It has been a while since there has been a post on the Uni. Security Blog. There is good reason, lots of work, you would have guessed correctly.

What has happened recently and I have come out of my hole to write something?

InfoSecurity Europe 2008 for starters.

Yes, we went to it and had a fun time looking around at what is new and hip in Industry (from an IT security point of view.). And, yes we got a few freebies (mainly pens). Undergrads and Graduates might be interested in visiting the exhibition as companies have someone from HR hunting for new blood. There were also lots of free training sessions and seminars (and lots of info can be ofund on the site http://www.infosec.co.uk). I still have no idea why Google was there showcasing their premium email service (How about we argue about Google being more secure than your Outlook server?). At least they were there, not like Symantec that just had a sticker on a pillar under HP. Overall, it was great. If you want to go to the talks you need more than one day though!

and Security at Glamorgan Uni.

Before the Uni. administrators start going crazy, let me make it clear that I am not attacking any of their systems or methods. Having said that let me get started. I skim (like you don’t skim read things!) read a great article on ‘The Psychology of Security’ by Ryan West, Communications of the ACM, (Vol.51, Num.4, 2008, pp34-40) and exerted the following:

‘Risk and uncertainty are extremely difficult concepts for people to evaluate. For designers of security systems, it is important to understand how users evaluate and make decisions regarding security.

Users aren't stupid, they're unmotivated. ...To conserve mental resources, we generally tend to favor quick decisions based on learned rules and heuristics. While this type of decision making is not perfect, it is highly efficient. It is efficient in the sense it is quick, it minimizes effort, and the outcome is good enough most of the time. This partially accounts for why users do not reliably read all the text relevant in a display or consider all the consequences of their actions.’ (do I hear someone saying ‘like you skim reading’).

Where am I going with this exert? After sitting on one of the PCs in the 24hour Open Lab (J1), I found a series of interesting information from students that previously where sitting on the machine. The amount of assignments, dissertations and personal items (e.g. photos) just sitting on the machine waiting for someone else to come and pick them up, is tremendous. It is important to remove any work to avoid others from making copies of your work.

With this posting I would like to raise Student awareness, when saving work locally on publicly used machines. Why? Cause anyone can access a document and plagiarise/copy it. Save all your work and documents to a personalised folder and delete it once you have transferred your work to a USB stick or CD.