Week 12 -Blog Summary

Week 12

November 19, 2015

Summary of Blog Posts.

            When I started this blog, I was not sure what I am going to write. I thought that I would just address some issues we will discuss during this course. So, I tried to include security risk, vulnerability, and policy and practice along side with ethical aspect as my theme.  Throughout my blog, I was just trying to pull some strings, so that I will have a good grip on these issues and tie together as I move forward.

Week first was really a good insight to look the different aspect of information security and organization’s system confidentiality, integrity, and availability. So, addressing these three aspects of information security by McCumber Cube model and added extended theory by Sean M. Price, which describes the present context how practitioners are benefiting with McCumber cube model and risk-based approach by adding countermeasures to match the each attacks against the system. 

Later, this blog addressed the different aspects of risk management and I found the hard truth that “ risk management is project manager’s friend, if done well”. Since we are reading a lot about NIST special publication 800, so I thought to take insight of all those documents such as NIST SP 800-144, 14, 30 (Rev. 1), and 111. 

As a InfoSec personal, we always need to have our necessary plan on place for all risk and vulnerability to minimize the damage and provide efficient security measures but what happen when your plan trip over, so week 4 was focused on the importance of contingency planning and having Plan B as is the best solution. So, my few other blogs describe how to manage and predict risk and how we could put security measures such as email security, as well as, some common issues to address the possible threats as the development of technology introduced to us.  There is no risk management without talking about risk assessment, so this was my learning curve to be familiar with the risk assessment, risk management such as accessing and controlling risk and how to encrypt data at rest to secure critical data and organization’s valuable assets.

As the threats could have different faces, could exploit system’s vulnerabilities, but it is our responsibility as a security personal to identify these faces and address them with proper measure, training and awareness, and outlining on the security policy. It is true that organizations are investing huge amount of budget to deal with external threats but the most of the threats are insiders. So, CERT document dealt with preservation and detection of insider threats. In this post (week 11), I tried to outline some examples and real-time practice cases and situations documented about insider threats, as well as recommendation for these threats/issues.

This blog has been a good learning experience for me, where I have been able to explore some of the aspects we came across our 12 weeks of study and security issues we are trying to address to solve. This practice gave me a real boost to exercise through blog and exploring my thoughts as well as put some important issues in front of all of us.