What I Did?, Week 5-9 Feb

--Originally published at Computer System – Courses

Finally the end of this week. So here is how our app looks like!


I ask some teammates about their opinion and they give me some design ideas about the app. But they agree that the app achieve its purpose about what we want to solve!


What I Did?, Week 22-26 January

--Originally published at Computer System – Courses

For this week, I setup with another team mate for another course, the project cards in order to have things to do for the first sprint and delivery. Also we create a slack channel in order to keep in touch and know what is working everyone or if someone need help or has a doubt to ask.

Also I continue learning using Android Studio and work in the mobile application. We also defined some features to deliver for the Mobile Development Course, this will help us to get an advance over the application development.

This semester looks challenging!

Ensuring Confidentiality – Skalia –

--Originally published at Computer System – Courses

Let’s make a recap, in my previous post, i talked about how do we develop SKALIA, so now I am going to talk about how the confidentiality applies to it. We got 4 different types of users:

  1. Students
  2. Teachers
  3. Principal
  4. Admin

Every one of them has certain level of access to the data and how it is manage different for each one. First the students only can see their own data, and how they are making progress a long they play Mateoro. Next the Teachers, they only can see all the students that are in their group and how is the progress of every one of them and each of their students. Also the principal can see the group, similar to the Teachers, but with the main difference that he has access to all the groups available in the school. Finally, the admin has access to create, edit, update and see everything, it is a super user, because they can manage the system and work along with it.

Manage different roles, allow us to ensures that data is confidential between users. Also remind that our database has all the data encrypted in order to it can’t be interpreted if someone has access to it. Thus, we can manage the safety of the users data and they can be secure that his data is and will be safety to use.



Skalia – Developing for Integrating Security

--Originally published at Computer System – Courses

This semester, our team (4Cloud) had to develop a web application to help children from Miguel Hidalgo School learn and practice mathematics, this project wanted to help elementary school kids how to integrate math into their daily lives and the way they used them. So we got the goal to make a web app called Skalia, that involves a web app that introduce a Users Dashboard and a web game called Mateoro, in summary, the user (can be a student, teacher or director) can log into the web app, in order to access the game or review some statistics about the children progress in the game.

mateoro_conept_artMateoro. Concept Art

Mateoro. Final Version

Skalia. Web App

But in order to develop this app, we need to focus in how we will be managing the security around it. So one of our main concerns was how we were going to manage sensitive data. So after many talks, we agree in use the least possible amount of data, so in case of an attack to the system, the damage would be the minimum. Then we decide to encrypt the data that is going to stored. With encryption on data, the data managed through endpoints was secure.

An important point that also we take into consideration was about the session that we would be dealing around the server and client side, so we consider many ways, and at the end we agree to manage a session with PassportJs, which allow us to manage sessions, and if the user log out or close the window or browser we would close the session in order to maintain secure all the data that is update or display in the client side.

Besides the data management and how would be stored. We take in consideration, who would have

Continue reading "Skalia – Developing for Integrating Security"

Risk Management Framework

--Originally published at Computer System – Courses

Sometimes manage the risks could be complex and hard to do, but we got frameworks that works for us as basis and the most used is named as Risk Management Framework in which provides a process that integrates security and risk management activities into the system development life cycle. The risk-based approach to security control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.

This framework has a life cycle which is related to managing organizational risks, and in order to accomplish the cycle we need to know 6 steps:

  • Step 1 – Categorize Information System
    • Categorize the system and the information processed, stored, and transmitted by that system based on an impact analysis
  • Step 2 – Select Security Controls
    • Select an initial set of baseline security controls for the system based on the security categorization.
  • Step 3 – Implement Security Controls
    • Implement the security controls and document how the controls are deployed within the system and environment of operation.
  • Step 4 – Access Security Controls
    • Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended with respect to meeting the security requirements for the system.
  • Step 5 – Authorize Information System
    • Authorize system operation based upon a determination of the risk to organizational operations and assets, individuals, other organizations.
  • Step 6 – Monitor Security Controls
    • Monitor security controls in the system on an ongoing basis including assessing security control effectiveness, documenting changes to the system or environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to appropriate organizational officials.

But before we start the steps below, we need to have information inputs in order to start the process:

  1. Continue reading "Risk Management Framework"

Code of Ethics in IT Security

--Originally published at Computer System – Courses

Imagen relacionada

We already know, ethics are important in countless organizations, in which the IT personnel are entrusted with the ability to review and have access to sensitive and personal data. So how they and we in a near future are going to handle this responsability that has to much to do with their own ethical standards, that’s why organizations carefully select people with high standards to protect his data.

So, let’s think about the next questions:

  • When using your computer, do you harm others? We need to respect everyone.
  • Stay out of and do not steal other people work, files, software, data, etc.
  • Do not use other people’s work without citing or paying for it.
  • Think first of the social consequences of what you are doing.

I think that the most values as an IT/Computer Science must have to own is:

  • To know myself and be honest about my capability.
  • Conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.
  • Respect privacy and confidentiality.