Musings by the Tao Of Risk

Attack of the Spam Bots

My website recently encountered a Spam Bot attack that brought the site down several times because of excessive CPU and bandwidth usage.  The number of page requests increased 33 times more than normal from an average of 54,000 to over 1.8 million. Many thanks to my web host ( for all their help and support to foil the Bots and getting my site back online.  I took three steps to solve the problem; 1) required all users to register and login in order to access any website content, 2) require a CAPTCHA response when adding article comments, 3) upgrade the site from Joomla 2.5.17 to Joomla 3.3.6 .

I was quite surprised how simple and seamless the Joomla 3.3.6 upgrade was.  The upgrade took less than an hour and that included a test installation.  After upgrading to Joomla 3.3.6 I had to upgrade the site template and one component. The Joomla 3.x administration is a significant improvement over Joomla 2.5 and I strongly recommend anyone who has not yet upgraded to do so.  I also like the fact that Joomla 3.x supports two factor authentication which I plan to rollout shortly to improve security even further.

Risk Policy and Governance

Effective risk management must include a strategic element as well as an operational element.  The strategic element includes, among other things, effective governance based on a comprehensive risk policy that provides specific guidance about the organization's risk appetite and risk tolerance.  An Enterprise risk management plan (ERMP) that directly aligns with the organizational risk policy is the foundation for the operational risk management element. 

A recent report by the Organization for Economic Co-operation and Development (OECD) on risk management and corporate governance indicates risk historically has not been managed on an enterprise wide basis and not adjusted to corporate strategy. The report goes on to state that risk managers were often kept separate from management and not regarded as an essential part of implementing the company’s strategy (OECD, 2014).  Disconnecting strategic risk management elements from the operational element sets the stage for catastrophic failure.  The Deepwater Horizon disaster in 2010 clearly demonstrates what can happen when operational and strategic risk management elements are disconnected.

Blue Tooth Headset Reviews

I have used a number of Bluetooth headsets over the years and have had varying levels of success.  My needs are pretty basic, the most important features for me are:

  1. Sound quality
  2. Battery life
  3. Wearability

I spend a lot of time on conference calls while driving so sound quality and noise cancelation are the most important feature.  I often more than 4 hours a day on the phone so batter life is a close second to sound quality.  I wear glasses so wearability is important because several headsets don't fit well if you are wearing glasses.