Assets, Vulnerabilities, Threats, Exploits, Risk, and Management

The post two weeks ago on contingency planning mentioned risks and threats, but did not go into detail regarding the differences. To elaborate on the subject of risks and threats, other terms need to be introduced and defined, as well. This post will describe and delineate between assets, vulnerabilities, threats, exploits, and risk. By understanding the terms collectively, the risk management process will seem more natural and be easier to understand. Finally, a brief discussion will summarize the relationships and describe the fundamental process of risk management.Continue reading

PII and UIDs

This should go without saying, but personally identifiable information (PII) should not, under any circumstances, be used as unique identifiers (UIDs). There are gross misuses of PII in every industry from retail, to banking, to education, and more. This post is going to outline several reasons why PII data should never, to any extent, be used as a UID.Continue reading

Contingency Planning Explained: Risk, Incident Response, Disaster Recovery, and Business Continuity Plans

Risk planning, incident response planning, disaster recovery planning, and business continuity planning will be discussed here. An extra emphasis will be placed on the distinctions among the plans. A brief overview will be given followed by an outline used to facilitate the visualization of all the separate pieces and keep the focus on dissimilarity.Continue reading