Cyber Security
An old laptop or PC that I had, made the most sense (reimaged of course). By today’s standards it would be a Celeron 3450, with 4GB of RAM. The built-in AV would be sufficient, or maybe a free 3rd party. The router that came with his Internet connection provided plenty of additional security with NAT. I splurged and got Office Home edition, so he would have Outlook and Word. Although some of the free choices would have worked (for someone used to using Office at work, I would have felt that MS Office was an essential choice). My greatest fear was social engineering, and software will only do so much to stop this. A little training and education was needed. Now I didn’t need wireless for him, but what would have been appropriate had the situation been different? WEP was a bad choice then and still is now. WPA would probably have been acceptable (yes, it really would have been) as it would have provided adequate protection based on the value of the data. However, as there was no cost difference and no meaningful increase in difficulty of using WPA2, that is the way I went (additional security without cost or loss of functionality is a good thing). We now know of new problems with WPA2, would it still be acceptable today or do we have to buy things that support WPA3? To go with WPA3 we would probably have to upgrade the products and make the system cost prohibitive. We don’t need to use WPA2-enterprise either as the use of certificates would be too hard for him to manage if there was a problem. In dealing with users that ask us for advice, keep their situation in mind, not what you (or I) want. Do they need
an i7-8770 or a simple Celeron 3450? Do they need 4GB or 16GB? General business graphics or 120fps @ 4K for a great first person shooter? Are the built-in tools (or alternatively free one) acceptable or will you need to recommend something greater? What productivity options do they need? What speed Internet? Do they even need a computer? Seriously a tablet may be a better choice for consumption of media if they don’t produce themselves. Security needs to be measured against the functionality and price. What I use in the enterprise is barely adequate in my view, but would be dramatic overkill for nearly any home user or small business. What I use at home exceeds most small to mid-sized businesses, but I also manage it myself. What I’m going to recommend to a mom, so her child can do their homework and hop on the web is going to cost far less. That $400 laptop should be able to do everything she needed it to do. At worst a little more money for Office – Student edition. As I close this article, the Murray Street Mall has reopened. Not sure what it was (probably a back pack left behind), but I’m reminded that as much as we worry about security, we also live in the safest time in human history. Fear mongers have us terrified and acting irrationally, but we in the security industry should know better. It isn’t what we want to believe, but that the facts that matter. Security is important and should be exercised by everyone, but there is an appropriate level. Causing undue fear is unethical, doing nothing is unethical. As security specialists we are the shepherds of our users. We need to help keep them safe in a reasonable and cost-effective manner.
Advocacy. Community. Integrity. Join the Australian Institute of Professional Intelligence Officers today
Intelligence can provide exciting career pathways across many different agencies and sectors — but isn’t it good to know you’re part of a bigger national and global community? The Australian Institute of Professional Intelligence Officers (AIPIO) provides this community, together with a wide range of membership benefits. Our membership is drawn from a diverse range of intelligence domains, including:
NATIONAL SECURITY
DEFENCE
BUSINESS
ACADEMIA
LAW ENFORCEMENT
REGULATION
BANKING & FINANCE
INTEGRITY COMMISSIONS
As the peak professional body for intelligence professionals, AIPIO is committed to: Connecting members across intelligence communities and encouraging cross-domain collaboration
Supporting and representing intelligence professionals throughout their career lifetime
Sharing cutting edge and emerging global intelligence practices and enabling technologies
Encouraging cross-domain collaboration on broad intelligence topics such as cyber and big data
Do something positive for yourself and your career – join AIPIO today.
aipio.asn.au
Asia Pacific Security Magazine | 51
