Bright Stove

Reflecting information risk journey

Archive for November 2006

Game Park

leave a comment »

I was in Glenburn, South Africa, week before last for the 1st ISO/IEC JTC 1/SC 27/WG4 meeting. Our South African host organized a tour of the game park, cum dinner on Thursday for the evening. The game park was about 30 mins from the meeting place (Glenburn Lodge), accessed through a bumpy road. The game park is not like the amusement park we have in Singapore. No electronic game machines or coin collecting gadgets, but the real animals. It is like the Night Safari in the Singapore Zoo, but again, no fancy decorations, game shows with the handler, KFC, souvenirs store, ticketing queues, etc. Our destination for the trip seems to be to get to the restaurant that is somewhere deep in the wild park. Spotting animals (games) and stopping by to watch them and snap photos were the side shows. We did spotted a few wild life, including a buffalo and a few lions. According to the guide, the lions are not entirely wild, in that they are fed every week, once a week, and therefore need not hunt like those in the real wild. But they do keep their survival skills and able to attack and kill when threatened, or get attracted to any live meats that they think could be tasty.
Johan-2006-11-16 (22)
While watching the lions, I noticed that what they have in this game park is the opposite of what we have in the zoo. For reasons of safety, we were in kind-of “armored” vehicle, in various forms. I was in one of those that is a bigger version of a land rover. But some others were in those that look more like a van that is used for transferring life stocks between farm and the fresh meat market.
This reminds me of the kind of strategy that we are taking today in protecting information assets against the perpetrator. Instead of locking out the perpetrators, we lock up our assets with layers of controls. The worst case I’ve seen is the disabling of any functionality in a system that have a connection to the outside world, except those that can be filtered by a firewall system, making the system quite useless to the user and giving a false sense of security to some extent, as firewall filter will still allow tunneling of illegitimate application traffics into the corporate network. Just like at the Game Park, even though we are caged in our vehicle, there are still openings. And all the inconveniences rein in. You can’t get out to stretch your legs, at least not until you reach the safe area (the restaurant) which is a fenced up area, like the zoo, except that more human than animals are in there.

Written by mengchow

November 29, 2006 at 2:38 pm

Posted in Security Standards

Unusual day

leave a comment »

Today (Nov 5, 2006) is one of those unusual day. Unusual not in that everything goes wrong, but everything seems to behave/response differently. Fortunately, the unusual-ness started in the evening, and seemed to have ended now.
I was scheduled on a flight to Jakarta, and the plane (SQ166) was supposed to take off at 6.45pm. The flight was full. As usual, I was upgraded to business class — this should be treated as a norm rather than an unusual event though, since I’m a Solitaire member, and usually gets upgraded when the flight is full 🙂 But just when the doors closed, all the lights in the aircraft cabin began to blink, then the sign of a power failure, and the emergency lights were turned on. We (the passengers) waited for a few minutes then the captain announced that there was an electrical failure (he later said there were smoke detected somewhere in the cabin.)
A while later, we were asked to unboard the plane and get to the boarding area, but to leave our luggages/hand-carried items in the plane. We all obliged, and slowly, but swiftly, got out of the plane. As a precaution, I brought along my passport, but left the rest of my stuff in the plane. On hindsight, I should have brought out my entire hand-carried bag. Somehow, at that moment, the captain gave the impression that it was only a small matter. We waited for more than 20 minutes, then there were annoucement that the inspection was on, but the onward arrangement was unclear. Following which, the captain announced that we should be transferred to another plane. So everyone has to go back to the cabin, retrieve their luggages, and get to another boarding area, from gate F54 to E4, the longest distance they can find perhaps. Snacks and drinks were served at the boarding area while everyone waited to board the next plane, scheduled to take off at 9pm. I went to the business lounge for my dinner, and after all the security checks and more waiting, we were finally on board the plane.
At 9.12pm, the captain announced that the flight should be ready to take off soon, and requested everyone to switch off their mobile phone, PDA, and any electrical items they may have them turned on. I switched off my mobile phone, then recalled that I haven’t informed my wife about the new taking off time, and estimated arrival time. So I tried to turn it on again, and this time, for unknown reasons, the PIN that I entered were not acceptable. After three tries, the SIM card was blocked 😦 This is the second unusual event in the same day, showing to me (a converted) that security can be a real pain to usability. Without the unblock code, I was simply stucked. While the plane is still stuck in the airport, I was stuck in the plane and cannot make contact with anyone outside 😦 I have to continue reading "The Strategist", a book about Tom Schelling, the 2005 Nobel Prize winner, which I picked up earler. The book was handy for the event though. And it gave me new ideas for the other writing that I was working on at the same time. So, not all losses, therefore no necessarily a bad day, just unusual.
The plane finally took off at 9.45pm, and I finally arrived in the hotel at 11.45pm (Jakarta time). After settling in, I decided that this usual day deserved to be logged somewhere, and here it is.
Lessons from today? Always expect the unexpected. As what Anthony Lim put it previously in a security career session for a group of University students, "You never know." 🙂

Written by mengchow

November 5, 2006 at 5:28 pm

Posted in Travel

%d bloggers like this: