Add Security Best Practices Section to DISCOVER Cookbook #155
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ta, and ensuring legal compliance
…ance event safety
aterrel
requested changes
Jan 15, 2025
There was a problem hiding this comment.
- I don't think this page as written fits with the tone and depth of the guide. Would rather see something more along the lines of requirements for technical systems.
- Additionally the title is a bit misleading as the article is about "cybersecurity" which is important, but when I saw "security" I was thinking "physical security", i.e. how to have guards etc.
- Would move this to higher in the guide so contributing stays the last section.
|
|
||
| - **Test Your Backups Regularly**: | ||
| - Periodically check that your backup files are complete and can be restored without errors. | ||
| # `netcat`: A Powerful Network Tool to Use with Caution |
There was a problem hiding this comment.
This section seems out of place. Please remove.
There was a problem hiding this comment.
agreed - netcat is not relevant here.
|
|
||
| ## Practical Security Measures | ||
|
|
||
| 1. **Protect Online Forms** |
There was a problem hiding this comment.
The rest of the guide really doesn't dive into technical details of registration and web systems. I think this advice here is so overly vague as to not be helpful. Perhaps a better approach would be to provide checklist of features required by any conference web system.
|
Dear Andy,
Thank you for reviewing my pull request and providing valuable feedback. I
appreciate the time and effort you’ve taken to offer detailed suggestions
for improvement.
I understand your concerns regarding the tone, depth, and alignment of the
content with the project’s overall structure. Based on your
recommendations, I will work on refining the technical details, clarifying
the scope of security, and incorporating a practical checklist for event
management systems. I’ll also ensure that the revised content better aligns
with the guide’s standards.
Please let me know if there are any specific areas you’d like me to focus
on further.
Thank you for your guidance and support. I’ll notify you once I’ve made the
necessary updates.
Regards
Susmita
…On Wed, 15 Jan 2025 at 05:46, Andy R. Terrel ***@***.***> wrote:
***@***.**** requested changes on this pull request.
1. I don't think this page as written fits with the tone and depth of
the guide. Would rather see something more along the lines of requirements
for technical systems.
2. Additionally the title is a bit misleading as the article is about
"cybersecurity" which is important, but when I saw "security" I was
thinking "physical security", i.e. how to have guards etc.
3. Would move this to higher in the guide so contributing stays the
last section.
------------------------------
In DISCOVER/15_security_best_practices.md
<#155 (comment)>
:
> + - Protect your data with secure cloud storage solutions.
+ - Recommended services:
+ - [Backblaze](https://www.backblaze.com/) (Cloud backup for full systems).
+ - [Google Drive](https://drive.google.com/).
+ - [Dropbox](https://www.dropbox.com/).
+- **Follow the 3-2-1 Backup Rule**:
+ - Keep **3 copies** of your data: 1 primary and 2 backups.
+ - Use **2 different storage types** (e.g., external drive and cloud).
+ - Store **1 copy offsite** to ensure data safety in case of disasters.
+
+- **Automate Your Backups**:
+ - Schedule regular backups (daily, weekly, or monthly) to ensure all new files are saved.
+
+- **Test Your Backups Regularly**:
+ - Periodically check that your backup files are complete and can be restored without errors.
+# `netcat`: A Powerful Network Tool to Use with Caution
This section seems out of place. Please remove.
------------------------------
In DISCOVER/15_security_best_practices.md
<#155 (comment)>
:
> @@ -0,0 +1,109 @@
+# Ensuring Privacy and Security in Event Management
+
+Maintaining robust data privacy and security practices is crucial for safeguarding attendee information and ensuring a successful, trustworthy event.
+
+## The Importance of Privacy in Events
+
+Event organizers often collect sensitive attendee information, such as contact details, dietary restrictions, and accessibility needs. Protecting this data builds trust, enhances reputation, and ensures compliance with regulations like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).
+
+## Practical Security Measures
+
+1. **Protect Online Forms**
The rest of the guide really doesn't dive into technical details of
registration and web systems. I think this advice here is so overly vague
as to not be helpful. Perhaps a better approach would be to provide
checklist of features required by any conference web system.
—
Reply to this email directly, view it on GitHub
<#155 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BOIQJXR2E3YR2QINNEHIDM32KZKARAVCNFSM6AAAAABVBLZIIWVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDKNJSGYYTEMRRGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
danielskatz
reviewed
Mar 15, 2025
| @@ -0,0 +1,109 @@ | |||
| # Ensuring Privacy and Security in Event Management | |||
There was a problem hiding this comment.
As @aterrel wrote in a general comment, the title of this section is misleading as the focus here is on data systems, not physical privacy or security, which is also what I thought it would be initially.
danielskatz
reviewed
Mar 15, 2025
| - Avoid collecting unnecessary personal details. | ||
|
|
||
| 2. **Implement Secure Data Management** | ||
| - Store all attendee information in encrypted databases. |
There was a problem hiding this comment.
I don't think most organizers use databases but rather spreadsheets or files.
danielskatz
reviewed
Mar 15, 2025
| - Restrict data access to authorized personnel only. | ||
|
|
||
| 3. **Follow Legal and Ethical Standards** | ||
| - Review applicable privacy regulations for your region, such as GDPR or CCPA. |
There was a problem hiding this comment.
In many cases, the relevant regulations apply to people, not the organizers, so organizers need to follow all regulations that are associated with their attendees.
danielskatz
reviewed
Mar 15, 2025
|
|
||
| ## The Importance of Privacy in Events | ||
|
|
||
| Event organizers often collect sensitive attendee information, such as contact details, dietary restrictions, and accessibility needs. Protecting this data builds trust, enhances reputation, and ensures compliance with regulations like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). |
There was a problem hiding this comment.
Probably also mention PIPL (China)
danielskatz
reviewed
Mar 15, 2025
| 4. **Prepare for Potential Breaches** | ||
| - Create a comprehensive data breach response plan. | ||
| - Communicate promptly and transparently with affected individuals in case of a breach. | ||
| 5. **Use a Firewall to Block Unauthorized Access to Your Network and Devices** |
There was a problem hiding this comment.
5 and 6 here are quite general, not really related to events. Perhaps this should be combined into "Follow good security practice" or be removed.
danielskatz
reviewed
Mar 15, 2025
| @@ -17,4 +17,5 @@ chapters: | |||
| - file: 11_inclusive_practices_during_checkin | |||
| - file: 12_assessment | |||
| - file: 14_how_to_contribute | |||
| - file: 15_security_best_practices | |||
There was a problem hiding this comment.
please make this title more related to electronic or data security
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a Security Best Practices section to the DISCOVER Cookbook. It offers clear guidance on data privacy, handling backups, setting up firewalls, and using tools like netcat safely. These updates aim to help event organizers and technical users improve security with practical, easy-to-follow steps.