IT Toolkit
What is an IT Toolkit? It is essential reference materials in the form of links, annotated bibliographies and other resources which help to form a backdrop for the professional. Information technology and the digital world is in a constant state of reinventing itself, these resources are being constantly updated as well.
Also, using a “search” will be a great tool. You can search any webpage by simply doing a ctrl f (“f” for find) and a little box opens up, mine does in the upper right hand side of the page, put the keyword in, and you will have little arrows to take your through each presentation of that keyword.
I begin this toolkit with Job Descriptions because this is such an invaluable tool for anyone. As for me, my list of links is invaluable.
The INFOSec Website provided this excellent example of “definitions” in the form of job descriptions.
“Each job profile includes a job description, responsibilities, duties, related certifications, hard skills, soft skills, degree/education requirements, salary information, job outlook information, current job listings, related articles, and a plethora of other relevant information.”[1]
- SCADA Technician
- Ethical Hacker
- Information Assurance Analyst
- IT Business Analyst
- Information Architect
- Chief Security Officer (CSO)
- Information Assurance Manager
- Risk Analyst
- Vulnerability Researcher
- Incident Responder
- Computer Forensics Investigator
- Penetration Tester
- Business Continuity Manager
- Data Center Manager
- Information Technology (IT) Manager
- Data Recovery Specialist
- Malware Analyst
- Cryptographer
- Chief Technology Officer (CTO)
- Chief Information Security Officer (CISO)
- Job Titles. INFOSEC INSTITUTE, 2015. Retrieved September 25, 2015, from INFOTEC RESOURCES: http://resources.infosecinstitute.com/job-titles.
LMC Loop and Skip Condition Calculations
Coding LMC Control Flow
Most programs contain some form of conditional logic, e.g. IF statements that affect the usual linear flow of control in the program. Programming conditional logic means turning the pseudocode logic into statements written in mnemonic form for the Little Man Computer (LMC). The LMC has no IF, WHILE, FOR or other structured statements; we must use the limited control flow instructions available to us to implement structured code. Little Man Computer Controls
700-terabytes-of-data-into-a-single-gram
URL Embedded Attacks: Attacks using the common web browser
A popular misconception is that web hacking and defacement is difficult, often requiring detailed technical knowledge and specialist tools. Unfortunately, one of the best tools in a hacker’s arsenal is the common web browser. URL Embedded Attacks
CyberTab, 2015. Booz Allen Hamilton. Retrieved 4 Jun 2015, from The Economist Intelligence Unit: Economist Intelligence/
Booz Allen Hamilton, begun in 1914, is an internationally recognized consulting firm with offices in twelve countries and the US. They serve the US Government, civilian agencies as well as defense and intelligence; commercial sectors of energy, financial, health, high tech manufacturing, specialized services as well as nonprofits and clients in the Middle East and Southeast Asia. Their advanced technology consulting services “provide clients with highly skilled experts and engineers who maintain a deep knowledge of leading technologies.” Retained by the Economist Intelligence Unit, Booze Allen created a site that enables the visitor to obtain vital information. “CyberTab is an anonymous, free tool that helps information-security and other senior executives understand the damage to companies inflicted by cybercrime and attacks.” It offers tools to help evaluate “the cost of potential attacks to better understand your risks and security-investment choices” and help assess the actual costs of an attack. According to Wikipedia, the Economist Intelligence Unit was founded in 1946 and “is an independent business within The Economist Group providing forecasting and advisory services through research and analysis.” The elegance of this tool according to the website is that the visitor can remain anonymous and all information is maintained securely, unless the visitor wishes to submit.[3][4].
Guttman, B. and Roback, E.A. An Introduction to Computer Security: The NIST Handbook – Special Publication 800-12, 1995. Retrieved 2014, from NIST: Computer Security Division: NIST Computer Security Handbook
The NIST Handbook on Computer Security was published in 1995 and written by Barbara Guttman and Edward A. Roback. Guttman is presently “the Acting Chief of the Information Access Division” and “also the Program Manager for Digital and Identification Forensics, which is a NIST-wide program encompassing digital evidence and forensic identification using biometrics. Her permanent position is as the leader of the Software Quality Group, where she led projects in computer forensics and software assurance. Roback, while at NIST, served in numerous capacities, including Chief of the Computer Security Division, and in 2005, “joined the U.S. Department of the Treasury . . . when he was appointed the Department’s first Associate Chief Information Officer for Cyber Security.” As an agency of the U.S. Commerce Department’s Technology Administration, NIST conducts basic and applied research in the physical sciences and engineering, and develops measurement techniques, test methods, standards, and related services. The Institute does generic and precompetitive work on new and advanced technologies. Most recently, in a press release issued 25 June 2015, NIST “has formally revised its recommended methods for generating random numbers, a crucial element in protecting private messages and other types of electronic data.” [6][7]
Myers, L. Technical White Paper: Guide to DDos Attacks, Apr 2015. Retrieved from Center for Internet Security: Guide to DDoS Attacks
Lee Myers, the Security Operations Manager for CIS, published a detailed white paper, which according to the introduction, is a “guide to aid our partners in their remediation efforts of Distributed Denial of Service (DDoS) attacks.” The Center for Internet Security (CIS) is a 501c3 nonprofit organization whose mission, according to its website and annual report, “is to enhance the security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS serves as the key cyber security resource for state, local, tribal and territorial governments, including chief information security officers, homeland security advisors and fusion centers; produces consensus-based, best practice secure configuration benchmarks and security automation content; and provides products and resources that help partners achieve security goals through expert guidance and cost-effective solutions.” The Multi-State Information Sharing & Analysis Center (MS-ISAC) is “the focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local, tribal, and territorial (SLTT) governments. The MS-ISAC 24×7 cyber security operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response.” [12]
Virginia Tech. John Louis von Neumann. VT.edu. 2002/02/09. Web. 21 Jan 2012.
History – VonNeumann.
Englander, Irv. The Architecture of Computer Hardware, Systems Software, and Networking:
An Information Technology Approach. 4th ed. Hoboken: John Wiley and
Sons, 2009. Print.
“What does the cloud represent in a network diagram?” WikiAnswers. Answers Corporation.
n.d. Web. 21 Jan 2012. What Does the Cloud Represent in a Network Diagram?
The role of IT Governance is the implementation of best practices within IT.
IT Governance Institute (ITGI) www.itgi.org . IT Governance Using COBIT and ValIT: Student Book, 2nd Edition. 2007.
IT Governance focuses on “ IT’s delivery of value to the business and the mitigation of IT risks.”
http://www.iiba.org/ This organization focuses on all aspects of BA (Business Analysis) and also has a reduced membership fee for students – a very active chapter here in Atlanta that meets every month for networking and engaging presentations. The organization also has a BABOK and a BA certification path.
Decision Support Tools: Porter’s Value Chain. Retrieved January 31, 2013, from IFM Management, Technology, Policy, University of Cambridge: http://www.ifm.eng.cam.ac.uk/research/dstools/value-chain-/
CEB, 2015. IT Governance. Retrieved September 12, 2015, from CEB: https://www.cebglobal.com/exbd/information-technology/cio/research-library/it-governance/index.page.
“CEB is a best practice insight and technology company. . . . With more than 30 years of experience working with top companies to share, analyze, and apply proven practices … Every year we equip over 20,000 senior leaders from more than 10,000 organizations across 110 countries with the intelligence they need to respond quickly to evolving business conditions.”
Implementing and Continually Improving IT Governance, 2015. Retrieved August 23, 2015, from ISACA Knowledge Center: http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Implementing-and-Continually-Improving-IT-Governance1.aspx.
IT Governance. Free Tool Kit Trials, 2015. Retrieved August 23, 2015, from: IT Governance Limited: http://www.itgovernanceusa.com/freeaspx
Simpson, J. IT Manager’s Toolkit by Jerry Simpson, 2013. Retrieved August 23, 2015, from Google: https://sites.google.com/site/itmanagerstoolkit/it-toolkit/best-practices.
Following the same protocols for communications and definitions as the IT Strategy and IT Policy committees will help ensure the monitoring and evaluations that the IT Governance committee is scheduling to be performed. This risk management function is essential in the overall governance of the IT organization.
The role of IT Policy is to formulate the procedures essential to ensure that the enterprise is protected and the policies are implemented correctly.
Communications is key and central to obtaining desired performance in strategic areas. Helping to ensure that participants in developing IT Policy are utilizing best practices can in part be achieved by creating a circulation list with a matrix for types of communications. Depending on the size of the organization, this matrix can become a key driver for effective development of policies, making certain the right people view the material and communicate needed changes, etc. should be a minimum requirement. Also utilizing the definitions provided by the IT Strategy committee will be an effective tool as well. As additional definitions become evident and purposeful, the escalation to the IT Strategy committee will again help to ensure their usefulness over the life of the organization.
Adapted from the University of Michigan:
IT Policies articulate values, principles, strategies, and positions relative to IT and they are designed to guide organizational and individual behavior and decision making; they are also concise, high-level, and independent of a given technology.
The role of IT strategy is mapping out the alignment of IT with business goals and strategic plans of the business. The aligning of IT with these goals is transformative.
1) Establish a communications procedure for all those participating in the development of IT Strategy. 2) Require agreement on definitions to be used in formulating IT Policy and implementing IT Governance. This is one sure way to help ensure everyone is on the same track by speaking the same language. The definitions should be attached as an appendix for inclusion in any policy development. 3) Changes to and additions should be appended to the circulation list for the approval by the IT Strategy committee, and once approved, a revised appendix of definitions should be forwarded to the IT Policy Committee and IT Governance Committees.
Summary of the advancement of Visible Light Communication: Visible light communication-a data communication medium using visible light between 400 THz (780 nm) and 800 THz (375 nm). Ordinary fluorescent lamps or LEDs can be used to transmit data for up to 2 km at speeds of up to 500 Mbit/s. While this advancement has not been integrated toward data transmission for the general user, the theory has been implemented for several years in research labs and experiments for varying purposes like TV displays, car positioning systems, and others.
Visible Light Communication
Introduction to VLC & some research references: More on Visible Light
Shortcuts:
Yuri, K. TranslatorsCafe, 2015. Retrieved September 26, 2015, from Anvica Software Development: Data Storage Conversions
Technical definitions and data conversions.
Wu, O.D. Computer Data Measurement Chart, nd. Retrieved 2012, from University of Florida Wu Home Page: Computer Data Measurements
Combines definitions with speed, time, capacities of digital world, including telephony.
best explanation on 2’s complement!
links for conversions and training:
digital to binary:
best web for bit vs bytes
awesome help on binary addition: Add-Binary-Numbers
It takes 8 bits to form 1 byte which equals 1 character (255 variants are possible).
True, but some languages (eg Japanese) which use Kanji characters require more than one byte.
How_many_bits_required_to_represent_a_character
It depends on the encoding your using. With the ASCII encoding (which is, more or less, “standard” in most English-speaking countries, such as the United States), each character requires 1 byte.
However, another encoding, known as “Unicode”, has become increasingly prominent, even in English-speaking countries. A Unicode character requires 2 bytes to store a single character. Some programming languages are even beginning to make Unicode the default Encoding, or include some features that enables Unicode throughout a single project. Currently, the “System.String” class within the .NET Framework is made up of purely Unicode characters, with no capacity to change this without implementing some kind of a ‘hack’.
More is better:
the-real-difference-between-integers-and-floatingp
math practice Math Worksheets
BinHex
Convert-Hexadecimal-to-Binary-or-Decimal
YouTube Instructions
hex-to-decimal-converter
Electronics Tutorial – Binary-Bin3
Binary Number 1 – 100
Number Systems – Addition
Addition of Binary Numbers
How to Add Numbers
Enterprise Risk Management Risk assessment toolbox. University of California. 2012. Web. 11 Feb 2014. <http://www.ucop.edu/enterprise-risk-management/tools-templates/risk-assessment-toolbox.html.>
Campbell, Alexander. Top 10 operational risks for 2014. Risk.net. Incisive Financial Publishing Limited. 4 Nov 2013. Web. 10 Feb 2014. http://www.risk.net/operational-risk-and-regulation/special/2304586/top-10-operational-risks-for-2014.
Computer Workstations. OSHA.gov. U. S. Department of Labor. Nd. Web. 9 Feb 2014. https://www.osha.gov/SLTC/etools/computerworkstations/positions.html
Ellingwood, Christopher. It’s Not Always the Technology: The Top 10 Information Security Risks for 2011. BerryDunn. 2014. Web. 10 Feb 2014. <http://www.berrydunn.com/news-detail/top-10-information-security-risks.>
Enterprise Risk Management Risk assessment toolbox. University of California. 2012. Web. 11 Feb 2014. <http://www.ucop.edu/enterprise-risk-management/tools-templates/risk-assessment-toolbox.html.>
IT Governance Institute. “IT Governance Using COBIT and ValIT: Student Book, 2nd Edition.”http://infosys.uncc.edu/mbad7090/Slides2008/COBIT%20Student%20Book.pdf. 2007. Textbook. Web. 7 Feb 2014.
“IT Governance Using Cobit and Val IT: Caselets, 3rd Edition.” Information Systems Audit and Control Association. 2010. Document.
Inventory of Risk Management / Risk Assessment Methods. ENISA. 2005-2014. Web. 10 Feb 2014. <http://rm-inv.enisa.europa.eu/rm_ra_methods.html.>
Mizoguchi, Traci. Information Technology Risks in Today’s Environment. Deloitte Development LLC. 2014. Web. 10 Feb 2014.
Nielsen, Jakob. Security & Human Factors. Nielsen Norman Group. 26 Nov 2000. Web. 11 Feb 2014.
risk. businessdictionary.com. WebFinance, Inc. 2014. Web. 10 Feb 2014. <http://www.businessdictionary.com/definition/risk.html.>
Risk Management Tools. , Langley Research Center. Office of Safety and Mission Assurance, May 2, 2000. Web. 10 Feb 2014. <http://www.hq.nasa.gov/office/codeq/risk/docs/rmt.pdf.>
Rouse, Margaret. social engineering. SearchSecurity. TechTarget. 2014. Web. 10 Feb 2014. http://searchsecurity.techtarget.com/definition/social-engineering.
Template of Risk Management – Risk Assessment Tools. European Union Agency for Network and Information Security (ENISA). European Union. 2005-2014. Web. 10 Feb 2014. https://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/rm-ra-tools/template.
Wikipedia. IT risk. 22 Oct 2013. Web. 9 Feb 2014. http://en.wikipedia.org/wiki/IT_risk>