Evan R. Anderson
Instructor: Information Systems and Cybersecurity
Project Management
Network Systems Administration
Business Management
Subject Matter Expert: Information Technology
Business Administration
Professional Interests
Sociology of Technology
As a professional technologist, I am fascinated with people and the tools they build. I'm particularly interested in the many ways people choose to use—and misuse—their tools, often with no regard for the design objectives by which the tools were initially created. Not surprisingly, I also marvel at the astonishment tool designers experience when their creations are misused with socially detrimental consequences. As a topic of research, this gap between tool designer and tool user is of special interest to me when the tool in question involves information technology.
Cyberethics
In the ultra-connected world of tomorrow, even a seemingly minor decision made by an unknown person in an obscure corner of the planet might well pose an immediate and irremediable consequence for countless others in far-off places. It is critical that now—while we still have time—we begin a universal conversation about what kind of world we hope to create with the tools our emerging technology will give to us. In particular, we simply must improve our collective ability to promote constructive behavior over destructive behavior before we begin ceding life-and-death decisions to our machines. To do otherwise seems to me an act of utter insanity.
IT Risk Management
Risk management is “the process of identifying, assessing, and controlling threats to an organization's capital and earnings.” Applied to information technology, risk management involves investigating and appraising the vulnerabilities and threats faced by information resources and determining what avenues of protection are warranted.” My interest in risk management is not limited to this traditional definition. In my professional view, risk management should seek to safeguard corporate assets from business vulnerabilities and threats, but only in a way that also protects the privacy and dignity of employees and customers.
Security Policies
A security policy is “a document that states in writing how a company plans to protect the company's physical and information technology (IT) assets. A security policy is often considered to be a ‘living document’, meaning that the document is never finished, but is continuously updated as … requirements change.” It is not enough, however, just to create security policies. Organizations must establish formal frameworks with which to monitor, manage, and maintain their policies. I am far more interested in these security policy frameworks than I am in any particular set of policies.
Ethical Hacking
Also known as penetration testing, ethical hacking is a simulated cyberattack methodically designed “to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.” Ethical hackers utilize the same tools and techniques used by malicious hackers—the difference is the rules of engagement approved by the system owners under which ethical hackers carry out their simulated attacks. Ethical hacking is an essential component of a comprehensive information security strategy, an action that must be routinely employed in order to achieve reasonable information assurance.
Digital Forensics
Digital forensics, sometimes referred to as computer forensics, is “the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.” Although forensic analysis is most often associated with criminal investigations by law enforcement entities, it also plays an important role in every information security framework, usually as part of a broad incident management and response process.
Technical Project Management
According to TechTarget, “IT project management is the process of planning, organizing and delineating responsibility for the completion of an organizations' specific information technology (IT) goals. IT project management includes overseeing projects for software development, hardware installations, network upgrades, cloud computing and virtualization rollouts, business analytics and data management projects and implementing IT services.” When technical projects fail, the cause of failure isn’t usually bad technology, but because inadequate project management. No organization can realize the full benefit of its investment on technology unless it utilizes an appropriate methodology to manage that technology.
_______________________________________________________________________
The technical definitions quoted on this page come from http://whatis.techtarget.com/.