‘Object oriented programming’ is a type of programming which involves object oriented principles like encapsulation, polymorphism and inheritance. These principles are implemented by means of classes, methods, variables and other constructs in Java. We saw a sneak peek into object oriented programming in the Java 101 post.
NIST stands for ‘National Institute of Standards and Technology’ and the NIST special (SP) publications act as a reference for organizations, academic institutions and government agencies that seek to form an information security plan and secure their perimeter. They are available free of charge. We will discuss some of the NIST special publications in this post:
Before we discuss NIST SP 800-30, we refresh the basic concepts related to risk. The security terms “threat”, “vulnerability” and “risk” play a key role in risk assessments.
Recall from an earlier post that “vulnerability” is a hole in the security posture that is waiting to be exploited (examples of vulnerability can be open port, unpatched software)
“Threat” is the tool that causes the damage to the organization (examples of threats can be floods, power failure, fire etc)
And “risk” is the “threat agent” making use of the “vulnerability” and exploiting it and causing physical and monetary damages. Putting these concepts together, “Risk assessment is the process of identifying, estimating, and prioritizing information security risks” (Guide for Conducting Risk Assessments, 2012)
The NIST SP 800-30 publication guides users on how to conduct risk assessments. This publication first deals with the fundamentals of risk assessment followed by the different processes in risk assessment (preparing for risk assessment, conducting risk assessment and communicating risk assessment information) The NIST SP 800-30 publication is an extension to the NIST SP 800-39 publication which is a publication for managing ‘Information Security Risk’.
E-mail or electronic mail is one of most prevalent forms of communication in today’s digitized world. Considering this, electronic mail will be targeted for a host of attacks on the mail server, mail client or the entire infrastructure. Some of the different types of attacks may be DoS attacks, social engineering, or gaining access to unencrypted information in the email.
The NIST SP 800-45 on electronic mail security guides users on configuring mail servers, mail clients on public and private networks and prevent it from being subjected to attacks. Encrypting email messages (using OpenPGP,S/MIME) ways to harden the mail server, ways to harden the mail client are some of issues discussed in this publication. The other key guidelines included in this publication are the different types of protocols (such as the SMTP, POP) along with planning and management of a mail server. (Guidelines on Electronic Mail Security, 2007)
We discussed a few of the NIST publications in this post today. The NIST publications seek to give guidance on many other security topics for organizations. These are an effective means for different organizations who seek to improve their security posture.
Guide for Conducting Risk Assessments. (2012, September). Retrieved from NIST.gov: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=912091
Guidelines on Electronic Mail Security. (2007, Feb). Retrieved from NIST.gov: http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf
‘Information security’ briefly is that branch of study that deals with securing data and identifying weaknesses in systems and sealing them. Anti-virus software, firewalls are simple aspects of ‘Information security’ that we use unknowingly. There are a number of Information security certifications and we will review some of them here:
‘Java’ the object oriented programming language was developed by James Gosling of Sun Microsystems(now a part of Oracle) in 1995. It is a platform independent programming language meaning that once a Java program is written and compiled – the compiled program can run on any architecture(Apple, Windows etc)It is this feature that makes it flexible. It is also much easier to work with Java than other programming languages like C++.
Even as the Block chain technology is in its nascent stages and everybody is trying to understand it – there are organizations which have started collaborative efforts to harness the power of blockchain. One such endeavor is the IBM Hyperledger open source project which is hosted by the Linux foundation to build blockchain applications efficiently and quickly. It is a “global collaboration” with entities from different sectors such as finance, retail, IoT, manufacturing included in it.
IBM Hyperledger Composer playground:
The IBM Hyperledger Composer is a fast and efficient way of building block chain applications. While it normally takes a few months to build a blockchain for a business network, by means of the IBM Hyperledger Composer, the same can be achieved in a few weeks time. It consists of a IBM Hyperledger Composer Playground to learn,build and test blockchains networks.
The IBM Hyperledger Composer playground is available from this link. This post will give a high level view of the Hyperledger Composer playground. The Hyperledger composer playground runs inside a Docker container and can be installed and worked with in any of the two modes:
a. a browser mode
b. Hyperledger Fabric peer network
There are three main actors in the Composer playground – Assets, Transactions and Participants.
Assets – As we already seen, asset is anything that has value. It is the main part of the trade. Examples of assets can be car, house, patent
Transactions – Transactions are those events that we achieve with the ‘Assets’. For example, if ‘Car’ is an asset, ‘transferring’ car ownership might be a transaction.
Participants – are the major actors who take part in the block chain business network. For example, the buyer and seller are participants.
This post involved the basics of working with Hyperledger Composer playground and is for the alphabet ‘H’ for the Blogchatter challenge… the previous post is here…
Even as we grumble about the different types of pollution, is is quite ironic to note that “we” are the cause of the pollution! We are the cause of the different types of pollution – air pollution, water pollution, noise pollution. The ocean is our greatest dumping ground. Everything from garbage, cartons, plastic, to untreated sewage water lands in the ocean. Pollution has taken epic proportions and the different types of pollution like air pollution, water pollution, soil pollution are set to control(or already controlling) our life. Pollution has led to global warming which in turn again affects us directly. Let us see a few ways to reduce pollution and keep our planet green!
Blockchain, the technology disrupter and the decentralized shared ledger has four important points that essentially define it. They are: Consensus, Immutability, Finality, Provenance. This blog post will define these four important concepts.
Blockchain will be a game changer for the supply chain management system. The IBM business blog describes provenance as an “immutable audit trail of ownership & location as it changes over time” (Source: https://www.ibm.com/blogs/insights-on-business/government/proving-provenance-with-blockchain/) This audit trail promotes transparency that can never be achieved with traditional database systems.
But before we see what is Caesar cipher, let us have a brief understanding of Cryptography.
From time immemorial, we are trying to make sure that important and crucial information is readable only by the right people once it has reached its destination. What if a crucial message falls into wrong hands and is read by them? This is prevented by making use of Cryptography and its various strategies.There are a number of ways(or technically called ‘ciphers’) to hide a message and the Caesar cipher is just one of them. This is done by encoding(converting to a special form) the information to be sent at the sender’s end and decoding(re-converting to original form) the information on the receiver’s end.
Blockchain is the distributed, shared ledger system with no central authority. We have all encountered ledgers in our lives. We have our own personal ledgers for keeping track of transactions. But in the case of a large business scenario, the number of transactions is huge. The number of people keeping track of those very transactions is huge too. Each person involved in the business might have their own version of transactions. Blockchain solves this problem by each ‘node’ having their own copy of the ledger.
The Blogchatter A to Z has kicked off and I start off my set of posts primarily around the theme of technical and personal posts. My latest fascination has been ‘Blockchain’ and I am striving to do my technical posts around my latest interest.
‘Blockchain’ is the common shared digital ledger that every participant in the business sees. In the Blockchain world, any thing that has value is called as an ‘Asset’. Assets are sold and bought and these are recorded on the Blockchain ledger. Asset is the key aspect of Blockchain.
Assets are further classified into tangible assets and intangible assets. Tangible assets are those that can be seen and visualized. Examples of tangible assets are car, motorcycle, house.
Intangible assets are those that are abstract and cannot be seen but they play an equally vital part in the blockchain cosmos. Examples of intangible assets are mortgage, patent, trademark.
Cash is yet another form of ‘asset’ but it is completely anonymous. We cannot track its movements. We don’t know who we received it from and where it will go next.
We discussed ‘Asset’ in the Blockchain world. Drop by tomorrow as I continue my ‘Blockchain’ journey…