How Do I Get Paid More?

Posted on by Admin

Over at Code Project, someone asked, “How Do I Get Paid More?“.
I found the discussion interesting.
Gary Kirkham wrote:

The general rule is that you get paid more by being worth more.

Christopher Duncan replied (with edits by Chris Losinger):

Close, but no cigar. You get paid more by convincing someone taat it’s in their best interest to do so. Sounds like the same thing, but it’s actually quite different.

He explained this:

Typcially, benefit / worth alone isn’t enough to improve your compensation. Companies are always looking for value, without a doubt. However, just because you’re worth more doesn’t mean you’ll actually get it. On the contrary, they’re motivated to do just the opposite. If they can get your worth for 10 cents on the dollar, then that’s even more of a benefit to them. Consequently, that’s their mental starting point.
Without a doubt, if you’re worth more that gives you more bargaining power. However, in order to translate that into a personal benefit, you must still master the art of bargaining. Worth alone is only half the battle.

Duglas Troy gave an example:

Right, so what you’re saying here, if I’m understanding you … get pictures of someone in power that has lots and lots of money, and then explain why it’s in their best interest to pay you more.
Got it.

Ennis Ray Lynch, Jr. had a different idea:

Spend more money. It seems that rich people lead rich lives. Perhaps the effect is the cause? If you spend a few million monthly perhaps your income will balance?

IT Security: Some Notes

Posted on by Admin

A few notes on the basics of IT Security:

Introduction to Security

Security is concerned with preserving the value of resources.

Valuing Data

The value of data is determined by its contribution to the goals of the one who owns that data. This is the same as the costs to the enterprise of loosing that data
The cost of security must be weighed risk of that data being compromised.

risk = (likelihood of data loss) x (cost of loss of data)

Security and Value

Security consists of:

  1. Identifying a resource that has value.
  2. Maintaining that resource.
  3. Preventing misuse of that resource.

The identification of value is a business decision.

Maintaining Resources

Integrity of Data

Maintaining data integrity is the process of ensuring that data is in a state which is consistent with expectations, the domain modelled by the system (accuracy), other data and itself. Data integrity is primarily concerned with software measures and procedural measures.
Examples of measures:

  1. Data validation.
  2. Making sure that users know if changes to the data are permanent or temporary.
  3. Protecting data from concurrency issues.
  4. Atomic transactions.

Safety of Data

The main method for keeping data safe is reliable storage of that data. Reliability is enhanced by redundancy. A backup is a relatively cheap, easy way to ensure that data can be recovered to a specified state following loss or corruption of that data.
Backups can be full or incremental.
The rules of a worthwhile backup:

  1. Have a backup
  2. Be able to identify the backup
  3. Be able to restore the backup
  4. Keep the backup secure

Of course, a backup will not be used if users are unaware of data corruption or loss.

Safety of Systems

Disaster recovery is the restoration of a system (rather than just the data) following the system’s failure.
Requirements:

  1. A backup of data
  2. Duplicate hardware / software environment
  3. Defined and tested procedures for recreating the lost environment

Preventing Misuse of Data

Authentication

Actions on data are initiated by an agent. Validity of an action is often determined by the identity of an agent. The identification of an agent is often termed authentication.
In order to verify the identity of the agent, the system can request that the information provide information about:

  • Something the agent knows: e.g. a password.
  • Something the agent has: e.g. an identity card.
  • Something the agent is: biometrics.

Authorisation

Authorisation is the process of allowing / disallowing an authenticated agent (often a user) to perform a certain action.
The action may be as simple as allowing the agent to read the data:

  • Privacy: ensuring that only authorised agents can read the data.
  • Access: ensuring that all authorised  agents can read the data.

Enforcing Complicity

An often overlooked mechanism that could be used to ensure only appropriate actions are taken on data is to enforce rules that require two or more trusted individuals to authorise action on a resource.
For example, a safe that can only be opened if both key-holders are present.
One possibility rarely implemented is to have an operator initiate a request for change that must be approved by a business manager who has has no ability to initiate the request herself.