Tech Editorial Writing
"US Mission Celebrates Girls in ICT Event with ITU" by US Mission Geneva is licensed under CC BY-ND 2.0
INFOSEC AND THE GREAT GENDER GAP: THE REVOLVING TEN PERCENT
That there is a dearth of women in the Information Security (InfoSec) community is not news. The news would be if that number were to ratchet up to fifteen or twenty percent, in keeping with the growth that other STEM positions are close to hitting. Women make up only 27% of the population in Science, Technology, Engineering and Math (STEM) careers; 12% of the computer science degree holders were women according to a census in 2011. The number of women currently holding positions in Information Security is a marginal 10-12%. Even as other areas of STEM show an improvement in numbers, the Information Security field remains stagnant.
"Password Protect a Directory with Cryptkeeper" by xmodulo is licensed under CC BY 2.0
CONSTANT COMPANIONS: GIVING PASSWORDS AND PASSPHRASES THIER DUE
For users, passwords and passphrases are a way of life. How else can an individual not only identify themselves to access necessary services but also prove that they are who they say they are without biometrics? However, the way in which many businesses choose to think about passwords and passphrases is not only wrong, but harmful. Many financial institutions, as well as work places, require that passwords max out at a short, fixed number of characters (anything between six and twelve), include an uppercase and lowercase letter, as well as at least one digit. This is, unfortunately, not an ideal solution. In essence, any organization requiring that users make passwords under such conditions is setting their users up for failure on a multitude of levels. Not only are these passwords easier to crack than other options but they typically cannot be memorized, requiring the user(s) in question to write them down or store them elsewhere.
"Scales of Justice" by North Charleston is licensed under CC BY-SA 2.0
TAKING CARE OF BUSINESS: INFORMATION RETENTION & RESPONSIBILITY
Every business accrues data about their current patrons and prospective clients. What information do you collect about your customers? Do you collect only what is relevant or pursue all of the data you can possibly accumulate? No matter what your approach to data collection, or the why behind it, the FTC thinks that it is time that you reviewed those policies. The Federal Trade Commission (FTC) recently released a document entitled “Start with Security: A Guide for Business.” This may initially seem both dry and somewhat irrelevant. However, choosing to ignore or dismiss these guidelines out of hand will ultimately prove to be expensive.
