securityfocus com Subject: Re: MSIS research
<snip>
This really depends on whom you ask. For instance, HR is going to claim productivity issues as the #1 reason to deny social networking activities. As a security guy, I simply do not care about that. That's a managerial/HR issue. But it's also one of the bigger driving forces in a corporate environment: to keep people from wasting time.
Exactly. I posted the following to this list in 2008, and I think it's just as true today, and particularly applicable to social media: I've been working with internet filtering and content control for an organization of some 2500 web users for about six years [nine now]. I've not done a solid study, but in that time I've come to the opinion that there are plenty of ways to waste time without the internet. I look at excessive internet use like any other time waster - it's a social problem, not a technical one. If someone's not getting their job done, their supervisor needs tell them one-on-one to quit leaning on their shovel and get to work. On the other hand, if their work is getting done, what's the problem? Pretty soon you get to the point of arguing that any moment not spent specifically creating value for the organization is "wasted" and must be recouped. Anyone with a life will argue with that. I drink coffee. When I fix a cup, I take three minutes out of my work day to do so. I have two cups a day. Each time I take a sip I'm not providing value to my company. Add it up: each cup is maybe 50 sips x 3 seconds x 2 cups/day + 6 minutes prep time = 11 minutes/day spent on coffee, not work. I work about 250 days/year, so each year I waste some 2750 minutes of company time. Multiply that by my fully encumbered salary, and I steal nearly $2,300 each year from my employer. We have some 1500 coffee drinkers. That's nearly 3.5 million dollars in lost productivity per year from coffee alone. But do we implement coffee monitoring? It sounds absurd, but this is exactly the logic used to sell internet filtering software. I think it's silly. Surfing the internet while you should be working is a social problem and a management problem. Using technology doesn't solve it; it only allows managers to be lazy. I think the best approach (cheapest and most effective) is direct and personal: walk up to whoever is wasting time on 45 minute smoke breaks, surfing ebay, chatting with their friends for an hour on the phone, smack them on the back of the head and say "knock it off!". Works every time, and no software is required :-) Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- MSIS research Steve Sirag (Nov 10)
- RE: MSIS research Dan Lynch (Nov 10)
- <Possible follow-ups>
- Re: RE: MSIS research Glen (Nov 11)
- Re: MSIS research krymson (Nov 14)
- RE: MSIS research Dan Lynch (Nov 14)