12 August 2008

About the Web Security, Usability and Design Blog

My intention with this blog is to highlight and discuss web security issues that may be of interest to people involved with the development and operation of web sites and web applications.

Security is not just about having web site addresses beginning with "https://" or anti-virus software. It's about protecting you things such as data, business knowledge and intellectual property, and anything you hold on behalf of your customers, employees, clients, suppliers and business partners.

Often security seems to be left in the hands of the information technology (IT) folk, but really this is a mistake. Everyone has something to contribute. Think about security at all stages of the web site creation - from initial feasibility, through specification, design, development, testing and configuration to operation and disposal.

Security is an ongoing process. Available time and money are always limited, so tackle the most risky issues first and continue to monitor, learn, review and improve.

I'll try to avoid jargon, and present things which ordinary business owners, managers, developers, designers and everyone else involved in the project might be interested in. I'll be using the word 'design' to include software system design, graphical design, interface and information design. They all have an impact on the security of the web system.

Here are some examples of jargon/management speak I've come across in security/audit blogs and white papers that I won't be using:

  • deperimeterisation
  • disaggregation
  • favorited
  • heads up
  • monetization (and monetisation)
  • upgradation

I will always use the best word though, even if this may be new or technical, but will always try to explain unusual terminology. Do you have any jargon I should avoid?

Update 20th March 2009: The UK's Local Government Association published a list of jargon words and phrases they think should be banned from council text. Whilst I agree with avoiding the use of "cohesive communities", "coterminosity" and "self-aggrandizement", I think I will continue to use "base line", "best practice", "good practice", "network model", "risk based" and "taxonomy" in appropriate situations.

Posted on: 12 August 2008 at 09:27 hrs

Comments Comments (1) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Just an update to say this blog went live today, after a brief pilot phase.
1 Added by Clerkendweller Posted on 01 September 2008 at 09:00 hrs
Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
About the Web Security, Usability and Design Blog
http://www.clerkendweller.com/2008/8/12/About-the-Web-Security-Usability-and-Design-Blog
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2008/8/12/About-the-Web-Security-Usability-and-Design-Blog
Requested by 38.107.191.105 on Wednesday, 8 September 2010 at 00:33 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2008-2010 clerkendweller.com