Jan 14

Information Security or Information Assurance: Same Meaning?

Technology No Comments »

As I describe myself in terms of my information security background, I notice that I have been using the terms information security and information assurance interchangeably.  This became even more evident to me this morning as I sat in an information assurance meeting where I again began to see how information assurance truly is a separate entity apart from information security.  (Maybe I should have been aware of this fact but I’m sure there are others out there that have had the “wool pulled over their eyes” for quite some time.  Plus, the differentiation and/or definitions may be determined by the workplace/company culture.)

This is my attempt at uncovering this “mystery”.  Throughout my Google research, I see that there have been plenty of attempts to extrapolate the differences.  I’m not going to write a long detailed dissertation on the subject –I just want to point out the differences and get opinions so that we can all gain awareness and adjust the terminology if necessary!

Wikipedia defines “Information  Security” as:

…protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

My definition is that information security is the method of protecting data while ensuring confidentiality, integrity, and availability are in place. Of course there are administrative and physical methods, but I believe that a larger portion is TECHNICAL.

A great definition that I found of “Information Assurance” is from the IT Unified Compliance Framework (UCF).  Their definition of Information Assurance is the following:

Information assurance is about defining rules for maintaining information privacy, protecting information soundness, and ensuring information accessibility by mandating that someone (or multiple people) are held accountable that organizational policies, standards, and procedures are created to match the mandatory regulatory controls, and are properly paired to the information systems within the organization.

For me, information assurance is ensuring that systems are in compliance to established governing POLICY.  That’s it, plain and simple.

Based on those definitions, it appears that basically it comes down to TECHNICAL SECURITY (information security) versus GOVERNING SECURITY POLICY (information assurance).

What do you think?

Tagged with:
Jan 05

Google versus Apple

Technology 3 Comments »

It appears as though Apple and Google are competing.  A healthy competition amongst two very creative innovators of “gadgets” and technologies is intriguing to a technology geek as myself (and can be rather costly if I try to follow the current trends).  Nevertheless, today there is a lot of web chatter going on regarding Google’s new Nexus One “Superphone” and Apple’s acquisition of the Quattro Wireless Mobile Ad Platform.

Google is stepping up its presence a few notches by joining in the smart phone phenomenon.  Today was the official announcement of the Google Phone.  Google’s Android software was first offered in 2008 on phones made by Taiwan’s HTC Corp. The new Nexus One Phone may feature more of Google’s own software, acting as the standard for other makers to follow.  Now doesn’t this look a lot like Apple’s iphone?

Today Quattro Wireless announced on its blog Apple’s acquisition of the Quattro Ad network.  The Wall Street Journal-affiliated blog All Things Digital reported late Monday, January 4, 2010 that Apple would pay $275 million for Quattro.   “Surprisingly”, Quattro is a competitor to AdMob.   Google agreed to acquire AdMob in November for $750 million.

2010 is going to be a VERY interesting year!

Tagged with:
Dec 19

Google Chrome OS: Will it become the next Microsoft Windows?

Technology 6 Comments »

A few weeks ago, I received an email from Google stating that Google Chrome for Mac was available in beta for Mac OS X.  I recently installed it on my Mac and have been using it in the place of Safari for a day or so.  Thankfully, upon installation, it imported my bookmarks and browsing history from Safari.   My reason for installing the browser stemmed from my research on the up and coming Google Chrome OS. This new OS seems to be following the web 2.0 technology progression.  Will this OS be the new Windows?

Ben Parr of Mashable pointed out the 5 main differences of the OS compared to other OS such as Windows, Mac OS X, and Linux.

  1. The browser is the OS.
  2. It’s designed to fix itself.
  3. All apps are web apps, no installations.
  4. Chrome OS doesn’t support drivers and will not run on your laptop.
  5. Super-fast startup speeds.

Security!

Finally!  For once an OS is being developed from the ground up with security on the forefront!  Google has released an overview of security in its Chromium Projects that summarizes in great detail the efforts they are taking to secure the OS.  They even have a System Hardening document that “lays out a technical vision for making Chromium OS-based systems difficult for remote attackers to compromise using various system-level mechanisms.”

However, the one security issue that the new OS contains is its single sign on (SSO) login.   Everything that’s done on a Chrome OS netbook is based on the user/password concept.  The SSO key unlocks all information stored in the Google cloud.  Therefore, a bad password choice = major security compromise to ALL stored information.  Not good.

The Next Windows?!

So, could Google Chrome OS become the next Windows?  It’s definitely possible but I think it may be highly unlikely.  People generally stay close to what they are familiar with.  Microsoft Windows has been around for quite some time.  Let’s face it; most non-technical folks were “raised” on this OS.  They are familiar with it and all of its nuances, updates, and vulnerabilities.  Techies that are into emerging technologies will find Chrome to be prominently relevant to the web 2.0 era.  New start-up companies along with companies that are into their bottom line will also want to know what the Google Chrome OS netbook is all about.  Most appealing is that Chrome OS will only be shipped on specific hardware from manufacturers Google has partnered with.  That means if you want Chrome OS, you’ll have to purchase a Chrome OS device. According to web chatter, Google Chrome OS will not be released until around this time next year.  The first Chrome OS netbooks will be available in late 2010. I am anxious to see how it all unfolds.  I belief that because the price for a netbook is anywhere between $300 and $500–the going rate of today’s netbooks –the Google Chrome OS netbook will be a large success.

I will certainly be following the developments as they transpire….

Tagged with:
Dec 17

Who is Jeri Brown?

Motivation, Personal Branding, Social Media, Technology 2 Comments »

Who am I?  Well, that’s a good question!  As I have been struggling as to what my first blog post would be about, I thought the best idea would be an intriguing introduction so that you are able to get to know me.

I’ve always disliked the saying statement at job interviews, “So, tell me a little bit about yourself.”  I never know where to start.  Obviously, the requester wants to know about my professional experience so I will start there.  I’ve been consumed in the information technology world for quite some time.  Believe it or not, my first appeal to computers was back in middle school when I signed up for an after school program on beginner’s programming.  Back then, our task was to create a functional computer game using the BASIC language.  I even remember the name of my game:  Ranger Bob.  I chose Bob because it was easy to program the B-O-B visually!

Some 15 years after that, I became captivated with Microsoft Windows.  I think it was Microsoft 2.0 where it ran on top of DOS.  As crazy as it may sound, I used to like to hand-draw cartoons in Microsoft Paint—by freehand using only a mouse.  I was very good at it and would take comic strips from the newspaper, bring it to my summer job, and spend the day “drawing” between doing menial admin work.  I was working in an IT office and became so curious and intrigued that I went back to school the following semester and changed my major to Computer Science.

It went uphill quite fast for a while after that.  I love to learn and information technology was second nature to me.  So I quickly went from working in a helpdesk to system and network administration and right into information security.  For a while I continued to grasp everything that came my way but these past 4 years, I’ve been in a deep “sleep”.  Sure, I became a CISSP just about 5 years ago, wrote a number of security policies, and performed a large number of challenging C&A tasks.  But what’s next?   I have achieved information assurance expertise but I did so with blinders on unaware of the current technological trends and slowly rotting with menial information security “challenges” which to me, no longer embodies the true essence of information security.

Now I am awake!!  And ready to move at top speed to the technological developments ahead.  With my new consciousness, I have shaken the title Senior Information Security Analyst and have adopted the self-proclaimed title of Technology Strategist.  Sure, the information security analyst is my day job but not what I am all about.  I just no longer want to be boxed into the information assurance/C&A “genre”.

I decided to start a blog for a few reasons:

1.  Discuss my ideas and opinions on various emerging technology trends.

I have become fascinated with Web 2.0 technology.  I feel that it has opened my eyes and has me feeling the same passion I felt when I first discovered BASIC programming some 25+ years ago.  Because I’ve been emerged in the world of certification and accreditation (C&A) for the past 7 years, I’ve been blind to its emergence and popularity.  Where have I been?!  Now that I’m enlightened (and awake), I see that there is absolutely no reason why the various platforms of social media shouldn’t be used in our everyday lives to include business.  Look at twitter and facebook.  Need I say more?

2.  Discuss information security and how I see it in the workplace.

Information Security is my forte so to speak.  I’ve been particularly submerged in information assurance and certification and accreditation.  And, not to toot my own horn, but I know my stuff.  Lately, I’ve become aggravated at being hired on as an expert with my experience and background only to be told “that’s not the way we do it here” or “do it this way”.  Why’d you hire me then if you know I bring fresh ideas, experience, and crave challenge??!!  I bring to the table insightful ideas, and yes, I play by the book when it comes to security.  If the directive says, “a, b, and c”, then, by golly, “a, b, and c” it is!  To me, it’s not rocket science.  It’s just playing by the rules.  That is what ENFORCING information security is all about—not seeing what you can get away with!  Excuse my mini-rant.  :)

I so long to be an effective, insightful information security contributor … sigh…

3.  Conquering the “web frontier”.

I feel that our society is headed more and more onto the web front.  There are a number of emerging technology trends that are making their way onto the forefront of optimal and affordable business practices.  One topic that has recently make its way to my knowledge base is cloud computing.  With Microsoft’s upcoming release of Azure, I can only see this technology being the new wave of the future.  Yes, the technology has been around but it’s a trend that I am sure many businesses will be leveraging.  I look forward to exploring this technology as well as others that are out there.

4.  Discussion and interaction.

I want to interact and discuss with my peers on what is going on in technology.  Information security, new technology trends, or anything else, I want to hear and discuss it.  Learning comes through discussions.  Sadly, it’s been quite a while since I’ve been afforded the opportunity of stimulating, intellectual conversation about technology topics with my peers.  I believe that everyone is able to add something valuable that will shape and enlighten the topic of discussion.

5.  Social media is where it’s at!

Upon waking up out of my deep non-technological slumber, social media is where it is at!  I cannot say that enough.  Wikipedia couldn’t have said it better when it states that:

“It supports the democratization of knowledge and information, transforming people from content consumers into content producers.”

How awesome is that!!!  So with my ever-expanding knowledge, I plan to use social media to its fullest.  I know it hasn’t been around very long but I feel as though I have a learning curve which spells a challenge to me.  I thrive off of challenging situations when it comes to learning and solving problems so this is all right up my alley!

I hope my rants, raves, and requests for interaction will be profitable for anyone who decides to subscribe.  Learning definitely comes from sharing experiences and I certainly have a large number experiences that I would love to share as well as learn from your experiences.  My plan and my goal with this blog is to leverage information technology and information security by teaching, learning, sharing, solving, and enlightenment.

Tagged with:
preload preload preload