The InfoSec Blog

System Integrity: Without Integrity you don’t have Security

Related Posts
Recent Posts
Archives
Technorati
Subscribe

Enter your email address:

Delivered by FeedBurner

Search

infosecblog Web
emergence SI Site
Categories
Advertisments
January 25th, 2010

About Social Networking policy

By antonaylward
LONDON - FEBRUARY 03: (FILE PHOTO) In this ph...

Policy development is one of my areas of practice, so when a colleague on a mailing list asked about how to phrase policy to deal with the social networks (Facebook, Twitter, Myspace, etc.) and what the “best practices” are, I came out of my shell to reply.

(We’ll skip over the oxymoron “best practices” since “Context is Everything“.)

The phrase

“Use of corporate resources …”

is a wonderful one to use to prefix just about any policy statement or justification. In one workshop on policy development that I ran someone pointed out that it applied to access to the company parking lot!

The issue here isn’t “social networking”, no matter how much the media and ZDNet would have you believe. It boils down to a few very clear and easy to enumerate issues: Read the rest of this entry »

Posted in Human Factors, Policy, Social | 2 Comments
January 25th, 2010

Text vs HTML: what is more secure?

By Anton Aylward

There are “good” mailing lists and “not so good” mailing lists from the point of view of security.

Try posting HTML mail to a “good” and one of two things will happen.

  1. If you have a mailer that includes the plain text then the list
    software will discard that, forward the plain text to the list
    with a message reading

    [Non-text portions of this message have been removed]

    I’m sure you’ve seen that message in posts on yahoogroups and similar.

  2. If you have a mailer that doesn’t include the plain text
    then one of two things may happen:

    1. The plain text version is displayed, but being null the text that appears is
      empty, but you still get

      [Non-text portions of this message have been removed]

      I’m sure you’ve seen that too.

    2. The list software does its best to convert the html to plain text by stripping
      off the html tags. This works, but may
      produce some odd results. However you still get

      [Non-text portions of this message have been removed]

Read the rest of this entry »

Posted in Failures, Human Factors, Rants and Raves, Risk, Security | No Comments
January 15th, 2010

Arrogant? Who? Us?

By Anton Aylward

http://blogs.csoonline.com/problem_3_for_security_professionals_not_enough_humble_pie?source=CSONLE_nlt_update_2010-01-12

Talk about difficult to read!   I hate sites like this, only slightly more than ones that use a completely black background.

Chiemsee - Bayern - Deutschland
Image via Wikipedia

A large part of my “11th Domain” bleating is about communication – thinking in terms of the other person, their needs and views and how the ‘message’ you’re sending will be received and interpreted.
Read the rest of this entry »

Posted in 11th Domain, Human Factors, Rants and Raves | No Comments
January 6th, 2010

The Need to Understand Culture

By Anton Aylward

Some references for “The 11th Domain”

I’m going to respond to this as broadly as possible.
This is not a subject like “access control” that is hard and bound.

First, there’s Human Communication.
Probably the best source for this is to take the Dale Carnegie course on
Public Speaking. No, really. I’m quite serious.

There are a number of books that are reading material for the course;
you can find them on Amazon:

How to Win Friends & Influence People

http://www.amazon.com/gp/product/0671723650?ie=UTF8&tag=emergentprope-20&linkCode=as2&camp=1789&creative=390957&creativeASIN=0671723650

How to Develop Self-Confidence And Influence People By Public Speaking

http://www.amazon.com/gp/product/0671746073?ie=UTF8&tag=emergentprope-20&linkCode=as2&camp=1789&creative=390957&creativeASIN=0671746073

The 5 Essential People Skills: How to Assert Yourself, Listen to Others,
and Resolve Conflicts

http://www.amazon.com/gp/product/1416595481?ie=UTF8&tag=emergentprope-20&linkCode=as2&camp=1789&creative=390957&creativeASIN=1416595481

and on Google

There is also the little “Golden Book” of short adages.

The “How to win friends and influence people” has sections:

  • THREE FUNDAMENTAL TECHNIQUES IN HANDLING PEOPLE
  • THE SIX WAYS TO MAKE PEOPLE LIKE YOU
  • THE TWELVE WAYS TO WIN PEOPLE TO YOUR WAY OF THINKING
  • THE NINE WAYS TO CHANGE PEOPLE WITHOUT AROUSING RESENTMENT

Now isn’t that just what I’ve been talking about!

While those are the books, I very strongly recommend taking the course for a number of reasons. The books are ‘bare bones’. Many people find them annoying as the come across as a mix of anecdotes, pollyanna and cute phrases. The course is about the difference between the noun and the verb, as I so often put it. It puts you on the spot and makes you translate the theory of the book into the reality of action.

Its a world of difference.
The books are cheap, the experience is priceless.

OK, so I’m biased: I use to be a teaching assistant for DCC.

I’ll get to Social Psychology later, but heck, why not look up the syllabus and reading lists for a college course on that or Anthropology.

Reblog this post [with Zemanta]
Posted in 11th Domain, How-to, Human Factors, Social | No Comments
|

The InfoSec Blog is powered by WordPress | Using Tiga theme with a bit of Ozh Feed Shark