REST Assured – Alternative Methodologies For CIOs
The traditional methodologies for conducting IT security assessments are no longer valid, nor are they useful…….For CIOs, there are three keys to successfully estimating security risk: proximation, inference, and mysterion.
Proximation is simple enough to practice – spend time understanding the threat and then take steps to deal with it. Proximate threat models are easily distributed and learnable, rapid-fire, testable, and actuate threat based on behavior.
The inference is a tricky proposition – you must carefully wade through the proprietary mumbo jumbo to arrive at an accurate understanding of your onsite vulnerability. And, if you are asking your CIO to make these determinations, you must be prepared to explain the trade-offs, trade-offs, and practical implications in a way he/she will understand.
Mystification number one: we rely too much on our computers at home.
The fear of websites appearing out of whack with our computers’ “bugs” usually leads to several anxiety-provoking conditions, starting with a slowdown in computer performance that can eventually create a situation that our engineers would have to address.
However, there is another far more deadly conventional threat to computer performance that we rarely consider until it is too late – literally before the damage is made. That threat is spyware.
Spyware – similar to a Trojan Horse – infiltrates our computers, usually without our knowledge, and causes them to send information about our activities back to somebody else’s computer. (In fact, giving our computers “spyware” passwords – just like the Trojan Horse used by the Greeks to lure the Trojans into their destruction — is another way of saying that our computers give away information about us without us knowing it. We are prey, like an ant, of these programs. Like the ant, they are out there, seeking the harmless and the helpless, whatever their cost).
The problem with this kind of threat is twofold:
1. Like a Trojan Horse, spyware is difficult to eradicate. Even when we think we have successfully removed it, another version appears elsewhere on the Internet.
2. Spyware can be used to cause serious damage to our computers. This can include stealing our passwords, such that they become useless to us, or it might be impossible to communicate, creating a “vacation” page that shuts us out of our system so we cannot use it at all.
The first step in eliminating spyware from our computers is, to tell the truth about spyware. Distrust all claims that your computer has spyware unless proven otherwise.
Spyware infiltrates our computers through web pages, ActiveX programs, cookies, instant messages, and some types of peer-to-peer file-sharing networks. It then collects information about us, which can be used by third parties or sold to advertisers.
However, even if we are not using the Internet directly, we are still potentially at risk. Legislation is being enacted worldwide to limit Internet use, and the United States is one of several countries where laws are being implemented to monitor and restrict the way the Internet is used.
