The post two weeks ago on contingency planning mentioned risks and threats, but did not go into detail regarding the differences. To elaborate on the subject of risks and threats, other terms need to be introduced and defined, as well. This post will describe and delineate between assets, vulnerabilities, threats, exploits, and risk. By understanding the terms collectively, the risk management process will seem more natural and be easier to understand. Finally, a brief discussion will summarize the relationships and describe the fundamental process of risk management.Continue reading
PII and UIDs
This should go without saying, but personally identifiable information (PII) should not, under any circumstances, be used as unique identifiers (UIDs). There are gross misuses of PII in every industry from retail, to banking, to education, and more. This post is going to outline several reasons why PII data should never, to any extent, be used as a UID.Continue reading
Contingency Planning Explained: Risk, Incident Response, Disaster Recovery, and Business Continuity Plans
Risk planning, incident response planning, disaster recovery planning, and business continuity planning will be discussed here. An extra emphasis will be placed on the distinctions among the plans. A brief overview will be given followed by an outline used to facilitate the visualization of all the separate pieces and keep the focus on dissimilarity.Continue reading
Random Numbers
This post is going to be my recap of a small portion of Dan Kaminsky’s Derbycon 2012 talk, “Black Ops.” The part of his talk this writing will reflect on the importance of random number generation and details a couple methods for adding entropy.Continue reading