SimplyBASICsoftware

Simple Software … Simply Effective Results

Information Security Strategy

Equally important are these three elements of a comprehensive corporate security strategy:

  1. Infrastructure components to do as much threat mitigation as practical with a reasonable ROI.

  2. A comprehensive set of written policies that outline very specific roles, responsibilities, and methods.

  3. An ongoing Security Awareness Training program so every employee becomes a front line security watchdog.

Documentation should be developed at two levels. At the highest level are a small number of non-technical policies that outline the goals of the organization and enforcement of these goals. The policies should carry explicit endorsement by the highest level of management. The second level is a set of written standards that specifically outline, in sufficient technical detail, various infrastructure requirements and the roles and responsibilities to maintain compliance with these standards.

The documents themselves should be owned by specific functions within the organization and carry an explicit review process to ensure they are kept current.

Policy topics:

  1. Overall policy that defines organizational security directives endorsed by senior company executive(s).

  2. Overall acceptable use policy that defines the behavior of every employee in the use of Information Technology assets.

  3. Set of Standards (below) that defines in detail how the technical details of the Information Technology infrastructure will be managed.

  4. Specific technology (i.e. firewalls, intrusion detection/prevention systems, virus protection software, etc.) to aid in stopping common threats.

Standards topics:

  1. Security Awareness Training process

  2. Risk Management, Roles and Responsibilities

  3. Access provisioning process details, Access Review process details

  4. System Administration procedures

  5. Malware Protection

  6. Authentication

  7. Remote Access

  8. Firewall Management

  9. Logging and Monitoring procedures

  10. Wireless (WiFi) Management

  11. Information Technology Review and Audit procedures

  12. Information Technology Asset Management procedures

  13. Encryption Process, Key Management for encryption

  14. Server Room Protection

  15. Media Protection, Media Disposal

  16. Information Classification, Information Handling

  17. Business Resilience Program

  18. Backup and Restore procedures

  19. System Development security procedures

  20. Change Management procedures

  21. Data Integrity Management

 

June 20, 2011 Posted by | Uncategorized | | Leave a comment

Corona iPhone and Android Devlopment

These guys are headed for “World Domination” at least in the iPhone and Android SDK arena.  They support just about any iOS and Android device.  If you try you can write a physics app that can be nearly 100% source code compatible across platforms.  With the introduction of their Widgets a while back you can also write some really nice looking business apps.

Check it out here:  http://www.CoronaLabs.com

I have had great luck with iPhone and Android development.  This opens up a new avenue.

 

April 26, 2011 Posted by | SimplyBASICsoftware News | , , | Leave a comment

When Programming Was Fun

 

I recently saw an advertisement headline in a magazine that read “Remember when programming was fun?“. If you have recently tried to write a small Microsoft Windows GUI based program to do some modestly complex task using popular tools you may have discovered programming is not very much fun any more. Today the tools try to “help” and be everything for everybody but generally the learning curve is very steep. All you wanted was a few hundred lines of core logic but it needed to be in a GUI. To use some of these tools you have to be an expert in underlying technologies like COM and dot Net that just don’t seem to be very friendly. Maybe you did not even want to install dot Net on the target machine.

Dot Net has thousands of classes (maybe tens of thousands by now) to do just about anything you want but who has time to even find the class you need when the list gets that long.

Programming can still be fun if you use the right stuff.

I remember when programming was more fun. In the “old days” (pre PC) I thought nothing of sitting down and writing 4,000 lines of assembler code on a machine that had no time of day clock and I even had to keep track of time. I learned a lot about chip architecture, interrupts, and what happens at that level. During the same time period I wrote many hundreds of thousands of lines of code in BASIC and a few other languages but I always seemed to think about the underlying architecture. The assembler experience was invaluable in understanding the hardware even when I was using BASIC. Over the years using BASIC syntax in various dialects became as fluent as my English. I even wrote a B-Tree file indexing system in BASIC before any affordable commercial database application existed.

Over the years Microsoft Windows, and other environments, have led to levels of abstraction that make understanding the machine seem not important. All of the push toward object oriented programming and the dot Net environment, in my opinion, has not really simplified things but made them more complex. You can do many cool things if you can figure out how to use the tools. The simple program in BASIC that many will remember, PRINT “Hello World”, now generates hundreds of thousands bytes of machine code from many modern day compilers.

Object oriented code, while practical for large teams working on the same project, simply makes the structure and overall architecture much more obscure.  Debugging gets harder and sometimes there is unexpected or even unexplained behavior of an “object” that the compiler added.

Others seem to share my opinion but we seem certainly to be in the minority. Here is a reference from the author of Font Forge, George Williams:

 Click here http://fontforge.sourceforge.net/faqFS.html and then scroll down to “Why isn’t FontForge written in C++”.

It seems odd that somebody would ask that question and his choice of language would need to be defended.

Stay tuned to learn how to write a 2d physics game for an iPhone or Android based device. Now that can be some seriously fun programming.

 

April 21, 2011 Posted by | SimplyBASICsoftware News | | Leave a comment

MarsEdit – Blog Editing “Out of this World”

I just downloaded and installed MarsEdit from red sweater and it makes blog editing a dream.  You should check it out.  It meets our vision of Simple Software.

April 20, 2011 Posted by | SimplyBASICsoftware News | | Leave a comment

SimplyBASICsoftware – What works

Notes and ramblings on Software Development
and a variety of other programming topics.

Over the years I have developed millions of lines of code.  Mostly in dialects of BASIC but not always.  One thing I have found … simple is better.  When things get too complex they become hard to build and hard to use and hard to maintain.

You will find lots of opinions here and I know as opinions go they are not absolute truths.  My paradigm is uniquely mine but it does work for me.

Our Vision
Simple Software … Simply Effective Results

So follow along in these topics and see what you think.  And thanks for reading.

Mark Strickland, Security+
Chief Engineer

April 17, 2011 Posted by | SimplyBASICsoftware News | Leave a comment