Business Case Sonnet

Next time you need to produce a business case to buy a new product, give this a try:

---

Business Case

You ask me why we should spend this money,
Expecting loads of useful rationale.
As if I would ask for something silly?
Blow money on a drunken bacchanal?

This product will soothe fifty-one pain points.
Without it, we lose money ev'ry day.
Right now we're running with glass in our joints.
The inefficiencies cause me dismay.

Let us spend money, a little will do.
This investment will yield profits tenfold.
I know a vendor who'll discount it too!
Please, my dear purchase manager, be bold!

Just sign my request. Let's buy this new toy!
You'll give all your techies a load of joy.

News Haiku

Taken from some news stories and recent postings, I offer another round of haiku.

---

A germ can blossom
In mother and new-born child.
Size does not matter.

OUCH! Monthly Security Awareness Newsletter - Securing Your Mobile Device Apps [PDF]

---

Even in the storm,
Roaring wind and pelting rain,
Calm voices call you.

Security Now Episode 339

---

Winds blow, water flows.
When you think you control tides
Someone else might too.

ICS-ALERT-12-039-01 - Advantech BroadWin RPC Server Vulnerability [PDF]

---

Wolves hunting in packs.
The scattered flock can't escape
The jaws of malware.

Citadel - An Open-Source Malware Project

---

Electronics Manufacturing Giant Foxconn Is Hacked

The prey will not care
The color of the snake's scales.
Black or grey still kills.

---

Microsoft Security Bulletin Advance Notification for February 2012

Cycles surrounding.
The moon. The sun. The seasons.
Monthly patch day comes.

Oh, look! Another web-based vulnerability!

According to this article, some vulnerability researchers have found a new vulnerability that can definitely be exploited through Safari for Windows. They believe the vulnerability can also be exploited through other web browsers on Windows. The article notes that the exploit uses a Windows library that web browsers call, so it's really a problem with Windows.

The web browser has become the most common vector through which malware gets on a victim's system. It used to be all about bad guys exploiting systems through the OS directly. Now, they make use of the ubiquitous WWW and all the software that's designed to browse it.

---

Web Browser Vulnerabilities

Your web browser gapes
Like a path through underbrush.
Secret garden found.

Invite the foxes
Into the warm, dry hen house.
Open your browser.

Take care! You go where
Vulnerabilities live.
Spiders on The Web.

Oh, look! Another Firefox!

New versions of Firefox have been coming fast and loose lately. Firefox 9.0.1 is being released a day after version 9.0.0 was released. Such speed inspires the mind.

---

Firefox Haiku

Try to count the flakes!
Snow falls on itself and grows.
New Firefox out.

Growth must follow birth.
The hunters prey on the young.
Security patch.

Firefox versions
Like June firefly flashes.
Miss one, one more comes.

Chamber of Secrets

Hot on the tail of news of the US Chamber of Commerce being hacked, I offer some haiku.

---

Chamber of Commerce
Pierced by winds and driving rain.
Servers are all wet.

Feds investigate
Like deer browsing underbrush.
Fresh morsels are found.

China will insist:
Innocent like sprouting bulbs.
Do you smell something?

Who's Afraid of SCADA?

By request...

---

Who's Afraid of SCADA?

The lights, they are a-dimmin'.
Humidity's high, I'm swimmin'.
'gainst heat, AC's not winnin'.
All fans have stopped their spinnin'.

None of the doors will a-open.
All locks are completely frozen.
The stop lights won't stop their blinkin'.
Fountains think ghosts are a-drinkin'.

We put 'em on the Internetwork.
Now they're hacked by some stupid dumb jerk.
In shadows those bad guys seem to lurk
Creating for us so much more work.

Social Network De Jour

It seems like new social networks of various types are popping up everywhere. They all have different themes and work in slightly different ways. But one thing is common among them all: they make you a product that they sell to others. Your data is worth a lot to these people.

---

Social Network De Jour

I rolled myself a VM
And deployed. Carpe Diem!
No time to plan a mature service out.

My server was unhardened.
My code could not be pardoned.
First to market's what it's all about.

I encouraged you to share
All your facts and details there.
My social network links from all around.

I never promised you I'd hide
The juicy details found inside.
I'll ship your data off without a sound.

Marketers will love me.
I'm selling you, you must see.
Another item sitting on a shelf.

Privacy is long gone,
Not something you can count on.
You handed it all over your own self.

Outsource Rock

My boss was lamenting the lack of Schoolhouse Rock-esque songs about outsourcing and sending things "to The Cloud".

I took that as a challenge.

---

Outsource Rock

CHORUS
Outsource is the horse to bet on,
Though your service is nervous to leave.
Just consider the better return on
Your investment in business IT.

Backups and patching's for losers.
Running a helpdesk's a bore.
Do like those savvy tech choosers:
Send servers packing for off-shore!

CHORUS

We watch as your email host flounders.
We see hard drives falling away.
Fly in the face of your founders.
IT wasn't destined to stay!

CHORUS

Don't worry too much over data.
Privacy's lawyers' concern.
It's only the service that mattas!
Just let your old server farm burn!

BRIDGE
Don't be annoyed at the marketer's ploy
She's trying so hard to assist.
When all's said and done you'll have so much more fun
Your old ways will hardly be missed!

Staff costs just lower the margin,
There's no need to keep them around.
Just like the poor echo and chargen,
They'll bury us all in the ground.

So, ho!
Outsource is the horse to bet on,
Though your service is nervous to leave.
Just consider the better return on
Your investment in business IT.

APT Haiku

The buzzword "APT" is met with fear and derision. But Advanced Persistent Threats are real, and information security programs must address them. Still, the term has a habit of causing visceral reactions during important conversations.

---

Snowfall's silence screams
Across the full conference room.
You said "APT".

Among Autumn's leaves
Falls a juggernaut disguised,
Hiding in plain sight.

Wild seeds in springtime
Sprout unexpected flowers.
How long did they sleep?

Vendor Call

IT Security folk have to fight off attackers and vandals and the careless and ignorant. We also have to fight vendors. Maybe fight isn't the right word. It all depends on your perspective.

---

Vendor Call

We vendors have what you need.
Just taste, you'll understand.
You think vendors just care about greed?
No, we're trying giving you a hand.
No one can solve the world's troubles,
Isolated and on your own.
You need friends though the crashes and bubbles,
For when the bad guys are looking to pwn.

My product can save you from evil!
My product can show ROI!
My product could defeat the devil
And stop an APT spy!

UTM, PCI, and IDS!
A+, CISA, ISC2!
SOX, ISO, and IDS!
We cooked a full acronym stew.

We've got webinars, glossies, a PowerPoint slide.
We can send you evangelists and experts.
Let's talk! Let's chat! Please, let us inside!
Let us know everywhere it hurts.
We'll buy you some lunch, bring a T-shirt or two.
We've got pens and foam balls to spare.
Every promise we make is totally true.
You'll be relieved, without a care.

You cringe when we send you an email.
You ignore our voice messages.
But it's not just about making a sale
And removing your budget's vestiges.
Honest and true, our product is good.
Just give us a chance to show it.
We're solution providers! We're misunderstood!
It's your business, we wouldn't want to blow it!