April 24, 2007

Seminars...

I went to an all day seminar today. Left the house at 7am and returned at 6pm so it was a long day of listening. After returning home, I cleaned up my emails, threw together some dinner, beloved husband and I cleaned up the kitchen, we went for a walk, wrote my 24 post, and now I just have one more post I want to write.

This is the second seminar I've attended in the last month. Both of them have to do with Computer Security. Naturally different specifics, but falling under that umbrella.

Today's class was fun, the man presenting was enthusiastic and interesting. He encouraged quite a bit of interaction among the attendees (which was a good thing in this case - it doesn't always work). But there is one thing about both of these seminars, presented by vastly different people, that I'm finding to be very irritating.

Neither of the 2 presenters have any solid idea of the laws surrounding the areas they are talking about. In other words, they are presenting the mechanics of what you have to do to achieve a certain result in their area of expertise, but they have no idea what the law says you have to do to be in compliance. None!

Unfortunately, with the various data privacy acts, Sarbanes-Oxley, Gramm-Leach-Blighly, among others, computer security is having lots of laws waved around and everyone is confused... including those who are teaching classes and who I expect should have a passing idea of the basic law in regard to their specialty. Perhaps I'm expecting too much.

During the course of these seminars many people throw out many of their own views on what they believe is the law. And even then, you seldom get consensus among the group. For that matter the teachers admit they don't know the laws and say "anyone know what the law is in regard to this?" Sorry - but that type of sloppiness makes me want to scream!

While I thought today's presentation had some very useful information, I'm beginning to get ticked off that these people don't find a lawyer, pin them down, and get some general answers. Things like "financial industries must keep certain types of records for such-and-such amount of time". OR "ISP's must keep log files for "this" amount of time."

Many of the people attending, work for companies that have a legal staff. They are able to check these things with their legal department... I can't do that. So, I have half-baked information from whatever anyone threw out there. Naturally, I don't consider that to be definitive.

The problem is, I don't even know where to look for answers to these things. Maybe I should go to law school... cause I'm about to the point where I don't want to attend a seminar unless they have a lawyer show up who can give us some real answers and not just guesses.

It's not quite a waste of time, but it is annoying.

Posted by: Teresa in Education at 06:15 PM | Comments (2) | Add Comment
Post contains 501 words, total size 3 kb.

1 The lack of understanding of the legal requirements for compliance is one of my key sources of workplace amusement, Teresa. My employer has no clue what's what so they chose the "smart route": they simply hire auditors as in advance of the real audit. These pre-audit auditors are there to advise the company on the proper hoops through which we must jump. The fact that the various auditors aren't in agreement on what's required for actual compliance with the law...well, that's comfortably ignored. As is the fact that we've essentially allowed these auditors the opportunity to milk us for whatever services they wish to sell...

Suit #1: "Does anyone know if we need to install lightning rods?"

Suit #2: "I dunno."

Suit #3: "Hey, let's ask a lightning rod salesman!"

Suits #1 & #2: "Great idea!"

Idiots.

Posted by: zonker at April 25, 2007 05:59 AM (PrUNH)

2 "I expect should have a passing idea of the basic law in regard to their specialty. Perhaps I'm expecting too much."

Wow, I agree. The problem is those that deal with the technology side of these laws have no head for the legal details and those with the legal knowledge have no head for the tech stuff. That's where people like me come in. My job is to bridge their worlds together. In other words, I track the multitude of legislative bills through various bodies (congress and all 50 state houses & assemblies) witht the help of outside consultants to ensure we know what's out there, what's being proposed and where those proposals are in the pipeline. I then send these updates and newly implemented rules (as they occur) to my wonderful counterparts on both the tech & legal side so they both understand and are in compliance.

You see it takes a team to do this because each state has it's own added rules to SOX & GLB, although those law reign supreme. For example, I spent today reading updates to 16 different California bills (in the House & Senate one of which was 100 pgs long) that are amending rules slightly for business doc retention and security regs. And believe me when I say, that was just icing. NY has a ton of bills which I need to read tomorrow for a 3pm teleconference, impacting what docs/info we need to keep, in which format and for how long. My eyes are twitching right now from all the reading I did today.

Thats' part of the reason why I've not been doing much blogging. On the plus side. I'll be able to start sending you copies of bills (once they have been enacted) in specific areas and from specific states if you provide me with that. I have a ton of these at my fingertips. However, I"ll have to do that once Congress adjourns for a couple of weeks around memorial day or after 7/4, Depending on what's going on legislatively.

Well, I"m going back to bed, this migrain is not improving and the auras are starting, so I know they'll be getting worse.

Posted by: m at April 26, 2007 04:28 PM (/Jeuk)

Hide Comments | Add Comment






20kb generated in 0.07 seconds; 71 queries returned 133 records.
Powered by Minx 1.1.4-pink.

Search Thingy



Follow teresahummel on Twitter

My Posterous Site
Technicalities To Go

My Photos At SmugMug

Words to Live By
drink_coffee_2.jpg


It Still Gets the Hits
Via Blackfive
Afghan Hooker Pics

Ye Olde Blogge Rolle

Recent Comments

  • Peter I'm wondering how this missile shield is aimed at Russia. Aren't we planning on only ten shots in th... entry
  • Teresa Freaking out? No, not til they start something. I'm watching - sometimes with disgust other time (l... entry
  • pam I'm caught halfway between freaking out and not wanting to know anything about it. entry
  • Mrs. Who About damn time! entry
  • Erica Good riddance to the sh!thead hippie. Kinda reminds me of another socialist radical tw@t. These p... entry
  • David M Trackbacked by The Thunder Run - Web Reconnaissance for 07/14/2007 A short recon of what’s out th... entry
  • m "I expect should have a passing idea of the basic law in regard to their specialty. Perhaps I'm expe... entry
  • zonker The lack of understanding of the legal requirements for compliance is one of my key sources of workp... entry
  • L.A I work at this school. And trust me, it was a total waste of money to buy this. Most of the teachers... entry
  • _Jon If they do get installed, I'll bet there will be interference with other classes. Both in terms of ... entry
My Email Is

Technicalities

at

Charter dot Net




Categories

Archives

Monthly Traffic

  • Pages: 70093
  • Files: 12298
  • Bytes: 2.0G
  • CPU Time: 68:28
  • Queries: 4827188

Content

  • Posts: 2979
  • Comments: 11210

Feeds


RSS 2.0 Atom 1.0