Space computing

imagesUntil now, when people talk about cloud computing, it’s usually understood that the cloud is a metaphor for groups of remote, networked servers. Now “space computing” means it literally: physical servers operating in outer space.

We can think “Cloud computing” evolution is “Cloud in the space” or simple “Space Computing”.

To put servers in space have so many advantages but some clear disadvantages to solve before to put in practice.

Advantages:

  1. Save energy problems, data centers use up 10% of the world’s electricity
  2. No need to freeze the servers
  3. Fast processing because the space environment
  4. A very good cost-effective to launch a server into space

Disadvantages:

  1. There are no need of be compliance or to follow legal topics because satellites are not inside nations legislation area
  2. Storing large amounts of data in space is not feasible with the actual transmission rates
  3. Space waste or small meteorites could destroy our satellites
  4. Shadow problems about coverage
  5. Uplink & Downlink are not symmetric
  6. Extremely expensive maintenance

I had created a presentation where the relationship between these 3 concepts is explained in detail:
see here: http://www.slideshare.net/RamiroCid/space-computing

The relation between Internet of Things, Critical Infrastructure and Cyber Security

IoT_Crit-Infra_Cyber-Security

Nowadays, and even more in the future, Internet of Things will be present (it is already now) in our personal and professional life.
The more assets are “shared” (including Critical Infrastructures) in this new “environment”, the more risk we are assuming, so more effort we will need to do to improve our security.

It is clear that we are “opening” many doors (too many?) to give opportunities to hackers to attack our Critical Infrastructures, environments and assets, steal or destroy our data (think about Big Data also) and maybe we can also think all it is not logical because it is an attitude with too much risk appetite.

We will need more effort to improve our security, but are we doing it properly ?

I had created a presentation where the relationship between these 3 concepts is explained in detail:
see here: http://www.slideshare.net/RamiroCid/the-relation-between-internet-of-things-critical-infrastructure-and-cyber-security

 

Cyber Security

World

“…A computer system is no more secure than the persons responsible for its operation…”

Cybersecurity, is much more than information security applied to IT assets.

Serious financial damage has been caused by security breaches, but because there is no standard model for estimating the cost of an incident, the only data available is that which is made public by the organizations involved.

There are a big number of different vulnerabilities in relation of the type of assets:
a) Denial-of-service attack
b) Backdoors
c) Exploits
d) Direct access attacks
e) Eavesdropping
f) Indirect attacks

There are different type of countermeasures:

1) Security and systems design
2) Security measures
3) Difficulty with response
4) Reducing vulnerabilities
5) Security by design
6) Security architecture
7) Hardware protection mechanisms
8) Secure operating systems
9) Secure coding
10) Capabilities and access control lists
11) Hacking back

To expand the details about these topics and others in relation of Cyber Security,
see here: http://www.slideshare.net/RamiroCid/cyber-security-41376829

Cyber Security Awareness

Hacking BrainstormingCybersecurity, also known as “IT security” or “Computer security” is information security applied to computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc., as well as computer networks such as private and public networks, including the whole Internet.

Network outages, data compromised by hackers, social attacks, computer viruses and other security incidents could affect our lives in ways that range from inconvenient to life-threatening. As the number of mobile users and devices, web applications and data networks increase, so do the opportunities for exploitation.

The 3 principles of Information, confidentiality, integrity and disponibility are protected by Cybersecurity.

People is often the weak link in the chain in IT Security. The best technical security efforts will fail if their company has a weak security culture. Companies which want to have a correct IT Security Awareness need to develop a plan to do the rollout of trainning about this awareness.

More data about the Cyber Security Awareness here: http://www.slideshare.net/RamiroCid/cyber-security-awareness-41375715

 

ISO 22301 Business Continuity Management

The ISO 22301 Societal security – Business continuity management systems – RequirementsISO22301
is the standard created by leading experts on this area to provide the best framework for business continuity management in an organization.

ISO 22301 is not that different from BS 25999-2 in most business continuity areas like business impact analysis, strategy or planning; the biggest changes are in the management part of the standard.

Object:
ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.

Scope:
The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.

If an organization wants to implement this standard, the following documentation is mandatory:

  • List of applicable legal, regulatory and other requirements
  • Scope of the BCMS
  • Business Continuity Policy
  • Business continuity objectives
  • Evidence of personnel competences
  • Records of communication with interested parties
  • Business impact analysis
  • Risk assessment, including risk appetite
  • Incident response structure
  • Business continuity plans
  • Recovery procedures
  • Results of preventive actions
  • Results of monitoring and measurement
  • Results of internal audit
  • Results of management review
  • Results of corrective actions

More data about the ISO 22301 in: http://www.slideshare.net/RamiroCid/iso-22301-business-continuity-management