Leonard Nelson https://leonelson.com Personal blog of Leonard Nelson talking about technology, education, customer relationship management, customer service and Africa. Mon, 17 Jun 2019 00:08:53 +0000 en-US hourly 1 https://leonelson.com/wp-content/uploads/2006/01/cropped-LeonardNelson-2.0-32x32.jpg Leonard Nelson https://leonelson.com 32 32 1-10-60 Rule https://leonelson.com/2019/06/16/1-10-60-rule/ https://leonelson.com/2019/06/16/1-10-60-rule/#respond Sun, 16 Jun 2019 23:19:24 +0000 http://leonelson.com/?p=3119 Dmitri Alperovitch, CTO at CrowdStrike, breaks down the 1-10-60 rule and why organizations should track and improve their incident response times with this benchmark in mind i.e. Detect an incident in 1 minute Investigate the incident in 10 minutes Remediate or contain the incident in 60 minutes

The post 1-10-60 Rule appeared first on Leonard Nelson.

]]>
Dmitri Alperovitch, CTO at CrowdStrike, breaks down the 1-10-60 rule and why organizations should track and improve their incident response times with this benchmark in mind i.e.

Detect an incident in 1 minute

Investigate the incident in 10 minutes

Remediate or contain the incident in 60 minutes

1-10-60

The post 1-10-60 Rule appeared first on Leonard Nelson.

]]>
https://leonelson.com/2019/06/16/1-10-60-rule/feed/ 0
Leadership https://leonelson.com/2019/03/25/leadership/ https://leonelson.com/2019/03/25/leadership/#respond Tue, 26 Mar 2019 00:55:25 +0000 http://leonelson.com/?p=3095 The challenge of leadership is to be strong, but not rude; be kind, but not weak; be bold, but not bully; be thoughtful, but not lazy; be humble, but not timid; be proud, but not arrogant; have humor, but without folly. Jim Rohn

The post Leadership appeared first on Leonard Nelson.

]]>

The challenge of leadership is to be strong, but not rude; be kind, but not weak; be bold, but not bully; be thoughtful, but not lazy; be humble, but not timid; be proud, but not arrogant; have humor, but without folly.

Jim Rohn

The post Leadership appeared first on Leonard Nelson.

]]>
https://leonelson.com/2019/03/25/leadership/feed/ 0
Under the Hood of Password Managers https://leonelson.com/2019/03/03/under-the-hood-of-password-managers/ https://leonelson.com/2019/03/03/under-the-hood-of-password-managers/#respond Sun, 03 Mar 2019 14:56:40 +0000 http://leonelson.com/?p=3086 Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings…

Continue reading

The post Under the Hood of Password Managers appeared first on Leonard Nelson.

]]>

Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7 [1], 1Password 4 [1], Dashlane [2], KeePass [3], and LastPass [4]. We anticipated that password managers would employ basic security best practices, such as scrubbing secrets from memory when they are not in use and sanitization of memory once a password manager was logged out and placed into a locked state. However, we found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases, exposing up to 60 million users that use the password managers in this study to secrets retrieval from an assumed secure locked state.

Source: Password Managers: Under the Hood of Secrets Management

The post Under the Hood of Password Managers appeared first on Leonard Nelson.

]]>
https://leonelson.com/2019/03/03/under-the-hood-of-password-managers/feed/ 0
CIS Controls Self Assessment Tool https://leonelson.com/2019/02/03/cis-controls-self-assessment-tool/ https://leonelson.com/2019/02/03/cis-controls-self-assessment-tool/#respond Sun, 03 Feb 2019 22:44:08 +0000 http://leonelson.com/?p=3078 The Center for Internet Security has launched the CIS Controls Self-Assessment Tool, or CIS CSAT, to enable organizations to track and prioritize their implementation of the CIS Controls. The tool includes features such as the ability to: Delegate questions to other team members Set deadlines for each CIS Control and sub-control Collect documentation related to…

Continue reading

The post CIS Controls Self Assessment Tool appeared first on Leonard Nelson.

]]>

The Center for Internet Security has launched the CIS Controls Self-Assessment Tool, or CIS CSAT, to enable organizations to track and prioritize their implementation of the CIS Controls. The tool includes features such as the ability to:

  • Delegate questions to other team members
  • Set deadlines for each CIS Control and sub-control
  • Collect documentation related to your findings
  • Capture team discussion about each assessment question

To start with the Self Assessment Tool, visit https://csat.cisecurity.org/

The post CIS Controls Self Assessment Tool appeared first on Leonard Nelson.

]]>
https://leonelson.com/2019/02/03/cis-controls-self-assessment-tool/feed/ 0
Health Industry Cybersecurity Practices https://leonelson.com/2019/01/06/health-industry-cybersecurity-practices/ https://leonelson.com/2019/01/06/health-industry-cybersecurity-practices/#respond Mon, 07 Jan 2019 02:58:07 +0000 http://leonelson.com/?p=3022 Health and Human Services (HHS) released the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication that aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The guide is available at Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.…

Continue reading

The post Health Industry Cybersecurity Practices appeared first on Leonard Nelson.

]]>
Health and Human Services (HHS) released the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication that aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The guide is available at Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.

The guide includes:

The post Health Industry Cybersecurity Practices appeared first on Leonard Nelson.

]]>
https://leonelson.com/2019/01/06/health-industry-cybersecurity-practices/feed/ 0
China’s Global Satellite Internet Service https://leonelson.com/2018/12/31/chinas-global-satellite-internet-service/ https://leonelson.com/2018/12/31/chinas-global-satellite-internet-service/#respond Mon, 31 Dec 2018 19:00:36 +0000 http://leonelson.com/?p=3019 Over the weekend, China launched a satellite into low-earth orbit, the first step of a plan to provide global satellite internet to people who still don’t have reliable access. Nearly 3.8 billion people are unconnected to the internet, and women and rural poor are particularly affected.The satellite, called Hongyun-1, took off at China’s national launching site Jiuquan Satellite…

Continue reading

The post China’s Global Satellite Internet Service appeared first on Leonard Nelson.

]]>

Over the weekend, China launched a satellite into low-earth orbit, the first step of a plan to provide global satellite internet to people who still don’t have reliable access. Nearly 3.8 billion people are unconnected to the internet, and women and rural poor are particularly affected.
The satellite, called Hongyun-1, took off at China’s national launching site Jiuquan Satellite Launch Center on Saturday (Dec. 22). Hongyun-1, or “rainbow cloud,” is the first of 156 satellites of the same name developed by state-owned spacecraft maker China Aerospace Science and Industry Corporation (CASIC). A Long March 11 rocket, made by another state-owned firm, China Aerospace Science and Technology Corporation, carried the Hongyun-1.

China got on the bandwagon to provide global satellite internet

The post China’s Global Satellite Internet Service appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/12/31/chinas-global-satellite-internet-service/feed/ 0
Wallor – Slim, Smart, RFID Wallet https://leonelson.com/2018/12/30/wallor/ https://leonelson.com/2018/12/30/wallor/#respond Mon, 31 Dec 2018 01:10:49 +0000 http://leonelson.com/?p=3012 Wallor is a slim wallet with smart capabilities. The wallet has worldwide GPS tracking, Bluetooth alert system and RFID protection. Key Features: Card Fit/Number of Cards: 10-12 Bill Fit/Number of Bills: 15+ Keys/Coins: Yes. Special pocket Size: 4.6 x 3.5 x 0.25 inch (110 x 85 x 7 mm) Material: Black Nappa Leather RFID Protection: Yes GPS Tracking: Cloud data tracking Data…

Continue reading

The post Wallor – Slim, Smart, RFID Wallet appeared first on Leonard Nelson.

]]>
Wallor is a slim wallet with smart capabilities. The wallet has worldwide GPS tracking, Bluetooth alert system and RFID protection.

Key Features:

  • Card Fit/Number of Cards: 10-12
  • Bill Fit/Number of Bills: 15+
  • Keys/Coins: Yes. Special pocket
  • Size: 4.6 x 3.5 x 0.25 inch (110 x 85 x 7 mm)
  • Material: Black Nappa Leather
  • RFID Protection: Yes
  • GPS Tracking: Cloud data tracking
  • Data Plan: Free

Related Links:

Wallor 2.0

The post Wallor – Slim, Smart, RFID Wallet appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/12/30/wallor/feed/ 0
Build And Run A SOC for Incident Response in Higher Education https://leonelson.com/2018/12/08/build-and-run-a-soc-for-incident-response-in-higher-education/ https://leonelson.com/2018/12/08/build-and-run-a-soc-for-incident-response-in-higher-education/#respond Sat, 08 Dec 2018 15:40:21 +0000 http://leonelson.com/?p=3007 How To Build And Run A SOC for Incident Response – A Collection Of Resources

The post Build And Run A SOC for Incident Response in Higher Education appeared first on Leonard Nelson.

]]>
How To Build And Run A SOC for Incident Response – A Collection Of Resources

The post Build And Run A SOC for Incident Response in Higher Education appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/12/08/build-and-run-a-soc-for-incident-response-in-higher-education/feed/ 0
4 Types of Work in IT https://leonelson.com/2018/10/16/4-types-of-work-in-it/ https://leonelson.com/2018/10/16/4-types-of-work-in-it/#respond Tue, 16 Oct 2018 23:58:55 +0000 http://leonelson.com/?p=3097 The Phoenix Project by George Spafford, Kevin Behr, Gene Kim is a good read about IT management. The authors narrate the challenges an organization goes through as it transitions into an agile, streamlined machine through the eyes of Bill, an IT manager, at Parts Unlimited. Some of the topics covered included: Challenges adopting project management,…

Continue reading

The post 4 Types of Work in IT appeared first on Leonard Nelson.

]]>
The Phoenix Project by George Spafford, Kevin Behr, Gene Kim is a good read about IT management. The authors narrate the challenges an organization goes through as it transitions into an agile, streamlined machine through the eyes of Bill, an IT manager, at Parts Unlimited. Some of the topics covered included:

  • Challenges adopting project management, change management and streamlining processes through the use of Kanban Boards
  • Compliance requirements with SOX and adopting frameworks such as COBIT
  • Transitioning away from the traditional waterfall development SDLC processes to an organization whose mindset is aligned with Agile and DevOps approaches

However, none of these organization transitions are possible until IT leadership understands where their employees’ time is consumed with IT work and this is where the book shines the most.

Brenton Johnson summarizes the four types of IT work well, however, my synopsis on these four buckets of IT work is:

Business Projects. These include business initiatives that encompass most development projects e.g. In higher education, these can include a new building, launching the new university website with a different CMS. Typically these projects reside and are managed by the Project Management Office, which tracks official projects in the organization.

Internal Projects: These include projects to develop internal applications that help IT Teams deliver services faster. Unfortunately, though exciting for IT team members to work on, many Internal Projects do not get the attention of the Project Management Office and thus are managed internally and independently with little oversite on scope, cost, and feature overruns. Since internal projects consume untold amounts of IT staff time and resources, these projects will often adversely affect progress on Business Projects.

Operational Changes: These include daily work performed by IT teams to plan, assess, build, test and deploy routine changes to keep the infrastructure running e.g. patching application, application upgrades, vendor software updates. Typically, this work directly supports finished Internal or Business Projects and can be referred to as Keeping Lights On (KLO) work.

Unplanned Work: These include tasks and work that is a direct result of a Business or Internal Project deliverable going down or a system issue affecting business operations. This type of work trumps all other categories and This type of work has the ability to put everything else on the backburner and impacts the go-live date for other categories of work.

Related Links:

The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win

The post 4 Types of Work in IT appeared first on Leonard Nelson.

]]>
https://leonelson.com/2018/10/16/4-types-of-work-in-it/feed/ 0
Strategy vs. Tactics https://leonelson.com/2018/08/19/strategy-vs-tactics/ Sun, 19 Aug 2018 13:50:41 +0000 http://leonelson.com/?p=2992 Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. – Sun Tzu Additional Reading: Strategy vs. Tactics: What’s the Difference and Why Does it Matter?

The post Strategy vs. Tactics appeared first on Leonard Nelson.

]]>
Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. – Sun Tzu Additional Reading: Strategy vs. Tactics: What’s the Difference and Why Does it Matter?

The post Strategy vs. Tactics appeared first on Leonard Nelson.

]]>