Ethics and security

--Originally published at Enro Blog

By definition, Ethics is a branch of philosophy that involves systematizing, defending, and recommending concepts of right and wrong conduct. In computer science and security we do ethics whenever we take a decision that harms or protects the end user, taking for example, deciding to salt and encrypt the database so in case of a security breach most of the information remains safe for all of the people registered in our database.

Safety and security of the end user.

One of the goals of computer science and computer engineers is to make software for it to be used by an end user, in this case we as the architects of the software to be used by many have to take into account the safety of the people we are serving. This is one of the many reasons why testing is important and why a software without testing is unreliable.

Safety and greed.

Many of us have installed software from the appstore or the playstore and whenever we install this apps we are prompted with a security feature for us to agree in which kind of access we grant to the application we have installed. Some of use barely read what appears infront of us, but I warn you that this is very important, is a contract that the end user is agreeing to share its personal information with whoever is the developer of said app. As developers we cannot use the end user personal information as our asset, selling this information is important and protecting that is our duty.

The Triforce of Security.

--Originally published at Manlio GR: What Does He Know? Do He Know Things?? Let's Find Out!

Today, we are going to talk about the CIA. No, not that CIA. You don’t have to worry, we are not going to topple any government. Its de CIA triad. Also no, I’m not talking about asian mobsters. You know what? I’m just going to get back on track. The CIA triad are a set of guidelines for information security. Its three main components are confidentiality, integrity and availability.

Image result for link triforce
It’s dangerous to go online, take this!

Confidentiality is a nice way to say privacy. It takes measures to ensure your private information doesn’t reach the wrong hands, you don’t want to end up being Wikileaked. A big part in the protection of your data is the authentification, this avoid the problem of a wild Ken walking to your computer and doing as he pleases. Accounts and their respective passwords are the default measure, but its always good to go the extra mile with some encryption or tokens to ensure no one meddles where they shouldn’t.

Integrity seeks to mantain data healthy. Mantaining its trustworthiness is really important. Version controls and backups help to ensure this, allowing you to backtrack your files in case of corruption, viruses, or Boris the russian hacker.  A consistent and accurate data is a happy data, or at least would be if data could have feelings.

Availability cares for data in the physical world. It focuses on mantaining the systems operational and safe. Sure, a 18 digit password may stop hackers, but what could it do against a faulty hard drive or a cup of water? Extra backups, even cloud ones help to prevent these possible issues.

Code of Ethics in IT Security

--Originally published at Computer System – Courses

Imagen relacionada

We already know, ethics are important in countless organizations, in which the IT personnel are entrusted with the ability to review and have access to sensitive and personal data. So how they and we in a near future are going to handle this responsability that has to much to do with their own ethical standards, that’s why organizations carefully select people with high standards to protect his data.

So, let’s think about the next questions:

  • When using your computer, do you harm others? We need to respect everyone.
  • Stay out of and do not steal other people work, files, software, data, etc.
  • Do not use other people’s work without citing or paying for it.
  • Think first of the social consequences of what you are doing.

I think that the most values as an IT/Computer Science must have to own is:

  • To know myself and be honest about my capability.
  • Conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.
  • Respect privacy and confidentiality.

CIA (the triad, not the Central Intelligence Agency)

--Originally published at Alfonso reviews…

Modern organizations have big amounts of information, information that must be kept safe. There is where the CIA triad comes into play, but, what does CIA stand for, CIA means Confidentiality, Integrity and Availability, and this three concepts are the guidelines for having good information security policies.

I think that if you came to this article you want to know more about the CIA, so I’ll proceed to talk a little bit about each part of the triad.

The Confidentiality limits the access  to information so that only the people who should see some content can actually see it, and no one else. It relies on the creation and administration of strong passwords, training the users into security issues and the risks they are getting into, in some cases it goes down to encryption of material, and in extreme cases, into isolation of the information from the environment, like having a computer disconnected from the network, or having the information in a physical form.

The Integrity focuses on ensuring that the information is trustworthy and accurate, and works on this aspect by managing file permissions, access controls, and using version control and redundancies for backups to restore affected data, Integrity is also concerned on keeping the data identical when being sent, and when received.

And Availability guarantees access to data by authorized people, its main focus is to ensure that the hardware and software are working properly, if something goes wrong it needs to be fixed so data is available again. In other words, it needs to keep data safe from physical or digital harm, and in some cases data gets in a waterproof and fireproof safe, and behind a firewall and proxy servers.

This triad faces some serious stuff, but most of the problems come when it faces big

Continue reading "CIA (the triad, not the Central Intelligence Agency)"

The one that makes me scared of ending up on a “list”

--Originally published at Error C2129: static function 'blog(void)' declared but not defined

Cyber threats are a reality. They are the omnipresent, all-devouring beasts that roam around the intricate stitching that we have come to call the “web”. There is no escaping them, and the most cleverly-executed ones usually end up having pretty catastrophic effects. Thousands upon thousands of leaked accounts, more than a hundred thousand computer systems completely paralyzed by malicious encryption, you name it. The truth is, we are all pitted against this harsh reality on an everyday basis, and there is no escaping it. Our only recourse usually simply consists of clamoring big tech companies to come up with better, safer ways of keeping the vital information that has now become intricately intertwined, and has been placed out there, for all to seek.

Tech companies have no other choice but to listen to these cries of help and respond, in turn, by beefing up their security systems. Always thinking up newer, safer algorithms to apply, amongst a plethora of other solutions that they must come up with in order to keep computer information “safe”. Regardless of what methods they ultimately generate to help this apparently ceaseless task, there are three principles that they will always follow — sometimes specializing in one, over the others. These three principles constitute what is known as the CIA triad (should I be in Incognito Mode for this?).

Sure, let’s kick the hornet’s nest a bit.

The CIA triad’s three components are: Confidentiality, Integrity, and Availability. Confidentiality basically means that information that is kept secure must only be visible to the authorized parties (i.e., those who actually own the data or have legal right to look at it). Integrity suggests that information must be kept as intended. This means that not a single bit that consistutes said information has been or even

Continue reading "The one that makes me scared of ending up on a “list”"

The risks and management challenges in the digital era.

--Originally published at Enro Blog

This month I decided it was a good time to start managing all of my passwords, for a long time I had managed all of my information in a pretty simple manner I take little thought about the security issues that some decisions may lead to, something as trivial as a password, the single and only key to most of the websites and common places I visit and something so tight to my web identity that if found it could let to identity thief. Along the years I have created countless accounts, so many to remember even in which website I am or not registered and so I found myself in a vulnerability. In which sites have I registered and how many of those sites have the same password been used? To just imagine this vital and private information in the wrong hands could turn my entire world apart and that was something I was not willing to let happened. Think just for a second that one of this small website is attacked and that its user’s information’s is compromised, this simple slip could cost you a ton of money IF the same password you use for is the same as amazons one.

-laughs in spanish-

That is the reason I decided that It was time to move on, because my lack of security was placing me at risk for others to make it easy to be hacked. This was my motivation to make use of password managers and get to know how they can change the way I use the internet, how I contact different websites and how to store a secure password.

Accessibility was one of the mayor factors that kept me at bay whenever I tried to use this tools but now is not complicated

Continue reading "The risks and management challenges in the digital era."

Digital Identity

--Originally published at Enro Blog

Online identity is a social presence that an internet user stablishes in online communities and websites such as Facebook or twitter.

As a whole online identity defines you as a user of the internet.

By expressing opinions on blogs and other social media, users define a tacit identity, which can be considered as actively constructed presentation of one’s self. Many people like myself prefer to use a pseudonym as our personal identity while many others prefer to use their names online.

But what is identity?

Identity is personal identifiable information, this is sensitive information that can be used on its own or combined with other information to identify someone, specifically is any information that can be used to distinguish or trace an individual. through a name, social security number, date and place of birth, mother’s maiden name, home address or email address, passport number, driver’s license number, credit card numbers, telephone number, or any other information that is linked to a specific person.

The risks of today digital streaming media sites like twitch has rised a new risk in identity, to be identified on the internet can have severe consequences.

Identity theft

Identity theft happens when someone steals your personal information and uses it without permission. Thieves can run up your credit accounts, get new credit cards, medical treatment, or a job, write stolen or fake, or altered checks, siphon checking and savings accounts, or take out loans for large ticket items, all in your name.

Easy to access for convenience = easy for others to access

And while most of us is aware of the risks of the digital world and we like to believe that what we have is secured there are several

Continue reading "Digital Identity"

Thanks TI2011

--Originally published at How to project management – Diego's Password

I want this post to be the last one in this category. I will try to sum everything up in this blog post, at least the most important things I learned. Like a closure to myself. What I like the most about this course were the guest speakers. I don’t thing anyone could have taught us that much things, no matter the experience. I think that, the fact of them being several people leaved me a complete perspective of the management world and the industry in general, rather than staying with just one point of view, regardless of the incredible experience the teacher could have had.

One of the biggest concerns I had starting the semester was my professional future. I am speccing to graduate this December. Starting this semester it hit me really really hard. I didn’t know what I wanted to my future self, specially between becoming a young entrepreneur or making my way into the industry. It did hit me. There’s something personal about me I want to share. I am that kind of person that worries about this things in an unhealthy way. It becomes part of my day.  I don’t feel special or anything; I think a lot of students my age tend to have the same problem, but it was like that at least the first two or three months. It was really frustrating to see that there are super successful people in silicon valley that are my age, or even younger. Having this guest speakers let me see their perspectives when they were my age and when they were having the same problems I have and how did they manage them.

This semester was in general hard for me. It was an amazing semester. I had incredible experiences and I had the chance of

Continue reading "Thanks TI2011"