Risk Assessment. Surely an activity that must itself be assessed for risk?
4363 posts • joined 11 Sep 2009
Risk Assessment. Surely an activity that must itself be assessed for risk?
"Excuse me. I have been called to The Bar myself. I'll be in The Winchester."
They had two similar storage units.
Why weren't they being cross backed-up?
How many training sessions on data security do they run? Do they issue certificates to say how all their end user services staff and other IT staff have attended training on data security, data protection act etc etc. Compulsory training for all staff? What kind of a bollocking do people get for forgetting their training?
Still unanswered questions here. But on the whole I think the document isn't as much of a whitewash as people were expecting.
I don't think manglement are exonerated at all. Depends where you draw the line, I suppose.
There are names. On the timeline diagram. Big names. And decisions. But no line joining the two.
If it was a routine firmware update, I'd have left it a few weeks before doing it. But if it was flagged as a critical update, I would have done the update within that working week. Knowing the implications of the patch, HP should have validated the system they were performing a replacement on before doing the replacement. As they said "if this update had been done, none of this would have happened" they must have KNOWN of that vulnerability and the consequences of swapping a component without the update.
HP's EUA etc might protect them from being sued for the full damages, but it does not absolve them entirely.
My fear is that this will be used as an excuse for even more red tape and bureaucracy in an already management heavy system. A massive swelling of the ranks, and the associated expense, and all the ITIL and ISO certifications and training and documentation, but that's all so much fluff on top of getting the actual job done. They'll point the finger firmly at having to support and migrate legacy systems, accelerate the move away from those towards a corporate IT model and make even more people do their own thing. Tying all IT purchasing into a single supplier, for example, would exclude many medical and scientific instruments that come supplied with integrated systems; everything from water purifiers to brain scanners, from chocolate dispensers to air sampling systems, building management systems and audio visual systems. That's the feeling, anyway, I get from the document. Users feel IT don't understand the business, especially in research, IT say they do and you should do things their way for "reasons". Trust them. They are experts. But no-one else is allowed to be.
Followed by a satisfying bang.
All of it. Hope they burn in patent hell.
ISA cards were so much less fiddly, though. Much more space to get your tools in there. And when I had to stick 6 HDDs in a unit with only four IDE device capability on the mobo, very useful that was too. Most cards for disk controllers didn't have switchable addresses, and those that did were eye wateringly expensive.
So you take an IDE controller from the old, old, old days when IDE controllers weren't integrated with the mobo. Grind out a gap in two of the address lines, I forget which ones now, then cross wire them. This swaps the address of the card's controller into an unused segment of the memory map. Bit of a tweak in the PCI address settings in Windows 95 which expected things to be in very defined places and Bob's your uncle.
Probably likes a backdoor method.
Like the Statesman oven my landlord had fitted which has a 2.1kW element running at 220V and the internal wiring, which also has a fan and a light on it, is done using a common neutral using 1mm2 steel multi strand like all the other wires inside the thing?
If you do your maths, you'll see that the oven element on its own draws 9.5A, and 1mm2 wire is rated at about the same. One slight juddering stall of the fan motor and the neutral vaporised leaving a hollow PVC tube.
They sell you this shit.
I thought it was hide the fuck up.
Ming the merciless?
Maybe they fancied a bit of hot crumpet?
It's a paper questionnaire. After all, the penis mightier than the sword.
The modern equivalent of putting a bun in the oven?
And that single, angry, burning eye in the middle of it...
at least enough to last the duration of the trial. So you wear all 24 at once and you're ribbed for her pleasure.
We had one in casualty who "sat on a crate of cucumbers to take off their trousers after they spilled oil down themselves, and the crate gave way and..." which, of course, prompted a call for a procession of specialists and second opinions. If they'd just said they lubed up a cucurbit and shoved it up their arse for thrillz and lulz, nobody would have batted an eyelid.
It was a lack of elfin safety legislation in olden times.
If you like it, shoulda put a ring on it.
pull up... pull up!
God help it if they meet someone who's prone to spoonerisms.
diapers, competitions, vacuum tubes, sealed bags...
Russian solution. Cork from bottle of vodka.
These guys offer an end-to-end service. Including some platinum service, I think it's called, which includes pre-emptive maintenance.
TWO unprecedented failures not seen by any HPE client internationally. Or is it three? Or four? I've heard the KCL one was down to a faulty IO controller wrecking data combined with a disk failure, does that count as two?
Now, I could understand a common mode failure from which there's a learning outcome leading to a product improvement, that's almost expected, but they make it sounds like there's a number of vulnerabilities in the design.
Hey, Barak. There's no need to post as AC. You're amongst friends here.
My voice is my password... that's going to work out well.
Hey, we'd better have a damn special relationship in order to be donning the marigolds and lubing up whilst I bend over.
But does it work? Can, say, a large University or a national Revenue service put their trust in HPE's 3PARs?
I've always been partial to a bit of Martha Jones myself.
But at least you could have more fun with the laser pointer if you were herding cats.
And wants to use the fantastic features he's been told about. But he can't find any of them on his desktop. He produces his training manual. Excel 2013 on a Windows 8 machine - one version behind the official company build, which is odd seeing as though the course was delivered by a company trainer in a company learning suite.
"Where's the view panel in the ribbon?"
"You don't have one. Use the view menu instead."
"But I want it to be the same as my manual..."
"You have a Mac running Office 2010. The functions are all there, but they will be in slightly different places."
"But why isn't it the same as my training manual?"
"Because you are using a Mac with Office 2010. This is for a Windows 8 PC running Office 2013."
"Oh, Ok. But look at this... I can see all the formulae at once if I just... Where's the alt-key? And where's that key with the little bar with a tail at the right hand end?"
"You're using a Mac. The keyboard has subtle differences."
"But I want it to be like it is in my training manual."
"You're 57 years old. You have a PhD. You have been using a Mac for over 10 years. You have been using Excel for over 10 years. Why did you want to go on a training course to learn how to use Excel?"
"I didn't think I knew enough to be getting the best out of Excel."
"You are currently getting no use out of Excel. You've come back in a worse state than when you went. All the basic ideas and concepts you've learned these last two days are valid. The options are there, but they might be in a slightly different place."
"Why isn't it the same though?"
"Bec... Oh FFS. Here, have a PC."
"I don't want a PC. I like my Mac."
etc etc etc until I was rescued by someone who had managed to remove some wires from the spaghetti explosion behind the videoconferencing unit. Again. And bending over upside down with a torch clamped in my mouth, straining my weakened back muscles and compressing my lunch-filled stomach, whilst reaching into the electronic equivalents of the intestines is far, far preferable to trying to explain why some people shouldn't go on training courses.
Crashing our Sony data projector. Yup. Had that one this morning. Doesn't work in duplicate mode, does work in extended desktop mode. In duplicate mode it renders the projector totally unresponsive - can't change source, use the remote, soft power-down. Had to disconnect the mains lead. Three times it took before I worked out it was reliably reproducible. Works fine on the non-Dell Windows 7 Fujitsu laptop. Works fine with the identical machine running Windows 7. Works fine with the Macs. Never seen that problem before.
I'm a firm believer that most data management is best done with web/cloud apps. Creativity stuff... that's not so easy.
Oh! You know, you're going to laugh at this, but... in the meeting... I accidentally used the word "infallible".
The job goes to the lowest bidder. Or in the 'biting them on the kneecap' game, the shortest bidder.
No... that's KFC. KCL is a completely different bucket of vertebrates.
Which indicates that their system for staff departure and hand-over wasn't properly risk assessed. Which is a management activity ultimately.
As is positive verification of DR on a regular basis.
Not sitting there saying "No news is good news!"
It wasn't quite everything. But it was a lot. Even took the phones out too, so I heard.
Oi! RiskEye are OK. Or at least, I've never heard a bad word said about them.
It was but it was granted its own degree awarding powers. They've got a ceremonial mace to prove it an' evryfin. That makes it both a university in its own right and a college of the University of London.
There are offsite backups and there are archives and rotations etc. It's just that a lot of the more recent, and therefore useful, ones had either backed up shit or hadn't been tested for their ability to actually restore the digital-estate. Probably. I don't know. Looks that way anyway.
He must be putin it off for some reason.
"Talking bollocks. And other quirks of fauna from the Chernobyl region."
IF they give you a switch.