[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:04.90,Default,,0000,0000,0000,,So, let's talk a little bit about elements\Nof good policy.
Dialogue: 0,0:00:07.30,0:00:12.20,Default,,0000,0000,0000,,Number one on my list driven directly by\Nbusiness requirements.
Dialogue: 0,0:00:13.58,0:00:20.82,Default,,0000,0000,0000,,It will enable productivity by allowing\Nsecure access to information resources.
Dialogue: 0,0:00:20.82,0:00:25.56,Default,,0000,0000,0000,,One of,\NOne of the things that we, as computer
Dialogue: 0,0:00:25.56,0:00:32.88,Default,,0000,0000,0000,,security professionals typically do wrong.\NA, we used the wrong language in
Dialogue: 0,0:00:32.88,0:00:39.86,Default,,0000,0000,0000,,describing what we're trying to do.\NB, maybe we're using the right language in
Dialogue: 0,0:00:39.86,0:00:44.75,Default,,0000,0000,0000,,the wrong way.\NSo, if I walk into a, a group of my peers
Dialogue: 0,0:00:44.75,0:00:51.02,Default,,0000,0000,0000,,or executives and I start talking about\Nthis new initiative where we're going to
Dialogue: 0,0:00:51.02,0:00:55.04,Default,,0000,0000,0000,,protect these laptops that are\Nunfortunately, flying off the shelves or
Dialogue: 0,0:00:55.04,0:00:59.55,Default,,0000,0000,0000,,out of our cars.\NAnd I start by saying well, what we need
Dialogue: 0,0:00:59.55,0:01:05.78,Default,,0000,0000,0000,,to do is prevent X, keep Y from happening\Nand make sure that we absolutely stop Z.
Dialogue: 0,0:01:07.68,0:01:14.30,Default,,0000,0000,0000,,What the executive is hearing is, he is\Npreventing stopping in all kinds of ways
Dialogue: 0,0:01:14.30,0:01:18.20,Default,,0000,0000,0000,,making stuff not happen.\NThat's not their world.
Dialogue: 0,0:01:18.20,0:01:22.63,Default,,0000,0000,0000,,Their world is about making things happen.\NTheir world is about making the needs of
Dialogue: 0,0:01:22.63,0:01:26.15,Default,,0000,0000,0000,,the business come first.\NAnd those business requirements happen in
Dialogue: 0,0:01:26.15,0:01:29.72,Default,,0000,0000,0000,,the smooth as possible way.\NSo, when you chart, when you start out in
Dialogue: 0,0:01:29.72,0:01:32.65,Default,,0000,0000,0000,,negative terms.\NWhen you start out defining things that
Dialogue: 0,0:01:32.65,0:01:34.84,Default,,0000,0000,0000,,won't happen.\NAnd things that must not be.
Dialogue: 0,0:01:34.84,0:01:39.05,Default,,0000,0000,0000,,They're not hearing any of what you say.\NThey're just hearing that you're a big
Dialogue: 0,0:01:39.05,0:01:42.62,Default,,0000,0000,0000,,preventer.\NAlright if when that's the case you're,
Dialogue: 0,0:01:42.62,0:01:45.26,Default,,0000,0000,0000,,you're not going to be able to make your\Ncase.
Dialogue: 0,0:01:45.26,0:01:46.93,Default,,0000,0000,0000,,So, you know a good policy is, is an\Nenabler.
Dialogue: 0,0:01:46.93,0:01:51.58,Default,,0000,0000,0000,,Good policy says hey look a this we found\Na secure way to actually allow all you
Dialogue: 0,0:01:51.58,0:01:55.60,Default,,0000,0000,0000,,people out there to run around with your\Nlaptops like you always have.
Dialogue: 0,0:01:55.60,0:01:59.91,Default,,0000,0000,0000,,If we weren't able, what you are not\Nseeing in this policy is if we weren't
Dialogue: 0,0:01:59.91,0:02:05.28,Default,,0000,0000,0000,,able to find that secure way,\NWe'd be asking you for your laptops back
Dialogue: 0,0:02:05.58,0:02:11.80,Default,,0000,0000,0000,,because we can't have this keep happening,\NYou know, let the firings begin.
Dialogue: 0,0:02:12.56,0:02:19.26,Default,,0000,0000,0000,,So.\NI think good policy is clear, and, and,
Dialogue: 0,0:02:19.26,0:02:22.55,Default,,0000,0000,0000,,and usually short.\NMy customers.
Dialogue: 0,0:02:22.55,0:02:25.33,Default,,0000,0000,0000,,I, I develop a lot of policy for my\Ncustomers.
Dialogue: 0,0:02:25.33,0:02:29.04,Default,,0000,0000,0000,,They're always surprised by how brief I\Ntypically make them.
Dialogue: 0,0:02:29.04,0:02:33.92,Default,,0000,0000,0000,,I'm, I'm always striving to make short\Nstatements that completely make sense to
Dialogue: 0,0:02:33.92,0:02:36.70,Default,,0000,0000,0000,,everybody that reads them, in terms of\Npolicy.
Dialogue: 0,0:02:36.70,0:02:41.39,Default,,0000,0000,0000,,When we start talking about the technical\Nstuff, when we get into procedures,
Dialogue: 0,0:02:41.39,0:02:45.90,Default,,0000,0000,0000,,guidelines, and all that kind of stuff,\Nthen we can get into all the geeky
Dialogue: 0,0:02:45.90,0:02:49.48,Default,,0000,0000,0000,,technical stuff that must happen to make\Nthis policy work.
Dialogue: 0,0:02:49.48,0:02:54.70,Default,,0000,0000,0000,,But when it's about the policy,\NI've personally have never written a
Dialogue: 0,0:02:54.70,0:02:59.82,Default,,0000,0000,0000,,policy that was more than two pages long,\Nabout a specific thing.
Dialogue: 0,0:03:00.16,0:03:05.40,Default,,0000,0000,0000,,If you can't describe the thing you want\Nto happen in two pages, you've, taken on
Dialogue: 0,0:03:05.40,0:03:09.86,Default,,0000,0000,0000,,the wrong thing, essentially.\NYou, you, you're going about it the wrong
Dialogue: 0,0:03:09.86,0:03:12.68,Default,,0000,0000,0000,,way.\NYou need to break it down a little bit
Dialogue: 0,0:03:12.68,0:03:17.86,Default,,0000,0000,0000,,further such that you can make simple\Npolicy statements that people understand.
Dialogue: 0,0:03:18.18,0:03:24.92,Default,,0000,0000,0000,,A corollary to that is it should be\Nmeasurable.
Dialogue: 0,0:03:25.70,0:03:30.87,Default,,0000,0000,0000,,When I'm, when I'm talking about\Nmeasurability here, I'm talking about the
Dialogue: 0,0:03:30.87,0:03:36.68,Default,,0000,0000,0000,,ability to measure compliance.\NThen we'll, we'll get into a lot of, more
Dialogue: 0,0:03:36.68,0:03:41.52,Default,,0000,0000,0000,,about that when I start talking about\Nmaturity models and, and how maturity
Dialogue: 0,0:03:41.52,0:03:47.28,Default,,0000,0000,0000,,models relate to policy but the simplest\Nway to think of this is that if you have a
Dialogue: 0,0:03:47.28,0:03:51.48,Default,,0000,0000,0000,,policy, and you think that policy is in\Nplace, and the people understand it, and
Dialogue: 0,0:03:51.48,0:03:54.50,Default,,0000,0000,0000,,that it's actually doing what it's\Nsupposed to be doing.
Dialogue: 0,0:03:54.86,0:04:01.11,Default,,0000,0000,0000,,You don't actually know that unless you\Ncan actually measure compliance.
Dialogue: 0,0:04:01.11,0:04:09.24,Default,,0000,0000,0000,,Unless you can look at It's amazingly\Nannoying.
Dialogue: 0,0:04:09.44,0:04:14.26,Default,,0000,0000,0000,,Unless you can actually look at this\Npolicy and how people are behaving in
Dialogue: 0,0:04:14.26,0:04:19.15,Default,,0000,0000,0000,,relationship to the policy and say, well\Nthis is how well the policy's doing.
Dialogue: 0,0:04:19.15,0:04:23.78,Default,,0000,0000,0000,,Or hey, the policy's not, you know?\NPeople either don't understand it, they
Dialogue: 0,0:04:23.78,0:04:27.39,Default,,0000,0000,0000,,don't know it.\NOr they do understand it and they know it
Dialogue: 0,0:04:27.39,0:04:31.70,Default,,0000,0000,0000,,and they're not complying.\NWhat's the number one reason that people
Dialogue: 0,0:04:31.70,0:04:35.69,Default,,0000,0000,0000,,don't comply to policy?\NComplexities is one.
Dialogue: 0,0:04:35.69,0:04:39.26,Default,,0000,0000,0000,,It's not the top of my list but it's, it's\Nnear the top.
Dialogue: 0,0:04:39.45,0:04:43.86,Default,,0000,0000,0000,,We weren't told it in the first place.\NWell now I've sure told it.
Dialogue: 0,0:04:43.86,0:04:45.62,Default,,0000,0000,0000,,In the back.\N[inaudible].
Dialogue: 0,0:04:45.81,0:04:49.44,Default,,0000,0000,0000,,Inconvenience.\NThat is the number one reason that people
Dialogue: 0,0:04:49.44,0:04:53.70,Default,,0000,0000,0000,,do not adhere to policy.\NAnd, that inconvenience typically I,
Dialogue: 0,0:04:54.06,0:04:57.46,Default,,0000,0000,0000,,interestingly enough, most of us wanna try\Nto do our job.
Dialogue: 0,0:04:58.46,0:05:04.01,Default,,0000,0000,0000,,The inconvenience is typically related to,\Nthis policy makes it hard, impossible,
Dialogue: 0,0:05:04.01,0:05:07.52,Default,,0000,0000,0000,,difficult to do the thing that you hired\Nme to do.
Dialogue: 0,0:05:07.52,0:05:14.66,Default,,0000,0000,0000,,So I am going to ignore it.\NSo, you have to avoid all of that kind of
Dialogue: 0,0:05:14.66,0:05:21.84,Default,,0000,0000,0000,,mess.\NGood policy has to be enforceable.
Dialogue: 0,0:05:24.60,0:05:30.27,Default,,0000,0000,0000,,What we mean by enforcement is going to\Nvary actually from company to company,
Dialogue: 0,0:05:30.27,0:05:35.42,Default,,0000,0000,0000,,organization to organization.\NBut you have to actually have some way of
Dialogue: 0,0:05:35.42,0:05:41.24,Default,,0000,0000,0000,,saying you must accomplish this thing that\Nwe have asked you to do, or, there are
Dialogue: 0,0:05:41.24,0:05:48.44,Default,,0000,0000,0000,,consequences alright?\NThe variability for that is, is industry
Dialogue: 0,0:05:48.44,0:05:51.83,Default,,0000,0000,0000,,variability. It's regulatory compliance\Nvariability.
Dialogue: 0,0:05:51.83,0:05:56.36,Default,,0000,0000,0000,,There's lots and lots of reasons that\Nthat's not the same for everybody.
Dialogue: 0,0:05:58.52,0:06:03.58,Default,,0000,0000,0000,,Number five on my list,\NAnd I invented a word for this.
Dialogue: 0,0:06:03.58,0:06:09.98,Default,,0000,0000,0000,,It's regulatorily correct." The\Nspellchecker didnt like that.
Dialogue: 0,0:06:10.24,0:06:16.87,Default,,0000,0000,0000,,Obviously what I mean though is that\Npolicy itself must reflect any regulations
Dialogue: 0,0:06:16.87,0:06:20.92,Default,,0000,0000,0000,,that actually drive what your business\Nmust do.
Dialogue: 0,0:06:21.54,0:06:26.71,Default,,0000,0000,0000,,Raise your hand if you're in an industry\Nthat has no federal regulations regarding
Dialogue: 0,0:06:26.71,0:06:30.98,Default,,0000,0000,0000,,your security policy.\NWow.
Dialogue: 0,0:06:31.78,0:06:36.18,Default,,0000,0000,0000,,I asked that exact same question about\Nthree years ago.
Dialogue: 0,0:06:36.18,0:06:40.04,Default,,0000,0000,0000,,And three-quarters of the class raised\Ntheir hands.
Dialogue: 0,0:06:40.04,0:06:45.43,Default,,0000,0000,0000,,Until one by one I explained what,\Nregulation, what federal agency cared
Dialogue: 0,0:06:45.43,0:06:49.30,Default,,0000,0000,0000,,about them.\NIt's almost never been true, but it's
Dialogue: 0,0:06:49.30,0:06:57.32,Default,,0000,0000,0000,,certainly not true now.\NHyppa. Gramm-Leach-Bliley.
Dialogue: 0,0:07:00.18,0:07:02.74,Default,,0000,0000,0000,,What's another, who haven't I got?\NSocks.
Dialogue: 0,0:07:02.93,0:07:05.98,Default,,0000,0000,0000,,Socks, of course, that's all of you that\Nare public.
Dialogue: 0,0:07:06.64,0:07:17.30,Default,,0000,0000,0000,,Any other fun ones that I'm missing?\NIcar, ITAR, ITAR? .
Dialogue: 0,0:07:18.02,0:07:22.89,Default,,0000,0000,0000,,All of you Boeing people are e, expoing\Npeople.
Dialogue: 0,0:07:23.73,0:07:29.34,Default,,0000,0000,0000,,[inaudible] [laugh].\NYou took your laptop and left.
Dialogue: 0,0:07:30.19,0:07:35.07,Default,,0000,0000,0000,,[inaudible].\N[laugh] So, okay, and again, the category
Dialogue: 0,0:07:35.07,0:07:41.09,Default,,0000,0000,0000,,of, of, of the list we are going through\Nright now is elements of good policy,
Dialogue: 0,0:07:41.09,0:07:43.55,Default,,0000,0000,0000,,those were mine.\NWhat are yours?
Dialogue: 0,0:07:43.55,0:07:52.54,Default,,0000,0000,0000,,What else should good policy have?\NI listed everything.
Dialogue: 0,0:07:52.54,0:07:54.49,Default,,0000,0000,0000,,Yes.\NWe did a review.
Dialogue: 0,0:07:54.74,0:07:59.22,Default,,0000,0000,0000,,Absolutely.\NGood policy, and actually good maturity in
Dialogue: 0,0:07:59.22,0:08:02.59,Default,,0000,0000,0000,,your policy, requires regular review.\NYes.
Dialogue: 0,0:08:02.85,0:08:08.76,Default,,0000,0000,0000,,I was going to say accessibility.\NIn other words, it's got to be, people
Dialogue: 0,0:08:08.76,0:08:14.50,Default,,0000,0000,0000,,have to be able to find it and read it.\NAccessibility is critical.
Dialogue: 0,0:08:15.91,0:08:21.32,Default,,0000,0000,0000,,The, the idea that you're going to\Ngenerate a bunch of policy and you know,
Dialogue: 0,0:08:21.32,0:08:27.35,Default,,0000,0000,0000,,print it and then put it on a shelf for\Nsomebody to come and you know, at their
Dialogue: 0,0:08:27.35,0:08:31.16,Default,,0000,0000,0000,,leisure come and read is never going to\Nhappen.
Dialogue: 0,0:08:31.16,0:08:37.02,Default,,0000,0000,0000,,Beyond accessibility I would actually try\Nto take up the next step and I'm not sure
Dialogue: 0,0:08:37.02,0:08:40.88,Default,,0000,0000,0000,,what they call this but essentially,\Nmandatory accessibility.
Dialogue: 0,0:08:40.88,0:08:44.81,Default,,0000,0000,0000,,You have to make sure that people are\Nexposed to your policy.
Dialogue: 0,0:08:44.81,0:08:50.09,Default,,0000,0000,0000,,You can't just make it available and say,\Nlook, you know what, we wrote 800 pages of
Dialogue: 0,0:08:50.09,0:08:53.76,Default,,0000,0000,0000,,policy and it's on this internal link to\Nthis web server.
Dialogue: 0,0:08:53.76,0:08:58.80,Default,,0000,0000,0000,,Please, everybody go read it.\NHow many would?
Dialogue: 0,0:08:58.80,0:09:03.76,Default,,0000,0000,0000,,Everybody in this class would, of course,\Nbecause you're directly involved and care
Dialogue: 0,0:09:03.76,0:09:08.08,Default,,0000,0000,0000,,a lot about these sorts of things but none\Nof your peers would.
Dialogue: 0,0:09:08.08,0:09:11.85,Default,,0000,0000,0000,,You absolutely must make sure that they\Nread it.
Dialogue: 0,0:09:11.85,0:09:18.12,Default,,0000,0000,0000,,Given that scenario, given the scenario of\Nan internet server and you've made it
Dialogue: 0,0:09:18.12,0:09:21.76,Default,,0000,0000,0000,,available.\NAny ideas on how, how you would enforce
Dialogue: 0,0:09:21.76,0:09:24.20,Default,,0000,0000,0000,,that, or how you would assure?\NYes.
Dialogue: 0,0:09:24.40,0:09:27.45,Default,,0000,0000,0000,,The agreements are on hiring and\Norientation.
Dialogue: 0,0:09:27.66,0:09:33.35,Default,,0000,0000,0000,,Orientation, new employee orientation is a\Ngood place to have people at least sign a
Dialogue: 0,0:09:33.35,0:09:38.43,Default,,0000,0000,0000,,piece of paper saying that they read the\Nlast 400 pages and they agreed to
Dialogue: 0,0:09:38.43,0:09:40.20,Default,,0000,0000,0000,,everything in it.\NYes.
Dialogue: 0,0:09:40.37,0:09:45.23,Default,,0000,0000,0000,,In my company they put it on video and\Nthey track everyone who's viewed it.
Dialogue: 0,0:09:45.23,0:09:49.44,Default,,0000,0000,0000,,Once you've watched them all you get a\Nlittle certificate of completion.
Dialogue: 0,0:09:49.44,0:09:54.35,Default,,0000,0000,0000,,It's not real but it's like tracked and if\Nyou don't do it they harass you and your
Dialogue: 0,0:09:54.35,0:09:58.50,Default,,0000,0000,0000,,manager until you do it.\NAnd, so, they have 90, over 99 compliance
Dialogue: 0,0:09:58.50,0:10:01.08,Default,,0000,0000,0000,,in people viewing the latest training on\Nit.
Dialogue: 0,0:10:01.25,0:10:03.88,Default,,0000,0000,0000,,So.\NA technology company, they actually are
Dialogue: 0,0:10:03.88,0:10:08.56,Default,,0000,0000,0000,,tracking probably electronically whether\Nor not you've clicked on the view this
Dialogue: 0,0:10:08.56,0:10:11.37,Default,,0000,0000,0000,,video link.\NThey didn't track whether or not you
Dialogue: 0,0:10:11.37,0:10:14.72,Default,,0000,0000,0000,,walked away from your desk while you're.\NIt's like.
Dialogue: 0,0:10:14.72,0:10:20.80,Default,,0000,0000,0000,,How many of, how many viewings actually\Nstarted at eleven:5959.
Dialogue: 0,0:10:20.80,0:10:24.08,Default,,0000,0000,0000,,Nobody tracked that part?\NYes, in the back, and then you.
Dialogue: 0,0:10:24.27,0:10:27.00,Default,,0000,0000,0000,,[inaudible].\NWe had a, for a sexual harassment
Dialogue: 0,0:10:27.00,0:10:31.32,Default,,0000,0000,0000,,training, we had to take some tests.\NWe had to watch some videos on some
Dialogue: 0,0:10:31.32,0:10:35.21,Default,,0000,0000,0000,,website, and then take a test afterwards\Nregarding each of these.
Dialogue: 0,0:10:35.21,0:10:39.70,Default,,0000,0000,0000,,And it went into quite a bit of time.\NIt was spread out over, like, a couple
Dialogue: 0,0:10:39.70,0:10:42.26,Default,,0000,0000,0000,,weeks or something.\NTests are fantastic.
Dialogue: 0,0:10:42.26,0:10:47.06,Default,,0000,0000,0000,,A fantastic way to assure that somebody's\Nactually, not only read something, but
Dialogue: 0,0:10:47.06,0:10:50.64,Default,,0000,0000,0000,,understood it.\NLet me get back to that in a moment.
Dialogue: 0,0:10:50.64,0:10:52.32,Default,,0000,0000,0000,,Go ahead.\N[inaudible].
Dialogue: 0,0:10:52.32,0:10:57.29,Default,,0000,0000,0000,,Our interactive training system.\NAnd it does have tests embedded in the
Dialogue: 0,0:10:57.29,0:11:00.72,Default,,0000,0000,0000,,viewing.\NSo, unless you take somebody else's, which
Dialogue: 0,0:11:00.72,0:11:02.60,Default,,0000,0000,0000,,nobody's going to do,\NRight?
Dialogue: 0,0:11:02.82,0:11:06.31,Default,,0000,0000,0000,,And I know we have a lawyer in the room,\Nwho is it?
Dialogue: 0,0:11:06.52,0:11:08.62,Default,,0000,0000,0000,,[inaudible].\NTed's not here?
Dialogue: 0,0:11:08.62,0:11:13.10,Default,,0000,0000,0000,,No lawyer in the room.\NThere's a very interesting thing going on
Dialogue: 0,0:11:13.10,0:11:17.79,Default,,0000,0000,0000,,right now in the sort of, click-through\Nagreements, which is that.
Dialogue: 0,0:11:17.79,0:11:23.20,Default,,0000,0000,0000,,The courts are, and I wish it was here\Nactually to correct me because I am sure I
Dialogue: 0,0:11:23.20,0:11:27.14,Default,,0000,0000,0000,,am wrong on this.\NBut the courts are getting a little wishy
Dialogue: 0,0:11:27.14,0:11:30.61,Default,,0000,0000,0000,,washy on whether or not any of that is of\Nany value.
Dialogue: 0,0:11:30.61,0:11:33.26,Default,,0000,0000,0000,,So, yes.\N[inaudible] because, just because
Dialogue: 0,0:11:33.26,0:11:38.10,Default,,0000,0000,0000,,somebody's indicated that they have put\Nthrough a page or they've accepted that
Dialogue: 0,0:11:38.10,0:11:41.38,Default,,0000,0000,0000,,page does not ensure that, that content\Nhasn't changed.
Dialogue: 0,0:11:41.38,0:11:45.55,Default,,0000,0000,0000,,So what have they accepted?\NAnd that's not necessarily a static thing.
Dialogue: 0,0:11:45.74,0:11:48.04,Default,,0000,0000,0000,,Agreed.\NAlthough even the static stuff.
Dialogue: 0,0:11:48.04,0:11:53.12,Default,,0000,0000,0000,,People are wondering whether or not it's\Nreasonable to assume that you did actually
Dialogue: 0,0:11:53.12,0:11:57.55,Default,,0000,0000,0000,,read all twenty pages of legal mumbo jumbo\Nbefore you clicked on the yes.
Dialogue: 0,0:11:57.55,0:12:01.12,Default,,0000,0000,0000,,I'm going to okay this because that means\NI can now use XP.
Dialogue: 0,0:12:01.95,0:12:03.76,Default,,0000,0000,0000,,Yes.\NI've researched this.
Dialogue: 0,0:12:03.96,0:12:08.28,Default,,0000,0000,0000,,It's less than zero, probably.\N001.. People might, some people will
Dialogue: 0,0:12:08.28,0:12:13.38,Default,,0000,0000,0000,,possibly start to read it, and then they\Nwill scroll and see how long it is and
Dialogue: 0,0:12:13.38,0:12:16.10,Default,,0000,0000,0000,,give up.\NBut no one, I've never seen anyone
Dialogue: 0,0:12:16.10,0:12:21.26,Default,,0000,0000,0000,,actually put in the effort to read it.\NAnd that's with someone watching them and
Dialogue: 0,0:12:21.26,0:12:23.91,Default,,0000,0000,0000,,them wanting to please me.\N[inaudible].
Dialogue: 0,0:12:24.11,0:12:25.59,Default,,0000,0000,0000,,Huh?\NWho [inaudible].
Dialogue: 0,0:12:25.78,0:12:28.88,Default,,0000,0000,0000,,Yeah, lawyers.\NActually they read chunks of it.
Dialogue: 0,0:12:28.88,0:12:34.12,Default,,0000,0000,0000,,Maybe it's five or six of them and they\Nall put it together, so none of them read
Dialogue: 0,0:12:34.12,0:12:37.66,Default,,0000,0000,0000,,the whole thing.\NThat, and, there's, there's a few perverse
Dialogue: 0,0:12:37.66,0:12:42.30,Default,,0000,0000,0000,,people out there in the world, who\Nactually, I, I think they're kind of, good
Dialogue: 0,0:12:42.30,0:12:47.86,Default,,0000,0000,0000,,examples of creative writing.\NAnd I read them because I, I'm amused by
Dialogue: 0,0:12:47.86,0:12:53.71,Default,,0000,0000,0000,,some of the stuff they put in there about\Nthe fact that you know they're not
Dialogue: 0,0:12:53.71,0:12:59.03,Default,,0000,0000,0000,,responsible with it, you know, if.\NGood example, Windows Vista, if Windows
Dialogue: 0,0:12:59.03,0:13:03.06,Default,,0000,0000,0000,,Vista explodes, and the parts fly\Nthroughout the room.
Dialogue: 0,0:13:04.14,0:13:10.64,Default,,0000,0000,0000,,Completely obliterate all life.\NWindows is and Microsoft is not
Dialogue: 0,0:13:10.64,0:13:12.68,Default,,0000,0000,0000,,responsible.\NAbsolutely guaranteed.
Dialogue: 0,0:13:12.68,0:13:16.39,Default,,0000,0000,0000,,It's, it's definitely on like page 30.\NThe whole explosion part.
Dialogue: 0,0:13:16.57,0:13:20.77,Default,,0000,0000,0000,,Isn't there something in here about the\Nwind blows and the tree falls.
Dialogue: 0,0:13:20.77,0:13:23.77,Default,,0000,0000,0000,,That Microsoft isn't.\NCertainly not responsible.
Dialogue: 0,0:13:23.95,0:13:28.68,Default,,0000,0000,0000,,So, not very many people are like me.\NNot very many people actually think that's
Dialogue: 0,0:13:28.68,0:13:32.10,Default,,0000,0000,0000,,a muse in reading.\NThey actually just page down as far as
Dialogue: 0,0:13:32.10,0:13:34.68,Default,,0000,0000,0000,,they can and click on the, it's okay\Nbutton.
Dialogue: 0,0:13:34.86,0:13:39.83,Default,,0000,0000,0000,,Most amusing thing I think I ever saw in\None of those was actually that somebody
Dialogue: 0,0:13:39.83,0:13:44.86,Default,,0000,0000,0000,,programmatically looked at how long it\Ntook between displaying the first page and
Dialogue: 0,0:13:44.86,0:13:48.17,Default,,0000,0000,0000,,you clicking on the Okay.\NAnd if it wasn't long enough.
Dialogue: 0,0:13:48.17,0:13:50.70,Default,,0000,0000,0000,,They just said, "Look, you didn't read\Nthat.
Dialogue: 0,0:13:50.70,0:13:57.63,Default,,0000,0000,0000,,Go back and try again." [laugh] I, I\Nthought that was hilarious.
Dialogue: 0,0:13:57.63,0:14:01.68,Default,,0000,0000,0000,,But.\NAnd that's why testing, actually, starts
Dialogue: 0,0:14:01.68,0:14:07.88,Default,,0000,0000,0000,,as starts to around a little bit of this.\NI can't imagine what would happen if some
Dialogue: 0,0:14:07.88,0:14:14.08,Default,,0000,0000,0000,,of the longer click through agreements\Nstarted asking okay, so, under limited
Dialogue: 0,0:14:14.08,0:14:19.62,Default,,0000,0000,0000,,liability.\NWere we a liable for any pet deaths in
Dialogue: 0,0:14:19.62,0:14:23.49,Default,,0000,0000,0000,,your family?\N[laugh] So these sorts of things are
Dialogue: 0,0:14:23.49,0:14:27.92,Default,,0000,0000,0000,,actually starting to, to change the way we\Nlook at stuff.
Dialogue: 0,0:14:28.16,0:14:34.24,Default,,0000,0000,0000,,I really, really like by the way new\Nemployee orientation and new employee
Dialogue: 0,0:14:34.24,0:14:39.32,Default,,0000,0000,0000,,agreements with tests.\NI'm starting to see places that actually
Dialogue: 0,0:14:39.32,0:14:42.29,Default,,0000,0000,0000,,implement.\NYou must read all of this stuff, all of
Dialogue: 0,0:14:42.29,0:14:46.85,Default,,0000,0000,0000,,these policies, procedures and how do we\Ndo business and so on and so forth.
Dialogue: 0,0:14:46.85,0:14:51.59,Default,,0000,0000,0000,,And, sometime within the next couple of\Ndays your going to have to take a test on
Dialogue: 0,0:14:51.59,0:14:57.74,Default,,0000,0000,0000,,it, and pass or you're not an employee.\NSo,
Dialogue: 0,0:14:58.70,0:15:03.88,Default,,0000,0000,0000,,Anything, any other by the way, all great\Nelements of good policy.
Dialogue: 0,0:15:03.88,0:15:05.42,Default,,0000,0000,0000,,Yes?\N[inaudible].
Dialogue: 0,0:15:05.66,0:15:09.87,Default,,0000,0000,0000,,Absolutely.\NYou have to have something to back it up.
Dialogue: 0,0:15:09.87,0:15:15.70,Default,,0000,0000,0000,,If, I merely suggest to all of you that\Nyou don't take employee data, and
Dialogue: 0,0:15:15.70,0:15:19.51,Default,,0000,0000,0000,,willy-nilly, start flapping around the\Ninternet.
Dialogue: 0,0:15:19.51,0:15:23.96,Default,,0000,0000,0000,,And I'm not prepared to do anything about\Nit if you do.
Dialogue: 0,0:15:25.74,0:15:29.76,Default,,0000,0000,0000,,The policy has no effect.\NIt has, it has really no, no teeth.
Dialogue: 0,0:15:29.76,0:15:33.06,Default,,0000,0000,0000,,Yes.\NI think policy should be enforced at all
Dialogue: 0,0:15:33.06,0:15:37.65,Default,,0000,0000,0000,,levels of the organization.\NSo senior management is responsible for
Dialogue: 0,0:15:37.65,0:15:41.00,Default,,0000,0000,0000,,living up to that policy as well as junior\Nstaff.
Dialogue: 0,0:15:41.00,0:15:46.14,Default,,0000,0000,0000,,We've had situations where political\Ncontent, for instance, was sent through
Dialogue: 0,0:15:46.14,0:15:51.35,Default,,0000,0000,0000,,the email to employees regarding certain\Ninitiatives from senior management.
Dialogue: 0,0:15:51.35,0:15:55.88,Default,,0000,0000,0000,,And it was pointed out to them, you\Nrealize you just made a policy
Dialogue: 0,0:15:55.88,0:15:57.38,Default,,0000,0000,0000,,unenforceable.\NYeah.
Dialogue: 0,0:15:57.38,0:15:59.92,Default,,0000,0000,0000,,[inaudible].\NAnd then, that's actually.
Dialogue: 0,0:16:00.83,0:16:02.62,Default,,0000,0000,0000,,And, and who do, I won't even ask who you\Nwork for.
Dialogue: 0,0:16:02.72,0:16:04.73,Default,,0000,0000,0000,,A healthcare organization.\NA healthcare organization.
Dialogue: 0,0:16:04.84,0:16:09.52,Default,,0000,0000,0000,,[inaudible] That's what the issue is.\NInteresting.
Dialogue: 0,0:16:10.06,0:16:15.62,Default,,0000,0000,0000,,That, I see that a lot more in smaller\Norganizations, you know, organizations of,
Dialogue: 0,0:16:15.62,0:16:21.40,Default,,0000,0000,0000,,of few 1000 people and less where the\Nmanagement of the organization is not used
Dialogue: 0,0:16:21.40,0:16:26.46,Default,,0000,0000,0000,,to having to kind of put up with this\Nuniformity of policy enforcement.
Dialogue: 0,0:16:26.46,0:16:29.60,Default,,0000,0000,0000,,Larger organizations usually kind of get\Nit.
Dialogue: 0,0:16:30.09,0:16:31.70,Default,,0000,0000,0000,,Not always.\NI mean there's.
Dialogue: 0,0:16:31.89,0:16:33.81,Default,,0000,0000,0000,,[inaudible].\NYeah, yeah.
Dialogue: 0,0:16:33.81,0:16:37.92,Default,,0000,0000,0000,,It's so, it is absolutely.\NIt is very, very important that people
Dialogue: 0,0:16:37.92,0:16:41.77,Default,,0000,0000,0000,,realize that policy is enforced from the\Ntop to the bottom.
Dialogue: 0,0:16:41.77,0:16:46.92,Default,,0000,0000,0000,,In fact, it's you know, emanates from\Nbusiness requirements set by the people at
Dialogue: 0,0:16:46.92,0:16:49.99,Default,,0000,0000,0000,,the very top.\NSo, if those business requirements
Dialogue: 0,0:16:49.99,0:16:52.92,Default,,0000,0000,0000,,dictated this policy.\NAnd they violate policy.
Dialogue: 0,0:16:52.92,0:16:57.88,Default,,0000,0000,0000,,Either the business requirements weren't\Naccurate in the, in the first place.
Dialogue: 0,0:16:57.88,0:17:02.51,Default,,0000,0000,0000,,Or they're actually count, acting\Ncountered to the best interest of the
Dialogue: 0,0:17:02.51,0:17:04.34,Default,,0000,0000,0000,,company, or the organization.