Business Continuity

[Abstract]
The purpose of this document is to provide a basic knowledge of how having a business backup plan can maintain business continuity. Also included within this document are guidelines to maintain business continuity and an explanation of some consequences for not following the business continuity guidelines.

[Content]
When the September 11th attacks on the New York world trade center towers happened, it was a major wakeup call, not only for national security, but also for the amount of business data that was lost when the two buildings collapsed. As tragic as the attacks were, many businesses found out how effective or ineffective their computer network backups worked. In many cases companies’ lost large amounts of data. If companies had better business continuity procedures established, then there would be minimal data lost.

Maintaining a backup of all network systems and its respective data will maintain business continuity in the event of a catastrophic event. Previously the main concerns with maintaining backups of all computer systems and their data was in the event of a natural disaster like an earthquake, hurricane, fire, tidal wave, flooding, landslides, etc. In recent years there has been another reason identified and that is due to terrorist or militaristic attacks. The September 11th attacks on the world trade centers tested many companies with maintaining business continuity and many of those companies failed to maintain off-site backups so their businesses were greatly affected (Shore, 2002). There are different strategies when considering a backup and disaster recovery plan. One strategy consists of four parts that those parts are to detect, notify, isolate, and repair (Mitchell). The detect portion of the strategy is to quickly determine the source of the failure. The notify portion of the strategy is to notify all parties that are involved with recovering from the failure, as well as, the parties that are affected from the failure. The next step is to isolate the affected systems and minimize the failure from affecting any additional systems. The last step is to repair any affected systems or recover from the failure. There are also different backup strategies when considering a disaster recovery plan. One backup strategy is to backup all critical data and then either electronically transfer or physically ship the backups to an offsite location. This method is typically cheaper, however in many cases it is much slower to recover and restore systems to their previous state. Another backup strategy is to have a coop site, which all necessary data is completely backed up to another location. The coop site strategy comes at a much higher cost, however it has the ability to recover much quicker and provides a much more efficient recovery process in the event of a disaster. There are difference disaster recovery and backup strategy plans that are designed to maximize business continuity in the event of a disaster or catastrophic failure.

When applying disaster recovery guidelines to a business continuity strategy it is important to know about the recommended guidelines and the consequences if the guidelines are not followed. One of the first and foremost guidelines to recommend to any organization is to have a policy that states which disaster recovery strategy the company is going to use. Without having this policy in place, every different office within the organization may choose to follow their own guidelines and do what they think is best. The next policy that should be implemented should identify which backup strategy the company chooses to employ. This backup strategy should be chosen based upon company goals, cost, importance of data, and the desired minimal downtime the company determines as acceptable. Without the company identifying the backup strategy, there is a possibility different offices within the organization could waste time, money, and effort employing their own desired methods. The 3rd guideline for a company should be to implement a policy that states when backups are to be completed, where they will be stored, how often they are to be tested, and which offices or organizations are responsible for maintaining documentation of the procedures for backing up, storing, and testing. When a company chooses to not have a policy that identifies the company’s proper backup and testing procedures the results are drastic due to loss of data, loss of money, loss of resources, and many wasted man-hours. When a company chooses to put policies in place that identify business goals for minimizing loss of data, time, and money during a time of disaster, all offices or organizations within that company must comply with the policies or be held accountable.

In conclusion, there are information assurance lessons that have been learned from previous disasters, which should pave the way for future business continuity strategies. In order for companies to employ a successful business continuity strategy there needs to be policies put in place to identify which disaster recover and backup plans best suite the company. It is critical to ensure all offices and organizations within the company follow the company’s policies otherwise be held accountable in the event there is a loss.

References
1. Shore, Dave (2002, May 17th). Sept. 11 reaches real lessons in disaster recovery and business continuity planning. Retrieved February 8, 2009, from Tech Republic Web site: http://articles.techrepublic.com.com/5100-10878_11-1048799.html
2. Mitchell, Bradley Network Disaster Recovery . Retrieved February 8, 2009, from Network Disaster Recovery – Overview Web site: http://compnetworking.about.com/od/itinformationtechnology/l/aa083102a.htm

Choosing a Location for a Network Operations Center (NOC)

[Abstract]
The purpose of this document is to provide a basic understanding of network operation centers by identifying three key factors to consider when choosing a location for a network operation center. Also included within this document are five areas of physical security to consider when constructing a network operation center.

[Content]
When considering constructing a network operations center, otherwise known as a NOC, there are some key factors to consider when choosing an ideal location. Many large globalized organizations choose geographic locations to host their network operations centers. This is in part so that the NOC for an area covers a region of the globe and ensures their communications operate optimally. Another part of the reason is due to different industry standards for different geographical regions. In the United States a network may traverse a T-1 circuit, however in Europe the network may traverse E-1 circuits (Patton Electronics Co., 2001). Even though this may not seem like a significant different, it does illustrate different standards for different geographical locations and having a NOC that is familiar with its specific region will greatly reduce downtime in the event of a failure and maintain an overall general knowledge base of the networks in their geographical region. Another factor to consider when choosing a location for a NOC is choosing a city that has the surrounding infrastructure to ensure a maximum uptime of building power. Ensure that local businesses, including Internet Service Providers, can meet or exceed the needs that are required to support the capabilities of a NOC. When choosing a facility to host a NOC there are many considerations to be taken into account, but to name a few the overall building power and redundant backup power, such as a building generator, are requirements. Access to the building, to include any combination locks, biometric access points, loading area security, perimeter security fencing, and local security guards, are all instrumental elements to ensuring that the facility maintains a high level of security. Part of the overall building requirements when choosing an ideal facility is to first ensure that it has enough space and cooling to accommodate all of the necessary equipment that will be operated within. Once inside a building it is dire to ensure that all network cables are secured whenever they leave the NOC by putting them in a protective covering, such as a conduit, to ensure the network is not being monitored or tampered with in any way. There are many elements to take into account when choosing a location that can accommodate a high level of security and importance as with that which is needed to house a network operations center.

As part of ensuring the overall physical security for a facility to host critical operations that are provided by a NOC there are many different considerations. First and foremost is to ensure the building is secure by having locks on all doors, security cameras put in place, guards posted and logging all access into the building, and any necessary alarms installed onto any doors. Part of ensuring the overall security of a building is to monitor the state of the building by monitoring door alarms, monitoring security cameras watching for any suspicious activity, signing in any visitors to the building and ensuring they have access to only areas they have the clearance for, and lastly conduct background investigations on employees to ensure they are trustworthy to protect the building and its contents. Another area of physical security to consider is to secure all networking cables by placing the cables in a secure housing, such as a metal conduit, whenever they traverse an unsecured room or area. Another part of physical security is to ensure all networking equipment is secure by having it in a locked room or locked equipment rack with only authorized persons having access (Bogue, 2003). Much like with ensuring security personnel are trustworthy, any and all employees who work inside the NOC should have background investigations to ensure they are trustworthy to work with or handle the level of security classification for the data they are handling. Another part of physical security is to have policies in place to ensure all computers and documentation is put in an authorized secure location, like a safe, when the systems or documentation is not being used. One portion of the policies should identify that all backups must be stored in a secure different geographical location. There are many different areas of consideration when ensuring the physical security for a network operations center.

In conclusion, when choosing a location to host a network operations center there are many factors to consider that apply to where the network operations center will reside. Some of the concerns are with the facility itself, but there are also concerns that go beyond the facility and are related to the surrounding area. When hosting a network operations center there are many physical secure concerns to take into account. Ensuring the physical security of the facility and networking equipment aids in ensuring the data that is being monitored and housed inside the NOC is secured.

References
1. (2001, May 11th). T1/E1/PRI Technology Overview. Retrieved February 7, 2009, from Patton Electronics Co. Web site: [URL Removed Broken link]
2. Bogue, Robert (2003, August 11th). Lock IT Down: Don’t overlook physical security on your network. Retrieved February 7, 2009, from Lock IT Down: Don’t overlook physical security on your network Web site: http://articles.techrepublic.com.com/5100-10878_11-5054057.html

Love Making

The Italian says, “When I’ve a finished a makina da love withna my wife, I go down and gently tickle the back of her knees, she floats 6 inches above a da bed in ecstasy.”

The Frenchman replies, zat is noting, “When Ah’ve finished making ze love with ze wife, Ah kiss all ze way¬† down her body, and zen Ah lick za soles of her feet wiz mah tongue, and she floats 12 inches above ze bed in pure ecstasy.”

The redneck says, that aint nothing. ” When I’ve finished porkin the ole lady, I git out of bed, walk over to the winder and wipe my weener on the curtains. She hits the freakin’ ceiling.”

Single vs. Engaged vs. Married

Sipping her drink, the single girl leered and said, “Last Friday at the end of the work day I went to my boyfriend’s office wearing a leather coat. When all the other people had left, I slipped out of it and all I had on was a leather bodice, black stockings and stiletto heels. He was so aroused that we made passionate love on his desk right then and there!”

The engaged woman giggled and said, “That’s pretty much my story! When my fianc√© got home last Friday, he found me waiting for him in a black mask, leather bodice, black hose and stiletto pumps. He was so turned on that we not only had sex all night, he wants to move up our wedding date!”

The married woman put her glass down and said, “I did a lot of planning. I made arrangements for the kids to stay over at Grandma’s. I took a long scented-oil bath and then put on my best perfume. I slipped into a tight leather bodice, a black garter belt, black stockings and six-inch stilettos. I finished it off with a black mask.

When my husband got home from work, he grabbed a beer and the remote, sat down and yelled, “Hey Batman, what’s for dinner?”

Most Romantic First Line, But least Romantic Second Line

These are entries to a competition asking for a rhyme with the most romantic first line but least romantic second line:

Love may be beautiful, love may be bliss
but I only slept with you, because I was pissed.

I thought that I could love no other
Until, that is, I met your brother.

Roses are red, violets are blue, sugar is sweet, and so are you.
But the roses are wilting, the violets are dead, the sugar bowl’s empty and so is your head.

Of loving beauty you float with grace
If only you could hide your face.

Kind, intelligent, loving and hot
This describes everything you are not.

I want to feel your sweet embrace
But don’t take that paper bag off of your face.

I love your smile, your face, and your eyes
Damn, I’m good at telling lies!

My darling, my lover, my beautiful wife:
Marrying you screwed up my life.

I see your face when I am dreaming
That’s why I always wake up screaming.

My love you take my breath away
What have you stepped in to smell this way?

What inspired this amorous rhyme?
Two parts vodka, one part lime.

Hardening OS X

[Abstract]
The purpose of this document is to provide a basic understanding of operating systems and vulnerabilities with hardening practices for ensuring Apple’s operating system OS X is secured. Also included within this document are methods for ensuring that a web server is secured.

[Content]
“Every Mac is secure right out of the box,” thanks to the proven foundation of Mac OS X (Apple Inc., 2009). Although this statement is true in the aspect that you physically have control of your Mac and that it hasn’t yet been configured to go onto a network, this doesn’t mean that the system should be ran without first securing the system, simply because Apple Inc. says that it is more secure. When a new computer is purchased or a computer has an operating system newly installed onto it, the computer may need additional configurations in order to protect the system from potential threats. There are steps that should be taken to protect or make the computer more secure prior to ever start leisurely using the system.

Apple has made a valiant effort to make their operating system more secure for the standard user to use with confidence straight after purchasing or installing Apple‚Äôs operating system OS X, however there are still additional steps that should be taken to harden the system prior to casual or business use. One of the initial steps to ensuring that OS X is more secure is to configure the system with individual user account for all individuals who will be using the system. This means that there are no shared accounts for all users to use and nobody should be logged in as the administrator, otherwise known as root. All user accounts should be using strong passwords that meet or exceed the minimum strong password requirements. The next step to ensuring the user accounts have an additional layer of security is to go into the system preferences and turn on FileVault‚ for all the user accounts. Apple’s FileVault uses a 256-bit AES encryption to encrypt the users home directory (Apple Inc., 2007). Once the user accounts are properly configured it is important to start locking the system down. To lock the system down it is important to ensure the firewall is enabled. The next step should be to turn on the automatic updates and then to run the update to ensure all the latest patches have been applied. After the security updates have been applied it is instrumental to the system security to ensure any unused or any unneeded services are turned off. Properly configured user accounts and operating system add different layers to security of the system.

After the system security configurations are made it is a good idea to start locking down the applications. One of the biggest vulnerabilities happens when a user is surfing the Internet and downloads applications. Some of the security configurations can be applied to Apple‚Äôs web browser known as Safari. First it is important to ensure Safari is configured to block pop-up windows. The next step to securing Safari is to turn OFF “Open ‘Safe’ Files After Downloading.” Another good step to that is nice, but not a necessity is to use Safari’s Private Browsing whenever possible. In the event a system is authorized to run a service, such as a web service, it is important to ensure that service is properly secured. One method to ensuring a service is secured is to ensure the latest version of the web server is being used and any security updates have been applied. For example it may be a good idea to run the service under a wheel or system account as opposed to running it under a user account. Next it is important to configure the users of that service have the proper permissions. The next step to locking down a service is to adjust any file permissions so that only authorized users can access or modify files. After any configuration changes have been made to the different applications on the system it may be necessary to install 3rd party applications, such as antivirus software to further add additional security. Application security may need to be applied to any and all applications on a particular system, but that may depend on the system and its uses.

The final step that is going to be mentioned should be the first step to ensuring any system is more secure is to ensure all users are properly trained on the system and are aware of any acceptable use policies that may be put in place to aid is securing devices on a network. No matter what configurations that may have been made, software that is in place, one of the biggest threats to a system is a user of the system. This means that users shouldn’t be allowed to readily go out and visit Warez sites or other known threatening websites. Users should also be aware that downloading and installing software applications from the Internet could compromise security to that system. In the event that a user is a minor, it may be necessary for an adult to use parental controls as well as monitoring the minor while they use the system. A properly trained user can aid in ensuring a system is more secure and remains secure.

In conclusion, properly configuring user accounts, system configurations, application configurations, and installing any 3rd party applications will provide a layered approach to hardening a system. Even after a system is properly configured it is important to ensure all users of that system are trained or monitored. After all configurations and training have been completed, it is then acceptable to connect the system to a properly configured and secured network for use.

References
Apple, Inc. (2009). Apple – Mac OS X Leopard – Technology – Security. Retrieved January 31st, 2009, from Apple – Mac OS X Leopard – Technology – Security Web site: http://www.apple.com/macosx/technology/security.html
Apple, Inc. (2007, November). Keeping safety simple.. Mac OS X Security , Retrieved January 31st, 2008, from [URL Removed Broken link]

Michigan: Summer’s Almost Here


Summer’s almost here in Michigan…we can now see the deer moving around. Yep, won’t be long.

The Birds and the Bee’s and Jewelry?

The Michigan Wife

Three men were sitting together bragging about how they had given their new wives duties. The first man had married a woman from Ohio and had told her that she was going to do the dishes and house cleaning. It took a couple of days, but on the third day he came home to see a clean house and dishes washed and put away.

The second man had married a woman from Illinois. He had given his wife orders that she was to do all the cleaning, dishes, and the cooking. The first day he didn’t see any results but the next day he saw it was better. By the third day, he saw his house was clean the dishes were done, and there was a huge dinner on the table.

The third man had married a beautiful girl from Michigan. He told her that her duties were to keep the house cleaned, dishes washed, lawn mowed, laundry washed, and hot meals on the table for every meal. He said the first day he didn’t see anything, the second day he didn’t see anything but by the third day some of the swelling had gone down and he could see a little out of his left eye enough to fix himself a sandwich and load the dishwasher.

Disposition of Sensitive Information

[Abstract]
The purpose of this document is to provide a summary of the article entitled “Disposition Of Sensitive Automated Information” as the author understands this article. Also included within this document is an explanation of how disk encryption can help to protect the information on that disk in the event it was lost or stolen.

[Content]
The article entitled “Disposition Of Sensitive Automated Information” identifies methods that should be used by businesses, government, and even the military for ensuring their information is safely removed from different types of media. There are three different techniques that are identified in different publications that the article talked about ensuring there is no information or remnants of information remaining on a disk. The three methods are overwriting, degaussing, destruction. Overwriting would consist of using an NSA approved software application, such as BCWipe (Jetico, 2008), to write 1‚Äôs and 0‚Äôs over a disk seven times to ensure that the information on the disk could not be retrieved. The overwriting method should be used on operations media in an instance where the media may need to be reused again. The degaussing method should be used by an NSA approved degasser and this method will magnetically or electronically destroy a piece of media so that no information can be retrieved. This method should be used on a piece of media that may contain information, but the media itself is non-operational. The final method of destruction provides specifications of how media should be properly disposed of. The article “Disposition Of Sensitive Automated Information” identifies methods that should be used to properly ensure data is unrecoverable from media.

There are instances where data on a form of electronic media needs to be protected in the event that it falls into an unauthorized individuals possession. Disk encryption can help to ensure information is being protected from unauthorized access, however encryption is not the solution, but rather a technique for helping to protect data (TecSec, 2006). By simply encrypting the information on a disk cannot protect that information forever. Time is any type of encryptions’ number one enemy, as it takes time before an encryption algorithm can be cracked. Once the algorithm is cracked then access to the protected information can be gained. One of the best uses of using the disk encryption method for protecting data is when travelling, either domestically or internationally. Another good instance of proper use of this technique is in the event you have to relinquish physical control of a piece of media or when you may not be physically present to ensure that media is secure. The use of encryption to secure physical media will help protect the information on that media in the event the media should fall into the wrong hands.

References
1. Jetico – Products. Retrieved January 25, 2009, from Jetico – Products Web site: [URL Removed Broken link]
2. TecSec, (2006, January). Tactical Military Encryption in a Multinational Environment. Retrieved January 25, 2009, from Tactical Military Encryption in a Multinational Environment Web site: [URL Removed Broken link]

Saving a Life

There is an ongoing research study showing that the following photos have been taken to identify major causes of traffic accidents.

I’m applying for a government grant to study this problem further. Wish me luck. “If it only saves one life…”

Significant Failures

Wine vs. Water

To my friends who enjoy a glass of wine… and those who don’t:

As Ben Franklin said: In wine there is wisdom, in beer there is freedom, in water there is bacteria.

In a number of carefully controlled trials, scientists have demonstrated that if we drink 1 liter of water each day, at the end of the year we would have absorbed more than 1 kilo of Escherichia coli, (E. coli) – bacteria found in feces. In other words, we are consuming 1 kilo of poop.

However, we do NOT run that risk when drinking wine & beer (or tequila, rum, whiskey or other liquor) because alcohol has to go through a purification process of boiling, filtering and/or fermenting.

Remember:
Water = Poop
Wine = Health

Therefore, it’s better to drink wine and talk stupid, than to drink water and be full of shit. There is no need to thank me for this valuable information: I’m doing it as a public service.

Spanish Words of the Day

1. Cheese
The teacher told Pepito to use the word cheese in a sentence. Pepito Replies: “Maria likes me, but cheese fat.”
2. Mushroom
When all of my family get in the car, there’s not mushroom.
3. Shoulder
My fren wanted to become a citizen but she didn’t know how to read so I shoulder.
4. Texas
My fren always texas me when I’m not home wondering where I’m at!
5. Herpes
Me and my fren ordered pizza. I got my piece and she got herpes.
6. July
Ju told me ju were going to that store and july to me! “Julyer!”
7. Rectum
I had 2 cars but my wife rectum!
8. Juarez
One day my gramma slapped me and I said, “Juarez your problem?”
9. Chicken
I was going to go to the store with my wife but chicken go herself.
10. Wheelchair
We only have one enchalada left, but don’t worry, wheelchair.
11. Chicken wing
My wife plays the lottery so chicken wing.
12. Harassment
My wife caught me in bed with another women and I told her, “Honey, harassment nothing to me.”
13. Bishop
My wife fell down the stairs, so I had to pick the bishop.
14. Body wash
I want to go to the club but no body wash my kids.
15. Green Pink Yellow
When the phone green, I pink it up, and say, “Yellow?”

Definition of “Surprise”

surprise

Seattle, Washington

I’m in Seattle, Washington for a few days on a business trip. While here I decided to go take a look at the fish market and the space needle. Here are a couple photos I took of those places.
thekumachan_Seattle_Washington_USA-1thekumachan_Seattle_Washington_USA-2

Oil Change Instructions

Oil Change instructions for Women:
1.) Drive into Ultra Tune when the odometer reaches 10,000 kilometres since the last oil change.
2.) Drink a cup of coffee , read free paper.
3.) 15 minutes later, write a cheque and leave with a properly maintained vehicle.
Money spent:
Oil Change: $40.00
Coffee: $2.00
Total: $42.00

Oil Change instructions for Men:
1.) Wait until Saturday, drive to auto parts store and buy a case of oil, filter, kitty litter, hand cleaner and a scented tree, write a cheque for $50.00.
2.) Stop by the Bottle Shop and buy a slab of beer, write a cheque for $40, drive home..
3.) Open a beer and drink it.
4.) Jack car up. Spend 30 minutes looking for jack stands.
5.) Find jack stands under caravan.
6.) In frustration, open another beer and drink it.
7.) Place drain pan under engine.
8.) Look for 9/16 box end wrench.
9.) Give up and use crescent wrench.
10.) Unscrew drain plug.
11.) Drop drain plug in pan of hot oil: splash hot oil on you in process. Curse and swear.
12.) Crawl out from under car to wipe hot oil off face and arms. Throw kitty litter on spilled oil.
13.) Have another beer while watching oil drain.
14.) Spend 30 minutes looking for oil filter wrench.
15.) Give up; crawl under car and hammer a screwdriver through oil filter and twist off.
16.) Crawl out from under car with dripping oil filter splashing oil everywhere from holes. Cleverly, hide old oil filter among rubbish in wheely bin to avoid environmental penalties. Drink a beer.
17.) Install new oil filter making sure to apply a thin coat of oil to gasket surface.
18.) Dump first litre of fresh oil into engine.
19.) Remember drain plug from step 11.
20.) Hurry to find drain plug in drain pan.
21.) Drink beer.
22.) Discover that first litre of fresh oil is now on the floor. Throw kitty litter on oil spill.
23.) Get drain plug back in with only a minor spill. Drink beer.
24.) Crawl under car getting kitty litter into eyes. Wipe eyes with oily rag used to clean drain plug. Slip with stupid crescent wrench tightening drain plug and bang knuckles on frame removing any excess skin between knuckles and frame.
25.) Begin swearing fit.
26.) Throw stupid crescent wrench.
27.) Swear for additional 5 minutes because wrench hit bowling trophy.
28.) Beer.
29.) Cleanup hands and bandage as required to stop blood flow.
30.) Beer.
31.) Dump in five fresh litres of oil.
32.) Beer.
33.) Lower car from jack stands.
34.) Move car back to apply more kitty litter to fresh oil spilled during any missed steps.
35.) Beer.
36.) Test drive car.
37.) Get pulled over: arrested for driving under the influence.
38.) Car is impounded.
39.) Call loving wife, make bail.
40.) 12 hours later, get car from impound yard.
Money spent:
Parts: $50.00
DUI: $2400.00
Impound fee: $75.00
Bail: $1500.00
Beer: $40.00
Total: $4,085.00
But you know the job was done right!

Financial Institutions Handle Privacy

[Abstract]
The purpose of this document is to analyze why many financial institutions assess privacy as a compliance issue as opposed to a risk management issue. Included within this document are two different current regulations to help consumers protect their privacy. Also included within this document is an example of the primary causes of network threats to an individual’s privacy. An assessment of organizations or governments should do to prevent these threats is included. Finally, a difficult single privacy threat is identified and a proposal to how organizations can counter it.

[Content]
Many financial institutions view safeguarding personal information as a compliance issue as opposed to a risk management issue. Government regulations, like the Gramm-Leach-Bliley Act, dictate how financial institutions safeguard consumer’s private information (Board of Governors of the Federal Reserve System, 2002). Many federal regulations do not supersede state laws, but rather work in conjunction with them. Financial institutions have strict directives from both state and federal levels of government that they have to adhere to when handing consumer’s nonpublic information. The structured human activities that follow how uncertainty towards a threat is managed are exactly what risk management is. Risk management is a slower process that may require more personnel or resources. In the business world time is money so many companies may take a government compliance approach as opposed to a proactive risk management approach.

Two different active regulations that are currently being used to ensure personal non-public information is being safeguarded are the Gramm-Leach-Bliley Act and the Privacy Act of 1974. The Gramm-Leach-Bliley Act is meant to ensure that financial institutions do not release consumer’s personal information without notifying the consumer first. The Gramm-Leach-Bliley Act also governs how financial institutions’ handle consumer’s information and prevents financial institutions from reusing or redisplaying consumer’s information to a 3rd party (Board of Governors of the Federal Reserve System, 2002). The Privacy Act of 1974 states that no personal information in part or in whole will be released to any persons or organizations without written consent. There is an exception to the Privacy Act that states that the consensus bureau can use personal information for statistical uses, routine government uses within an agency, law enforcement purposes, and other administrative purposes are all allowable uses of personal information without consent (United States Department of Justice, 2003). The Gramm-Leach-Bliley Act and the Privacy Act of 1974 have been put in place to protect people or consumers from having their information disseminated intentionally or unintentionally by unauthorized people or organizations.

The primary cause of network threats, as they pertain to privacy, ironically does not come from the network, but rather is a human error from improper configuration of devices. A major privacy concern for users on any network is ensuring that only authorized personnel have access to private or personal information. Improper configuration of a user account or a group account can unintentionally give unauthorized users access to personal information. Improperly configured file permissions can give unauthorized access to private information. Improper configuration of networking devices, both wired or wireless, can allow unauthorized hosts on a network in which they can gain access to nonpublic information. Firewalls that are not properly configured can allow unauthorized access to network resources and information from threats that reside on different networks. System and network administrators making improper configurations of hosts or devices on a network poses a primary cause of network threats.

Organizations and governments can ensure the primary cause of network threats are minimized by ensuring accountability. In order to ensure accountability organizations or governments need to first put a policy in place to ensure everybody is aware that they are responsible for their actions and misconfigurations are not acceptable. Next organizations and governments should ensure all necessary personnel are properly trained. Organizations or governments can ensure accountability by withholding access to computer system log files and periodically reviewing the files to ensure all policies and procedures are being met. Log files should also be reviewed for any and all networking devices like routers or switches. Finally when an incident is found and traced back to an individual, that individual needs to be held accountable by either being terminated or handed over to the proper authorities based upon the severity of the incident.

One of the most difficult privacy threats that exists, is how others who are not in your control handle your private information, however there are ways to minimize the risk. Working with only trusted people, organizations, or governments ensures that private information is going to be handled in the correct manner. In the event that an e-mail that contains private information is sent to a 3rd party, encrypting or digitally signing the e-mail ensures that only authorized access is granted to that information. Maintaining physical control of any computers or digital media ensures no unauthorized access is allowed. In the event that physical control cannot be maintained, digitally encrypting private information on that computer or digital media can help ensure only authorized access is allowed to that information. Something as simple as securing any documentation, media, or computers can keep private data out of the reach of 3rd party people, like janitors, who may have access to an office, but do not need access to the information. By working with trusted sources, securing any and all private data, and ensuring encryption is being used on physical or electronic media are ways that companies or governments can counter privacy threats.

References
1. (2002, June). Small-Entity Compliance Guide. Regulation P: Privacy of Consumer Financial Information, Retrieved January 7th, 2008, from http://www.federalreserve.gov/regulations/cg/reg_p_cg.pdf
2. (2003, September 26th). THE PRIVACY ACT OF 1974, 5 U.S.C. ¬ß 552a — As Amended. Retrieved January 7, 2009, from THE PRIVACY ACT OF 1974, 5 U.S.C. ¬ß 552a — As Amended Web site: [URL Removed Broken link]

Top Seven Idiots of 2008

Number One Idiot of 2008

I am a medical student currently doing a rotation in toxicology at the poison control center. Today, this woman called in very upset because she caught her little daughter eating ants. I quickly reassured her that the ants are not harmful and there would be no need to bring her daughter into the hospital. She calmed down and at the end of the conversation happened to mention that she gave her daughter some ant poison to eat in order to kill the ants.
I told her that she better bring her daughter in to the emergency room right away.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Number Two Idiot of 2008

Early this year, some Boeing employees on the airfield decided to steal a life raft from one of the 747s. They were successful in getting it out of the plane and home. Shortly after they took it for a float on the river, they noticed a Coast Guard helicopter coming toward them. It turned out that the chopper was homing in on the emergency locater beacon that activated when the raft was inflated. They are no longer employed at Boeing.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Number Three Idiot of 2008

A man, wanting to rob a downtown Bank of America, walked into the Branch and wrote this, ‘Put all your muny in this bag.’ While standing in line, waiting to give his note to the teller, he began to worry that someone had seen him write the note and might call the police before he reached the teller’s window. So he left the Bank of America and crossed the street to the Wells Fargo Bank. After waiting a few minutes in line, he handed his note to the Wells Fargo teller. She read it and, surmising from his spelling errors that he wasn’t the brightest light in the harbor, told him that she could not accept his stickup note because it was written on a Bank of America deposit slip and that he would either have to fill out a Wells Fargo deposit slip or go back to Bank of America.
Looking somewhat defeated, the man said, ‘OK’ and left. He was arrested a few minutes later, as he was waiting in line back at Bank of America.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Number Four Idiot of 2008

A guy walked into a little corner store with a shotgun and demanded all of the cash from the cash drawer. After the cashier put the cash in a bag, the robber saw a bottle of Scotch that he wanted behind the counter on the shelf. He told the cashier to put it in the bag as well, but the cashier refused and said, ‘Because I don’t believe you are over 21.’ The robber said he was, but the clerk still refused to give it to him because she didn’t believe him. At this point, the robber took his driver’s license out of his wallet and gave it to the clerk.
The clerk looked it over and agreed that the man was in fact over 21 and she put the Scotch in the bag. The robber then ran from the store with his loot. The cashier promptly called the police and gave the name and address of the robber that he got off the license. They arrested the robber two hours later.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Idiot Number Five of 2008

A pair of Michigan robbers entered a record shop nervously waving revolvers.
The first one shouted, ‘Nobody move!’ When his partner moved, the startled first bandit shot him.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Idiot Number Six of 2008

Arkansas : Seems this guy wanted some beer pretty badly. He decided that he’d just throw a cinder block through a liquor store window, grab some booze, and run.
So he lifted the cinder block and heaved it over his head at the window. The cinder block bounced back knocking him unconscious. It seems the liquor store window was made of Plexi-Glass. The whole event was caught on videotape.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Idiot Number Seven of 2008

I live in a semi-rural area ( Weyauwega , Wisconsin ). We recently had a new neighbor call the local township administrative office to request the removal of the Deer Crossing sign on our road.
The reason: ‘Too many deer are being hit by cars out here! – I don’t think this is a good place for them to be crossing anymore.’

Gotemba Premium Outlets

Today I wanted to drive over toward Mount Fuji to see what it was looking like at this time of year. On the way over there I happened to notice some premium outlet stores at Gotemba and it looked like a good place to stop and look around. The outlet stores must be pretty popular because they were packed and there was busloads of people that kept arriving. I decided to walk around and look at the outlet stores. I went into a G-Shock store, but their selection of G-Shock watches was terrible. I asked them if they had any solar powered G-shock watches and they showed me this selection that looked like some cheap 3 dollar watches that had the name G-Shock stamped onto them. I literally wouldn’t have paid more than $5.00 for one of those watches, but they were charing about $100. I went into the Oakley store to see what they had to offer. They had a bunch of snow boarding clothes, backpacks, and of course sunglasses, but the problem was with the clothes that they were all Japanese sizes. Good luck trying to find any large clothes in Japan. I ended up walking through some other stores, but the one thing I noticed is that they had very limited selection of items on the floor and the prices were crazy. I guess I’m going to be stuck doing my clothes shopping online or wait until I can go somewhere else.

Photos of Drive on the Tomei Express from Kanagawa to Shizuoka Prefecture

Took a drive on the Tomei expressway from Kanagawa Prefecture to Shizuoka Prefecture. Here are some photos I took along the way. If you look you can see Mount Fuji in some of the photos.

thekumachan_Japan-1thekumachan_Japan-2thekumachan_Japan-3thekumachan_Japan-4thekumachan_Japan-5thekumachan_Japan-6thekumachan_Japan-7thekumachan_Japan-8thekumachan_Japan-9

Happy New Year!

This year for New Year’s Eve, I decided to go to Shibuya, Tokyo. I went to a dance club called Womb. On the way to club Womb I passed a couple other clubs and there were lines out the door. This club seemed as though it was more low key as there was a door man and no sign out front. Once inside the club it cost 5,000 Yen per person, then another 500 yen for them to store the items you have and then 500 yen per drink. Once I got through the door, there was about 30 minutes before midnight, and I went into this small room. While waiting in line for a drink I started talking to another person and I asked them if this was the whole club. He said no it wasn’t and to go upstairs. So I decided to fight through all the people trying to get into the front door to head for the stairs. Once I got upstairs this place was packed with people. The room had a couple DJ’s on one side of the room with a huge disco ball hanging from the ceiling and a bar in the back of the room and laser lights projecting onto a huge screen the exact time it was until the countdown began. Everywhere between there were people packed so tight that when the crowd moved, everybody in the room moved. I stayed in this room until the turn of the new year, probably because it was so tight in there that I couldn’t move, then I decided to go upstairs to see what else this club had to offer. There were a couple more rooms with Hi-NRG techno music playing, but it wasn’t long that I got sick of being stuck in the crowd. I ended up leaving there and going to a more low key bar and stayed in there until about 6 A.M. It was a fun night and definitely a cool experience, but I was amazed that there wasn’t more people passing out and needing to be rushed to the hospital.

Atlanta Burger King Sign

Proof that the Atlanta city school system works! This is an actual picture of a Burger King in Atlanta.


Merry Christmas from DJ Dave 3D Ward

Letter To Santa

Dear Santa,
Please send me a baby brother.

Santa wrote back: “Send me your mother…”

Perfect Christmas Present for Men

Christmas lights

After several weeks of nagging from my dear wife I finally put up the Christmas Lights. I mean she would not let up! It’s a good thing I love her!

A Heartwarming Story

A small boy was lost at a large shopping mall. He approached a uniformed policeman and said, “I’ve lost my grandpa!”

‘The cop asked, ‘What’s he like?’

The little boy hesitated for a moment and then replied, “Crown Royal whiskey and women with big tits.”

When a Deer Comes Knocking


Who is knocking at my back door? I’m not sure who the source is, but interesting nonetheless.

Tokyo Tower

Went to Roppongi today to check out the Tokyo tower and enjoy a panoramic view of Tokyo. The weather wasn’t the most clear, but it was still good. I could see Rainbow bridge, Fuji television in Odaiba, and other parts of the city. Here are the photos I took during this adventure.

thekumachan_Tokyo_tower_Japan-1thekumachan_Tokyo_tower_Japan-2thekumachan_Tokyo_tower_Japan-3thekumachan_Tokyo_tower_Japan-4thekumachan_Tokyo_tower_Japan-5thekumachan_Tokyo_tower_Japan-6thekumachan_Tokyo_tower_Japan-7thekumachan_Tokyo_tower_Japan-8thekumachan_Tokyo_tower_Japan-9thekumachan_Tokyo_tower_Japan-10thekumachan_Tokyo_tower_Japan-11thekumachan_Tokyo_tower_Japan-12thekumachan_Tokyo_tower_Japan-13

Retired Sailor

An old retired sailor puts on his old uniform and heads to the docks once more for old times’ sake. He engages a prostitute and takes her up to a room. He’s soon going at it as well as he can for a guy his age, but needing some reassurance, he asks, “How am I doing?”

The prostitute replies, “Well old sailor, you’re doing about 3 knots.”

Three knots he asks, “What’s that supposed to mean?”

She says, “You’re knot hard, you’re knot in, and you’re knot getting your money back.”