Tech Journal 1 - FlameSpyro/Tech-Journal GitHub Wiki

The Types of Bias

  • Motivational Bias: This is when we change or filter our actions based on what we personally believe.

  • Cognitive Bias: Can be very similar to motivation, however, these actions are more based upon unconscious decisions that we may not be aware of.

  • Nonverbal Bias: Throwing away our personal opinions to go with a group's idea. This could be to appeal to the group or just pressure.

  • Affinity Bias: Based upon the history with a person. An example is that a college buddy could give a different answer than a complete stranger.

  • Similarity Bias: When one specific trait or action of a person is significantly highlighted and used that as a baseline for everything else about the person.

  • Halo/Horns Effect: A feeling of wanting to work with people who are either similar to us or have the same opinions on a matter.

  • Contrast Effect: The comparison of skills a person has for a specific task.

  • Attribution Bias: A very natural thing where when a failure occurs, one of the first actions is to blame something as an excuse.

  • Confirmation Bias: Looking for evidence to support a claim that we have on a particular person.

  • Conformity Bias: Giving off a positive or negative attitude based on the way we dress or stand.

Risk Management Framework

What is RMF?

  • RMF stands for Risk Management Framework and is the process of integrating security and privacy within the system development life cycle. The risk aspect is based on its approach which is to specify the effectiveness of the applicable laws. It's very important to manage these risks for effective information security and privacy programs. This framework is compatible with old and new systems and even IoT devices.

RMF Task

  1. Preparation The first step would be to plan out and lay out the groundwork for the following steps. For example, say a medical center is being established, what would be important to protect? What security measures would be good to have?

  2. Categorization This is where we would break down the information and devices into categories depending on security risk levels. As of writing this, I would organize them into tiers. This helps with a smoother setup in the following step.

  3. Selecting Security Controls From the categories, we created in the previous step, its good to plan out what measures could be added to protect each tier. Which one needs the most? Which ones need easy management?

  4. Implement the Security This step just involves now physically implementing the proper security control to each tier. This could also be a good double-check for any good security ideas to be included or added on.

  5. Assess Security Controls Now that everything is implemented, it's now time to double-check to make sure everything is up and running to prevent an accidental hole through errors!

  6. Authorization In this step, you need to authorize the system, a process that must be made by a senior official at the community medical practice example. It provides accountability by requiring the senior management to make the decision of if the security and privacy risk is acceptable to the business.

  7. Monitoring Last but not least would be to constantly monitor the newly implemented security controls in the field. Just because a system is well secured and setup doesn't mean there isn't a blindspot. Having proper monitoring through a system by proper antivirus and updates along with backups. Or in the case that something somehow slips by and allows for a chance to spot and react to the breach in security.