The 411

In the 90s and earlier, you could call 411 – on your landline, of course – and reach “Information.” Also, Information Society released a song in the 90s named Think.

TMI = Too Much Information.

Information adds context to data, and the first – or nearest – information about data is metadata, literally data about data. That includes the type of data, the length of the data field that conforms to its type - things like that.? If you see a datum, and its value is 1952, without the context information provides, you don’t know whether that 1952 is a year, how much money a pizza costs at a restaurant, or your Aunt Jane’s birth year – all different levels of specificity.

Enter -?just the facts, (ma’am); information makes data usable.

Data: Lisbon

Information:

??Lisbon is the capital of Portugal.

??Lisbon occupies 33 square miles.

??Lisbon’s population is about 550,000 people.

??Heather Noggle has never been to Lisbon.

The relationship between a data point and the information about it implies a key->value pair that shows the context.

Correlating the above, all about Lisbon: capital, area, population, and city in a list of cities not yet visited by Heather Noggle.

In order for data to be useful for information, the metadata regarding at least one thing needs to be present.? Lisbon alone doesn’t mean anything, for example.?

Information…Systems…for my amusement and yours

When I was in college, my university offered a CIS – or Computer Information Systems – degree from the College of Business. The earliest webpage I can pull from the Wayback Machine to inspect our little time capsule is from August of 1997.? That page shows a courseload for the CIS degree of:

???Computer Applications for Business

???Program Design and Development

???Introduction to COBOL Programming

???Windows Programming with Development Tools

???Information Systems Analysis and Design

There are many others, including networks and some advanced, similar concepts (for graduate degrees), but there are no web courses and no security courses. Why?? This is showing information from 1997. The information context here is analysis of a thing at a point in time.

Here’s the whole list: https://web.archive.org/web/19970808033002/https://www.smsu.edu/contrib/cis/crsp01.htm

Swank, isn’t it? The web began as a popcorn ceiling.

Cybersecurity and Information (Which Isn’t Enough)

For regular humans (and I still fit here most days; I’m not a tech superwhiz) – most of us are stuck in a glut of information.? It may have general context, like “passwords” or “cyber hygiene,” but the context that would provide insight into “why should I do this action?” ?(Or not do this action) is often missing. Or, perhaps the context is available but too technical for the audience to grok.

In training new practitioners and the general public on cybersecurity concepts, it’s best to not stop at the information.? A fact list doesn’t really help anyone, even if Portugal is 33 square miles and passwords should be unique per site.

The next newsletter will move Information into Knowledge. So that explains the next header.

Heading Into Knowledge

Knowledge is really where we can apply the useful label.? Information’s got to be accurate and clean to build and retain knowledge, so that also means the underlying data must be as well.

Information’s useful but dull.? The pursuit of knowledge makes us tingle. Why?

Let’s talk about that in 2 weeks.

Zero Out the Zero Day

Not Green Day, not Monday, and not someday.? Zero day.

Bob Carver linked to this earlier in the week. A zero day is any software defect that’s been discovered but also has no fix.? There’s often a lag between the disclosure of the defect, which is typically a security vulnerability of some sort, and when a fix is available for users of the software.

Here’s a particularly nasty Zero Day defect patched by Microsoft earlier this month.

https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html

In fact, there were 10 critical Zero Day defects patched by Microsoft in August.? 10!

Critical refers to impact to affected systems.? Sometimes a defect can allow unauthorized users to perform actions on systems, like privilege escalation.

Let’s say you have access to my computer, but you can only do one thing, which is type the letter “a” in a single program, Notepad.

AAAAAAAAAAAAA

Successful privilege escalation attacks enable access to expanded capabilities beyond what privileges were granted to the user.? The attacker, logged in as the user, might be able to type a “b” or do something as insidious as work within other programs.? Escalate more, and maybe the attacker can delete programs or files.?

You get the picture, or the letters.

The Data Breach Avalanche

Freeze.? Your. Credit. ?Consider it - I talked about it last week.

https://www.dhirubhai.net/posts/heathernoggle_ihavebeenpwned-cybersecurity-activity-7229261668009000960-jX0Z

Everyone Needs an Editor

I need an editor.? You need an editor.

If you have to self-edit because you don’t yet have one, good advice is to build in time between writing and editing.?

Read it aloud or read so slowly and assume you’re leaving out words and making typos, and it’s your job to inspect carefully lest they escape into the wild, those wily mistakes.

Likely you’ll still miss stuff.? I find problems in published books, problems that somehow escaped professional editors. They’re commonly omitted or misspelled words.? Typos.

I do this review sometimes for others - https://purplesec.us/about-us/leadership/heather-noggle/

Missouri Cybersecurity Center of Excellence – MCCoE

Have you visited yet??

Follow on LinkedIn – https://www.dhirubhai.net/company/missouri-cybersecurity-center-of-excellence/ , and visit the site, https://www.mccoe.org .

This is my big professional passion right now, and I appreciate your support and interaction.

?Posts of the 2 Weeks

A few notable posts here from the last two weeks:

If you’re in the cybersecurity field, you know about Lampgate. I review it from a different perspective, picking apart Palo Alto’s apology…rather sarcastically.

https://www.dhirubhai.net/pulse/my-evening-foot-lampshades-heather-noggle-pmafc

?

Nope Everything!

https://www.dhirubhai.net/posts/heathernoggle_are-you-in-denial-you-need-to-be-denial-activity-7229856059702530049-t14V

?

Steak Your Claim!

https://www.dhirubhai.net/posts/heathernoggle_scammer-or-wrong-number-because-of-my-activity-7228851005860233217-NbsL

Publications

Three publications in the last two weeks, linked here for ease of following.

Elnion x 2

https://elnion.com/2024/08/19/medtech-a-story/

https://elnion.com/2024/08/12/systems-and-the-supply-chain-container-edition/

SecureWorld

https://www.secureworld.io/industry-news/navigating-trade-compliance-high-tech

Seeking Writing/Editing Work

I am looking for more writing work going into the fall.? If you’re new to this newsletter and the services I offer at https://www.codistac.com , here’s an overview.

By day and sometimes in the middle of the night, I’m working on bolstering the cybersecurity workforce.? To quell the massive amount of innermental dialogue, I write.? And with that, I’m happy to write for you about where people, technology, and your products meet, so let’s talk about it, or at least expect I might reach out to talk about it with you.

Cybersecurity companies – specifically looking at you. Other technical companies, we can be friends, too. Happy to discuss services with you.

See you everyday and in 2 weeks.