lightework design

Category: appropriate technology

  • Anonymity in Cyberspace

    Anonymity in Cyberspace

    In this information age, large technology corporations harvest the personal data of millions of individuals to collect demographic information that they can apply to their products and advertising endeavors. Private citizens desire situations in which they can protect their personal data through anonymous action; and inversely, users want proper authentication credentials and authorization systems to protect access to their electronic business arrangements.

    I don’t believe that the conversational debate on this topic should resolve in a binary answer of whether anonymity should be preserved in cyberspace because there are differing types of practical applications which benefit from either anonymity or authentication. If the world wide web is continually used for both casual recreation and serious business applications, there will be a need for both types of functionalities to be utilized to create satisfied users. Ideally, our business communications and transactions should be secured, encrypted, and only available to properly authorized and fully authenticated users. However, it is helpful and comfortable to be able to maintain anonymity as a casual user and utilize the protection of anonymity to protect freedom of speech and the identities of vulnerable users from possible threat actors.

    The Usefulness of Anonymity

    Throughout history, anonymity has proven to be useful in protecting vulnerable people for many legitimate reasons. Journalists often rely on hiding their personal information to protect themselves from threats to their person when publishing controversial ideas or when writing with criticism toward authority figures. Anonymity also allows writers to disconnect from their subject matter in a way that they might hope allows people to withhold the prejudice that comes with knowing who the author of a work is. According to Hruska (2011), the founder of Facebook has stated that all anonymity should be abolished from the internet, elaborating that he believes personal anonymity leads to a higher chance of negative or anti-social behavior. I don’t believe that his statements reflect the implications of all anonymity online, but instead pertain particularly to the Facebook service which also profits less from anonymity and profits more from a strategy of personal data collection and user verification. In opposition to Mark Zuckerberg’s opinion on digital anonymity, I believe that there are very useful applications for anonymity and that the determination of whether personal verification should be obtained is situational. I think that it is time for the governing bodies to accept that the many applications of today’s internet have outgrown the regulations that govern the physical hardware systems that powers them, and new legislation should be considered that promotes informed consent on behalf of private citizens and their data privacy.

    The Necessity of Personal Authorization

    There are so many business transactions and accounts that exist on the world wide web and individuals all desire proper authentication systems in place so that they are the only verified user of their accounts and sole signer of their transactions. A verification process does submit personal information to a 3rd party, but that does not mean that the 3rd party must engage in mass data collection, trading, and sales. The organization’s collection of qualifying personal information helps protect a user’s account from people that do not possess that information which contributes to authentication and helps to maintain the economic integrity of the relationship. However, there are plenty of types of interactions on the internet that do not require verification and can be used more comfortably in complete anonymity. Just like in our non-digital interactions with people in society, information is naturally disclosed on a need-to-know basis. People don’t feel comfortable sharing all their personal details in the first few conversations or with someone they don’t know well because of possible security risks. This is an example of how we use anonymity in everyday life to assert authorization when providing our personal information to others. The world wide web has similar situations and interactions in which it is beneficial to preserve personal anonymity to protect personal data and exercise free speech. Hruska (2011) points out that anonymity has been described by the United States Supreme Court as vital to the freedom of speech, which I think should also be respected in the internet platforms and the systems’ informational design.

    Is Anonymity in Cyberspace an Illusion?

    In today’s internet, when a user makes a connection to a website, their computer’s details are sent through a vast network of networks before it reaches the intended destination leaving behind a trail that is easily tracked. Because of this physical limitation on the potential anonymity of the medium, I believe that digital anonymity is somewhat of an illusion. Digital anonymity can be created when an organization’s operations are designed to collect the minimal amount of user data required to achieve the necessary functions of the product or service. It is in the hands of the organization and user who must take responsibility for possible security risks and foster their relationship’s trust to maintain a comfortable sense of digital anonymity. Lufkin (2017) from BBC, states that he believes digital anonymity allows people to have exciting experiences without fearing the consequences of recognition or retaliation to themselves. Relating to psychology, he believes that our individual definition of self is made up of both our perception of ourselves and a culmination of how other people view us. Although that any interaction on the internet can be traced with enough time, it is equally important for web developers to create spaces that provide users with an easing sense of anonymity and proper user verification as is applicable to the specific type of interaction.

    Part of the illusion of anonymity that initially surprised me was, as Lufkin (2017) states, that personal demographic data is still bought and sold through large technology companies even if the subject individual is not a user of that service or does not possess an account with that company. Corporations such as Facebook are still able to collect data about individuals through other methods such as their Facebook Pixel which tracks users on many different websites outside of Facebook. Inherently, there is no anonymity on the internet that is legally protected out of the scope of the freedom of speech.

    Is Secure Authorization in Cyberspace an Illusion?

    Secure authorization is generally provided through the roles assigned by the server administration after authentication. Authentication systems are constantly challenged in new ways as hackers and cyber security professionals battle it out in endless advancement of their offensive and defensive tools and systems. Huge collections of personal data that exist within these large companies’ user accounts are popular targets for criminals because this personal information usually leads to qualifying information that allows them to access business and financial accounts. Secure systems sacrifice convenience for more security; so, if we want to enjoy the benefits of conducting our business on the internet, we should recognize the value of authentication and encryption systems like biometrics and passkeys. The government has a direct interest in reducing the level of possible anonymity on the internet toward more transparency so that it becomes easier to identify and solve domestic threats of terror and other forms of crime that can be traced through our national networks.

    Anonymity for Human Rights Protection

    The United Nations Human Rights Office (2015) writes that the improvement of digital security is imperative to the success of all interactions with the United Nations to work toward their goal of creating a connected, protected, and stable world environment. Within their concerns lie the digital security of countless people who rely on the protection of freedom of speech and some form of digital anonymity to perform their job tasks without adding to the risk of personal endangerment. Moyakine (2016) writes that anonymity on the internet is critical to the maintenance of our human rights and fundamental freedoms, and our personal data and free expression should be protected. Personally, I believe that the disclosure of personal data to corporations allows threat actors to directly target individuals and is an obvious personal security risk. The internet has the potential to facilitate the greatest conversational progress that humanity has yet achieved, but if users’ personal data can be targeted and some form of digital anonymity is not in place then people will be discouraged from exercising their freedom of personal expression due to considerable negative consequences.

    Summary

    When discussing the subject of digital anonymity, we must also consider the importance of free speech, privacy of personal information, and the preservation of our human rights. It has become common for large technology companies to develop technologies that appear to challenge our current legislation’s technical knowledge or appear to create a situation that has no prior legislation. I believe that this attempt at overcomplication is more of an attempt to create a monopoly within a trending market, often at the expense of individual data privacy and free speech. Optimistically, I hope that advances in encryption and authentication techniques can create a justifiable sense of security in the world wide web while adopting a need-to-know style strategy toward data privacy to protect users from dangerous personal data exposure.

    References

    Hruska, J. (2011). The need for anonymity in a digital age. ExtremeTech. https://www.extremetech.com/internet/92096-the-need-for-anonymity-in-a-digital-age

    Lufkin, B. (2017). The reasons you can’t be anonymous anymore. BBC. https://www.bbc.com/future/article/20170529-the-reasons-you-can-never-be-anonymous-again

    Moyakine. (2016). Online Anonymity in the Modern Digital Age: Quest for a Legal Right. Journal of Information Rights, Policy and Practice, 1(1). https://doi.org/10.21039/irpandp.v1i1.21

    United Nations Human Rights Office of the High Commissioner. (2015). Human rights, encryption and anonymity in a digital age. United Nations. https://www.ohchr.org/en/stories/2015/06/human-rights-encryption-and-anonymity-digital-age

  • What is a SIEM tool?

    What is a SIEM tool?

    A Security Information and Event Management System (SIEM) combines the security management of information and events into dashboard graphical user interfaces which display an aggregation of data, including anomalies and alerts within the system (Gillis & Rosencrance, 2022). Beyond a SIEM tool’s detection capability, it can also take reasonable action based on events or notify other controls to change status after a suspicious event. SIEM tools collect data from logs of many different host systems which can then be viewed in a navigable graphical user interface, processes and events can be correlated with timestamps and alerts, suspicious activity can be quickly detected based on preset parameters. SIEM tools streamline the data analysis process that large companies face by drawing attention to only the most important alerts, events, and problems; and automating some of the resolution processes so that a security solution can be expedited.

    SIEM are helpful tools for organizing security defense and cyber responses for corporations because they provide a centralized perspective that is built by continuously analyzing the data associated with all users, business assets, events, and interactions (“What Is Security Information…,” 2022). Security teams in corporations can have the most relevant and conclusive information about their network operations in a convenient, “single pane of glass” display. SIEM alerts allow corporate management to become aware of time-sensitive anomalies within the network that could be potentially dangerous and costly if not immediately handled appropriately with the aid of an aggregation of relevant information involved in the decision-making processes. SIEM tools’ interfaces allow a flexible range of customization that can suit many purposes of managing assets within a corporation. User behavior patterns can be analyzed in forensic investigations or audits, which is equally useful to corporate management as real-time monitoring and legal or regulatory compliance.

    An example of a SIEM is SolarWinds SIEM made by SolarWinds (“SIEM Tools,” n.d.). The application’s primary purpose is to provide a centralized point of access for logging, threat analysis, response, and reporting. The price of a SolarWinds SIEM subscription starts at $2,877; the company also offers a fully functional 30-day trial of the software. The capabilities of this SIEM software are log collection, the ability to quickly find and focus on relevant information, and to assist in creating an improvement to reaction time to identifying suspicious behavior. SIEM software such as SolarWinds SIEM allows a broad scope of an organization’s security posture to be visualized and studied in a real-time graphical user interface environment so that an organization can mitigate security threats, improve compliance, and optimize their defense strategy. SIEM tools can help distinguish between data and and external threats, make updated decisions based on past data, and automate many processes that save valuable time in each stage of an effective cyber security strategy.

    References

    SIEM Tools. SolarWinds. https://www.solarwinds.com/security-event-manager/siem-tools

    Gillis, Alexander S.; Rosencrance, Linda. (2022, December). Security Information and Event Management (SIEM). TechTarget.https://www.techtarget.com/searchsecurity/definition/security-information-and-event-management-SIEM

    (2022, August 1). What Is Security Information and Event Management (SIEM)? Splunk.https://www.splunk.com/en_us/data-insider/what-is-siem.html

  • Why Organizations Use Risk Management Frameworks

    Organizations want to implement a risk management framework for the same reason that they would want to have insurance coverage or a security system. There are many different types of risks for which an organization can be liable, including hazard risk, financial risk, operational risk, and strategic risk. A risk management framework can provide a structured way to assess, organize, prioritize, and control risk, providing structured processes and contextual insight to organizations.

    The benefits of implementing a risk management framework include the ability to make more informed decisions, reduce costs by reducing the likelihood of incidents, and understand the potential threats that can affect the organization. A risk management framework can give an organization an advantage due to being designed to address regulatory compliance within the specific industry, as well as provide stakeholders with additional confidence and understanding of risk tolerance.

    The downsides of implementing a risk management framework include the need for an organization to interact with a high level of complexity, which also require large amounts of resources to be properly managed. Convincing an organization to adopt a risk management framework can be difficult to provide an accurate figure of return on investment that would clearly outweigh the difficulty and resource cost of adopting the framework.

    References

    Marker, Andy. (2021). Enterprise Risk Management Frameworks and Models. Smartsheet. https://www.smartsheet.com/content/enterprise-risk-management-framework-model