Home page logo

basics logo Security Basics mailing list archives

RE: MSIS research
From: Dan Lynch <DLynch () placer ca gov>
Date: Mon, 14 Nov 2011 13:41:48 -0800

[mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com
Sent: Monday, November 14, 2011 11:50 AM
To: security-basics () securityfocus com
Subject: Re: MSIS research
This really depends on whom you ask. For instance, HR is 
going to claim productivity issues as the #1 reason to deny 
social networking activities. As a security guy, I simply do 
not care about that. That's a managerial/HR issue. But it's 
also one of the bigger driving forces in a corporate 
environment: to keep people from wasting time.

Exactly. I posted the following to this list in 2008, and I think it's just as true today, and particularly applicable 
to social media:

I've been working with internet filtering and content control for an organization of some 2500 web users for about six 
years [nine now]. I've not done a solid study, but in that time I've come to the opinion that there are plenty of ways 
to waste time without the internet. 

I look at excessive internet use like any other time waster - it's a social problem, not a technical one. If someone's 
not getting their job done, their supervisor needs tell them one-on-one to quit leaning on their shovel and get to 
work. On the other hand, if their work is getting done, what's the problem? Pretty soon you get to the point of arguing 
that any moment not spent specifically creating value for the organization is "wasted" and must be recouped. Anyone 
with a life will argue with that. 

I drink coffee. When I fix a cup, I take three minutes out of my work day to do so. I have two cups a day. Each time I 
take a sip I'm not providing value to my company. Add it up: each cup is maybe 50 sips x 3 seconds x 2 cups/day + 6 
minutes prep time = 11 minutes/day spent on coffee, not work. I work about 250 days/year, so each year I waste some 
2750 minutes of company time. Multiply that by my fully encumbered salary, and I steal nearly $2,300 each year from my 
employer. We have some 1500 coffee drinkers. That's nearly 3.5 million dollars in lost productivity per year from 
coffee alone.

But do we implement coffee monitoring? It sounds absurd, but this is exactly the logic used to sell internet filtering 
software. I think it's silly. Surfing the internet while you should be working is a social problem and a management 
problem. Using technology doesn't solve it; it only allows managers to be lazy.

I think the best approach (cheapest and most effective) is direct and personal: walk up to whoever is wasting time on 
45 minute smoke breaks, surfing ebay, chatting with their friends for an hour on the phone, smack them on the back of 
the head and say "knock it off!". Works every time, and no software is required  :-)

Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]