The Organized Ones

The best team members are those that I call The organized ones. or·gan·ized (ôrg-nzd) - Efficient and methodical A list of observations of some traits and activities : * Usage of folders and mailbox rules to process emails, vs an inbox with 4999 unread emails. * Searching for files on keywords using Spotlight or Windows Search vs navigation of windows in a file manager. * Using Find in Files or $grep -r “something” * or in your favorite text editor * Doesn’t duplicate documents or content all over the place - e.g. lets write this is a word doc, and copy and paste the contents to a comment on issue ticket, and then attach the word doc with the ticket, and then store the word doc in Dropbox. * Usage of 1Password, LastPass or some other password manager and don’t forget passwords. * When you browse a file tree in a directory and sub-directories - there isn’t too much ambiguity and depth. * Searching though chat history to find some that was discussed recently. * Using search (see a theme ?), for e-mails. * Just google it, open a bunch of tabs/links and read, instead of saying they don’t know, or nobody told them. * Tend to use the keyboard a lot more then their mouse, and actively research shortcuts to improve efficiency. * When talking to them getting the feeling that they haven’t confused themselves. … @dbergert

Are you prepared for a disaster ? is your payment system ?


If you looked at the news on the TV-tube or on a national news website such as today you will see that Cedar Rapids, IA is under water. This is a city not far from my home town, and I know there were a few companies that either had to “execute” their disaster recovery (DR) and business continuity (BCP) plans or are putting their businesses on hold.

When I did BCP and DR reviews as an IT Security Consultant mostly for FFIEC Bank Reviews/Assessments, as well when I led this effort at prior companies I was at - these were a few of the items of concern:

Generally the process to create a BCP plan is simple - it is the process of gathering the information, accessing the information, and keeping the information up to date and current (you do have a DR/BCP considerations in new projects and apart of your change management processes don’t you ?) is the painful bit. This shouldn’t be a once a year project that a company assigns an IT person to – it should consist of a committee that meets regularly with input from all departments.

Here are the general steps of the process:

  • Perform a business impact analysis - what would happen to the business and its customers during an disruption of business ? - What systems and processes are needed by the business and its departments to function ?
  • Perform a risk assessment / threat analysis – Flood, Fire, Loss of Power, Pandemic Bird Flu, Earthquake, Tornado/Hurricane, Bribery, Computer Attack, Loss of Communication Lines ? – what is the likely hood of this event occurring and what is its impact.
  • Develop recovery time objectives - how long can you be down or unavailable ?
  • Develop procedures for each department - Safety, Evacuation procedures, command centers, calling lists, off-site inventories, vendor lists, customer contact information, recovery teams, team members and responsibilities.
  • Test the plan - Tabletop testing based on mock scenarios, and technical recovery tests of systems are important here.
  • wash, rinse and repeat …

With Payment Processing applications the following are topics that you need to think about:

  • Batch processing, and transferring of data files. (do you have documented information and equipment and software and configurations to perform this ?)
  • Real Time Authorizations considerations
  • Communication Links to end-points and providers
  • Availability of Backup Hardware
  • Data replication strategy
  • Backups of systems
  • Ability to restore systems
  • Data Integrity concerns and potential loss of data
  • Security of Payment Card information during a disaster
  • HSM, encryption keys and key custodians
  • Reconfiguration of client systems to connect to alternate site
  • Are processes and install/setup/configurations documented so some one else other then the “go-to-guy” can perform these steps ? Because he or she is with their family because they lost or are displaced from their home.

I’m sure I can think of more considerations and you can too – but the point was to make you think – another recent event described here: at a hosting center where the hosting center was not allowed to bring up their backup generators and execute their BCP plan because of an order from the Fire Department and safety concerns.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now