Cyber Threats: Operation Malaysia

F-Secure Corporation Chief Research Officer, Mikko Hypponen, tweeted about the threat at 4.42am Malaysian time.


The group, which calls itself Anonymous, said it will launch the attack at 7.30pm GMT on Wednesday (3.30am Thursday Malaysian time) and has named it “Operation Malaysia.”

The posted a mission statement to Pastebin on June 12 describing the reasoning behind their planned and upcoming attack on official Malaysian government websites. Anonymous warned, “


We fear that if you make further decisions to take away human freedom, we [will be] obligated to act fast and have no mercy.”

Anonymous revealed that target countries are selected based on input from users in those countries, however when asked whether or not there were Anonymous in Malaysia, they responded only that “[We] cannot give you that info.” It posted the threat in a graphic on this website.

Anonymous apparently comprises a vast number of hackers in various countries, who have been organised into cells that share common goals. They operate anonymously but in a co-ordinated fashion.

Reference: theepochtimes and TheStar Online

Cloud Computing Initiative: TAIWAN

As I mentioned on my previous post, other things that I think I should share is the Chunghwa Telecom & Chairman of Committee on Cloud Services, Cloud Computing Association in Taiwan, Dr Yen-Sung Lee

SVP & COO presentation.

He mentioned that, Taiwan government has developed a Cloud Computing Roadmap since January 2010. He said, "it was started with the initiation of the Cloud Computing Organization, to help cloud computing industries specially in their country." Now, Taiwan has six (6) Cloud Centers or initiatives:

1. Cloud Operation Center - A centralized monitoring, resource provisioning and management facilicities
2. Cloud Testing Center - Facilities to provide various test and verification services e.g. stress test, interface test, functional test, security test
3. Cloud Research & Development Center - Develop the key technologies of Cloud Computing and collaborate with industries and academic institutes
4. Cloud Experience Center - Provide enterprise users experiencing cloud services and technologies in actual environment
5. Cloud Service Creation Platform - Build a high-capacity Platform-as-a-Service (PaaS) platform to enrich the software development environment
6. Innovation and Application Contest - To encourage innovative service development across Taiwan

IT Spending Decisions Over The Next 12-18 months

ESG research indicates that, in 2011, the top two business initiatives that will have the greatest impact on IT spending are cost reduction and business process improvements. Close behind, in the top four is improving business intelligence and delivery of real-time analytics.


Real-time analytics is considered both an operational must-have and a strategic competitive advantage. With such increasing priority, the much-coveted data scientist needs access to a platform that supports data mining and complex analytics to scale; is agile in supporting evolving data types; can ingest massive volumes of new data sets quickly or recover just as quickly should the data load fail; and can present a prototyping environment to test models without breaking the bank. This last requirement is so crucial because, while budgets are growing modestly, IT is still required to do more with less. Once these models have been tested, they must be operationalized so that the business can benefit on a day to day basis. Shifting to a more real-time operational business model means analytics platforms with more advanced data management features as they become systems of record.


Source: ESG

IT Architect Jokes

Recently, I attended Cloud Computing Conference at Singapore. One interest me is the IASA presentation which I considered as a brilliant jokes. We may not realized this but I think it is a reality.

• Anyone who has more than 10 years of IT project implementation experience
• Has performed various IT roles such as developers, system analyst, project manager, network/server engineer, PMO, CTO, etc
• Failed in couple of large IT projects and burned millions of dollars without being put to jail

Information Security Architecture

Been busy designing Information Security Architecture for some company.

Stop Killing Innovation

I read an interesting post from RICHARD BEJTLICH that talked about "Innovation". I decided to share his post here, enjoy reading.

I hear and read a lot about how IT is supposed to innovate to enable "the business." Anytime I see "IT" in one part of a sentence and "the business" in another, a little part of me dies. Somewhere there is a Nirvana where "thought leaders" understand that there is no business without IT, that IT is as part of the business as the sales person or factory worker or janitor, and that IT would be better off not constantly justifying its existence to "the business." But I digress.


I want to address the "innovation" issue in this post. CIO magazine recently published an interview with Vinnie Mirchandani titled Taking Business Risks With Your IT Budget. I liked what Mr Mirchandani had to say, although I'm going to omit his multiple references to "cloud." Instead, consider how he sees innovation in IT:


More [CIOs] want to be [innovators], but organizations don’t let them...


In the 1980s, we talked about IT as a competitive advantage... In the 1990s, we didn’t hear much of that at all, and IT started reporting to CFOs. In the early 2000s, the CFO made IT a compliance function for auditing and security.


We’ve beaten the innovation out of CIOs at many companies. We want them to be risk mitigators, not innovators. People are afraid to be associated with any failure. They buy IT from vendors that are safe choices. They know they’re overspending, yet they do it anyway...


Mr Mirchandani doesn't say this, but he could have also mentioned that many managers expect CIOs to be "productivity engines," meaning they inherently shrink their budget every year. This drives cost reduction as the primary goal for an IT shop -- not innovation. It's like expecting the business development team to concentrate on decreasing the amount of money spent per new customer acquired, while not caring so much on the quantity or quality of the new customers -- if any!


So what to do?


The best thing they could do is get out from under the CFO. Go to your CEO and say, “I want to report to you.” Make sure the CFO doesn’t stand in the way. Some CIOs will get fired for doing that. Others will get a chance...


Cost pressure isn't limited to those who only report to the CFO, but he doesn't address that issue.


The shocking thing about corporate IT is that without realizing it, 85 percent to 90 percent of the IT spend is with a vendor, including outsourcers and the staff you buy from them...


When you’re spending 90 percent of your money with a vendor, you have only a sliver left for [internal] talent — yet it’s with your own internal talent that you can innovate. There’s very little left for CIOs to innovate with.


The more progressive CIOs are saying they’ve overdone it with outsourcing and are starting to hire their own enterprise architects and business analysts and other strategic resources.


To me this is the crux of the issue. Businesses cannot outsource innovation. Businesses can crush innovation pretty easily though.


I found one comment he made about the cloud to be very interesting:


CIOs resist it. It’s not secure, they say. It’s not always available. CIOs say cloud vendors go down too often.


I know CIOs who haven’t run a full disaster-recovery drill for years and turn around and say that the cloud isn’t production-ready.


So, my message to readers is this: if cost-out, five nines uptime, outsourced workforces, and other failed strategies are your goal, forget innovation. If you want innovation to thrive, try considering the alternatives.


Source: Richard Blog
Reference: CIO - Taking Business Risk with Your IT Budget

COBIT-Framework: Basic Principle

COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.

Business orientation is the main theme of COBIT. It is designed not only to be employed by IT service providers, users and auditors, but also, and more important, to provide comprehensive guidance for management and business process owners. The COBIT framework is based on the following principle:

"To provide the information that the enterprise requires to achieve its objectives, the enterprise needs to invest in and manage and control IT resources using a structured set of processes to provide the services that deliver the required enterprise information."