Apr 252015
 

Catching up with my collection of notes and posting this Verizon 2014 image showing the nine common incident patterns. The report states ‘Within each of those patterns, we cover the actors who cause them, the actions they use, assets they target, timelines in which all this took place, and give specific recommendations to thwart them.’
Nine Patterns

BREACHES VS INCIDENTS?
This report uses the following definitions:
Incident: A security event that compromises the integrity, confidentiality, or availability of an information asset.
Breach: An incident that results in the disclosure or potential exposure of data.
Data disclosure: A breach for which it was confirmed that data was actually disclosed (not just exposed) to an unauthorized party.

 Posted by on April 25, 2015 at 11:44 pm
Sep 092014
 

How many *ogies related terms do I really know and understand?

Being a software analyst (plus other ‘beings’), I tend to start looking for ways or more formally, a methodology to ‘identify or classify’ objects that I’m interested in exploring.

There’s a saying in management speak that ‘you can’t manage (it) if you can’t measure (it)’
To measure it, one has to also know what is ‘it’ I want measuring, so the first step appears to be ‘identify it’.
Well, this is assuming I have also set up my context for ‘identifying it’.

In the world of research, ‘identification or classification’ is considered as ‘the most central and generic conceptual exercises’. Conceptually this takes two forms of classification namely typologies and taxonomies.

Further clues are in this article;
G. Par´e, M.-C. Trudel, M. Jaana, S. Kitsiou, Synthesizing Information Systems Knowledge: A Typology of Literature Reviews, Information and Management (2014), http://dx.doi.org/10.1016/j.im.2014.08.008

In essence, typology is derived deductively and taxonomy is usually derived empirically or inductively using cluster analysis or other statistical methods.

Which term to use depends on what I want to do with it.

 Posted by on September 9, 2014 at 4:38 pm
Aug 152014
 

Is a ‘solution’ also a ‘problem’?

In the context of a PhD information security research, the answer is a resounding YES.
[hint - framing research problems involve finding solutions or gaps in solutions that remain as problems to be researched]

In the real world context in the application of information security solutions, the answer is YES too.
[hint - the solutions turn into problems for hackers to solve, and they cracked them most of the time!]

What a ‘messed up’ research and real world!?
[hint- complex problem = complex solution = messy research = real world]

Aug 152014
 

It’s nearly a year since I started my PhD, and time is zooming into my second year, then into the third and then hopefully into my final year and then the viva.

Start writing, writing, writing even if it’s ‘crappy’ stuff. Mmm..stop! Check this out about viva, Top 40 Potential Viva Questions

Just in case the link and site vanished, the Top 40 Potential Viva Questions are;
1. Can you start by summarising your thesis?
2. Now, can you summarise it in one sentence?
3. What is the idea that binds your thesis together?
4. What motivated and inspired you to carry out this research?
5. What are the main issues and debates in this subject area?
6. Which of these does your research address?
7. Why is the problem you have tackled worth tackling?
8. Who has had the strongest influence in the development of your subject area in theory and practice?
9. Which are the three most important papers that relate to your thesis?
10. What published work is closest to yours? How is your work different?
11. What do you know about the history of [insert something relevant]?
12. How does your work relate to [insert something relevant]?
13. What are the most recent major developments in your area?
14. How did your research questions emerge?
15. What were the crucial research decisions you made?
16. Why did you use this research methodology? What did you gain from it?
17. What were the alternatives to this methodology?
18. What would you have gained by using another approach?
19. How did you deal with the ethical implications of your work?
20. How has your view of your research topic changed?
21. How have you evaluated your work?
22. How do you know that your findings are correct?
23. What are the strongest/weakest parts of your work?
24. What would have improved your work?
25. To what extent do your contributions generalise?
26. Who will be most interested in your work?
27. What is the relevance of your work to other researchers?
28. What is the relevance of your work to practitioners?
29. Which aspects of your work do you intend to publish – and where?
30. Summarise your key findings.
31. Which of these findings are the most interesting to you? Why?
32. How do your findings relate to literature in your field?
33. What are the contributions to knowledge of your thesis?
34. How long-term are these contributions?
35. What are the main achievements of your research?
36. What have you learned from the process of doing your PhD?
37. What advice would you give to a research student entering this area?
38. You propose future research. How would you start this?
39. What would be the difficulties?
40. And, finally… What have you done that merits a PhD?

 Posted by on August 15, 2014 at 1:23 am  Tagged with:
Jul 112014
 

I am going through my mindmap maps and came across a ‘Word Checker’ list. I must have extracted the list from somewhere/someone, but the source of reference is missing. Oops!

does it mean what we intend?

does it have any other meaning?

if so, does the context make the intended meaning clear?

does the word have more than one pronunciation that might be confused?

is there any word of similar pronunciation that might be confused?

is simpler word or phrase suggested either in dictionary or in a thesaurus

Jul 062014
 

Problems are created and maintained through the mishandling of difficulties.

Difficulties mean an undesirable state of affairs which either can be resolved through some common-sense action (usually the first-order change type)for which no special problem solving skills are necessary. More frequently an undesirable but usually quite common life situation for which there exists no known solution and which – at least for the time being – must simply be lived with.

Problems when referring to impasses, deadlocks, knots etc, which are created and maintained through the mishandling of difficulties.

There are basically three ways in which this mishandling can occur;
A) A solution is attempted by denying that a problem is a problem; action is necessary, but is not taken

B) Change is attempted regarding a difficulty which for all practical purposes is either unchangeable or nonexistent; action is taken when it should not be

C) An error in logical typing is committed and a Game Without End established. This may occure either by attempting a first-order change in a situation which can be changed only from the next higher logical level, or conversely, by attempting second-order change when a first-order change would be appropriate (e.g. when people demand changes of ‘attitude’ and are not content with changes of behaviour); action is taken at the wrong level

Taken from the book: Change principles of Problem Formation and Problem Resolution by Paul Watzlawick et al. Chapter 3 “More of the same” or, when the solution becomes the problem.

Which type of mishandling would closely describe the Target breach case?

One account of the Target case is described in this article

Jul 032014
 

Do I make decision based on well-formed or clearly identified problems and risky choices listed?

No time to reflect on such question!

Being a Buddhist by choice and by birth right, I am always looking for ways to live my life more in tune with my chosen way. So how do I do my PhD following my chosen way?. I prefer the word ‘way’ to ‘law/rules/policies’ or anything that resembles ‘rigidity to the extreme’ or anything that involves little respect for human and our environment. Also, the word ‘way’ brings me closer to the ‘way of the Tao’.

I came across a four-step procedure in a book, CHANGE Principles of Problem Formation and Problem Resolution by Paul Watzlawick, et al. The steps on page 110 are;
1) a clear definition of the problem in concrete terms;
2) an investigation of the solutions attempted so far;
3) a clear definition of the concrete change to be achieved;
4) the formulation and implementation of a plan to produce this change.

In the book, the footnote for this four-step procedure has this;
“Only long after we had systematized our approach in this way did we realize that we had, without blasphemic malice aforethought, plagiarized the four Noble Truths of Buddhism, namely: of suffering, of the origin of suffering, of the cessation of suffering, and of the path leading to the cessation of suffering. On reflection this is not too surprising since the basic teachings of Buddhism are eminently practical and existential.”