As a Computer Engineer, every time we develop software, the first thing we need to make sure is to analyze and document what we call the plan B in case we experience any unfavorable outcome that might compromise our software in any way (remember CIA principles?)
First of all, we need to categorize your system based on the availability, integrity and confidentiality level that it must have. We won’t give the same priority to a public web server and a server that is specifically used to store classified information. The web server might have a backup server to re-route all the traffic but what about the compromised server with classified information? If the information is compromised, there is no turn back and this is why this must be our priority.
In order to plan a proper Risk Management alternative, we need to follow a process:
- Categorize: We need to take in consideration business needs and architecture of the system.
- Select: We need to select a security control to manage the risk management.
- Implement: Put in practice the security controls chosen.
- Assess: Test the security controls monitoring and measuring to make sure that the program is working efficiently.
- Authorize: We need to base our decision on the risk that could cause to the organization and individuals.
- Monitor: Check if the security controls are working as intended and if not, we repeat this cycle again.
I know, you’ve probably never read them. Unfortunately, it’s very normal for most of the people to check the acceptance of the Terms and Conditions every time they register on a site simply because they’re forced to do so in order to access. In this article, I would like to tell you why you should be more cautious the next time you accept them.
First of all, what are the Terms and Conditions?
What rights do we commonly give when we accept the Terms and Conditions?
A company committed to the information of its users will manage it and use it for purposes that do not imply its compromise. Normally, an Internet service that is paid has a lower chance of using your information for bad purposes and this is because they may not need to profit with it to keep the service alive.
However, if we go the other side, many services on the Internet that are free like your mail service, search engines, and social networks have a hidden cost even if you do not believe it. Your information could be being analyzed in order to show you ads based on your interests, to have a greater conviction power when approaching to you when trying to sell you something and why not, to spy you in a certain way.