Staying current

I think it goes without saying that any professional should stay current on information and tools in their field of practice. In the field of Information Technology this is difficult, but not impossible. I try to stay current by reading the newsfeeds, learning new tech or methods and communicating with colleagues. This way I can keep my finger on the pulse and adjust my plans accordingly at a macro level. Now, there are a ton of websites and publications for tech. Try to distill the results from the most relevant and legitimate sources you can. Sources like educational institutions, government and well-known, reputable people. Take what you learn and use it to your advantage any place you can. The world moves fast and so should you.

In other news…I’m working on a search function for this site. Should be ready in a few days.

Mobile device security

Mobile device apps. Who can we trust?

A few tips on keeping your smartphone and its apps inside of your control.

  1. Check and research the app developer.
  2. Have a look at the Ratings and reviews.
  3. Check the app permissions. Be specific and check location access. (Assuming you don’t want your location broadcasted)
  4. Be especially concerned with keyboard and emoji apps that require special permissions.
  5. Use caution when using your Social Media credentials to sign in.
  6. Keep apps up to date.
  7. Use biometrics to lock and unlock your phone and apps.
  8. Don’t plug the phone into any public computer.
  9. Try to limit your time on any public network.

Australian Cyber Security Guide

Please read this guide for context.

I love the attempt here to outline a simple strategy for defending technology assets. I will take what the Australian Government has laid out here and build upon it as it is a good foundation. Sometimes, it seems a nearly impossible task, but with the right energy focused on the right target, you’ll have a better chance at success.

Another perspective on these building blocks could be the Australian Government showing us their thought processes and internal and external defense perimeter. In a sense, giving the dark forces an advantage by providing a blueprint for how their systems are defended and in reverse, compromised.

To be honest, if an organization hasn’t already laid out these essential building blocks for defense, they are behind the 8 ball.

Advanced security controls

Many people are looking for a place to put their data and keep it private. Or not private, in some cases. What can you do to ensure highest security standards are in place and your data is protected from bad actors?

Previously, I wrote a document covering some basic cyber security guidelines for the average computer user. Now, it is necessary that I attempt to cover the broad range of security measures available to IT professionals. I recommend using the highest security standards wherever possible.

Each scenario is different, but there is a baseline level of standards we need to define. I am not trying to re-invent the wheel here, just point you in the right direction. Therefore, I have a few resources that will help identify the target areas:

  1. NIST – Security and Privacy Controls for Federal Information Systems and Organizations (2015)
  2. FedRAMP Security Controls Baseline.xlsx (2018)

Please also feel free to read any other cyber security publication from your field, as it may be helpful in your specific environment.