ITIL Information Security Management – the facebook way February 17, 2009
Posted by ivankamenken in cloud computing, itil, itsm.Tags: CIA, facebook, IT Service Management, itil, SaaS, security, Security Management, service management, SLA
2 comments
When I teach my students about the ITIL process of Information security Management the biggest concept to teach is the acronym CIA:
Confidentiality
Integrity
Availability
of data and associated systems, service assets etc.
What we discuss is that information has to be dealt with in a very cautious manner as there are a lot of potential legal implications when you don’t manage this correctly. Think about breaching of privacy laws and regulations for instance. This goes to the extend of sample data for test scripts: are you allowed to take a sample from the production database, or do you need to create a fictional sample due to the sensitivity of the information?
In order to manage this properly, you need to discuss with the Customers what their service level needs and requirements are and based on this, come up with a security baseline. A minimum level of security that will guarantee the levels of CIA required to deliver the IT Services to our clients as per the agreed service levels.
With this in the back of my mind I am just amazed with the stunt that Facebook pulled last week:
- As per the 4th of February 2009 they changed their Terms of Service (read SLA) without notifying the users in advance… (strike 1)
- The new TOS stipulates that ALL content placed on facebook, including – but not limited to- photos are owned by Facebook. This includes information that are contained in (backups of) closed accounts (strike 2)
AND - Facebook retains the right to do whatever they want with this material. Including – but not limited to – using your image AND name as part of advertising campaigns (strike 3)
So basically, Facebook is doing everything wrong when you compare it to the formal ITIL Framework of good IT Service practices. Availability of content is not just about having it available, it is just as much about keeping certain information UNavailable. You should only be able to get to the information on a ‘need to know’ basis.
Also, what Facebook is doing is playing straight into the cards of everybody who is opposed to Cloud Computing practises. You can just wait for the blogs to appear with titles like: “I told you so, cloud computing is NOT secure”.. A great opportunity for better value for money in the form of Software as a Service, Platform as a Service, Hosted Services and other cloud computing related service offerings has now been compromized.
Companies who are ethical and have a high level of integrity and who WANT to offer cloud computing services to its clients will have a more difficult sales job to do because of the stunt that Facebook pulled this month. Because: “When Facebook can do something like this, what to say that you are not?!”
So what can we do about this? well.. nothing really: it’s a case of ’too little too late’ as information on Facebook’s databases and backups can still be used at random. Even when you close your account and delete your information, it may still be available on backups.
Why do I care?
That was a question I asked myself this morning when I read a waterfall of twitter entries about the updated Facebook Terms of Services. Initially, I didn’t think much of it as I work on the principle that everything I put on the internet will end up somewhere and nothing is really private anyway.
But I drew the line when I read the sentence that I made bold in the license paragraph taken from the Terms of Service:
Licenses
You are solely responsible for the User Content that you Post on or through the Facebook Service. You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof. You represent and warrant that you have all rights and permissions to grant the foregoing licenses.
I do not wish for my face, name and other personal information to be used for a marketing campaign or commercial or advertising without my explicit approval. I mean: the chance of this actually happening is minuscule but still….. this is where I draw the line.
I just don’t know what to do, apart from removing all photos and lay low for a few years to let this blow over… maybe they use annual incremental backups so with a bit of luck I will be safe in about 18 months or so…
Procrastination… why am I so good at it?! August 20, 2008
Posted by ivankamenken in Uncategorized.Tags: business, facebook, time management
add a comment
OK – today is a bit of soul searching… As I have mentioned before, I need to get the materials ready for the cloud computing workshop that I am running on Monday. The material MUST be ready by tomorrow… which gives me less than 12 hours to finish it!!
It is amazing.. I have tidied up my desk, cleaned my keyboard, made a full backup copy of my ‘my documents’ on our new ‘mybook’ external drive (amazing technology and I still can’t get over the fact that you can purchase 1 Terabyte of storage for less than $200!!!) and a million other things that are very important but have NOTHING to do with the workshop! Which reminds me… I need to update my facebook profile!
Why am I so good at procrastination? I would love to be more like my husband – he is so practical and disciplined. He has a list with things to do and he simply does them. Starts with number 1 and walks through the list… Drives me crazy!!!
Because this is what I do:
- I look at my todo list
- Do the fun jobs first
- Look at it again
- Add some little things that need to be done.. not important but definitely have to be done
- I do the new things I put on it
- Start on the important thing but get easily distracted
- look at todo list again
- add some stuff to the list
And this goes on and on… at the end of the day I have done a lot except for the ONE thing that I had to finish! Yes, the MUST BE DONE thing at the daily huddles works as I am now held accountable by my staff as it is pretty clear when I haven’t done the one thing that I had to finish… but usually it is the very last thing I do during the day… and it means that I will be home around 9pm again today..
You know? I think I am just afraid about finishing the thing… because it is better to sound really busy when people ask. What do I say when I have finished when they ask: “Hey Ivanka, how are you?” I can’t say – I am really busy - working on a deadline.
What will they say when I reply: “I am great! I finished all my important tasks for today and it isn’t even 11am yet!
Maybe it is the fear of not being taken seriously? That as a business owner and director you need to sound busy and important?
Hmmmm… that is not a fear I want to give in to! I am stronger than that! No more procrastination – I am going to finish what I start.
Gotta go… have a workshop to finish!
Ivanka
