ISM – Australian Government Information Security Manual – Australian Cyber Security Centre (ACSC)

2018/12/04

Download PDF

An updated ISM has appeared. Now with 27% fewer controls.

via ISM – Australian Government Information Security Manual – Australian Cyber Security Centre (ACSC)

The change log lists the controls which have changed and the justification for the change. https://acsc.gov.au/publications/ism/ISM_2018_Changes_Document.pdf

 


The Key to Becoming a Software Consultant – DaedTech

2018/11/01

via The Key to Becoming a Software Consultant – DaedTech


Rewire your brain to beat procrastination – Taking Note – Medium

2018/10/25

I related to this SO HARD!

via Rewire your brain to beat procrastination – Taking Note – Medium


Strategy for dealing with suppliers

2018/06/21

This post has been at the back of mind for a while now because I often encounter randoms and family who have had poor and frustrating experiences dealing with  suppliers over the phone. There is a lot a customer can do to make the experience easier and more productive.

I have had to deal with various services over the phone over the years and I have developed an approach which works well, helps you to gain accountability from the provider and ensures you have an effective tool and information for when things get rough.

Why write this?

We’ve all had to deal with it in one form another, we’ve bought something online and it hasn’t arrived, some sort of technical fault has occurred with a device or service, or you’ve had some sort of poor customer experience when dealing with a supplier. In your conversations with the supplier things have not gone well for you, you’re not comfortable that the supplier has understood the problem or not taking your needs seriously. Maybe you have already spoken to them and the supplier has made a commitment to you and that commitment hasn’t been met or wasn’t up to the standard you expect. If you’ve had an experience like this then hopefully the following tips will help you to help the supplier to help you.

Do’s and Don’ts

Starting with some simple do’s and don’ts for how you approach and handle the situation…

  • Be polite. Regardless of who the supplier is, where they are located or how angry you are remember that the person you’re dealing with is a fellow human and almost certainly isn’t to blame for the experience you’ve had. Ensuring you are polite with the person you’re speaking to gives you the best chance of having that person take on an advocate role for you inside the supplier organisation. Often people in these roles are dealing with hundreds of customers who have an axe to grind. The customers they are likely to remember and go the extra mile for are the ones that treat them well, like a colleague or friend. Your kindness and empathy makes you stand out.
  • Be patient. If the supplier is a large organisation then things can sometimes take a while to work their way through the system. Yes you’re likely to end up in a call queue, more than once, probably a few times. Yes its poor customer service for suppliers to let their customers rot on hold however that is not your beef here. Your mission is to get the outcome YOU want. If you want a supplier that responds to customers quickly then do your research and find one that can do that. It is also common to experience heavily scripted first contact calls with suppliers. Be patient, answer the questions and let the supplier process roll. Being angry or frustrated about a call script isn’t polite or patient.
  • Be open. Be clear, open, direct and don’t make stuff up. You want to own the moral high ground in the interaction, not look like some goon trying to get something for free. If things have been rough when dealing with the supplier, explain this to the person you’re dealing with so they can understand your frustrations. Tell the supplier on the phone that you will be taking notes. Ask Open Questions. Remember though, above all, be polite.
  • Keep a Log. One of the easiest and most important things to do is to keep a log of your interactions with the supplier. Date, time, name of the supplier agent you spoke to (its reasonable for you to ask for their first name, some suppliers even allow their staff to supply some sort of employee ID, its NOT okay to ask for their full name though), the topics of conversations and MOST IMPORTANTLY, the commitments and information the supplier gives you on the call. Critically, it’s important to also request a case number, ticket number or some sort of identifier that the supplier uses to track customer interactions. If a supplier isn’t using such a system it’s almost certainly time to find another supplier.
  • One problem at a time. Try and deal with one thing at a time at the start. This makes it easier and quicker to get the ball rolling and get the supplier engaged. Services staff will often ask at the end of a call if there is anything else you need help with. This is the time to bring up the next issue. Ensure you treat the issue the same way as you did the first. Prepare and Execute.

Preparation

When you are starting off an interaction with a supplier to get a matter addressed or resolved, spend a few minutes before you pick up the phone or send the email and make a few notes for yourself to help you focus on the issue and get it resolved as quickly as possible.

  • Problem Statement Start with a brief sentence which describes the problem you’re having or the need you have.
  • So far I have… Write down a few points about the actions you’ve taken to try and address the problem yourself and any observations about the problem that may have changed.
  • Recent Changes Think about anything that might have changed recently.
  • I would like… Describe what the best outcome for you is but also describe what a bonus outcome might be.

Execution

Now the time has come to contact the supplier. The best way to do this depends on what sort of service the issue is about and where the supplier is located.

If the problem relates to a product or service from a supplier that is based overseas then email might be the best way to contact them. If the supplier is a local supplier then phone might be better. Either way the execution is largely similar.

The goal here is to produce an experience log you can share with the supplier or, if things go badly, a regulatory agency later.

Contact the supplier, state the problem and request help. For each interaction you have with the supplier, include the following in your log:

  • How you contacted the supplier. Phone, email, web form etc and what the number, address or URL for that contact was. A neat trick when calling suppliers who have complicated IVR phone systems is to write the number you called and then the keypad options you dialled. This way you can quickly refer back to the numbers you dialled if you have to call again and you have a better chance of ending up with the same team you spoke to the first time.
  • The date and time you made the contact, the name of the person you spoke to, the location (suburb, city, state) of the call centre where the call was answered and what the result of that contact was.
  • Notes and comments about the supplier conversation.
  • Pay careful attention to what the agent is saying and telling you. Some agents, particularly new or junior operators may do or say things to you that just aren’t true or show that they do not understand what you are telling them. If you suspect this is the case you should request an escalation to a more senior person. Be sure you note the date and time of the request.
  • If you seem to be getting a little roadblocked by an agent, its often useful to keep coming back to your original problem and invite them to comment on what needs to happen to have it resolved. If you turn the conversation around on them and force them (politely!) to present options to help you get things resolved then that can often get you some traction.
  • Agents will often say “someone will get back to you”. When you are told this, push hard (politely!) for a timeframe where someone will get back to you. Agents can be very evasive about this for several reasons. Your job is to get them to set a day, date or timeframe for when you will be contacted and the role of that person. If they refuse to give a number, throw a speculative number at them.
    • You: One year?
    • Agent: No.
    • You: Six months then?
    • Agent: No.
    • You: One week?
    • Agent: Oh yes, absolutely within a week.

And this is the important part, you state back them your understanding. “Thank you, I will expect a call back from from the Escalations Team no later than 5pm next {DAYNAME+7 HERE}.

A good approach to take is to assume that the notes you keep will be shared with the supplier in the future. If you keep your notes clear, concise, polite and factual then if/when things go off the rails you can easily share the log of information with the agent directly. Don’t ever put anything in the notes you don’t want the supplier or regulator to read.

Going to a regulator

Some suppliers are subject to government regulation such as telcos, banks, other government agencies. A regulator can help you get your issue resolved when you have been unable to do so with the supplier directly.

Before contacting a regulator though, advise the supplier that you are considering taking the issue to their regulator. Some suppliers (like telco’s here in Australia) are very keen to ensure that customer issues do not end up with the regulator. There are various reasons for this. Sometimes the supplier will escalate your case to special team within the organisation for dealing with these situations.

My preference is the three-strikes method. When a supplier has had three attempts or opportunities to resolve your issue and have been unable to do so, advise the supplier that you will be contacting the regulator. If the supplier still doesn’t come through for you, look up how to contact the regulator and open a case with them.

Regulators almost always expect you to have attempted to resolve an issue with the supplier directly before they will take on your case. If you have a detailed log of all the interactions you had with the supplier then this helps the regulator enormously because they can see at a glance everything you have done and when. This also increases the likelihood that the regulator will take your case on for you.

Common Challenges and Pitfalls

  • Look out for the up-sell. Some less reputable suppliers might try and convince you that you need to give them more money or purchase an alternative product to have your issue addressed. Do not give in to this. If this happens to you, focus on getting the issue resolved and then find a new supplier.
  • Sometimes something bad happens. I once spent 4 weeks working with a supplier to have an issue resolved. The case ended up on their Asia-Pacific Vice President’s desk and was resolved in very short order from there. I was only able to get this to happen because the suppliers IT team migrated their issue tracking system to a new service in the middle of my case and lost all my history. I was faced with the task of starting again or being polite yet firm to get an effective escalation. The VP was very apologetic and I learnt I wasn’t the only customer who wasn’t please about the situation.

A mapping (no not a Swardley thing) of On Prem, AWS and Azure Security Components

2018/05/28

A useful one pager to compare the various security products of AWS, Azure and the usual on-prem suspects/capabilities.

via Conceptual Mapping of On-premises Infrastructure Security Components to Cloud Security Services by Adrian Grigorof CISSP, CISM, CRISC,CCSK – physical, providers, security function | Peerlyst


I’ve found a name for the way I like to work

2018/05/08

Dynamic work design is a more effective method of managing workflow, especially intellectual work, says MIT Sloan senior lecturer Donald Kieffer.

via The 4 principles of dynamic work design


HA MultiAZ SMB Cluster on AWS

2018/01/23

The following video was shared by @Gordypls. So HT to him.

Ive seen similar solutions to this need come and go over the years and have never found a solution that I was entirely happy with. This one looks better than other contenders. Its a 4 minute watch and feels like a reasonable solution for use on AWS.

Ive corrected the title on this video because CIFS is a legacy name now. See this.

via Qantas: Building a Highly-Available, Multi-AZ CIFS Cluster on AWS – YouTube