Week
12
November
19, 2015
Summary
of Blog Posts.
When
I started this blog, I was not sure what I am going to write. I thought that I
would just address some issues we will discuss during this course. So, I tried
to include security risk, vulnerability, and policy and practice along side
with ethical aspect as my theme. Throughout
my blog, I was just trying to pull some strings, so that I will have a good
grip on these issues and tie together as I move forward.
Week first was really a
good insight to look the different aspect of information security and
organization’s system confidentiality, integrity, and availability. So,
addressing these three aspects of information security by McCumber Cube model
and added extended theory by Sean M. Price, which describes the present context
how practitioners are benefiting with McCumber cube model and risk-based
approach by adding countermeasures to match the each attacks against the
system.
Later, this blog addressed
the different aspects of risk management and I found the hard truth that “ risk
management is project manager’s friend, if done well”. Since we are reading a
lot about NIST special publication 800, so I thought to take insight of all
those documents such as NIST SP 800-144, 14, 30 (Rev. 1), and 111.
As a InfoSec personal,
we always need to have our necessary plan on place for all risk and
vulnerability to minimize the damage and provide efficient security measures
but what happen when your plan trip over, so week 4 was focused on the
importance of contingency planning and having Plan B as is the best solution. So,
my few other blogs describe how to manage and predict risk and how we could put
security measures such as email security, as well as, some common issues to
address the possible threats as the development of technology introduced to
us. There is no risk management
without talking about risk assessment, so this was my learning curve to be
familiar with the risk assessment, risk management such as accessing and
controlling risk and how to encrypt data at rest to secure critical data and
organization’s valuable assets.
As the threats could
have different faces, could exploit system’s vulnerabilities, but it is our
responsibility as a security personal to identify these faces and address them
with proper measure, training and awareness, and outlining on the security
policy. It is true that organizations are investing huge amount of budget to
deal with external threats but the most of the threats are insiders. So, CERT
document dealt with preservation and detection of insider threats. In this post
(week 11), I tried to outline some examples and real-time practice cases and
situations documented about insider threats, as well as recommendation for
these threats/issues.
This blog has been a
good learning experience for me, where I have been able to explore some of the
aspects we came across our 12 weeks of study and security issues we are trying
to address to solve. This practice gave me a real boost to exercise through
blog and exploring my thoughts as well as put some important issues in front of
all of us.