Below you will find an overview of groups of blogpost I made with either the topics security and/or privacy. And if you have suggestions for topics, please let me know in the comment section below.
Guidelines for Security and Privacy
I receive often the question on what should be done in terms of security and privacy, and the pitfall is that you can either respond in to abstract terms, or in way to specific detail. When I was thinking about a security policy I noticed that people rarely read them, and I can understand that. And not everyone wants, or needs, to read specific documentation regarding the implementation of encryption.
In this post (and many sub-posts) I will go more in depth on what I consider to be wise guidelines for security and privacy.
Encryption and HashingAre you a Security Officer and familiar with the question what is the baseline or policy for encryption? Or are you an engineer who has asked that very question? Or are you a power user that wants to learn more about setting up an encryption policy? As an IT Security Officer I have faced a similar question in the past, and I will try to answer it in this serie of blog-posts. Keep in mind that I talk mostly about the what here, not the how.
- Part 1 - General Policy and Hashing Algorithms
- Part 2 - Asymmetric and Symmetric Encryption Algorithms
- Part 3 - Encryption Implementations
- Part 4 - Summary: The Encryption and Hashing Security Policy
Security and Privacy Awareness
A series of posts that are (loosely) belonging to each other concerning Awareness Training about Security and Privacy. I also address awareness in regard to Agile Development and where I think you can have the best impact on creating awareness. Where? The place where change is done. Read more about it in the posts below.
Security Pyramid Model
In this blog-post I am going to share the foundations of my experience and knowledge from the last couple of years in to a model. In this model I have set out the most important topics and I am convinced that if these concepts can help you in your profession, especially when you are new to this very interesting field of work. I call this model the Security Pyramid Model. First I'll show you the model and describe the basics, ethics and the rules for success in Information Security.
Input ValidationIn this blogpost serie I will talk about input validation for web-applications. Input validation is a process that gets the input from the source (user, database, textfile, et cetera), checks it for any faulty and nasty and sneaky contents, and then sends it to the process that needs the input. Input validation is not only about security. It is also about building user-friendly applications (a message when the data-entry does not comply) and keeping data consistency (all data is stored in the same format).
- Part 1 - Input validation process
- Part 2 - Input validation coding client-side
- Part 3 - Input validation coding server-side
Security related book reviews
I also read books with security and privacy related topics. You can find the reviews of some of them below. Please share your thoughts if you want that.
- Data and Goliath, The Hidden Battles to Collect Your Data and Control Your World, by Bruce Schneier (March 2015)
- Komt een vrouw bij de H@cker, van Maria Genova
- Schneier on Security, by Bruce Schneier (September 2008)
The posts below are in Dutch and written specifically for the Alert Online Security campaign by the Dutch government.
- 2016: Ben jij Alert-Online, of Alert-Offline? (Dutch)