It has been a while since I last posted. While I can blame it on my workload I believe its got more to do with falling into to the trap of trying to critic my blogging topics, instead of just writing what is in my head, whether it is of any significant value or not. That being said, as I have been doing quite a bit of research and analysis at work lately, I thought I would write about how I undertake such tasks. So here goes….
Overtime I have developed a process to quickly research a topic, summarise/collate any relevant information, to then be fed into either briefing papers, presentations, risks assessments etc etc. The best way to start is to gather as much information that you can find, that may be slightly related to what you a researching, and dumping it into a repository or storage place for later review. It is important when you are doing the information gather that you don’t fall into the trap of reviewing and filtering information along the way. If you do this you will spend far more time gather information, or you may discount something that may end up have been important when reviewed in conjunction with a supporting document. So I will start by hitting all the different search engines (web, blog, group, image etc) using keywords to try find content. Maybe only reading the title of the content, or skimming the first paragraph or table of contents before decided to copy it to the repository.
So what do I use for a repository. I must say that I have become addicted to Microsoft OneNote for this. Using the virtual printer for OneNote I can printer any web content straight from Firefox quickly and easily. If appropriate I may just use the screen clipping function in OneNote to grab part of an article or image.
Once I believe I have found the majority of the relevant information on the topic I am looking at, then I will start to review what is in my OneNote repository. I will review the articles, blogs, forum posts and sometimes highlight the key points. It is amazing when you do this just how much posted information on a topic is regurgitated time and time again. At this point I may head back to try gather more information based on ideas found in my initial analysis, or I will start to try document a summary of the key points.
This is where I have become dependant on using MindManger from MindJet. MindManager is a software package that allows you to create mindmaps. It is amazing how much information you can summarise and present on one mindmap. In some cases, once I have finished creating a mindmap, I will just make sure its more presentable (i.e. manager friendly coloured topics backgrounds …) and use this to address the issue with the intended audience. Lets be honest, if you trying to present research on a security risk, how many managers are going to read a 10 page paper. You are either forced to try cover your key points in the executive summary , or reduce it to slideware. The benefit of a good mindmap, presented in a manager friendly format, is that you not only convey your key points, you can also convey how your points fit into the bigger picture, or threat landscape.
If you do have to write a supporting paper, or slideware, then the hardest part has already been done by creating a mindmap. All you have to do is dump the key points onto slides, or expand the ideas so that they quickly become paragraphs.
*rant*: The biggest problem I have with OneNote is the Office team sticking their head in the sand and not producing an official Firefox add-on that will provide the same “send to OneNote” functionality for webpages as IE7 (so including nice formatting, as well as the hyperlink comments etc etc). While they are not going to loose OneNote customers by not supporting Firefox, they are not doing anything to keep or attract any of the 10% of people that use Firefox to use OneNote and/or the Office suite. People swap from IE to other browsers for a reason, and they are not likely to swap back without a good reason. What is more value to Microsoft, revenue from developing IE for the OS, or from supporting Office? And yes I know there some has created a OneNote extension, but I am not going to disable secure updates on Firefox to get this add-on working: *finish rant*
fifth.sentinel 