Written Information Security Plans

STE, simplified technical english, ASD STE100, controlled language, technical texts, technical documentation, ASD Simplified Technical English Specification, non-native English speakers, ASD-STE100 Rules, ASD-STE100 Issue 7 free download

How to Fix The Technobabble Snafu

Technobabble has become so much a part of our lives that we often don’t see the snafus it can create. It is a language unto itself: It is a technical language that is difficult for ordinary people to understand. Technobabble is well-defined as a type of nonsense that consists of buzzwords, esoteric language, or technical jargon. There is little question that technobabble has its place. But the world is changing and the need to communicate information to diverse audiences requires an approach that the entire audience–not just part of it–can understand. Simplified English might be the answer.

A Technobabble Snafu

“Complex technical instructions can be misunderstood and misunderstandings can lead to accidents. STE makes technical texts easy to understand by all readers”

Some Assembly Required

Some Assembly Required is rarely a reason to buy a product and is often a reason to not buy it. The directions may be unclear and likely written in text so small that you have to find the Internet version just to read it. It would be a pleasant surprise if the manual were written in Simplified Technical English that virtually anyone can understand.

Understandable directions, laid out with graphics that actually relate to the product, help to sell it. The fact that a manual can be understood by a broad audience does not diminish the product: It makes it more accessible and more marketable. In fact, any text written so that it can be understood is more engaging and the content is easily understood.

Avoid Your own Technobabble Snafu!

We can help you communicate in Simplified Technical English or just Plain English. Either way, your audience will be engaged in and easily understand your message.

A Technobabble Transformation

A group of engineers were set to update a Code written in the last century. But this would be no easy task because they had no real interest in enabling a wide range of people to crack the Code. Even the promise of protecting the technical integrity of the Code was not appealing. But change was coming so they had to make the best of it. Ultimately, with a few dissenters still unwilling to accept all of the changes, a consensus produced a clear, unambiguous Code. Their story can be downloaded below.

Leveraging STE

Case study of a Simplified Technical English (STE) conversion in the Engineering sector. The conversion was intended to remove the archaic wording and make the text easier to translate and understand. The transformation resulted in reduced cost and better translations.

Case Study of STE Transformation in Engineering Sector

Translations

Why not just translate the documentation?

For highly technical documents, Simplified Technical English may be more appropriate than Plain Language. The controlled language with its technical dictionaries may better transform these texts into clear, unambiguous documentation. Also, there are times when it is important for all readers to understand the content in English. Once in English, it can be translated into other languages.

“STE was developed to help the readers of English-language documentation understand what they read, particularly when these readers are non-native English speakers.” – ASD-STE100

Translation, however, is not the only consideration here because non-native speakers as an audience is not the only issue. Documentation in simplified English must also bridge the chasm between native speakers who speak English (or any language) well and those who do not. This is especially true for training documentation where everyone from upper management to supervisors to workers must be on the same page. Standard operating procedures, likewise, must be clearly understood by everyone affected by them.

English, Simplified, Might Solve Many Technobabble Snafus

As every business must look for roadblocks that would disrupt their operation, they must also be aware of roadblocks that disrupt communication. Concerns about reducing documentation content to its lowest level of understanding must be replaced by the intent to make information available to the widest possible audience. Simplified Technical English and Plain Language can do just that.

Simplified Technical English

ASD-STE100, also known as Simplified Technical English (STE), is a specification for writing technical documentation in a simplified language that is easy to understand for a global audience.

This can help improve safety, reduce errors, and increase efficiency in various industries where technical documentation plays a critical role.

-Simplifying the Complex: ASD-STE100 (Simplified Technical English)

STE Lanuage Rules

Restrict sentence length to no more than 20 words (procedural sentences) or 25 words (descriptive sentences)
Restrict paragraphs to no more than six sentences (in descriptive text)
Avoid slang and jargon while allowing for specific terminology
Make instructions as specific as possible
Use articles such as “a/an” and “the” wherever possible
Use simple verb tenses (past, present, and future)
Use active voice
Do not use present participles or gerunds (unless part of a Technical Name)
Write sequential steps as separate sentences
Start a safety instruction (a warning or a caution) with a clear and simple command or condition.

Before and After Comparison of Plain English Transformation

Before

Traditional RPA are the software programs used for simple tasks that don’t require decision making or cognitive activity. These types of bots are also called rule-based systems as they require a set of rules on how to perform a task, where to log in, what data to collect, and where to transfer it.

In general, robotic process automation refers to rule-based bots, which are good for simple tasks and scaling to thousands of automated processes.

After

Traditional RPA is software programs. These programs do simple tasks. These tasks do not require decision-making activity.

These types of programs are also called rule-based systems. This is because they require a set of rules:

How to perform a task
Where to log in
What data to collect
Where to transfer data.

In general, robotic process automation refers to rule-based programs that are good for:

Simple tasks
Scaling to thousands of automated processes.

Avoid Your own Technobabble Snafu!

As Einstein said, “Everything should be made as simple as possible, but not simpler.” We can help you reach a broad audience without burying the content–and context–of your message.

…in Plain Language

Plain language is grammatically correct and universally understood language that includes complete sentence structure and accurate word usage. Plain language is not unprofessional writing or a method of “dumbing down” or “talking down” to the reader.

Plain English

Writing that is clear and to the point helps improve all communication as it takes less time to read and comprehend. Clear writing tells the reader exactly what the reader needs to know without using unnecessary words or expressions. Communicating clearly is its own reward as it saves time and money. It also improves reader response to messages. Using plain language avoids creating barriers that set us apart from the people with whom we are communicating.

-Office of Personnel Management

Plain Language Guidelines Download

Plain Lanuage Rules

Write for your reader, not yourself. Use pronouns when you can.
State your major point(s) first before going into details.
Stick to your topic. Limit each paragraph to one idea and keep it short.
Write in active voice. Use the passive voice only in rare cases.
Use short sentences as much as possible.
Use everyday words. If you must use technical terms, explain them on the first reference.
Omit unneeded words.
Keep the subject and verb close together.
Use headings, lists, and tables to make reading easier.
Proofread your work, and have a colleague proof it as well.

Before and After Comparison of Plain English Transformation

Before

Right of use means any authorization issued under this part that allows use of Outer Continental Shelf lands. Right of use means any authorization under this part to use Outer Continental Shelf lands.

This rule proposes the Spring/Summer subsistence harvest regulations in Alaska for migratory birds that expire on August 31, 2023. This rule proposes the Spring/Summer subsistence harvest regulations for migratory birds in Alaska. The regulations will expire on August 31, 2023.

This regulation governs disaster assistance for services to prevent hardship caused by fire, flood, or acts of nature that are not provided by FEMA or the Red Cross.

After

Right of use means any authorization under this part to use Outer Continental Shelf lands.

This rule proposes the Spring/Summer subsistence harvest regulations in Alaska for migratory birds that expire on August 31, 2003. This rule proposes the Spring/Summer subsistence harvest regulations for migratory birds in Alaska. The regulations will expire on August 31, 2003.

This regulation governs disaster assistance for services to prevent hardship caused by fire, flood, or acts of nature that are not provided by FEMA or the Red Cross. This regulation governs disaster assistance that:

Consists of services to prevent hardship caused by fire, flood, or acts of nature; and
Is furnished by a provider other than FEMA or the Red Cross.

Use Cases for STE and Plain Language?

Simplified Technical English

STE addresses difficulties in English comprehension related to complex sentence structures and the following documentation might benefit the most from using it.

Plain Language (English)

Plain language is communication your audience can understand the first time they read or hear it. A wide range of documentation can benefit from this approach, including:

Why Work With Us?

We are creative, believers in critical thought. Our layouts are sophisticated and appropriate, effective. Our work is informative and engaging. We speak simplified technical English. Let our technical writing services save you time, money, revisions and failed presentations.

GET IN TOUCH

Do You Want to Turn Your Technobabble into Unambiguous Clarity?

Let’s Talk

We thought our client information was secure–until it wasn’t…

Xavier Otero, Partner, XO Legal

Hooked with Spear Phishing Bait

XO Legal, a small legal firm with an entirely distributed team, was lured into an insidious spear phishing snare by a seemingly harmless email. The attack targeted the firm with carefully crafted emails that appeared to come from legitimate and trusted internal sources. This sleight of email was virtually undetectable. XO Legal had no idea how to pick up the pieces because they didn’t know what the pieces were.

Spear phishing involves targeting specific individuals or organizations with personalized and convincing messages designed to trick the recipient into taking a particular action or providing sensitive information.

Anatomy of a Spear Phishing Attack

Spear Phishing Prey

The Setting

The law firm had four attorneys and two paralegals, all of whom worked remotely. Client files were stored in an encryped cloud account. All six could upload and download files, which meant that all six individuals had credentials necessary to allow them to access the account at some level.

The Bait

Once the phisher had decided on a law firm target, XO Legal, they did what any highly-skilled phisher would do: They patiently researched the firm, its employees, clients, and ongoing cases to gather information that would make their phishing email(s) appear authentic and relevant.

Excellent dossiers were created on all the firm’s employees. From the information acquired, partners Xavier Otero and Rogelio Tejada seemed to be the most potentially profitable targets. The phisher decided to reference a high-profile client as part of the deception. They had learned that there was a hearing the following week, which provided the opportunity to introduce urgency and authenticity into an email.

It was this meticulous preparation that enabled the phisher to craft the personalized emails that would become the bait and make this plot so successful. Their chances of success were greatly improved because the plot was entirely specific to the XO Legal firm.

Download the PDF version of this business case study. No information capture form required for download.

Hooked by Spear Phishing Bait: An Easy Catch Case Study Download

The Hook

An email was sent to one of the paralegals, Ana Mathieson, from Xavier Otero. The email made reference to an upcoming hearing the next day, for which Xavier Otero was the lead attorney. It requested that she look for a file in the client’s folder. If it was there, he needed the link to it right away. He was on his smartphone right now and had no way to access the file. The email contained details about the hearing that she knew to be true. She hesitated but the first one was followed by two other emails, each more frantic than the last. Ana found the file and sent the link to the folder.

The Aftermath

This spear phisher was content with access to this one client’s information. What they wanted was enough information to enable identity theft. There was plenty of information in the file to allow them to do that. XO Legal was forced to pay for all of the client’s identity theft remediation, lost the client (which was a substantial part of their revenue). And in the end, they still did not know if any other client information had been breached. But, it could have been far worse and far more costly.

Our Role in The Spear Phishing Recovery

We documented the existing information security status and provided the written framework for the new security plan. We created zero trust standard operating procedures; a written information security plan; an incident response plan; and a business continuity plan.

A Roadmap to Zero Trust

From Trust to Zero Trust

Protecting client data–whether dictated by law or not–was of paramount concern at XO Legal. But, as with many firms, the intention of the staff to guard the sanctity of client data was not enough. Transformation into a team with a zero trust mindset was essential. So, XO Legal closed the gaping voids in their security protocols with the following actions (non-inclusive):

Incident Response Plan based on ABA Formal Opinion No. 483, which defines the lawyer’s ethical and legal obligations to be prepared to protect against and respond to a cyber security incident.
Written Information Security Plan (WISP) to define what the firm’s information assets are and how they will be protected–including the policies and procedures that will be used.
Standard Operating Procedures were created for the Incident Response Plan and Written Information Security Plan, as required. One of the first ones written is how internal communications were treated, no matter who wrote them.
Ongoing Evaluation of Access and Authentication Protocols to ensure that permissions are appropriate and are updated, as necessary.
User and Device Security is enforced by ensuring that all users and devices (including mobile devices) have the same level of protection as they access resources, regardless of location.
Multifactor Authentication is mandatory for all staff who access files. In this case, fingerprint identification is used.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) email authentication protocol is used to protect against email phishing.
Application and Data Security is used to prevent unauthorized access within app environments no matter where they are hosted.

The Way Forward

The Zero Trust mindset is a new one for this firm because it is so small and the staff knows one another so well. But, now they know that zero trust is critical if they are going to protect themselves and their clients.

Let Us Help You With:

Online or PDF Business Case Studies (Like this one)
Written Information Security Plans (WISPs)
Information Security Documentation
Business Continuity Plans