Saturday, February 28, 2015

Creativity studies at University - free research articles

University creativity studies and creativity articles.......

whilst browsing around, ive discovered Buffalo State University they have a really good selection of
downloadable research, you do need to register for a free account.

Associated with this is a great Life hacker article talking about creativity.  The original article is found here.




Saturday, February 14, 2015

Mitsubishi Delica Bug out Vehicle/ Camping

I've recently brought my second Delica, there is thruth in the old saying, you don't know what you have until it's gone. Our first Delica ended up in Bulgaria, where it is having a happy exisitance with it's new owner, after a road trip from London.

I've searched for an alternative, the Mercedes V-CLass was looking good, but I missed the versatility of a Loand Rover discovery and the urban practicality of a Volvo XC90, which is my other vehicle. So we have another Delica. The Delica handles off road, camping and load carrying very well.

There is a fantastic owners club in the UK and other clubs around the globe. The Delicas are very popular in Australia / New Zealand and in Canada. a very good Delica as Bug Out Vehicle (BOV), is here.

If you want to find out more about living off grid, here is an excellent book:
How to Live Off-grid another excellent book explains how to build your own BOV:
Bug Out Vehicles and Shelters

Another excelent blog takes you through a pan-american journey in a Delica detailing the modifications and illustrating the versatility of the vehicle project Dino Evo....

The vehicle has always had reasonable reviews, I think this part of the SUV/4x4 market is still lacking, there is space for more proper 4x4 people carriers. I bought mine from Goodmayes Motors, just off the M25.

There is a very good on-line manual for the Delica, which explains a lot of the controls etc. also how to carry out a number of basic raks etc.

If you want a more indepth maintenance guide, the Pocket Mechanic is the book for you, perfect to keep in the glove box and includes wiring diagrams etc.


         

Friday, February 13, 2015

Academic Workflow

Having been on the PhD journey for sometime, you soon realise the value of a good workflow and organisational methods. just discovered a great site called macademic which talks about all sorts of apps and methods. There's also a version for the Chromebook.


Writing with a Chromebook

Many of us struggle to get writing, to get into flow and control all of the stuff we've got flying avbout in our minds. THis short article will not discuss or solve all of the issues, but will provide a base for future articles. 

Evernote Collecting stuff, weverone should have and use evernote, an amazing app to act as a filing system for all of your clippings and findings. 

Evernote works on all of your devices and keeps it all nicely synced up. The really cool thing evernote has is a clipper app to caputure content straight to evernote from your browser. 

Pealtrees.com is another great site, for mapping and organising website bookmarks. Again it is cross platform and allows very quick clipping of websites. there is a browser clipper app, which makes information gathering really simple. 

Ther's a really good blog over at: http://www.jamierubin.net/ more about how Jamie works on Lifehacker. Jamie has also written an excellent article on using the Chromebook for writing. 

Another useful blog detailing some free apps is here, Steve Unstead has written a great article describing his writing process on the Chromebook.

Part of the writing process is the daily discerpline and methodology, there is an excellent website which contains a compilation  detailing the writing  routines and habits of many famous people. 

Fianlly another great blog looking at productivity and workflow can be found here@  productivitist



  

Tuesday, February 10, 2015

Threat modelling for beginners

The recent announcement leading to the demise of IS1/2 will leave a vacuum. However for many in Local Government and elsewhere who haven't been using IS1/2, will bring the opportunity to look a a set of threat modelling tools. A good starting point is: https://www.owasp.org/index.php/Threat_Risk_Modeling
You'll discover the Microsoft Secure Development Lifecycle (MSDL) which is free and fully documented with supporting tools. The OWASP page also links to a. Umber of other resources.

A good model to use is STRIDE: Spoofing Identity / Tampering with Data / Repudiation / Information disclosure / Denial of service / Elevation of privilege.

This works well with DREAD: Damage potential / Reproducability / Exploitability / Affected Users / Discoverability.

When you mix these with Attack Trees and the Cyber Kill chain you start to get an holistic view of what is going on.

We next need to consider Adversaries (those wishing to attack us) and Adversities, those risks and threats we're faced with. Risks can be threats or hazards. It is often difficult to think like an attacker, so use an approach like De Bonos Six Hats, which can then give yup different perspectives on things.
Attack profiling, needs a structured approach. Tools like mind maps can help with the process.
The big challenge is going to be transferring all of this thinking into an Agile development environment.

I have written an article The 10 A's of Cyber Security, which explains these elements in context.

Threat modelling for beginners

The recent announcement leading to the demise of IS1/2 will leave a vacuum. However for many in Local Government and elsewhere who haven't been using IS1/2, will bring the opportunity to look a a set of threat modelling tools. A good starting point is: https://www.owasp.org/index.php/Threat_Risk_Modeling
You'll discover the Microsoft Secure Development Lifecycle (MSDL) which is free and fully documented with supporting tools. The OWASP page also links to a. Umber of other resources.

A good model to use is STRIDE: Spoofing Identity / Tampering with Data / Repudiation / Information disclosure / Denial of service / Elevation of privilege.

This works well with DREAD: Damage potential / Reproducability / Exploitability / Affected Users / Discoverability.

When you mix these with Attack Trees and the Cyber Kill chain you start to get an holistic view of what is going on.

We next need to consider Adversaries (those wishing to attack us) and Adversities, those risks and threats we're faced with. Risks can be threats or hazards. It is often difficult to think like an attacker, so use an approach like De Bonos Six Hats, which can then give yup different perspectives on things.
Attack profiling, needs a structured approach. Tools like mind maps can help with the process.
The big challenge is going to be transferring all of this thinking into an Agile development environment.

I have written an article The 10 A's of Cyber Security, which explains these elements in context.
https://www.researchgate.net/publication/303881932_10_A%27s_of_Cyber_Security


From rules to principles

Just when we thought the work of public sector IA had stabilised after the PSN Zero Tolerence Regime, we now find a move from a rules based to a more principles based approach to Cyber Project risk man agent.

We have worked with rules for many years, likewise with principles, especially around Data Protection.

Likewise the financial services and legal professions have both been subject to principles based regulated regimes for many years. The change in IA will be interesting as there isn't a regulator to cover information assurance.

this change and the move to the OFFICIAL classification and handling regime almost a year ago has brought about consider able change. These changes will continue with the added dimension of agile development becoming increasingly popular.

 

Now we need to look at agile information assurance and agile development at OFFICIAL. New principles based guidance will need to be produced and a further update to the Local Public Services Data Handling Guidance, hitting version four, this Summer.