Sunday, August 30, 2009

Business Continuity – COOP: Bottom line

Every risk management/business continuity practitioner needs to keep an eye on the bottom line.

If the practitioner is self-employed, that's obvious. If the practitioner works for someone else, helping the company hold the line on expenses will put the practitioner in good sted and may – may – justify a small bonus.

I just bought a new notebook (nee' laptop) computer. My old Compaq still works, but technology leaps and some other goodies, plus a low price convinced me to buy the new box.

The new notebook came with Microsoft Vista pre-installed (and no recovery CD if the drive fails).

I am still struggling to accommodate MS Office 2007's unnecessary User Interface (UI) changes so the jump from XP to Vista and the unnecessary UI changes frosted the cake.

On top of that, Vista is, at best (and even the phrase “at best” seems out of place) an interim operating system between XP and Windows 7, touted as the cure for all of Vista's failures.

Windows 7 is expected to cost about $200 to replace Vista Home. In the interim, knowing Windows 7 is close at hand, many developers are ignoring Vista and working on W7 versions of their applications.

Office 2007 Pro is only $100 – now. (Microsoft offers “Home and Student” for $100; Pro lists for $500; makes me wonder what the retailer's “Pro” really includes.)

Anyway, and back to the bottom line point, besides the COST of new a OS and new applications, there is the cost – and it very much IS a “cost” - of the learning curve for each new thing (OS, application).

What are the options?

Well, there is the MacIntosh (or is it Macintosh?). Problem is, while the Mac may have a consistent UI (I'm not a Mac user so I can't say), the platform is considerably more expensive than one that supports Microsoft Windows.

Moreover, for those that must use Windows applications modified for Macs., there usually is a delay in getting the apps – never inexpensive – to the Mac platform.

The answer for me was Linux.

I am not a computer guru. I've written *.bat files, but that's about my limit. I once tried to learn C++; when I wrote the traditional “hello” code I was presented with a screen that displayed “Beat it!” Compiling files is not my “thing.”

I used – very much past tense – to know my way around DOS command line code, much of it borrowed from UNIX.

But UNIX and now Linux, has come a long way even from when I used HP-UX (and it's desktop UI),

My Linux flavor is Ubuntu.

It's free. Even the mailing cost to send the CD is covered. (It also can be downloaded from the WWW.)

The distribution (“distro” to those in the know) includes OpenOffice that essentially is MS Office 95. It DOES read Office 2007 files and it does create Office 2007 readable files; I've tested that much. (This is created in OpenOffice writer.)

If you want to get closer to the current MS Office formats, Sun's Star Office might provide that for a fee. There also is Applixware, which I've used. There is a short list of application suites and related links at http://www.topology.org/soft/office.html.

Ubuntu comes complete with almost everything a user will find on a Windows OS + MS Office combination. Firefox instead of Internet Explorer (anyone who writes Web code for a single browser, even in the “old days” is foolish), Evolution instead of Outlook, F-Shot and GIMP for photo capture and manipulation; OpenOffice drawing in place of Visio. Of course there is a Notepad-type text editor and Terminal that equates to Windows' Run.

Admittedly, Ubuntu OS utilities (e.g., Evolution) and OpenOffice applications lack some of the bells and whistles of Windows and MS Office, but they meet my needs.

There are some applications under Windows and Mac that are lacking under Linux. Most critically for me is a decent page composition application similar to FrameMaker or Ventura. Still, most Mac and Windows applications are covered nicely in Linux.

Is there a learning curve? Yes, a fairly low one (writes this scrivener who started using Word with DOS V.1.0). Will there be a learning curve for the IT folks who have to install and support Ubuntu? Probably also a very flat curve since, when I asked around, many of my IT SMEs already were running Ubuntu or another Linux OS on their own systems.

Will there need to be a major hardware investment? Not for platforms (computers) and, from what I have seen, not for peripherals, either.

Linux offers all the networking and network security available in the Windows environment.

For my money – that I prefer to keep in my pocket – Linux is a much better option (than Windows or Mac) for what I do (excepting creation of desktop publishing/long, complex documents).

 

John Glenn, MBCI
Enterprise Risk Management practitioner
Hollywood/Fort Lauderdale Florida

Thursday, August 13, 2009

Life on an Idiotorial Review Board

I find myself on the Editorial Review Board of a fairly prestigious professional journal.

I was offered the uncompensated post because I am verbose and possibly because I tell one and all that once, about 100 years ago, I was an honest (read "print") journalist: reporter, feature writer, and editor of many titles.

As I read the articles submitted for ERB member consideration, I am reminded that the authors are, for the most part, not professional writers; they are vendors, sometimes techies, sometimes marketing or sales, sometimes execs.

Some have trouble writing their own name - or so it seems..

The prestigious professional journal is supported by advertising revenue; translation, find a way to clean up an advertiser's copy and run it.

Sometimes clean-up is easy, and then other times ... well, suffice it to write that - never mind, this is a family blog.

I do wonder why some folks at larger organizations don't ask their PR people to ghost the articles.

Egos, perhaps. Or they have reason to believe that if PR gets involved, Legal also will get involved and by the time the internal review cycle is complete the product will have been discontinued and the only thing that will remain from a 1,200-word article is the company name.

Having figuratively worn eye shade and sleeve garters, the sign of a "real" copy editor, I cave into my inner pressure to edit the copy on my desktop. Not every fractured phrase, but most tortured text gets at least a comment. One or two articles were so bad - to my mind - that I confess to tossing in the towel and suggesting a rewrite. (Turned out the rewrite was worse that the original article. No good deed, etc.)

I am finding that my "take" on articles frequently is at odds with a few of my fellows on the ERB.

Some reviewers post their comments using REPLY ALL so that "all" will have the benefit of their opinion. Others, this scrivener included, prefer to let everyone - except the Editor-in-Chief, of course - come to their own, independent, conclusions.

I gather that some reviewers want academic-length articles; articles that run to 10 times the allowable 1,200 to 1,500-word length for our publication.

No matter how focused an article, it seems one or two reviewers criticize the author for not providing sufficient information.

Others nit-pick an article because the author is a vendor (remember, vendors finance this publication) and even though the vendor's product may not be named in the article, it's "too commercial." 'Course sometimes the nit-picker happens to sell a competing product and that might color the reviewer's critique.

Back in the day when I was a managing editor, I could call a writer aside and provide some mentoring; usually that was sufficient to get our budding journalist back on track.

That luxury is absent in my present role as an "idiotorial" review board member.

I'm flattered, of course, that I was considered worthy of this uncompensated (did I mention that before) and apparently anonymous honor.

For once I'm glad someone else is Editor-in-Chief, the one who has to balance the comments of the ERB (and make a final decision that is bound to raise the hackles of some) and who has to diplomatically return really awful copy to its author who probably works for an important advertiser (and trust me, almost ALL advertisers are important).

Maybe I'm a masochist , but in my heart-of-hearts, I enjoy the challenge of the honor. Just knowing that the burden of dealing with opinionated people like me falls on someone else's shoulders lets me perform the assignment with a bit less concern for the final product - or the author's feelings.

Sometimes, however, I'd really like to share my thoughts about a few of my fellow ERB members ... but then I mellow out until the next critique crosses my desk.

Meanwhile, I'm having second thoughts about authoring articles for the journal; I couldn't take some of the criticism that is dealt out in the way it is dealt out.

John Glenn, MBCI
Enterprise Risk Management/Business Continuity practitioner
Hollywood/Ft. Lauderdale FL
http://johnglennmbci.com/
Planner @ JohnGlennMBCI.com

Wednesday, August 12, 2009

ERM-BC-COOP: Unrelated things of interest

 

Two separate emails crossed my desktop this morning.

An email about "flash cookies"

A cartoon about a serious issue, "swine flu" (H1N1).

The first item - and I checked with Snopes, which is attempting to verify the story - basically reports that even though you may THINK you are deleting cookies, you are not getting them all.

The article, You deleted your cookies? Think again is on the WWW @ http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/

The leed paragraphs read:

"More than half of the internet's top websites use a little known capability of Adobe's Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

"Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not."

Don't think you have any Flash cookies?

A search of my XP system turned up 462 *.sol files. Yep, four hundred sixty two.

Now, Mac and Linux users, don't think you are immune. If you use a browser and look at anything on the Internet - even some *.gov sites - you, too, can be victimized.

Users who want to control or investigate Flash cookies have several options, according to reader Brian Carpenter:

 

Windows:
* Better Privacy extension for Firefox -
https://addons.mozilla.org/en-US/firefox/addon/6623

* Ccleaner - http://www.ccleaner.com/ (Freeware)

* Windows: LSO files are stored typically with a ".SOL" extension, within each user's Application Data directory, under Macromedia\FlashPlayer\#SharedObjects

Mac OS X:
http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-os-x/

* Mac OS X: For Web sites, ~/Library/Preferences/Macromedia/FlashPlayer. For AIR Applications, ~/Library/Preferences/[package name (ID)of your app] and ~/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/Support/flashplayer/sys
GNU-Linux: ~/.macromedia

There was one additional bit of related information I picked up this a.m.

Turns out if you are a member of a Yahoo group, Yahoo is lurking on your system even after you log off Yahoo.

According to Snopes (http://www.snopes.com/computer/internet/webbeacons.asp) , "If you belong to ANY (Snopes' emphasis) Yahoo Groups - be aware that Yahoo is now using "Web Beacons" to track every Yahoo Group user. It's similar to cookies, but allows Yahoo to record every website and every group you visit, even when you're not connected to Yahoo."

Snopes adds that "Yahoo's invasion of privacy - and your ability to opt out of it - is not user-specific. It is MACHINE (Snopes' emphasis) specific. That means you will have to opt-out on every computer (and browser) you use."

The opt-out option is at http://info.yahoo.com/privacy/us/yahoo/opt_out/targeting/details.html

The second item crossing my desktop was a Dry Bones cartoon. Dry Bones, which bills itself as "Israel's Political Comic Strip Since 1973," took note of "swine flu." The cartoon apparently was inspired by two news articles.

The first, from IslamOnline.net & News Agencies (http://www.islamonline.net/servlet/Satellite?c=Article_C&cid=1248187687780&pagename=Zone-English-News/NWELayout) is headlined: Swine Flu Restricting Hajj, `Umrah

"TEHRAN/JEDDAH — As swine flu fears are growing, Iran has banned `Umrah during the holy fasting month of Ramadan while Saudi Arabia ordered mandatory measures for pilgrims during hajj.

"We will have no pilgrims in Saudi Arabia during the month of Ramadan," Health Minister Mohammad Bagher Lankarani said, reported Agence France-Presse (AFP) on Wednesday, August 5."

The Umrah is a pilgrimage to Mecca performed by Muslims that can be undertaken at any time of the year. It is sometimes called the "minor pilgrimage"' or "lesser pilgrimage" (contrasted, of course, with the "major pilgrimage" of the Hajj). The Umrah is generally regarded as not compulsory but highly recommended, and it is undertaken by many Muslims. (Source: http://www.sacred-destinations.com/saudi-arabia/umrah-pilgrimage.htm)

Israel, on the other hand, is taking a different approach.

According to a Ynet (http://www.ynetnews.com/articles/0%2C7340%2CL-3760270%2C00.html) article by Nissan Shtrauchler, "Fifty people, most of them kabbalists join flight aimed at containing epidemic by prayer.

"On Monday morning an Arkia airlines plane took off from Lod Airport (near Tel Aviv) carrying rabbis and kabbalists and flew over the country in a flight aimed at preventing the swine flu virus from spreading in Israel through prayers.


Picky editor's note: I doubt the writer intended to suggest that H1N1 was spread by praying, but that prayers were offered to prevent the spread of the malady.


"The purpose of the flight was to stop the epidemic, thus preventing further deaths' explained Rabbi Yitzhak Batzri whose father, Rabbi David Batzri had initiated the flight. We are certain that because of our prayers danger is already behind us, he added."

The cartoon, by Yaakov Kirschen, is at http://drybonesblog.blogspot.com/2009/08/swine-flu-fever.html

As an Enterprise Risk Management practitioner, I think I would use a combination of both the Moslem and the Israeli "mitigation" measures. For the non-religious reader, trust me, there is at least a psychological benefit for those who want to "cover their bets."

 

John Glenn, MBCI
Enterprise Risk Management/Business Continuity practitioner
Hollywood/Ft. Lauderdale Florida
http://johnglennmbci.com/
Planner @ JohnGlennMBCI.com  

 

Wednesday, August 5, 2009

ERM-BC-COOP: RT*M is not the answer

 

I used to be a technical writer. Before that, I cobbled together PR and marketing pieces, and before that I was an honest newspaperman.

I just acquired a new Sony-Ericsson mobile phone to replace one from the same company that gave out shortly after the two-year contract expired. (Planned obsolescence?)

Although I was not a "happy camper" with either Sony-Ericsson or my mobile provider, AT&T, because I travel overseas, I have to have a service with international roaming. Cingular, acquired by AT&T, at the time was the only provider that had the required service. (Actually, I found out later Verizon - with which I then had service - also had international roaming, but the Verizon store clerk was ignorant.)

Anyway, being a lukewarm to AT&T/Sony-Ericsson, I went to Verizon to see if it wanted my business back. Apparently Verizon has enough customers and couldn't see its way clear to make a deal.

Which brings me back to AT&T/Sony-Ericsson and the point of this exercise.

Unlike some people, I DO RT*M (Read The [expletive deleted] Manual); every English-language page. I read it for my car; I read it for my computer. So, when I got the new phone (a W760a, if anyone cares), I read the manual.

It was like on-line help(less).

I had features in the old phone (a z520) that the newer unit apparently lacked.

Distinctive Ring. Not in the manual. It IS available with three in-the-phone tones (others can be downloaded PROVIDING the extra-cost Internet function is turned on). It took me two emails to Sony-Ericsson's tech support to get an answer. (Thanks, Anne.)

Sound Recorder: The manual tells me how to record a note or conversation, but fails to tell me how to delete a memory-hogging voice message.

Caller Voice ID: Like Distinctive Ring, it's there but it's not in the manual. Unlike the less sophisticated z520 unit, the W760a forces me to set up Voice Calling in order to have audible caller ID (e.g. when the Spouse calls, I hear "WIFE!").

 

BC Connection

 

The "business continuity" connection is that documentation needs to be complete and comprehensible.

It needs to be to-the-point and tightly organized.

There needs to be a pretty good Table of Contents and a VERY GOOD index.

Unlike a cell phone user guide (I suppose using the weasel-word "guide" means the authors can be casual about the contents), business continuity documentation has to be complete; there is no Help Desk or Online Helpless available to "fill in the blanks."

As a reader, I hate having to go from chapter to chapter or section to section to get a complete picture of what I need to accomplish. True, there are times when a back-reference is appropriate (e.g., when there is a 3-page instruction that applies to "n" different functions), but typically in business continuity documentation this is NOT the case; at least not in the recovery section of the document.

I'm not going to suggest that every business continuity practitioner must have a documentation background (although it helps), but I will flatly state that all business continuity documents must be prepared by competent writers and fully - and carefully - reviewed by both primary and alternate responders.

Indeed, an amanuensis is an asset even for a talented scrivener, and one lacking well-honed scribal skills most assuredly needs help.

The bottom line is that unless the documentation is useful - accurate, complete, comprehensible to the reader, well organized - no one will actually RT*M.

Which makes the documentation effort a waste of time and which, in the absence of frequent and realistic exercises, may make the entire business continuity effort a waste of time and resources.

* * * * * * * * * *

John Glenn, MBCI
Enterprise Risk Management/Business Continuity practitioner
Ft. Lauderdale FL
http://johnglennmbci.com/
Planner @ JohnGlennMBCI.com