Credit reporting agencies collect data on you. Then they charge customers, (banks, or others considering loans), money to use that data. They also charge you to try to protect that data.
When one of them was breached, Equifax, it affected 143 Million Americans. I tried over 10 times to freeze my accounts waiting on hold for hours. In 2018 Congress decided to take no action. This, even though the breach may have been more serious that initially realized. Some even claim this treasure trove of data is a ticking time bomb waiting to happen again.
A spot of good news, the Georgia Senate voted 51-0 on Thursday to give final approval to a bill that would prevent credit reporting agencies from charging customers to lock their credit reports. A locked or frozen credit report can’t be changed.
Thursday, March 29, 2018
Friday, February 16, 2018
A look at currency in 2018
Could Currency Be Destabilized?
In 1933 the United States began to move away from the gold standard, the process was completed in 1971. To destabilize the currency of a country on the gold standard you would need to:
- Invent a method to produce lots of gold very cheaply, OR
- Run in with lots of tanks and GI Joes and steal their gold.
Most of the world depends on fiat currency, the value of money is related to the power of the nation, its sovereignty, and its balance of trade. It's essentially a trust model and it worked well and still works. The question is are there chinks in the armor?
Growing evidence indicates a variety of attacks could cause significant economic harm to a target, an attack specifically designed to destabilize a currency might now be possible especially if sponsored by a party with significant economic power (i.e., a major country) or executed with precise timing during a high stress period on the economy.
Internet-based Electronic Warfare
Traditional economic warfare seeks to disrupt the flow of commerce in a nation or reduce the confidence or willingness of participants to engage in economic activity. In the Internet world, the main tools are denials of service, identity (or information) theft, or fraud.Paul Kanjorski, the chairman of the House financial services subcommittee, went on C-Span January 27, 2009 and said that $550 billion was withdrawn from money-market accounts on September 15, 2008 in the space of "an hour or two", that Treasury "closed down the money accounts", and that if they hadn't done so, "by 2 PM that afternoon $5.5-trillion would have been withdrawn". The speech is documented on Youtube (hang tough till you get past the panicked lady.)[1] Kanjorski further said, if the Treasury had not responded by guaranteeing $250,000 per account the entire economy of the United States would have collapsed, followed by the rest of the world in 24 hours. If you are interested in learning more what actually did happen that week, I suggest Felix Salmon's blog posting.[2]
You may not have heard about this on mainstream media, because it does not appear to be based on solid sources, though it would make an excellent novel. However, there are chinks in the US Treasury: in a Moody's Triple A bond rating, the US and the UK were put in a class above that of Spain and Ireland, but below Germany, France, Canada and the four Scandinavian countries.[3] In 2008, Worldnet Daily reported, ""We decided to raise the flag," Tom Lemmon at Moody's told WND, "because the underlying credit rating of the U.S. government faces the risk of downgrading in the next 10 years if solutions are not found to our growing Medicare and Social Security unfunded obligations." In May 2009 Standard & Poor released a warning over Britian's credit rating, though they did not actually downgrade.
Economics of Currency Trading
The valuation of currency, at least in economies using "fiat" money, is based on the perception of that currency's general worth. This perception is based on several factors, the strength of the government's economy behind that currency, the willingness of governments to invest in that economy, and general geopolitical factors. For instance, the perception that the United States is overextended with its trade and budget deficits could adversely affect the valuation of the dollar.
Those who buy and sell currency each day, currency traders, are considered a savvy bunch. Because the information they rely on to make decisions crosses international boundaries into countries which may or may not necessarily be open with information, they have to rely on both conventional and unconventional information sources. In order to have a successful impact on a currency's value, one would need to successfully change the perception of a bulk of these currency traders.
Likelihood of Success
There are plenty of analogous examples that short-term influences can be made on valuations of stocks and such. For instance, several companies have been subject to false press releases that had dramatic effects on their stock prices. In those cases, the perpetrator was caught quickly and the stock resumed its previous value. People were able to make money trading options on that stock, but the long-term fundamental value of the company remained unchanged once people discovered the fraud.This would be likely true for the case of currency. Currency traders, a savvy bunch, might be able to be duped into believing false information that could cause a run on the currency. But likely value shoppers would find the scam and buy low when people rushed back in after the fraud was discovered. In the cases of manipulation of stock prices, the fraud was discovered in days, if not hours. If a similar fraud were attempted on a currency, the full weight of that nation's government would be levied to fix the problem quickly.
In order to have an impact on an economy the assets involved would have to be significant. For instance, the United States had a Gross Domestic Product (GDP) in 2008 of US$14.3 trillion.[4] Even launching an attack with $100 million would be like trying to bankrupt a major international corporation by running out the door with a fistful of nickels from petty cash.
One successful attempt at currency manipulation (or savvy investment, depending on your opinion on the matter) was Black Wednesday in 1992. George Soros bet 10 billion pounds against the Bank of England and broke the currency.[4] In that case, England's currency was already having problems and Soros was the "straw the broke the camel's back". At that time, he used an amount of money roughly equal to 1.5% of Britain's GDP. With significant investment of resources, a currency "on the brink" can be successfully attacked.
Concerns from Asia
Dr. Manzur Ejaz blogs about "Recent currency destabilization in the East Asian countries (Thailand, Philippine and Malaysia) by international speculators was a preamble to an unfolding of a broader picture." And a PBS interview with Dr. Mahathir bin Mohamad descibes the havoc he has had to deal with concerning the Malaysian currency. "In the old days you needed to conquer a country with military force, and then you could control that country. Today it's not necessary at all. You can destabilize a country, make it poor, and then make it request help. And [in exchange] for the help that is given, you gain control over the policies of the country, and when you gain control over the policies of a country, effectively you have colonized that country."Cryptocurrency
One of the main attractions to investors, (other than hoping they will get rich quick), is that the currency is outside of nation state control. Nations, such as Venezuela have floated the idea of nation state sponsored cryptocurrency, in this case backed by oil reserves.It will be years until we know if this is a lasting idea. For now we can simply watch the rise and fall, but one big idea in crypto currency is the idea of a coin trader. If you have X branded digital assets you can use a coin trader to make a purchase from a seller that requires Y branded assets.
This is not limited to digital money. Ripple has two payment products for banks: xCurrent and xRapid. Only xRapid utilizes Ripple’s XRP token. Many banks are testing/using xCurrent. Western Union just became the fifth customer to test xRapid.
This is important because one of the most important measurements of money is velocity, how fast the money can be spent and reused. Coin traders and trading instruments like Ripple greatly accelerate the velocity of money.
With these incredible advantages come risks. Coin traders, can and have been hacked and robbed, after all digital currency is bought and sold using imperfect computers. And speed also means if it goes bad, it can go bad quickly. The idea of a trillion dollars in value destroyed in the wink of an eye is becoming possible.
Debt, Inflation, Hyperinflation
A result of leaving the gold standard for most nations was the creation of debt. In the US today, we have record levels of personal, corporate, and national debt. Inflation is the friend of debt. If I borrow $100 from you and inflation occurs, the dollars that I pay you back with are worth less than the dollars I borrowed, i.e. I borrow $100, but pay you back with the equivalent of $85. However, one of the main jobs of the Feb in the USA is to ensure inflation does not morph into hyperinflation where it takes a wheelbarrow of money to purchase a loaf of bread.
Summary
In order to have anything but a short-lived and transitory effect on the value of a currency, it would take a significant amount of assets and other factors that have already placed the currency in a weakened state. With the combined weight of a government who has a vested interest in correct deception and savvy investors who would quickly discovery it, perception based electronic attacks would not be likely to succeed.It is possible that a large-scale denial of service attack could disrupt an economy enough to eventually lead to currency devaluation; however, the scale would have to be many orders of magnitude larger than has yet been seen. September 11th has shown that the American economy can sustain several days of suspended economic activity and few denial of service attacks have been able to be maintained for that long.
In short, without the full backing and commitment of another nation, a significant investment of resources, and a willingness to be identified (at least the nation) as being behind the attack, direct long-term currency manipulation is not likely. If anyone can disrupt the US economy, it is China, they hold something on the order of $2 Trillion dollars in US debt, they would have to take a loss to do so, the impact on the Yuan which has been tied to the dollar for a very long time can not be calculated.[6]
This article is based on earlier research by John C. A. Bambenek and Stephen Northcutt
John Bambenek is an academic professional at the University of Illinois at Urbana-Champaign and a handler for the Internet Storm Center.
1 http://www.youtube.com/watch?v=_NMu1mFao3w
2 http://seekingalpha.com/article/120220-kanjorski-and-the-money-market-funds-the-facts
3 http://uk.reuters.com/article/UK_COMKTNEWS_MORE/idUKLB77042220090212
4 http://en.wikipedia.org/wiki/United_States
5 http://cse.stanford.edu/class/cs201/projects-98-99/financial-transactions/large_investors2.htm
6 http://seekingalpha.com/article/120547-why-china-can-t-dump-u-s-treasuries
Additional links:
http://www.wnd.com/news/article.asp?ARTICLE_ID=59692
http://www.washingtonpost.com/wp-dyn/content/article/2009/05/21/AR2009052104401.html
http://www.letstalkfutures.com/2009/05/28/can-the-us-lose-its-aaa-credit-rating/
http://users.erols.com/ziqbal/oct5.htm
http://www.pbs.org/wgbh/commandingheights/shared/minitextlo/int_mahathirbinmohamad.html
https://commodity.com/blog/hyperinflation/
Friday, January 26, 2018
Tips for success: How to draw a simple historical map
We will use the land given by God to Israel for this example.
1) Locate that part of the world. Joshua 1:4 NIV
Your territory will extend from the desert to Lebanon, and from the great river, the Euphrates—all the Hittite country—to the Mediterranean Sea in the west.
We are in the Middle East.
2) Orient your paper, North is usually pointing to the top.
3) Find the edges. Use a search engine to find a map that is bigger, (covers more territory), than you need. That is to prevent you from running out of paper. We need the boundaries for North, South, East, West. Here is one map that has Lebanon, the Euphrates, and Mediterranean Sea marked. Now we need to find the Hittites, check several maps, it is that blob between the Black Sea and the Mediterranean Sea.
4) Use a pencil so you can erase if you are badly out of whack.
5) The Euphrates is a boundary. It goes on the East, (right side) of the paper. It travels South East, (down and right) and ends in the Persian Gulf, a handy landmark. The river should go from the top of your paper, to at least the bottom third. When you draw a river, use this pattern ... ____ ... ____
6) The Black Sea. We don't know exactly where the Hittite boundary is to the North, but putting in a bit of the Black Sea will give you a handy landmark. It goes on the top left of the paper. When you draw a sea, add some parallel lines in areas you are not using for labels.
7) The Mediterranean and Red Seas. These go on the left side of the paper and are essentially the same down and right angle as the Euphrates. Make sure to leave some room on the left hand side of the paper for Egypt.
8) The desert. We do not know the boundary exactly, but it terminates to the North at the Mediterranean Sea. It runs South in a strip of land to the West, left, of the Red Sea. It runs South to be about even with the South end of the Euphrates, (where it terminates in the Persian Gulf), and from that Southern point, East to the Euphrates.
9) Modern cities. One of the easiest to place is Beirut, because it is in a bend of the Mediterranean Sea. That makes it easy to locate and position Damascus.
1) Locate that part of the world. Joshua 1:4 NIV
Your territory will extend from the desert to Lebanon, and from the great river, the Euphrates—all the Hittite country—to the Mediterranean Sea in the west.
We are in the Middle East.
2) Orient your paper, North is usually pointing to the top.
3) Find the edges. Use a search engine to find a map that is bigger, (covers more territory), than you need. That is to prevent you from running out of paper. We need the boundaries for North, South, East, West. Here is one map that has Lebanon, the Euphrates, and Mediterranean Sea marked. Now we need to find the Hittites, check several maps, it is that blob between the Black Sea and the Mediterranean Sea.
4) Use a pencil so you can erase if you are badly out of whack.
5) The Euphrates is a boundary. It goes on the East, (right side) of the paper. It travels South East, (down and right) and ends in the Persian Gulf, a handy landmark. The river should go from the top of your paper, to at least the bottom third. When you draw a river, use this pattern ... ____ ... ____
6) The Black Sea. We don't know exactly where the Hittite boundary is to the North, but putting in a bit of the Black Sea will give you a handy landmark. It goes on the top left of the paper. When you draw a sea, add some parallel lines in areas you are not using for labels.
7) The Mediterranean and Red Seas. These go on the left side of the paper and are essentially the same down and right angle as the Euphrates. Make sure to leave some room on the left hand side of the paper for Egypt.
8) The desert. We do not know the boundary exactly, but it terminates to the North at the Mediterranean Sea. It runs South in a strip of land to the West, left, of the Red Sea. It runs South to be about even with the South end of the Euphrates, (where it terminates in the Persian Gulf), and from that Southern point, East to the Euphrates.
9) Modern cities. One of the easiest to place is Beirut, because it is in a bend of the Mediterranean Sea. That makes it easy to locate and position Damascus.
Monday, January 8, 2018
Tips for Success: Description for an optional talk
There are two types of presentation opportunities: mandatory and optional. This post is a discussion of the latter.
The two pieces of information that your prospective audience uses to decide whether or not to attend your talk are the title and the description. The title is discussed here: https://securitywa.blogspot.com/2018/01/tips-for-success-selecting-title-for.html
After a reader looks at the title, they decide whether to inquire further, that usually leads to the description of the talk. It may be called the introduction, summary, abstract, or something else, but for it to be useful it must describe what the talk is about. For this reason, we are using the term, "talk description".
A talk description is similar to an abstract, it should be short, (target 200 words, shorter, or, longer may make sense). It should cover the four Ws: What, Why, When, Where. The better ones inform, delight and invite.
- We inform by briefly covering the subject matter of the talk, (what).
- We delight by sharing an insight, touching on a shared emotion, giving the potential audience a reason to want to attend our talk, (why).
- We invite by making sure they know they are welcome, cover the when and where, as well any costs or requirements.
It should read/play well in both written and oral forms. Some people consume information better by reading, others by listening, the description should support either. Never assume it will only be published in one form or the other. Many speakers have been surprised by a host "introducing" their talk which often consists of reading the speaker's bio and talk description. When I was a SANS instructor, we read the "morning announcements" to the class. This included the optional evening talk presenters, title, and description. Most importantly, the world is changing; ten years ago we consumed most of our information by reading, today, more and more people connect to information by speech and sound, (just look for the earbuds).
The two pieces of information that your prospective audience uses to decide whether or not to attend your talk are the title and the description. The title is discussed here: https://securitywa.blogspot.com/2018/01/tips-for-success-selecting-title-for.html
After a reader looks at the title, they decide whether to inquire further, that usually leads to the description of the talk. It may be called the introduction, summary, abstract, or something else, but for it to be useful it must describe what the talk is about. For this reason, we are using the term, "talk description".
A talk description is similar to an abstract, it should be short, (target 200 words, shorter, or, longer may make sense). It should cover the four Ws: What, Why, When, Where. The better ones inform, delight and invite.
- We inform by briefly covering the subject matter of the talk, (what).
- We delight by sharing an insight, touching on a shared emotion, giving the potential audience a reason to want to attend our talk, (why).
- We invite by making sure they know they are welcome, cover the when and where, as well any costs or requirements.
It should read/play well in both written and oral forms. Some people consume information better by reading, others by listening, the description should support either. Never assume it will only be published in one form or the other. Many speakers have been surprised by a host "introducing" their talk which often consists of reading the speaker's bio and talk description. When I was a SANS instructor, we read the "morning announcements" to the class. This included the optional evening talk presenters, title, and description. Most importantly, the world is changing; ten years ago we consumed most of our information by reading, today, more and more people connect to information by speech and sound, (just look for the earbuds).
Tips for Success: Selecting a title for an optional talk
There are two types of presentation opportunities: mandatory and optional. This post is a discussion of the latter.
A quick scan of your local community news, a visit to a conference, the monthly meeting of your organization all tend to have something in common, optional talks. A busy reader scans the information making a decision on whether they might be interested in attending.
The headline, most important piece of information is the talk title. Consider these five titles taken from upcoming webcasts at SANS January 2018:
Improving Your Defenses - CredentialGuard in Windows 10
What Event Logs? Part 1: Attacker Tricks to Remove Event Logs
Head Hacking
How to Build & Maintain an Open Source SIEM
Are You in Control? Managing the CIS Critical Security Controls within your Enterprise
Assuming you are interested in the general topic of cybersecurity, are there any titles that cause you to reject further investigation of the talk by reading its title? Do any really reach out and grab you?
Different things appeal to individuals, here are off-the-cuff thoughts of two of them:
Head Hacking
= What's that? Probably social engineering. Do I care enough to click to read more?
How to Build & Maintain an Open Source SIEM
= Boring, but possibly useful. I would probably click to read more.
Now let's look at the two longest examples:
What Event Logs? Part 1: Attacker Tricks to Remove Event Logs
= Consider: Attacker Tricks to Remove Event Logs
Are You in Control? Managing the CIS Critical Security Controls within your Enterprise
= This one is hard. The word "control", used twice, has a different meaning in each use. This causes cognitive dissonance. Most people will probably ignore this talk because of its title.
Tips for titles:
- Keep it short, while explaining what the talk is about.
- Feature the subject matter, if you have chosen a subject people want to hear about they will be interested.
- Avoid humor unless your presentation is about comedy. You are vying for time from busy people.
- Avoid abbreviations and acronyms unless you are certain your audience regularly uses them.
A quick scan of your local community news, a visit to a conference, the monthly meeting of your organization all tend to have something in common, optional talks. A busy reader scans the information making a decision on whether they might be interested in attending.
The headline, most important piece of information is the talk title. Consider these five titles taken from upcoming webcasts at SANS January 2018:
Improving Your Defenses - CredentialGuard in Windows 10
What Event Logs? Part 1: Attacker Tricks to Remove Event Logs
Head Hacking
How to Build & Maintain an Open Source SIEM
Are You in Control? Managing the CIS Critical Security Controls within your Enterprise
Assuming you are interested in the general topic of cybersecurity, are there any titles that cause you to reject further investigation of the talk by reading its title? Do any really reach out and grab you?
Different things appeal to individuals, here are off-the-cuff thoughts of two of them:
Head Hacking
= What's that? Probably social engineering. Do I care enough to click to read more?
How to Build & Maintain an Open Source SIEM
= Boring, but possibly useful. I would probably click to read more.
Now let's look at the two longest examples:
What Event Logs? Part 1: Attacker Tricks to Remove Event Logs
= Consider: Attacker Tricks to Remove Event Logs
Are You in Control? Managing the CIS Critical Security Controls within your Enterprise
= This one is hard. The word "control", used twice, has a different meaning in each use. This causes cognitive dissonance. Most people will probably ignore this talk because of its title.
Tips for titles:
- Keep it short, while explaining what the talk is about.
- Feature the subject matter, if you have chosen a subject people want to hear about they will be interested.
- Avoid humor unless your presentation is about comedy. You are vying for time from busy people.
- Avoid abbreviations and acronyms unless you are certain your audience regularly uses them.
Thursday, January 4, 2018
Tips for Success: Powerpoint summary presentation of a research paper
Executive Summary: the most common medium to summarize research papers has changed, but the underlying concepts and goals remain the same.
Introduction: before the PC and PowerPoint, when you completed your research paper it was very common to create a poster summarizing your paper. Many young scientists and engineers remember what it is like to be one of twenty posters in a large hall at technical conferences. You would stand next to your poster and recite the elevator pitch summarizing your research and paper to other scientists that walked by with glasses of wine and plates of hors d'oeuvres.
PowerPoint: today instead of a poster, most researchers use PowerPoint and give a short presentation. The goals have not changed, they are:
- To inspire colleagues to read your paper
- To build name recognition for yourself and your work
- To share your passion for a problem, issue, and/or potential solution
Presentations regardless of medium: the same guidelines apply whether the medium is poster, PowerPoint, or increasingly, short video presentation:
- Match your presentation to your audience's knowledge level. If they are working in the field, do not waste their time with the basics.
- Focus your message, what are the three golden nuggets you want them to "take away?"
- Convey your message visually. Avoid tiny print, very busy slides, charts that do not actually inform, and be aware of red/green colorblindness with both the slides and laser pointer.
- Distance, be aware of the distance between your screen and the audience. This applies to live presentations and presentations viewed over the Internet. In a large room, people sitting in the back row may lose out, but people in the middle of the room should be able to understand.
- Remember some of your audience may be non-native English speakers or of a different culture, be careful with jargon, jokes and idioms.
- Be professional, avoid "cutesy slides", be consistent with fonts and font sizes.
- Be organized, tell them what you are going to tell them, tell them, tell them that you told them.
1.1 Added fonts and font sizes thank you S. Ramsey
Introduction: before the PC and PowerPoint, when you completed your research paper it was very common to create a poster summarizing your paper. Many young scientists and engineers remember what it is like to be one of twenty posters in a large hall at technical conferences. You would stand next to your poster and recite the elevator pitch summarizing your research and paper to other scientists that walked by with glasses of wine and plates of hors d'oeuvres.
PowerPoint: today instead of a poster, most researchers use PowerPoint and give a short presentation. The goals have not changed, they are:
- To inspire colleagues to read your paper
- To build name recognition for yourself and your work
- To share your passion for a problem, issue, and/or potential solution
Presentations regardless of medium: the same guidelines apply whether the medium is poster, PowerPoint, or increasingly, short video presentation:
- Match your presentation to your audience's knowledge level. If they are working in the field, do not waste their time with the basics.
- Focus your message, what are the three golden nuggets you want them to "take away?"
- Convey your message visually. Avoid tiny print, very busy slides, charts that do not actually inform, and be aware of red/green colorblindness with both the slides and laser pointer.
- Distance, be aware of the distance between your screen and the audience. This applies to live presentations and presentations viewed over the Internet. In a large room, people sitting in the back row may lose out, but people in the middle of the room should be able to understand.
- Remember some of your audience may be non-native English speakers or of a different culture, be careful with jargon, jokes and idioms.
- Be professional, avoid "cutesy slides", be consistent with fonts and font sizes.
- Be organized, tell them what you are going to tell them, tell them, tell them that you told them.
1.1 Added fonts and font sizes thank you S. Ramsey
Tips for success: The Research Proposal
There is a “chicken and egg” problem associated with almost all research proposals. Before submitting the proposal, the student is expected to:
1) Come up with an idea of something they would like to research.
2) Conduct first level research, (also known as Google, and perhaps other, searches), looking for information related to the topic. When you fill out the research proposal this is the information that is referred to as:
Review Existing Literature.
- As you learn more, by reviewing literature, it should be possible to refine your topic idea.
-You may also discover that your initial topic has been heavily covered by material that has already been published.
-If the topic has been researched and the results published, then there may be a more focused approach to the general topic area that is not already researched and published.
Please go through this process before filling out and submitting the research proposal. With that in mind here are some tips for the remainder of the research proposal:
Discuss the literature. The template states between 2 - 5 pages. There is a danger in being wordy, your thoughts and intents may be lost. Make your first effort to explain your research topic idea in the context of existing literature in 2 pages. If you need more that is fine, but, in general, do not feel like you need 5 pages.
Identify the research question. This is where the faculty research committee that evaluates your proposal will turn first. What is the problem you are trying to solve? If you are having a hard time putting that into a paragraph, that could be a bad sign. The research question should be obvious to you and to others.
Research methods. If you have a topic and question and there is no way to conduct original research to prove or disprove a thesis, this is not a workable proposal. We understand that some of this has to be figured out as we go along, that is what research is all about. However, it is imperative that you have a way to start. Hope is not a strategy, have a plan on how to prove or disprove your thesis.
Significance of the study. We are talking about a lot of work, let’s all agree this is worth doing before we dive in.
Proposed title. This comes last for a reason. At this point you have given this a lot of thought. They tell writers that your title is your contract with your audience. Try to avoid cute titles, you would be amazed at some of the title proposals that are submitted to the committee. Instead try to summarize the point, the thesis, in a single title. If you absolutely need a subtitle the world will not come to an end, but precise and concise is best.
1) Come up with an idea of something they would like to research.
2) Conduct first level research, (also known as Google, and perhaps other, searches), looking for information related to the topic. When you fill out the research proposal this is the information that is referred to as:
Review Existing Literature.
- As you learn more, by reviewing literature, it should be possible to refine your topic idea.
-You may also discover that your initial topic has been heavily covered by material that has already been published.
-If the topic has been researched and the results published, then there may be a more focused approach to the general topic area that is not already researched and published.
Please go through this process before filling out and submitting the research proposal. With that in mind here are some tips for the remainder of the research proposal:
Discuss the literature. The template states between 2 - 5 pages. There is a danger in being wordy, your thoughts and intents may be lost. Make your first effort to explain your research topic idea in the context of existing literature in 2 pages. If you need more that is fine, but, in general, do not feel like you need 5 pages.
Identify the research question. This is where the faculty research committee that evaluates your proposal will turn first. What is the problem you are trying to solve? If you are having a hard time putting that into a paragraph, that could be a bad sign. The research question should be obvious to you and to others.
Research methods. If you have a topic and question and there is no way to conduct original research to prove or disprove a thesis, this is not a workable proposal. We understand that some of this has to be figured out as we go along, that is what research is all about. However, it is imperative that you have a way to start. Hope is not a strategy, have a plan on how to prove or disprove your thesis.
Significance of the study. We are talking about a lot of work, let’s all agree this is worth doing before we dive in.
Proposed title. This comes last for a reason. At this point you have given this a lot of thought. They tell writers that your title is your contract with your audience. Try to avoid cute titles, you would be amazed at some of the title proposals that are submitted to the committee. Instead try to summarize the point, the thesis, in a single title. If you absolutely need a subtitle the world will not come to an end, but precise and concise is best.
Tips for Success: Writing a graduate level essay
Executive summary: Essays and other short writing pieces at the graduate level are expected to be concise, insightful and correctly written. Their purpose is to persuade, explain, or inform.
Tips for success:
1) Have a message to share. This seems obvious, but in a world of word processors, grammar checkers, and search engines it is possible to produce a document that looks good, but doesn't actually communicate useful information. The successful writer knows what he is going to say before starting to write. If you are struggling with step one, try this:
A) Walk around the block, talk to yourself in the shower, do whatever works for you to verbalize and focus on your message. State your thesis and the reasons why you think it is true. B) Use a voice recorder, (most cell phones have this ability). Record your thesis and primary supporting arguments. Let it sit for 24 hours. C) Listen to your recording. If your message still makes sense, build your outline.
2) Support your assertions. Invest the time to do research, (hint, if you type a short phrase into Google and build your paper from the first page of results, that doesn't count as research).
A) Look for "whitespace," (the term used to refer to blank areas on printed documents, can also be used to describe topic areas that have not been exhaustively covered by other authors and researchers). The goal of your research is to cover the topic from a new angle or perspective.
B) Note counterarguments. You may find information that contradicts your assertions. The best writers know there are counterarguments and acknowledge them.
3) Remember the reader. People rarely have to read what you write. Back in the era of printed books, every author knew that if they couldn't get the reader to turn from page 1 to page 2, the book was lost. With online publications, the abstract and introduction have to "sell" the paper, if not, page abandonment is just one click away.
A) Make sure you convey the value of the paper to the reader early in the process.
B) Make it easy for the reader, everything from the font, formatting to word choice should be chosen with the reader in mind. Correct grammar and spelling are a must in this respect.
C) Be ruthless with word count. If a word, sentence, or paragraph is not directly related to the central point, replace it with one that is.
Tips for success:
1) Have a message to share. This seems obvious, but in a world of word processors, grammar checkers, and search engines it is possible to produce a document that looks good, but doesn't actually communicate useful information. The successful writer knows what he is going to say before starting to write. If you are struggling with step one, try this:
A) Walk around the block, talk to yourself in the shower, do whatever works for you to verbalize and focus on your message. State your thesis and the reasons why you think it is true. B) Use a voice recorder, (most cell phones have this ability). Record your thesis and primary supporting arguments. Let it sit for 24 hours. C) Listen to your recording. If your message still makes sense, build your outline.
2) Support your assertions. Invest the time to do research, (hint, if you type a short phrase into Google and build your paper from the first page of results, that doesn't count as research).
A) Look for "whitespace," (the term used to refer to blank areas on printed documents, can also be used to describe topic areas that have not been exhaustively covered by other authors and researchers). The goal of your research is to cover the topic from a new angle or perspective.
B) Note counterarguments. You may find information that contradicts your assertions. The best writers know there are counterarguments and acknowledge them.
3) Remember the reader. People rarely have to read what you write. Back in the era of printed books, every author knew that if they couldn't get the reader to turn from page 1 to page 2, the book was lost. With online publications, the abstract and introduction have to "sell" the paper, if not, page abandonment is just one click away.
A) Make sure you convey the value of the paper to the reader early in the process.
B) Make it easy for the reader, everything from the font, formatting to word choice should be chosen with the reader in mind. Correct grammar and spelling are a must in this respect.
C) Be ruthless with word count. If a word, sentence, or paragraph is not directly related to the central point, replace it with one that is.
Tips for Success: Writing a technical report
A technical report conveys information about an issue, product, or event. Even though the document usually targets one group of readers, it should have value to a wide ranging audience: management, technical colleagues, and interested third parties such as customers or investors. The sections of a technical report vary, but in general, readers expect an: abstract, executive summary, introduction, body, conclusion and when needed supporting technical documentation.
Abstract: This is your contract with your reader. It should be very concise and simply tell them what the document is about so they can decide it they wish to read it. This is different than an executive summary which tells the reader what they need to know. Try to target 100 - 200 words.
Executive Summary: Even though this is part of the technical report, consider printing separate one page copies of the executive summary, or paginating the technical report, so that busy senior executive can simply refer to this part of the report to learn what the authors and reviewers feel they need to know. Make sure you are clear on actionable recommendation. For more specific guidance on the executive summary please see:
https://securitywa.blogspot.com/2017/11/tips-for-success-writing-executive.html
Introduction: This part of the technical paper establishes the structure of the information you wish to share. Ideas, concepts, or issues brought up in the introduction should be aligned with the executive summary and fully explored, or explained in the body of the paper. NOTE: assertions in the introduction should be supported, either immediately by citations, (SANS and GIAC require APA), or by the results of lab experiments referenced later in the technical report, or supporting technical documentation.
Body: The body of the technical report supports the executive summary and must be written to be useful to both management and technical colleagues. Cybersecurity reports commonly describe the issue at hand, risks, and expand on immediate, medium term, and long term recommendations that are briefly mentioned in the executive summary. NOTE: avoid the trap of explaining basic material. There is a tutorial for almost every 101 level topic. Simply reference the best tutorial on any subject your paper covers and move on to explain new, applicable, actionable, information.
In general the body is one of the largest sections of the document. Consider the use of white space, headings, subheadings, bulleted or numbered lists, tables and possibly color to help make the meaning of the information clear. If you see a single paragraph that is a half a page or longer that is a sign the body needs organizational work.
Conclusion or summary: The secret to great written and oral communication is to tell your audience what you are going to tell them, tell them about the issue with supportable detail, and then tell them you have told them. A good way to write a conclusion is to take the introduction, verify that you have covered all of its points and then summarize what you have shared. After you have written the conclusion, take the time to compare it to the executive summary to ensure that you have fully explained the information you wish to share with a C-level executive.
NOTE: it may be appropriate to mention opportunities for further research, or development, in the conclusion.
Additional technical information, lab notebooks, technical appendices: This is the part of the technical report targeted squarely at subject matter experts in the topic area. Screen shots, packet traces, output of tools and so forth are difficult to read. Place them at the end of the document, arrange them so that readers can see how the information supports your assertions, or duplicate your work. For additional guidance on a lab notebook, please see:
https://securitywa.blogspot.com/2017/11/sansedu-ise-6100-assignment-lab.html
Version 1.0 1/4/2018
Version 1.1 1/6/2018 Executive summary: make sure it is actionable. Body: move past the basics, avoid large blocks of text with no white space.
Abstract: This is your contract with your reader. It should be very concise and simply tell them what the document is about so they can decide it they wish to read it. This is different than an executive summary which tells the reader what they need to know. Try to target 100 - 200 words.
Executive Summary: Even though this is part of the technical report, consider printing separate one page copies of the executive summary, or paginating the technical report, so that busy senior executive can simply refer to this part of the report to learn what the authors and reviewers feel they need to know. Make sure you are clear on actionable recommendation. For more specific guidance on the executive summary please see:
https://securitywa.blogspot.com/2017/11/tips-for-success-writing-executive.html
Introduction: This part of the technical paper establishes the structure of the information you wish to share. Ideas, concepts, or issues brought up in the introduction should be aligned with the executive summary and fully explored, or explained in the body of the paper. NOTE: assertions in the introduction should be supported, either immediately by citations, (SANS and GIAC require APA), or by the results of lab experiments referenced later in the technical report, or supporting technical documentation.
Body: The body of the technical report supports the executive summary and must be written to be useful to both management and technical colleagues. Cybersecurity reports commonly describe the issue at hand, risks, and expand on immediate, medium term, and long term recommendations that are briefly mentioned in the executive summary. NOTE: avoid the trap of explaining basic material. There is a tutorial for almost every 101 level topic. Simply reference the best tutorial on any subject your paper covers and move on to explain new, applicable, actionable, information.
In general the body is one of the largest sections of the document. Consider the use of white space, headings, subheadings, bulleted or numbered lists, tables and possibly color to help make the meaning of the information clear. If you see a single paragraph that is a half a page or longer that is a sign the body needs organizational work.
Conclusion or summary: The secret to great written and oral communication is to tell your audience what you are going to tell them, tell them about the issue with supportable detail, and then tell them you have told them. A good way to write a conclusion is to take the introduction, verify that you have covered all of its points and then summarize what you have shared. After you have written the conclusion, take the time to compare it to the executive summary to ensure that you have fully explained the information you wish to share with a C-level executive.
NOTE: it may be appropriate to mention opportunities for further research, or development, in the conclusion.
Additional technical information, lab notebooks, technical appendices: This is the part of the technical report targeted squarely at subject matter experts in the topic area. Screen shots, packet traces, output of tools and so forth are difficult to read. Place them at the end of the document, arrange them so that readers can see how the information supports your assertions, or duplicate your work. For additional guidance on a lab notebook, please see:
https://securitywa.blogspot.com/2017/11/sansedu-ise-6100-assignment-lab.html
Version 1.0 1/4/2018
Version 1.1 1/6/2018 Executive summary: make sure it is actionable. Body: move past the basics, avoid large blocks of text with no white space.
Tips for success: Writing an Executive Summary V 1.4
An executive summary should be included on most cybersecurity reports, proposals, analysis papers, and research papers. Points to consider when creating one include:
- Brevity and conciseness. It should target 200 - 300 words. That takes practice.
- Recommendations. If the paper is addressing a problem it should briefly mention immediate, medium and long term time frame actionable recommendations.
- Supportable and defensible. While the executive summary is designed for easy reading and digestion of information, supporting data should be easily available. This could be in the form of the accompanying paper, or appendices as appropriate.
- WIIFM. Whenever we communicate from someone else, we need to answer the question What's In It For Me. The C-suite will want to be briefed on why this information is important to the business.
- Well written. If it scores below 90 on Grammarly, you have work to do. Consider the "Napoleon's Private" test, ( have someone else read it and tell you what they feel it means).
- On topic. State the topic, problem, recommendation as needed. Do not put extraneous information in the executive summary.
- No humor. This is not a place for jokes or humor, they can be misinterpreted.
- Avoid acronyms and "techo babble". As techies we speak a different dialect of English than management. Avoid writing anything that is hard for them to understand.
- Designed to be scanned or read rapidly. In general, when you produce an executive summary, it is for someone above your pay grade. Don't make them work to get the message, Make it plain.
- Readable fonts and font sizes. It is very likely your organization has a style guide. Use it. Executives are accustomed to various formats. Under no circumstances shrink the font to make the executive summary fit on one page; your audience very likely has older eyes than you do.
Change history:
Version 1.1 don't use acronyms
Version 1.2 why do I care :)
Version 1.3 1/4/18 alignment with GSM 200 - 300 words, recommendations
Version 1.4 stress actionable
- Brevity and conciseness. It should target 200 - 300 words. That takes practice.
- Recommendations. If the paper is addressing a problem it should briefly mention immediate, medium and long term time frame actionable recommendations.
- Supportable and defensible. While the executive summary is designed for easy reading and digestion of information, supporting data should be easily available. This could be in the form of the accompanying paper, or appendices as appropriate.
- WIIFM. Whenever we communicate from someone else, we need to answer the question What's In It For Me. The C-suite will want to be briefed on why this information is important to the business.
- Well written. If it scores below 90 on Grammarly, you have work to do. Consider the "Napoleon's Private" test, ( have someone else read it and tell you what they feel it means).
- On topic. State the topic, problem, recommendation as needed. Do not put extraneous information in the executive summary.
- No humor. This is not a place for jokes or humor, they can be misinterpreted.
- Avoid acronyms and "techo babble". As techies we speak a different dialect of English than management. Avoid writing anything that is hard for them to understand.
- Designed to be scanned or read rapidly. In general, when you produce an executive summary, it is for someone above your pay grade. Don't make them work to get the message, Make it plain.
- Readable fonts and font sizes. It is very likely your organization has a style guide. Use it. Executives are accustomed to various formats. Under no circumstances shrink the font to make the executive summary fit on one page; your audience very likely has older eyes than you do.
Change history:
Version 1.1 don't use acronyms
Version 1.2 why do I care :)
Version 1.3 1/4/18 alignment with GSM 200 - 300 words, recommendations
Version 1.4 stress actionable
Tips for Success: Creating/maintaining a Lab Notebook
Executive Summary: a lab notebook in this context is a record of the research component of your group project.
Context: when you are assigned a 6100 group project you will be expected to:
- Receive the assignment, meet as a group to determine a plan of attack, produce and submit a project plan to satisfy the components of the assignment.
NOTE: faculty welcomes questions about the assignment. Contact data is embedded in your assignment.
- Begin development of a report. These vary based on the contemporary real world assignment your group is given, but in general have two major components:
+ A non-technical summary of your findings and recommendations
+ A technical report on the work that you did, the lab notebook
A lab notebook historically was a composition book, or similar paper record, where researchers logged their expectations, observations, experiments and results. Today in the automated world, while paper records are still useful they tend to be electronic, often including screen shots.
Example lab notebook from the PCAP contest.
When your lab notebook is graded, the faculty will be looking for the following components:
- A logical flow of experimentation based on the problem you were assigned and the solution approach outlined in the project plan.
- Expectations, hypotheses, theses, before you begin an experiment, there should be a clear understanding of what you are testing, what you hope to achieve.
- Details of the experiment sufficient to reproduce your results. This commonly includes essential record keeping: dates, times, locations, and software versions are common artifacts.
- Results, these can be fairly terse and informal, they will be summarized in the non-technical report
- Analysis, were the results what you expected? Do they affect the planned logical flow of experimentation.
NOTE: Unexpected results, miscalculations, surprises, happen, they are as much a part of research as expected results. Simply record what happened and your analysis. In some cases these may cause the group to update the project plan. That is not a problem, project plans are designed to be updated.
Context: when you are assigned a 6100 group project you will be expected to:
- Receive the assignment, meet as a group to determine a plan of attack, produce and submit a project plan to satisfy the components of the assignment.
NOTE: faculty welcomes questions about the assignment. Contact data is embedded in your assignment.
- Begin development of a report. These vary based on the contemporary real world assignment your group is given, but in general have two major components:
+ A non-technical summary of your findings and recommendations
+ A technical report on the work that you did, the lab notebook
A lab notebook historically was a composition book, or similar paper record, where researchers logged their expectations, observations, experiments and results. Today in the automated world, while paper records are still useful they tend to be electronic, often including screen shots.
Example lab notebook from the PCAP contest.
When your lab notebook is graded, the faculty will be looking for the following components:
- A logical flow of experimentation based on the problem you were assigned and the solution approach outlined in the project plan.
- Expectations, hypotheses, theses, before you begin an experiment, there should be a clear understanding of what you are testing, what you hope to achieve.
- Details of the experiment sufficient to reproduce your results. This commonly includes essential record keeping: dates, times, locations, and software versions are common artifacts.
- Results, these can be fairly terse and informal, they will be summarized in the non-technical report
- Analysis, were the results what you expected? Do they affect the planned logical flow of experimentation.
NOTE: Unexpected results, miscalculations, surprises, happen, they are as much a part of research as expected results. Simply record what happened and your analysis. In some cases these may cause the group to update the project plan. That is not a problem, project plans are designed to be updated.
Subscribe to:
Posts (Atom)