Security Basics mailing list archives
Re: Writing papers on Information Security
From: "Bob Radvanovsky" <rsradvan () unixworks net>
Date: Tue, 22 Nov 2005 16:24:47 -0600
I saw a few suggestions about SANS. Now...a word of advise to you about SANS. If you submit something to them, they will claim ownership to it REGARDLESS IF THEY USE IT OR NOT. SANS provides alot of useful ideas and topics for you to choose from. Think about what it is that interests YOU first, then move outward. For example, if you have a clique that you often hang out with, talk to your friends and worker colleagues that you wish to pursue further endeavors and have thought about writing a few whitepapers. You might be surprised as to what your friends and work colleagues might say in return. ;)) Also, for subject matter, believe it or not, C-net and EWEEK are really good areas to think about. There's LOTS of things to discuss about IT, comuter technology, security, social impacts, etc. Alot depends on what YOU think is relevant. Remember: YOU are the writer. The whole idea is to inform, educate and entertain (not necessarily in that order, as some of your papers may be entirely satirical, while others are VERY serious). If you want some examples, visit my web site: http://www.unixworks.com Take a look at "r&d", which is where the whitepapers are currently: http://www.unixworks.com/uw-research.html Take some time and read them a bit. Give you an idea of what and how a whitepaper should convey. You don't want to make it TOO TECHNICAL -- otherwise, you'll bore your audience. Aim for a high-school level (11th or 12th grade), and give *some* technical details, but not too technical. Also, if its something worthwhile, you might want to hold off from publishing it and patent it instead (just an idea). If it is something questionable, disclaim it. State that it's for "educational purposes only to information and educate"; if possible "sanitize" your examples so places that you've used aren't unnecessarily hammered on by hackers. ;)) Going back to as far as topics are concerned, think about what interests you the most. If you are interested in firewalls, then write up something on firewalls. Don't make "fictional" stuff. And if it is, state clearly that it's hypthetical or fictional in nature. People don't like too many surprises. If you have issues at work about a particular system or application that an annoyance, WITHOUT GIVING TOO MANY DETAILS THAT WOULD GET YOU FIRED, think about what you'd like to see to improve that application or system. Or if it's a method that's bass ackwards in nature, consider coming up with a possible scenario (or 2, or 3) and then develop a possible solution. Whitepapers aren't a "thesis"; that is, they don't *need* to be proven -- just compelling. You don't have to have a proof, but you DO need a conclusion or summary at the end of your paper. ;)) There are a few other places that I forgot to mention: http://www.infosecwriters.com is an AWESOME place for ideas. Also, just because someone has written something doesn't mean that YOU can't write about it, or even take some of other people's ideas and expand on them even further. WARNING: GIVE CREDIT WHERE CREDIT IS DUE. If you take material from other people, footnote it, and if you find that you're taking on ALOT of their material, get their permission. A good writer is ALWAYS honest -- up front. If you snag material from other authors, and footnote, you (usually) don't have pay for having a copy. it's when you start charging money for the paper that will turn people off, and get the writers that you've taken their material from, pissed at you. So... C-NET SANS EWEEK INFOSECWRITERS.COM Check those out. There are more -- much more. Be creative, be open, and let yourself be opened to possibilities. Remember: YOU are the writer. You can write whatever the Heck you WANT to write. It's entirely up to you! ;)) -rad ----- Original Message ----- From: "Vikas" <vikassinghyadav () gmail com> To: "Bob Radvanovsky" <rsradvan () unixworks net> Sent: Tuesday, November 22, 2005 2:21 PM Subject: Re: Writing papers on Information Security
Hello Bob, Thanks for the peace of advice . It was insightful, humorous and gave me what I wanted to know in a
nutshell
It's well taken and I will start on those guidelines. This is for basic/interediate level topics The second part of my question was on how can I pick up a area to research on When I say research I mean something new as in a Phd(Doctorate) or a
Masters
thesis without doing one. I am in a job where I can spare time :-) How can I get topics in my area of Interest where I can research on some unexplored field If I was in a University some Professor could have guided me Where do I get this guidance from now. Any suggestions Regards Vikas ----- Original Message ----- From: "Bob Radvanovsky" <rsradvan () unixworks net> To: <security-basics () securityfocus com> Cc: "Vikas" <vikassinghyadav () gmail com> Sent: Tuesday, November 22, 2005 9:17 PM Subject: Re: Writing papers on Information SecurityActually, it's quite simple. To write an effective whitepaper, you will need the following prior to beginning your writing endeavor: (1) Your favorite beverage (whether or not if it's alcoholic or not does make some difference, esp. if you want people to actually understand
you;
I prefer Red Bull mixed with vodka and a little cherry juice for flavor). (2) Your favorite munchie (chips, pretzels, cookies -- it's all the
same).
(3) Pick a day and time that you'll not be interrupted. To write a
really
good whitepaper, you will need a few hours of serious thinking time. (4) Pick a topic that you feel compelled to write about. Honeslty, it doesn't matter what you wriet about, as you write complete sentences and make a compelling statement or argument. If you feel that you need to write for a caus,e then do so -- but remember that you will have thousands of people reviewing your article. You are making yourself known to people throughout the ENTIRE WORLD -- via a shared medium which we call "The Internet". The topic shouldn't be so controversial that you want to create a rift in people choosing sides. Rather, pick a topic that allows
people
to *think* about something. Tantalize them to want to come back to your
web
site to read more about you. This is the recipe for the makings of a great writer. ;)) (5) Some ideas for a compelling topic should be "safe" insofar that you don't pick on, or negatively reflect a manufacturer, service provider,
or
even your government. You want people to read your material, and you
want
"return customers" to come back again, and again, and again. (6) As an "information security professional", you should avoid
seriously
criticizing anyone. Most certifications out there have a Code of
Ethics.
By criticizing an organization, in most cases, you are in violation of your Code of Ethics, and if found probably, can be refused or denied your certification, or (if you've already passed and been granted your certification) might even have your certification revoked. Be careful
in
how you choose your words. If you don't care of the consequences, then write away; otherwise, think before writing. ;)) (7) Some sample topics for you to consider: SCO vs. IBM lawsuit, the future of "open source", privacy issues, biometrics, intrusion systems, firewalls, best practices (this is often times a VERY good topic to use -- gives
some
"meat" that many people want), or even lessons learned practices (what
NOT
to do in case of ...). (8) Some sample topics to stay the Heck away from: blasting our government, blasting Microsoft, blasting any organization for lousy security
practices
or products, etc. -- you get the picture, right? (9) Make a compelling case. Provide as much *fact* as possible before making your aargument. This makes a good recipe for "Debate 101", and again, you want "return customers". ;)) (10) Write a whitepaper because you WANT to dit, not because to HAVE to, or are after money, power or control. Those are the WRONG reasons for writing a whitepaper. (11) And most importantly -- HAVE FUN DOING IT!!! You should *write* a whitepaper because you WANT to write a whitepaper. This will help make you known in certain circles and cliques out there. You won't get famous
over
it, but people will begin to know who YOU are. If you remember these simple but useful tips, you will go far... ;)) Good luck! -rad ----- Original Message ----- From: "Vikas" <vikassinghyadav () gmail com> To: <security-basics () securityfocus com> Sent: Friday, November 18, 2005 12:28 PM Subject: Writing papers on Information SecurityCan anyone guide me on how to write papers on topics of InforamtionSecurityand also If I want to research in this field how can I start off . I am just a system admin with some experience on security. I have donesomebasic reading and would like to research on specific fields . How do i select these as I don't have any mentors or professors guiding me. Any help is welcome Thanks Vikas
Current thread:
- Writing papers on Information Security Vikas (Nov 21)
- Re: Writing papers on Information Security Ivan . (Nov 22)
- Re: Writing papers on Information Security Don Parker (Nov 22)
- Re: Writing papers on Information Security Bob Radvanovsky (Nov 22)
- Message not available
- Re: Writing papers on Information Security Bob Radvanovsky (Nov 23)
- Message not available
- RE: Writing papers on Information Security security (Nov 23)
- IPS and Sony BMG Root Kit Genjii (Nov 25)
- <Possible follow-ups>
- RE: Writing papers on Information Security Lalit Gupta (Nov 22)
- RE: Writing papers on Information Security Bytheway, Robert W (Nov 22)
- Re: RE: Writing papers on Information Security rsradvan (Nov 23)