The Use of Plain Language in Cybersecurity

The use of plain language is important in cybersecurity because of the range of people that will be interacting with this information. All industries can be affected by a cyber attack, which means that people in these industries will need to learn about basic cybersecurity best practices to keep themselves, and their companies safe. The best way to convey this information is through plain language.

Plain language is important because it allows for the information to be understood universally, without needing to change it for each audience. Employee education is critical in today’s world because of the constantly evolving threat of cyber attacks. Using plain language allows people in all departments of a company to understand the content, from IT to the sales department.

It also eliminates the need to explain jargon because it isn’t being used. The best way to lose an audience is to keep overloading them with jargon that they don’t understand. A good analogy would be a doctor explaining their diagnosis to a patient with all the different medical terms and jargon they know. It would overload the patient and confuse them. People are less likely to do what you need them to do if they’re confused about why they need to do it.

Plain language is important because it allows for information to be shared to a wider audience with different levels of background knowledge of cybersecurity. It helps them understand the issue at stake and how to better protect themselves from cyber attacks.

Ryne Krueger

Advertisements

6 Steps for an Efficient Incident Response Plan Infographic

I made an infographic laying out the six steps for an efficient incident response plan, which I talked about in my last blog post. I decided to simplify the infomation presented and show it in a visual format.


-Ryne Krueger

6 Steps for a Efficient Incident Response Plan

An Incident Response Plan is used when there is a cyber attack on a company or corporation. This is typically used right after the discovery of the attack so that the company can get back to normal operations as quickly as possible. Here are 6 steps to an effective incident response plan.

1.    Assemble your team

The first step when assembling your Incident Response team is to appoint a team leader who will handle all communication and decision making with management.  This way decisions can be made quickly and efficiently. This team should consist of security professionals, communication, and legal staff to properly plan an internal response and a response to the public. Most breaches will require public notification, which is why the legal and communication staff is important.

2.    Detect and Ascertain the source

This team should go through internal systems to locate the cause of the breach, and where the breach came from. The team can do this by auditing their systems for suspicious activity or by using anti-malware software to find malware.

3.    Contain and Recover

Once the breach cause of the breach is located, it needs to be contained so it can’t spread any further. This can involve different steps based on what was used in the attack. It can involve shutting down network access for computers infected with malware or disabling the accounts of insiders to prevent further access. Then, the company needs to recover from this attack. Affected systems should be backed up for forensic examination later. Then the team needs to use back-up files to get the affected systems back to normal.

4.    Assess the damage and severity

This next step is to assess how bad the attack was once it is patched up and fixed. This is the time to look at the cause of the event and to figure out how it happened. It is important to determine what prevention mechanisms worked or failed. When it comes to determining the severity of the attack, it is always better to consider the event more severe.

5.    Begin notification process

Once the damage is accessed, the IR team must begin notifying customers, and any applicable government agencies in accordance with law. It is important to notify customers as soon as possible so that they can be aware of any attempts of identity theft. It also lets them know to change their password to any accounts as soon as possible.  

6.    Start to prevent the same style of attack in the future.

This last step is preventing the same style of attack in the future. Now that someone has gotten into your system, it is important that they can’t get back in the same way. It would look bad if your company kept getting breached the same way because they didn’t learn from their mistakes. This is also an opportunity to look at security as a whole, and to find other potential vulnerabilities and preemptively fix them.

There is one thing I would change with this process. I would add after step two to notify customers about the breach. This is so that they know to change passwords and to make them aware of the breach. This also allows them to take steps to protect themselves from this breach as much as possible. I would then keep the notification at step 5 with more information later on. I believe it is always important to keep customers informed on what is going on. It will let them know that you care about keeping their data secure and that you are taking this very seriously. It also allows you to get out ahead of the backlash from customers by notifying them immediately.

I got these steps from here.

Ryne Krueger

Importance of Plain Language in Information Technology

Honestly, I have learned a lot in this class and they have all changed my writing skills in one way or another. A couple of most important things to remember is to research your audience, keep the piece clear and concise to capture a wider audience, and try to use visuals to capture the interest of readers. I learned new ways to start writing a document, like logical mapping which I have never used before. I learned the different types of documents and which situation demands what kind of solution. I currently work for Information Technology Services at RIT, and if there’s one thing I have learned, never assume what the front person may or may not know. I realized that many end users, irrespective of their technical knowledge, prefer visuals to understand something. For instance, if a user is trying to map a printer, they would rather have visuals (screenshots) showing them an example, instead of just a set of instructions.

Plain language is pretty important in my profession, mostly because people have varying levels of education and technical knowledge. Another thing to notice is that the kind of language you use will vary intensively from how you communicate with your peers, for instance systems administrators and security analysts to name a few, and how you communicate with end users. One rule that has helped me a lot is if you do not know the person at the end of the line, start off with as simple plain language you can, and work your way up to more technical terms if you deem the person has that knowledge and expertise. I sometimes help someone who has performed all basic troubleshooting I would have performed to find what is wrong, and this tells me that the user at least has some technical knowledge.

Overall, using plain language can sometimes be as effective as using very technical terms in order to get your point across to the reader. This class has helped me a lot in honing my writing skills.

– Smayan Daruka

Summary of “Don’t twist the prose” by Larry Kunz

In this blog post, Larry talks about the importance of writing clear instructions. He talks about overthinking things usually makes for a more complex and difficult to understand scenario. As Larry mentioned, it is better to come back to something later with a fresh mind to effectively get your point across to the reader. Larry continues to back up his point by describing the importance of translation. He mentions how important it is for the person translating to have the background knowledge. He concludes the post by talking about the importance of verifying information before it actually gets released to the general public. He talks about the usability of the instructions and how nice it would have been had they verified their instructions with one English speaker.

Overall, I found this blog post really informative since it highlights the basic and most important concepts of technical communication/writing. It is important to keep in mind the target audience for technical communication, or for that matter, any piece of writing. I will continue to keep these things in mind as I improve my skills to become an effective communicator.

Smayan Daruka