Following InfoSanity’s recent (and unexplainable) focus on triads in previous posts is the relationship between cost, time and functionality. In an ideal world all projects would have enough resources and realistic timescales to develop all required functionality to the highest level of quality. However in the real world this is rarely achievable when working with external constraints. Therefore in any project compromises are inevitable.
Around a month ago Miguel Jacq got in contact to let me know about a couple of errors he encountered when running InfoSanity’s mimic-nepstats.py with a small data set. Basically if your log file did not include any submissions, or was for a period shorter than 24hours the script would crash out, not the biggest problem as most will be working with larger data sets but annoying non the less.
June 16th marked the first time the Open Web Application Security Project’s (OWASP) Leeds/Northern Chapter ran an event at Northumbria University, meaning it was the first time I was able to attend. Overall I really enjoyed the event, I’m hoping that the Leeds/Northern OWASP chapter decide to run more events within Newcastle, but if not it’s convinced me that the events are worth the time and cost to travel down to the other locations. Always good to discuss infosec topics face to face with some really knowledgeable people.
Another triangle is used to help explain the relationship between the concepts of security, functionality and ease of use. The use of a triangle is because an increase or decrease in any one of the factors will have an impact on the presence of the other two.
Jacob (@BiosShadow), has released his first blog post, Being out of the Loop, since we were paired up and it has struck a chord with my own experience with similar problems and got me thinking at the same time. To sum up Jacob’s post he his frustrated that there is no active infosec community within a reasonable distance of his location. I can relate to this sentiment; when beginning the slow road towards an infosec career, before I was even aware a legitimate career in the field was possible, my own interactions and learning opportunities were limited to reading books or online articles.
For my part: If you’re in the North East of England (or general area) get in touch and let me know, always keen to discuss information security with anyone willing to listen.
Information security is a far reaching and often all encompassing topic, but at it’s core information security and the protection of digital assets can be reduced to three central attributes. These are Confidentiality, Integrity and Availability; often referred to as the CIA triangle