,

Friday Filosophy v.11.05.2021

FRIDAY FILOSOPHY v.11.05.2021

Gautama Buddha, popularly known as the Buddha was a Sramana who lived in ancient India (c. 5th to 4th century BCE). He is regarded as the founder of the world religion of Buddhism, and revered by most Buddhist schools as a savior, the Enlightened One who rediscovered an ancient path to release clinging and craving and escape the cycle of birth and rebirth. He taught for around 45 years and built a large following, both monastic and lay. The Buddha was born into an aristocratic family in the Shakya clan but eventually renounced lay life. According to Buddhist tradition, after several years of mendicancy, meditation, and asceticism, he awakened to understand the mechanism which keeps people trapped in the cycle of rebirth. A couple of centuries after his death he came to be known by the title Buddha, which means “Awakened One” or “Enlightened One”. Gautama’s teachings were compiled by the Buddhist community in the Vinaya, his codes for monastic practice, and the Suttas, texts based on his discourses. These were passed down in Middle-Indo Aryan dialects through an oral tradition.

  • Holding on to anger is like grasping a hot coal with the intent of throwing it at someone else; you are the one who gets burned.
  • Do not dwell in the past, do not dream of the future, concentrate the mind on the present moment.
  • Health is the greatest gift, contentment the greatest wealth, faithfulness the best relationship.
  • The mind is everything. What you think you become.
  • No one saves us but ourselves. No one can and no one may. We ourselves must walk the path.
  • To keep the body in good health is a duty… otherwise we shall not be able to keep our mind strong and clear.
  • It is better to travel well than to arrive.
  • You will not be punished for your anger; you will be punished by your anger.
  • There are only two mistakes one can make along the road to truth; not going all the way, and not starting.
  • Peace comes from within. Do not seek it without.
  • To enjoy good health, to bring true happiness to one’s family, to bring peace to all, one must first discipline and control one’s own mind. If a man can control his mind he can find the way to Enlightenment, and all wisdom and virtue will naturally come to him.
  • Whatever words we utter should be chosen with care for people will hear them and be influenced by them for good or ill.
  • It is a man’s own mind, not his enemy or foe, that lures him to evil ways.
  • Just as a candle cannot burn without fire, men cannot live without a spiritual life.
  • However, many holy words you read, however many you speak, what good will they do you if you do not act on upon them?
  • To be idle is a short road to death and to be diligent is a way of life; foolish people are idle, wise people are diligent.
  • In a controversy the instant we feel anger we have already ceased striving for the truth, and have begun striving for ourselves.
  • I do not believe in a fate that falls on men however they act; but I do believe in a fate that falls on them unless they act.

The time is now.

Did you enjoy this blog? Read more great blog posts here.
For our course lists, please click here.
, ,

Cyber Security Incident Response Planning

Cyber Security Incident Response Planning

Learning Without Scars is pleased to introduce our new guest writer, Danny Slusarchuk. His first post for our blog is on Cyber Security Incident Response Planning. Danny Slusarchuk enjoys spending time with his family and being a productive member of the community. He serves on the Oklahoma Venture Forum (immediate past Chairman) and Oklahoma Innovative Technology Alliance boards. He leads the Oklahoma National Guard Defensive Cyberspace Operations Element. Danny founded Standards IT in 2012 and continues to be a managing partner at the headquarters in downtown Edmond. He has been recognized as 20 Edmond Business Leaders under 40 and was a recent Edmond’s Young Professional of the Year award recipient. Danny spoke most recently at the FBI’s Information Warfare Summit and has for 4 years running. This year he spoke at SECCON as well. He was a guest speaker for the Youth Leadership Edmond conference, 45th Field Artillery Brigade Honorable Order of Saint Barbara Dining Out. He was the keynote for Oklahoma Officer Candidate School Class 63.

Cyber Security Incident Response Planning

Let’s understand the why.

Your business is shut down for the foreseeable future and you don’t have the slightest idea how you are going to get back to the way you were operating yesterday. Your customers, employees, and even competitors know you have been hacked.  Someone in another country is extorting you for ten Bitcoin to maybe restore your precious data on their good word. To top it all off, your customers have brought a class action lawsuit against your negligent handling of their data.

Do not let that scenario play out solely on the bad actors’ terms.  It is possible to do everything right and still get hacked.  A living incident response policy and procedure accompanied by routine tabletop exercises and vulnerability assessments can be the difference between surviving and shutting your business down.

The Sans institution provided great cyber security training.  The incident response considerations in this post draw from their Global Certified Incident Handler curriculum.

Your plan should have input from all departments that require systems and data to operate.  I recommend you nest it with your cyber liability insurance policy and have it legally approved.

Now, if you were to pull out as much of the lingo as possible and boil it down to bullets here is how I would state it:

  • Identify the event (Intrusion Detection Software, Security Operations Center Notification, Individual Report, Litigation Notice) (each an “Event”)
  • Execute initial alert roster of Event and establish event timeline using “Event” document for record
  • Determine exposure (add additional resources if necessary and conclude as an IT Governance Council that the Event is contained and did not elevate to an “Incident”)
  • If Breach, exfiltration of data, or other harm is suspected to be probable elevate the Event to an Incident
  • Contact “Incident Response Legal Team” and “Cyber Forensics Team” (both appointed by the IT Governance Council)
  • Use IT Governance Council, Legal Team, and Cyber Forensics Team as Incident Response Council and establish Cyber Forensics Team as Incident Response Manager of the Council
  • Add additional technical resources, if needed, to manage the technical aspect of the Cyber Forensics effort and cyber defense
  • Track all time, keep running estimates of time and hardware required to maintain operations during the Incident Response
  • Add Crisis Public Relations Firm to the Council for internal and external talking points and press releases, if needed
  • Use cyber forensic evidence in court or to settle lawsuit and to submit claims to the insurance carrier
  • Notify customers and any injured parties, if necessary, pursuant to regulatory requirements
  • File incident with the FBI Cyber Crimes Complaint center, if appropriate
  • Complete “Incident Response” document(s) for record
  • Add technical controls to Cyber Security Risk Mitigation Matrix
  • Conduct an after-incident review with key personnel and distribute the IR for Record documentation

That was high level steps, and each has significance.  Overall, the concept is to prepare, identify, contain, eradicate, recover, and realized lessons learned.  The steps also include adding one-time resources like forensics and crisis public relations.

In future posts I will explore specific sections covered in greater detail that will help educate the reasoning behind the order and specific terminology.  Cyber liability insurance is only good if it pays out when you need it for example.  Yes, there are some gotchas in choosing your protection.

References: https://www.sans.org/cyber-security-courses/hacker-techniques-incident-handling/

Did you enjoy this blog? Read more great blog posts here.
For our course lists, please click here.
, ,

Why Lean Manufacturing Doesn’t Work Today

Why “Lean Manufacturing Doesn’t Work Today”

Guest writer Bruce Baker shares with us the reasons why lean manufacturing doesn’t work today: the reasons are not exactly what you might think…

Whether you own a bookkeeping business, cabinet-making business or legal practice, all businesses are made up of routines, which rely on consistent, one-at-a-time processes. Everything we do that keeps society “together” relies on repeatable activities. Whether it’s brushing our teeth, getting dressed or eating breakfast, all rely on repeatable processes.

For those who are not aware of the practice of Lean, allow me to provide you with a brief history and definition. Lean is the concept of efficient manufacturing/operations that grew out of the Toyota Production System in the middle of the 20th century. It is based on the philosophy of defining value from the customer’s viewpoint and continually improving how value is delivered by eliminating every use of wasteful resources, or that does not contribute to the value goal. In short, taking things one step at a time is the make or break of business and general success in life.

Many have heard before… “take it down a notch…one thing at a time”. Several months ago, I wrote a short article called “Your Interpretation of Time,” where I stressed the importance of how reactive we have become as a society, including business. Our interpretation of time today is drastically shorter, and the general consequences of failure, impressively higher and more extreme than before. This inevitably leads to reactive, narrow, and short-term decision-making. Albert Einstein once said, “When you are courting a nice girl, an hour seems like a second. When you sit on a red-hot cinder, a second seems like an hour. That’s relativity.”

My bold statement of “…Lean doesn’t work today” is not that the practice and methodology are ineffective; on the contrary. Lean is applicable in every industry and every business and mentioned in the beginning of this article, in your personal life. The practice and adoption of Lean are fantastic when a business and its people adopt this “way of business life.”

A challenge we are all presented with is that if we adopt Lean as a practice, we need to accept that our reactional, short-term, and high-crisis manner of thinking will always stop us from adopting practices like Lean.

Building and growing a business is never easy emotionally, but requires a strict set of routines and processes, and each process must be executed effectively. This can only happen if each process performs effectively in an individual manner parallel to its fellow processes. This requirement is not limited to the business world but the very nature of our world, yet we insist on a short-term, high-crisis manner of thinking.

As I write this article, I sit in a Lean manufacturing training session with Quantum Lean. Lynn (the Lean instructor) mentioned that adopting Lean “takes time” and that “people do not like to change”. Although I completely agree with Lynn, people resist change primarily because they fear the unknown. Statements like “I don’t see the reason to change,” “I don’t have time to wait for them”, “I have so many problems to deal with, I don’t know where to start” or finally, “Oh, I’ll add this to my list of problems I have to solve…I don’t have time to deal with little issues like this now!”

In conclusion, if you have or are anticipating implementing Lean in your business, remember this. It all starts with the leader of the business. If the leader does not make this mind shift, the rest of the team will not make the shift either. Lean is not another tool or method. It is a change in the state of mind and subsequently changing the business’s culture from fighting fires to experiencing the inherent joy of work and life in general.

As a wise mentor of mine once said, “one step at a time, grasshopper….”

Did you enjoy this blog? Read more great blog posts here.
For our course lists, please click here.