Advances in Technology and Market Pressures have led to increasing expectations on growth and performance in our workplace. Expectations can rarely be met purely based on individual efforts. Successful accomplishment of organizational goals requires collaboration and team work. Goals have to be accomplished with a diverse workforce (based on age, culture, work-styles). This gives rise to interesting challenges. Conflicts at the workplace can significantly impact achievement of goals. In this article I am going to write about common causes for conflict at the work place and methods that can be used for prevention and resolution of conflicts.
Coming close on the heels of my previous post – “Dark web“, we will be defining “Deep web” in this blog post. Similar to “Dark web“, the “Deep web” cannot be searched by traditional search engines as well. So, what is present in this “Deep web”, which sounds so similar to “Dark web”? Here are a few features of the “Deep web”:
1. They cannot be indexed by popular search engines as well.
2. The “Deep web” has content that you do not want everyone to see. The “Deep web” contents are:bank account statements, contents of your email , medical information, academic information, databases and any dynamically generated information.
While “Dark web” is associated with illegal content, “Deep web” does not have that connotation.
3. In addition, it does not require special browsers to view it.
As seen in the previous blog post, surface web(the place where we mostly interact like Facebook, Twitter and other social media channels), the “Deep web” and the “Dark web” are best represented by an “iceberg”. The iceberg is the perfect representation of the amount of information that is visible to us (which is hardly any!)
Join me as I uncover more of the tangled web in Information Security! 🙂
“Dark web” which is not to be confused with “Deep web” is that part of the web which cannot be accessed by traditional search engines likes Google, Bing or Yahoo. In addition to this, it can only be accessed by special browsers like ‘Tor – the Onion router’ or ‘I2P'(Invisible Internet project). The “Tor router” enables anonymized browsing of the “dark web”.
“Dark web” domains end with “.onion” and are purposefully hidden from popular search engines. They are used to host a number of illegal activities.
Images source: Google images
‘Perimeter security’ is placing defenses around an organization’s perimeter thereby ensuring that an organization’s chances of being compromised are minimal. Some of the components that are used to ensure perimeter security are routers, VPN, IDS, IPS, firewalls and so on. We will see one type of perimeter security device the ‘IDS’ or ‘Intrusion Detection system’ in this post.
Risk analysis is a tool to implement risk management. Before we go onto see the definition of risk analysis, recall that a vulnerability is “weakness” in the system and the “risk” is the threat agent exploiting the vulnerability.
Some examples of the three concepts working together are when a vulnerability like an unpatched application is exploited by a threat agent like a malicious user to create risk. This risk can only be reduced by applying the patch to the application.
Risk analysis is done by the following steps:
a. understanding the vulnerabilities within the organization
b. assessing the value of the assets in the organization
c. calculating the value of safeguards that have to be implemented
d. Is the value of safeguard greater than the value of asset? If so, look for cheaper safeguards but equally effective safeguards.
While risk can only be reduced/mitigated or transferred, it cannot be entirely avoided. It is always good to remember that there is no such thing as 100% security!
The top-down approach to security is when an information security program moves ahead with management approval. The appropriate security funding is secured and there is a proper plan and direction towards the program. This approach is more efficient and generates better results. In short, the top-down approach is a more active and serious approach to security.
In contrast, the bottom-up approach to security is a reactive approach to solving information security concerns. Only after there has been a data breach or several hacking incidents does the company decide to act. This approach will only generate “stop gap” results and not long term results.
We see programming languages all around our digital lives and there have been a few languages that have stood the trials and tribulations of time. Each language is created with a different purpose and sometimes, the whole motive behind it erodes with new technologies.
Each year we hear of numerous security breaches or incidents. Name any organization/social media site and there is a possibility, that you too would have received a message “that there was a security breach but your information may have been compromised or your information is safe”. Given the magnanimity of today’s security scenario, wherein even non-security professionals can understand the repercussions of a security incident, it is but necessary to enforce additional security measures to bolster a home or business environment. It is here that the concept of ‘Defense in depth’ comes to the rescue of novice and experienced security practitioners alike. The meaning of ‘Defense in depth’ and the various components of ‘Defense of depth’ approaches forms the basis of discussion in this post.