Earnest Engineer

Essential Security Practices for Your Personal Systems Ensuring a minimal level of cybersecurity, privacy, and availability on your personal systems means you need to manage the following essential practices. This is a brief overview of recommendations from sources like CISA, NSA, etc., focused on personal laptop, phone, and other systems' security. Anti-virus  I've found you'll get the best anti-virus protection and usability from a paid product - I've always had good luck with Norton labeled products. If you are looking for current vendor offerings see:  https://www.pcmag.com/picks/the-best-antivirus-protection Regardless of whether you choose to use a commercial product or open-source anti-virus tool, it is absolutely something you need to use. This is the minimally needed level of system security. Once installed, ideally, it should be invisible until there's a security problem it can't prevent or solve.   Backups You need to have at least a minimal level of ...

The NICE framework from a RACI point of view The NICE framework ( NIST SP 800-181 rev. 1) established a standard approach for describing cybersecurity work, in order to help stakeholders share a common language and ideally improve how to identify, recruit, develop and retain talent. It breaks down cybersecurity work role categories into: Oversight and Governance; Design and Development; Implementation and Operation; Protection and Defense; Investigation.  Which is very cybersecurity-centric and not related to common tools for project management within companies. Especially smaller enterprises that do not have dedicated people to mange and coordinate cybersecurity needs. A  RACI chart  is   a project management tool used to define and clarify roles and responsibilities within a project team.   It stands for Responsible, Accountable, Consulted, and Informed, and visually represents who is responsible for what, who is accountable for the outcome, who needs to be c...

Typescript is a statically typed language, that is a superset of JavaScript. I've had the discussions and debates about that aspect of the language. I am all for static typing. Any way my tools can help me be better is alright by me. So I avoid the ' any ' type designation and make sure I have guards on ' unknown ' types, as much as I can.  Any  does not carry any useful type information, while unknown does, and allows it to enforce type checking.  Anything can be assigned to a variable of type unknown , but an unknown value cannot be assigned to variables of other types without explicit type assertion or narrowing. Similarly, no operations are permitted on an unknown value until its type is refined. This behavior ensures type safety and prevents runtime errors. (Refined with help from google). I bring this up because I was arguing with the compiler recently because I'd assumed both made no use on any type information in any circumstance - because I haven't ...

From the  EU  MDCG 2019-16 Guidance on Cybersecurity for medical devices, December 2019 , this is the guidance on foreseeable risks.  Medical device manufacturers should ensure that a medical device is designed and manufactured in a way that ensures that the risks associated with reasonably foreseeable environmental conditions are removed or minimised. This may include the infield monitoring of the software’s vulnerabilities and the possibility to perform a device update (outside the context of a field safety corrective action) through, for example delivering patches to ensure the continued security of the device. During the risk management process, the manufacturer should foresee or evaluate the potential exploitation of those vulnerabilities that may be a result of reasonably foreseeable misuse. This, however, may depend on the specific situation. For example, using an unsecured memory-stick to enter data into a medical IT system can be considered “reasonably foreseeabl...