25 December 2009

About

Posts relating to the category tag "about" are listed below.

25 December 2009

Season's Greetings

I have tried to post messages on every Tuesday and Friday, and this week Friday is Christmas day.

Photograph of the window display in Selfridge's on Oxford Street, London, showing a blue dog wearing a crown and assorted bling

So, best wishes. Let's hope your presents are as numerous and glitzy as this shop window display in Selfridge's on Oxford Street, London.

Last night, I spent an enjoyable Christmas eve at the Holly Bush Inn here in Tarset, where there were the usual roaring fire, real ale, good conversation, and unusually a dominoes competition (I was knocked out the competition after only the second round by one of the local farmers). I'm off now for a walk across the Northumberland snow on this beautiful sunny, but cold, morning.

Photograph of the snow-covered landscape around Gatehouse, Northumberland on 23 December 2009

Have a good day yourselves.

Posted on: 25 December 2009 at 11:22 hrs

Comments Comments (0) | Permalink | Send Send

18 November 2009

Clerkendweller Shortlisted for IT Blog Awards 2009

The Clerkendweller Web Security, Usability and Design Blog, about security issues for web site designers, developers and owners, has been shortlisted for the Computer Weekly IT Blog Awards 2009.

This blog was nominated in the Individual IT Professional Male category. Please vote for your favourite bloggers in the next few days.

Posted on: 18 November 2009 at 11:10 hrs

Comments Comments (0) | Permalink | Send Send

17 July 2009

Risk and Responsibility

It came as news to me that there is a UK Risk and Regulation Advisory Council (RRAC). It has been considering how distorted perceptions of risk can encourage poor policy-making and unnecessary laws.

The RRAC's report on Response with Responsibility Policy-Making for Public Risk in the 21st Century includes some useful discussion and ideas on the perception of risk. I think there are many parallels with information security risk such as the un-necessary spreading of Fear, Uncertainty and Doubt and risk perception & risk-reduction behaviour in The Psychology of Security.

Information privacy and security professionals would do well to read the case study on "Tree Safety – The Role of the Risk Actor" on page 15 of the RRAC report which discussed a proposal for tree safety management and a lack of participtaion during the consultation stages except for arboriculturalists ("tree consultants").

...the draft specified at least one professional arboriculturalist's inspection every five years – for all trees. This would replace the uncertainty of legal liability with a certainty of cost...

The privacy and security industry need to make sure, we don't blindly recommend the ALARP principle (As Low As is Reasonably Practical), or be seen as promoting our own vested interests, whether by being a product vendor or provider of consultancy services. Yes, risks should be kept as low as reasonably practicable, but they need to be considered in the context of the individuals, the business and society.

Posted on: 17 July 2009 at 10:48 hrs

Comments Comments (0) | Permalink | Send Send

12 August 2008

About the Web Security, Usability and Design Blog

My intention with this blog is to highlight and discuss web security issues that may be of interest to people involved with the development and operation of web sites and web applications.

Security is not just about having web site addresses beginning with "https://" or anti-virus software. It's about protecting you things such as data, business knowledge and intellectual property, and anything you hold on behalf of your customers, employees, clients, suppliers and business partners.

Often security seems to be left in the hands of the information technology (IT) folk, but really this is a mistake. Everyone has something to contribute. Think about security at all stages of the web site creation - from initial feasibility, through specification, design, development, testing and configuration to operation and disposal.

Security is an ongoing process. Available time and money are always limited, so tackle the most risky issues first and continue to monitor, learn, review and improve.

I'll try to avoid jargon, and present things which ordinary business owners, managers, developers, designers and everyone else involved in the project might be interested in. I'll be using the word 'design' to include software system design, graphical design, interface and information design. They all have an impact on the security of the web system.

Here are some examples of jargon/management speak I've come across in security/audit blogs and white papers that I won't be using:

  • deperimeterisation
  • disaggregation
  • favorited
  • heads up
  • monetization (and monetisation)
  • upgradation

I will always use the best word though, even if this may be new or technical, but will always try to explain unusual terminology. Do you have any jargon I should avoid?

Update 20th March 2009: The UK's Local Government Association published a list of jargon words and phrases they think should be banned from council text. Whilst I agree with avoiding the use of "cohesive communities", "coterminosity" and "self-aggrandizement", I think I will continue to use "base line", "best practice", "good practice", "network model", "risk based" and "taxonomy" in appropriate situations.

Posted on: 12 August 2008 at 09:27 hrs

Comments Comments (1) | Permalink | Send Send

About : Web Security, Usability and Design
http://www.clerkendweller.com/about
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/about
Requested by 38.107.191.115 on Thursday, 11 March 2010 at 14:36 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2008-2010 clerkendweller.com