Six Degrees of Information


Image of a stamp marked Top Secret

Six degrees of information is a play on the original Six degrees of Separation, which states: “Six degrees of separation is the idea that all living things and everything else in the world are six or fewer steps away from each other so that a chain of “a friend of a friend” statements can be made to connect any two people in a maximum of six steps.”

A previous article from the National Center for Missing & Exploited children produced a video titled “6 Degrees of Information”.  That video documented how an Internet researcher was able to find out personal information about the participants online.

Some of you might also remember Six degrees of Kevin Bacon,  “a parlor game based on the “six degrees of separation” concept, which posits that any two people on Earth are six or fewer acquaintance links apart. Movie buffs challenge each other to find the shortest path between an arbitrary actor and prolific actor Kevin Bacon. It rests on the assumption that anyone involved in the Hollywood film industry can be linked through their film roles to Bacon within six steps.”

While these definitions are still relevant, they don’t begin to define how information dependent and reliant we have begun.  Wherever this concept is deployed, the end game is that we are all more connected than we realize.

If you don’t think of yourself as all that connected, let’s play a game.  It’s called – what would you do without your connections?

  • Imagine no Amazon orders/deliveries.
  • How will you watch Netflix, Hulu or cable at all – pretty much no TV (remember – analog is gone).
  • No ability to pay for anything via credit/debit card – a cash only economy. Can you access your accounts in person to withdraw cash?  Will the bank allow all of us to withdraw all our money?
  • You won’t be able to rely on OnStar, GPS mapping or geolocation via device.
  • Unless you download your music to your device – no music to listen to at the gym. Do you still have a portable CD player?  Or any CD’s to play?
READ ALSO  Top cyber stories for July 2019

I’m pretty sure you’ve gotten the message by now – our quality of life would certainly be impacted without connectivity.  It’s the whole premise of the Internet of Things (IoT).

I’ve written about this before.  But it bears mentioning again, again and again.  The weakest link in any information chain is ALWAYS going to be people.  No matter how many videos, info-graphics, webinars, emails etc. we get about securing our data and information, we continue to give out our information to anyone who asks. We also continue to click on links in emails without any thought process at all.  Last, but not least, someone, somewhere has just paid a Nigerian prince their entire life savings.

It seems companies and governments aren’t very interested in hiring professionals to protect our information.  Part of this problem is that there is no defined or recognized license in “Cybersecurity”.  There are licenses in networking, virtualization, Windows, etc. but no one definition of a cybersecurity professional.  The following analysis demonstrates this confusion.  A Glassdoor search conducted on 11/23/2018 using the following parameters produced the table results below”

Cybersecurity as the keyword in the job description.

Jobs posted within the last week.

Location = Miami, Florida.

This search returned 48 results.  Six job postings were randomly selected for comparison.

  • Physical Security Specialist
  • Transportation Security Specialist
  • Security Analyst
  • Cisco VOIP Engineer
  • Cloud Security Architect
  • Senior Cloud Security Engineer

Wait – there’s already something wrong.  Look at the range of titles returned for the keyword Cybersecurity.

Let’s try another search, but switch a keyword. The job description keyword is now accountant.  This search returned 91 results.  Most of the job titles in this search contain the word “accountant”.  None of the job titles from the original search contain the word cybersecurity.

What this has caused is job descriptions are “tripping” all over each other.

The VOIP engineer job description includes penetration testing, the Senior Cloud Security Engineer job description includes requirements for VPN and firewall expertise, and the Transportation Specialist needs a bomb school certification.

READ ALSO  A Group of Google Contractors Has Voted to Unionize

Mirriam Webster’s dictionary defines cybersecurity as measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.  Cybersecurity is a noun, like accounting or law.  Nouns don’t perform actions.  Verbs perform actions.  If we describe the functions of the job, we can match them to the industry certification and/or job title.

Cybersecurity fields are about information.  As we define, collect, track, disseminate, store and delete information, we start to see the skillsets needed.

There are any number of ways to define the information life cycle – this one from 2008 is well presented.

We have become numb to data breaches and accept them as status quo.  As emerging technologies evolve, this is a completely unacceptable point of view.  We are already dangerously close to having no ability to control and secure our information.  Its commonplace for people to argue endlessly about political viewpoints. We should see the same arguments from professionals about the sad state of cybersecurity and the lack of cohesion in career and workforce development.

The blog section of this website attempts to provide a rational discourse on workforce development, industry certifications and privacy and security.

Cyber security is not a one-person effort.  The “IT person” who fixes your printer can’t develop a corporate infrastructure.  If you want to secure your network and build firewalls, hire a Cisco certified professional – not a Cloud engineer.

 

 

 

 

 



Source link

?
WP Twitter Auto Publish Powered By : XYZScripts.com