Applying Risk Management as a Computer Engineer

As a Computer Engineer, every time we develop software, the first thing we need to make sure is to analyze and document what we call the plan B in case we experience any unfavorable outcome that might compromise our software in any way (remember CIA principles?)

First of all, we need to categorize your system based on the availability, integrity and confidentiality level that it must have. We won’t give the same priority to a public web server and a server that is specifically used to store classified information. The web server might have a backup server to re-route all the traffic but what about the compromised server with classified information? If the information is compromised, there is no turn back and this is why this must be our priority.

In order to plan a proper Risk Management alternative, we need to follow a process:

  1. Categorize: We need to take in consideration business needs and architecture of the system.
  2. Select: We need to select a security control to manage the risk management.
  3. Implement: Put in practice the security controls chosen.
  4. Assess: Test the security controls monitoring and measuring to make sure that the program is working efficiently.
  5. Authorize: We need to base our decision on the risk that could cause to the organization and individuals.
  6. Monitor: Check if the security controls are working as intended and if not, we repeat this cycle again.

 

 

The price of free – Accepting the Terms and Conditions

Have you ever wondered what does “I accept the Terms and Conditions” really means when you register on the Internet? How many times have you read a website privacy policy?

I know, you’ve probably never read them. Unfortunately, it’s very normal for most of the people to check the acceptance of the Terms and Conditions every time they register on a site simply because they’re forced to do so in order to access. In this article, I would like to tell you why you should be more cautious the next time you accept them.

First of all, what are the Terms and Conditions?

The Terms and Conditions is the document that stipulates the rules that govern certain service or website. Within these terms, we can find the so-called Privacy Policy that explains how your information will be handled and for what purposes. So far everything may sound reasonable, but once we go deeper into the blink of an eye, we are giving the consent to the website to handle our information the way that seems most convenient for them.

What rights do we commonly give when we accept the Terms and Conditions?

A company committed to the information of its users will manage it and use it for purposes that do not imply its compromise. Normally, an Internet service that is paid has a lower chance of using your information for bad purposes and this is because they may not need to profit with it to keep the service alive.

However, if we go the other side, many services on the Internet that are free like your mail service, search engines, and social networks have a hidden cost even if you do not believe it. Your information could be being analyzed in order to show you ads based on your interests, to have a greater conviction power when approaching to you when trying to sell you something and why not, to spy you in a certain way.

I am not claiming that all the Internet services which are free perform these bad practices with your information but I can guarantee that the vast majority of them do so. The next time you provide sensitive information online, make sure to do a research of the company which will be handling it and why not, take a look deeper look at its privacy policy.