Sunday, April 27, 2014

Business Continuity Management: Sounds boring yet saves lives, companies, butts

Lately, I've been revisiting an area of information security into which I have dived deeply on several occasions over the years: Disaster Recovery, which is pretty much the same as Business Continuity Management or BCM, which includes Business Continuity Planning (BCP). Along the way I have assembled a list of high quality BCM resources and articles that folks might find useful (and available for free in most cases). You will find the list at the end of this article. Here's a scene-setting quote from one of the articles:
Disasters can strike at any time – often with little or no warning – and the effects can be devastating. The cost in human lives and property damage is what makes the evening news because of the powerful tug of human interest. Much less coverage, however, is given to the disruption, struggle and survivability of business operations. A study fielded by the Institute for Business and Home Safety revealed that 25 percent of all companies that close due to disasters – hurricanes, power failures, acts of terror and others – never reopen. (Disaster Preparedness Planning: Maintaining Business Continuity During Crisis, Disruption and Recovery)

Monday, April 14, 2014

Internet voting security: a scary tweet that reached 227,391 (even before Heartbleed)

Last month I tweeted a picture of some computer code that was part of an Internet voting system. That picture was re-tweeted so many times it reached more than 220,000 Twitter users. So, that had to be some pretty amazing code, right? Yes, as in amazingly frightening. Take a look, and then read on for a short explanation, and also a long one if you have the time.

A very clever computer scientist, Joe Kiniry, has been concerned about the security of Internet voting applications for some time. Joe is a former Technical University of Denmark professor, now Principal Investigator at Galois. In his research Joe noted this section of code in a program that was actually used for national elections in a European country.

The coder(s) have included a comment reminding themselves that security checks still need to be coded. My tweet suggested that this slide nicely illustrated the question of “what could possibly go wrong?” when it comes to Internet voting. Of course, the best answer to that question is: So much could go wrong you simply cannot use the Internet to elect public officials in a fair, honest, secret ballot!