Wednesday, April 28, 2021

InfoSec vs CyberSec vs ITSec vs CompSec vs NetSec vs AppSec

Since I am relatively new to the area of "security", I decided to look up the definitions of the terms that I often read or hear in the community. I took the definitions from CSRC-NIST, SANS, and ACM.

Information Security (INFOSEC)
  • "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability."[1]
  • "Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption."[2]
Cybersecurity (CYBERSEC)
  • "Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation."[1]
    • (Aside: Cyber/Cyberspace - "The interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries."[1].  Cyberspace can be considered a "realm" or "domain" like land, sea, air, and space where war can happen.)
  • "Computer and network security, or cybersecurity.."[8]
  • In Education - “computing-based discipline involving technology, people, information, and processes to enable assured operations.  It involves the creation, operation, analysis, and testing of secure computer systems. It is an interdisciplinary course of study, including aspects of law, policy, human factors, ethics, and risk management in the context of adversaries.”[7]
Information Technology Security (ITSEC)
  • "technological discipline concerned with ensuring that IT systems perform as expected and do nothing more; that information is provided adequate protection for confidentiality; that system, data and software integrity is maintained; and that information and system resources are protected against unplanned disruptions of processing that could seriously impact mission accomplishment. Synonymous with Automated Information System Security, Computer Security and Information Systems Security."[1]
    • (Aside: Information Technology - computing and/or communications hardware and/or software components and related resources that can collect, store, process, maintain, share, transmit, or dispose of data. IT components include computers and associated peripheral devices, computer operating systems, utility/support software, and communications hardware and software."[1])
  • "Information Technology Security also known as, IT Security is the process of implementing measures and systems designed to securely protect and safeguard information (business and personal data, voice conversations, still images, motion pictures, multimedia presentations, including those not yet conceived) utilizing various forms of technology developed to create, store, use and exchange such information against any unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby preserving the value, confidentiality, integrity, availability, intended use and its ability to perform their permitted critical functions."[5]
Computer Security (COMPSEC)
  • "Computer Security is concerned with the risks related to computer use, and ensures the availability, integrity and confidentiality of information managed by the computer system, permitting authorized users to carry out legitimate and useful tasks within a secure computing environment."[3]
  • "Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer. Rationale: Term has been replaced by the term “cybersecurity”". [1]
  • (Aside: probably used in the days when computer networks were not yet ubiquitous)
Network Security (NETSEC)
  • "Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment."[4]
Application Security (APPSEC)
  • "Application security describes security measures at the application level that aim to prevent data or code within the app from being stolen or hijacked. It encompasses the security considerations that happen during application development and design, but it also involves systems and approaches to protect apps after they get deployed. "[6]
  • (Aside: any activity designed to protect the usability and integrity of your applications [desktop, web, mobile, cloud, software in general?] and data)
There is obviously an overlap in the definitions above. I came up with a layering, which is shown in the figure below, in an attempt to put things in perspective.  I equate "security" to "protection" and the layering is based on what is being protected, with "information" the outermost layer having the broadest scope. Most people nowadays use "infosec" and "cybersecurity" interchangeably in general conversations and communications which are popular in hashtags. 




To conclude, what term should we use? I've decided to use a different term depending on the context of the conversation or communication. I will use cybersecurity when the context is national security or education. For enterprise, business, or industry contexts, information security seems to be appropriate and accepted in the community. The other terms will be used in more specific technical contexts in education and in practice.


References:

[1] https://csrc.nist.gov/glossary 

Saturday, April 17, 2021

My takeaways from The Productivity Project book



Everyone is probably interested in increasing their productivity. The book by Chris Bailey, The Productivity Project, has given me some ideas on how to do just that. Below are some of the takeaways from the book that I am currently adopting. So far, they have increased my productivity despite the pandemic.

  • Increasing productivity involves managing time, energy, and attention/focus
  • Rule of Threes
    • List three items to do today and within the week
  • Identify your values
    • Know why you want to get something done.
  • Determine your Biological Prime Time (BPT) 
    • This is the time when you have the most energy and focus. Do important tasks during this time. In my case, my BPT is during 10am-11:30am, 3pm-5pm, 9pm-10pm.
  • Limit alcohol and coffee intake
  • Create a procrastination checklist
  • Spend less time on important tasks
    • You create an artificial deadline forcing you to focus your attention and energy
    • Do the important things during your BPT
  • Disconnect from the Internet and social media
  • Balance structured(manager) and unstructured(maker) schedule
  • Define what you need to accomplish, understand how much energy and focus you have
  • Group maintenance tasks(doing the laundry, cleaning, self-care) and schedule them on a weekend
  • Create a project list/notes - next action to move the project
  • Develop a worry list
  • Identify hotspots - portfolio of life: mind, body, emotions, career, finances, relationships, fun
    • I achieve this by creating a mind map
  • Can a task be done in two minutes? Do it if yes.
  • Being busy is not being productive if you don't complete the tasks you set to do
  • Be deliberate when doing your tasks
  • Don't check your email unless you have the energy and focus to reply or act on whatever is in the email

Saturday, February 20, 2021

Experiences in remote learning

Last semester was my first experience in remote teaching. Class preparation was quite different compared to when there was no COVID-19. I described the technical aspects of my preparation in a previous post

The semester started well and everyone is excited and hopeful. The course staff was able to release the revised course guide, videos, and other materials early in the semester. Communication with students was done using Slack and Zoom. Exercise submission was accomplished using GitHub and Google Classroom. Video materials were uploaded to YouTube. (You can check out my playlists).

Things got problematic in the middle of the semester. Typhoons started coming, internet connectivity became unstable, and personal problems arise. It was hard for us and the students to focus and hold synchronous sessions. 

We originally planned to give synchronous exams via Google Forms. Unfortunately, some students were badly affected by the typhoons so we decided to remove the lecture exam requirement. We gave the weight to the laboratory exercises which became the basis of the grades. We also relaxed the due dates of the submission of laboratory exercises so that students will still be able to submit at a later date. Interestingly, the administration released a "no fail" policy.

I am happy that most of the students were able to submit their exercises and get high grades. However, it is quite hard to assess whether they really learned from the courses and they did their tasks with integrity.

Tuesday, December 8, 2020

How I backup my files

Backups are important. You never know when you will lose your files! A good backup tool and a good backup procedure are essential in today's digital world.

I've been using Unison as my 'backup' solution for a while now,  though it is more of a file synchronization tool. It allows me to efficiently replicate my Documents folder (which is about 20GB) across my Linux devices. Fortunately, Linux is my main OS.

I use a desktop in the office, a laptop at home, and a laptop I carry with me. I also have an external drive at home as extra backup storage which contains a VeryCrypt volume. My Documents folder contains essential files only.  It does not contain media files like photos, mp3s, and videos.

Recently, I purchased a storage volume from Digital Ocean to use as extra backup storage in the cloud,  which I also sync using Unison. This will allow me to access my files anywhere and in Windows. I don't want Google to see my files in the meantime.

I make sure to sync my office desktop, my cloud backup, and my laptop before I leave the office. When I arrive home, I sync my laptop with my home laptop. I only sync my external storage on weekends.

All I can say is Unison made my life easier and you should give it a try.

Saturday, October 17, 2020

Virtual international academic conferences and workshops

A lot of major academic conferences in computing are being held online/virtual these days. The conferences and workshops I was able to attend so far include the following:

These conferences waived the registration fees this year. I hope to add more to this list.

If you are interested, here is a list of upcoming conferences from various professional organizations:

Friday, October 2, 2020

On remote learning/teaching

Remote learning poses some new challenges to students and instructors. As an instructor, the question that I always ask is "How can I effectively and efficiently deliver my courses to students?" I've been using technologies in teaching already   so it is a little bit easier for me to transition to remote learning. The challenge I think is in the assessment and enforcing academic honesty. 

Coming up with the course guide was the first step.  It contains the "outline" for the semester with topics, learning outcomes, and laboratory activities specified per week. Materials such as video lectures will be prerecorded or delivered live and uploaded. Exams will be delivered online, multiple choice type. Additional materials such as slides and handouts will be made available for download also. Communications will be done through email and messaging tools.

Thus, this semester the following tools occupy my screen most of the time:

  • Google Classroom - general class housekeeping
  • Github/Github Classroom - lab/programming activities
  • OBS Studio - recording/streaming lectures
  • Youtube - storage and streaming of lectures
  • Zoom - video conferencing
  • Shotcut - video editing
  • Veikk A30 Tablet - for use in whiteboard app
  • Openboard - whiteboard app
  • Kahoot - quiz engine
  • G Suite - documents, presentations, spreadsheets, storage, calendar
  • Slack - messaging/collaboration
  • Gmail - email

 

 

Green screen setup