This week's assignment is based on finding reliable references from which to draw valuable information. For those of you who know me, you know I am excellent at finding information in places that local government doesn't want me to find. This makes this week's assignment right up my alley.
But another question I was posed is, what happens if I have two reliable sources that contradict each other?
During one of my classes, a discussion commenced regarding the security of cloud technology. I went to my usual sources and found there were indeed conflicting data regarding whether or not cloud technology is secure or not. This got me really thinking hard. I began to evaluate who wrote what and discovered that those who supported cloud technology as a secure alternative for business continuity and disaster recover were the very companies that offered services in that technology!
It has been my experience that when there is something new that is developed, while most bugs are worked out, not all bugs are found. This is something I experienced as a Beta testers for Photoshop CS 5. I played with the software, found bugs, reported them and installed any patches that fixed those bugs. However, despite this, Adobe later released 5.5 because there were so many fixes that needed to be made, they had to release a .5 version of their new release. It is the same with new car technology. My husband and I just recently bought a new Hyundai. It has a new technology in it that helps conserve gas on long trips. It's a great commuter car! We are hoping the bugs are worked out, but like any new model, we are prepared for that very thing.
Anyways, when it came to figuring out who was the more reliable source, I tend to err on the side of caution. People who provide such technologies would never promote their flaws. That's suicide for any organization. However, some thing need to be considered.
Cybersecurity is a constant cycle. New threats will always present themselves. There is no such thing as true security. Benjamin Franklin told us that at the birth of our nation! Things have not changed much since then, just the methods used to violate security.
So, here are some sources I have found to be pretty reliable. They have been my best friends throughout my Master's program and I even found some new friends. I will most likely find more sources during my Defcon adventure!
One of the greatest weapons a hacker has is human behavior. People are predictable. A hacker understand that a majority of the people using computers do not understand security except they do know to buy virus software. So, what happens when a pop-up comes up on your screen and says, "You have 1,023,038 viruses!!!! Press here to get rid of them!" The initial response to someone who does not know is to download the software to get rid of all those viruses! What they do not know is they are downloading a virus. My daughter did this to my desktop. After I fixed it, I released my fury and gave her a class on social engineering.
Social-Engineer: Security Through Education is one of my favorite sources. It even offers a certification in Social Engineering Pentesting and once I have $3500, I'm going to get it! Anyways, this site offers newsletters that can be read and there is some really good stuff on that. After all, the reason computers are fallible is because humans are. Social engineering is the very foundation in which the hacker world lives in.
The Hacker Academy gets a person to consider, "Are you thinking like a hacker yet?" Membership is $150/month or $1495/year. Again, that money thing, darn it! However, there is Research and Blogs available to the public that contains interesting information.
Electronic Frontier Foundation has some interesting information regarding the digital world and our civil liberties. As a person that is highly involved in both topics, this site really excited me! Like other political sites though, one must take each article with a grain of salt. In other words, if you don't understand current laws and our Constitution, don't bother.
These three above sites are just a couple I have discovered in researching Defcon and they will be there this year! I intend to meet them! Maybe even get a Defcon discount!??? One can hope! But those are my new "friends" in regards to resources.
Of course, you can never have enough resources. These sources have been my best friends throughout my Master's Cybersecurity program. They are a wealth of information and have been invaluable in my education.
The National Institute of Standards and Technology has been an invaluable resource to me as well as SANS documentation.
I also have some listed below in previous blogs that have been so helpful in finding articles to write about.
Google is another wealth of information when doing basic searches. However, always take a look at your resources before using them as a viable source. The bad information will also surface with the good information!
No comments:
Post a Comment