Security Saturday!
Last night I had a good, terrible night. It is one of those nights that stops you and makes you think. I had a great night with @ericboyd and @Eng_Politics was there too. However, that evening I had had Argentinian steak and during the night I had some (tweaked version of) karsk. That alone was okay, however I had some tomatoes as a snack that, together with the alcohol making me dizzy, had an effect I had never had before.
I spent some time with my face above the toilet and my SO on the phone to talk to me.
What I want to do now is take this evening, and apply security concepts to it.
First of all the issue with drunkness is not confidentiality. Unless I (and I assume most people) get really out of whack, confidentiality is the easiest of the three aspects to uphold. The real problem lies with Integrity and Availability.
The idea behind integrity is that data gets processed correctly. However, because I was focused on feeling nauseous, and I ignored the signs my body gave, I had no integrity. The interesting conversation that I had wanted to add to, I had to opt out of contributing since my mind could not process the context correctly. More so, if someone had needed me to do some security work, I would have had a hard time doing anything besides the intuitive.
The idea behind availability is more obvious. I am needed to be available, and should be able to coordinate with, articulate to, and collaborate with other people in order to keep them secure. This is the greatest violation, since even though my mental capacity is great and the integrity could be fixed by overfocusing for a short while, the need to be above the toilet seriously impedes any ability to coordinate any menaingful actions.
How we fix this? Well:
- Buy no more oily dried tomatoes as snack.
- No more snacking after a good argentinian meal.
- Do not mix drinks meant to be shots in big mugs, even if your body can normally handle it.
Of these three, the first one is a Ulysses pact. In which you prepare when you are aware, so that if you lose your awareness or the problem enters a blind spot, you already have a mitigation in place. This is a part of the Security Saturday I was originally planning to write. It was going to be about Security as a process, and this is a great way to show it. it is not enough for me to know that something went wrong. It is not enough to exactly what went wrong. It is not even enough to know how to avoid it next time.
No, a process of security is a full feedback cycle. Should there be a next time for anything that involved an incident before, then:
- Identify the risky areas and clearly mark them down beforehand, make a plan.
- During the execution of the process, keep the plan in mind and apply mitigations as needed.
- Afterwards assess the efficacy of the mitigations and make the effective ones proper policy.
And this is what I did, in this case primarily for the security of my body and mind. But since I am responsible for other people's security: my security is their security.
There is so much more to this one chapter, but it is so good already!
I had to cut it short because guests arrived, but this should get you started on your own study :)
@calvinrempel Thank you once again for the Theology Tuesday you did, I refer back to it in this one :)
@JamesDerian Congratulations with your Marriage :)
Next time there might (almost certainly) not be a Theology Tuesday, so the official next one will be February 22nd! I have a marriage to attend. As the groom. Our home is still half a project.
Fun times!
Alc and I talk about my book that is now officially finished. This is part 1 of 2. Parts have not been neatly cut. Part two will air 5 minutes after part 1 for coninuity!
Hope you enjoy :)
This is the third corner to have persistent discussions and talks in. I love tech, but especially once it transcends hardware a little. I have two degrees; a bachelor's in Software Engineering and a master's in Information Security Technology. My graduation thesis focused on assembly-level optimizations (that is, one level above the hardware level) and my free subjects were in formal verification. This is why I love programming in the security corner, or maybe it is the other way around.
I started going down the Security path because I early on saw that the world around us would become a dangerous cesspool of badly-implemented and hostile tech. Now I am one of the people that understands the field around that mess :)
So in here you can discuss secure phones, weird programming languages, sad truths about internet-connected fridges. Also about malware, adblockers, and so on and so fort!
A lot of tech talk I do over at the @Lunduke community, where a lot of nerds hang out and it is ...
Much like the reading corner, let's have a music corner! A few rules for this one, since some music can be provocative. I don't mind much but let's keep youtube links with risque thumbnails out of here.
Other music I might also mind. "Do you find that offensive?" might someone ask. Yes, there is some music I choose not to listen on principle, and I walk a thin line there sometimes. But do not worry, I have a wide taste otherwise so feel free to share almost anything :)
Either way, here is the music corner!
Many times when we talk about security, we mean to say "Digital security". In essence we mean to say that our hardware and software that we use stays safe no matter what we do. And even though the ISO27001 standard (and by extension, for example, the NEN7510 standard) make it abundantly clear that security is a people-domain problem, we usually take that as a process-like truth. Meaning, we think that being secure is a matter of regulating people.
The truth is very different. For example, while writing this I am pretty shot. I slept five hours and I an under influence of a bunch of painkillers and some alcohol. Before you ask what I was thinking, let me mention that I have a genetic defect in my spine that I am dealing with right now by taking measured doses of all three (and yes, to get the Bible into this conversation, there is even a biblical ground for the inebriation with alcohol - see proverbs and the letters to Timothy - , although I did not use red wine. But hey, I am still on top of ...
