Information Security – Protecting yourself online (or, don’t accept candy from strangers)

I was told as a child to never accept candy from strangers, It’s no different as an adult. Emails, phone calls, and fliers, that offer deals that are just too good to be true are nothing more than adult candy. In this posting, I offer tips on how to stay safe while performing that one task that everyone does during the holiday season (and possibly year-round) – shopping. The article is lengthy, but hopefully it empowers you to be more aware of the attacks present online, and in “real life”, and how to better reduce the risks associated with online shopping.

Continue reading Information Security – Protecting yourself online (or, don’t accept candy from strangers)

Information Security – Unmaintainable code (it doesn’t just make your eyes hurt)

In my travels through the Internet, I found the , Java Coding Standards and wanted to highlight one portion as a concern for application security. The standards (specifically section 3) make me think back to my earlier days of code development. One person I worked with actually said to me after reviewing my code, “This makes my eyes hurt.” Now, as time has passed and my ability to code to standard has improved, I now get complements from the same person who’s eyes had hurt years ago after looking at my code.

Continue reading Information Security – Unmaintainable code (it doesn’t just make your eyes hurt)

Information Security – what is PII? (It’s not something you eat)

PII (personally identifiable information) is data, when associated with other data, identifies information associated with a single person. Some obvious data associated with a single person include a full name, Social Security Number, driver’s license number, birthday, and birthplace.

Continue reading Information Security – what is PII? (It’s not something you eat)

Information Security – what is CIA?

I had the opportunity to attend a training session on the CSSLP Body of Knowledge back in December, 2010. It was an overview on the Certified Secure Software Lifecycle Professional certification exam. The first part of the training is something every ‘Net-savy person should know and understand when talking about information security.

Continue reading Information Security – what is CIA?