iSD in the Tech Age!



Net-self-defense, we spend an exorbitant amount of time on our physical defense training and then we forget that our lives are in just as much danger of "Grave Financial Harm" or Financial ruin (Death) as if we are attacked by a street predator. Research and studies show, from the security experts in this field, that Anti-virus and Firewall suites only catch about 5% of the threats out there and those same folks tell us that it is in all probability worse at the Enterprise levels.


My goal here is to educate myself, and by proxy, pass on what I learn to others so that each individual who is connected at any level can take steps to achieve some semblance of security in their electronic on-line lives. We are so deeply imbedded in modern technology that to not take appropriate actions to learn iSD or internet self-defense in the technological age is just foolishness.


My goal is to provide enough of a foundation that readers, like me, can take the appropriate actions, i.e., apply those fundamental principles of technological methodologies to safeguard one of the more important, actually critical, strategies and tactics to defend ourselves from grave economical harm or even economical/financial death or ruin from nefarious predatory hacking processes.


Nothing in this blog is definitive, it is meant to set a foundation of knowledge, understanding and awareness so that you are not one day blindsided by some effort to steal your very life out from underneath you so fast you feel like you have been hit behind the ear and knocked into a daze of confusion, fear and finally anger where your tech-life falls apart and ruins your real life utterly, completely and with no light in sight down that dark, empty and black hole.


Wednesday, September 7, 2016

Security-n-Convenience

In the world of security often those who are unable to see the criticality of such security tend to lean heavily toward convenience over security. Security takes effort and it often places extra requirements when working with sensitive information and most don’t want to take that time or effort to achieve that goal so they tend to dismiss, avoid and circumvent such security measures for extra convenience when performing duties involved in daily work. 

Convenience is a killer of security, the bottom line for profit is also a killer for security and security generally is ignored because it reduces profits rather than increase profit. It isn’t until security is compromised and data/information, etc., is stolen that suddenly the bottom line is adversely effected then causing those in positions of influence to suddenly scream about ‘where is the security’?

Even in the dark underworld of the Internet where security is taken seriously and from the start there is no true secure system as shown from a recent article where bit-coin services were hacked and robbed with not one iota of a chance those who had those coins can be redeemed. The only true security is to unplug from the Internet and because of the invasiveness of inter-connectedness that is no longer a guarantee. 

The only way I can see that security can even achieve a modicum of protection is by those in charge making security the highest priority in the creation, development and coding of all Enterprise Applications, etc. It is also necessary to provide harsh repercussions when the code is compromised even at the lowest levels. Gratification, convenience and profit must take a back seat to security for if not security breaches of the future will be so costly that no one can make a decent profit except those who are on the receiving end of such predatory thievery. 

For instance, even apps for the phone or that ‘rented cloud based software program’ we use daily, if you are compromised while using it the coders who created it must be harshly fined by their parent company and the parent company must be harshly fined at levels commensurate to their levels of profit - the real profit and not the obvious presented profits. Enforcement shall be harsh enough where actual jail time is possible starting at the highest levels of said parent company. 

Failure to provide adequate security is just plain stupid and irresponsible and that irresponsibility and stupidity shall be harshly dealt with from the highest levels on down to the actual coders. Everyone at every level shall “OWN” the security of their work, write out in long hand their responsibilities and then frame, hang in a position to read daily and then live the acceptance in all they do - security is foremost in their minds and the first thing they work on at the beginning of every days work. This starts with the CIO/CFO and trickles down to the fledgling coder in every software and associated company. 

The actual hand writing of the contact of promise to security shall be televised so that every customer or potential customer can bear witness then the hand written personal contracts are to be stored in original form electronically and displayed prominently on the company web sites and other such ‘company face’ and used to remind the individual they own security in all they do for they control the screens, control the code and control the Internet for good and evil. 

Only when such responsibility and ownership is created, assumed and witnessed can security become secure through diligence, effort and ownership of every person, persons and leadership. Until that is achieved such security breaches as at the OPM recently addressed at Kreb’s on Security can such compromises be, at a minimum, mitigated and prevented. 

“In order for any life to matter, we all have to matter.” - Marcus Luttrell, Navy Seal (ret)