what you have learned most from completing this course
Before I took this course, I thought studying information security system is just something that tells me how to secure my own data from my computer; this is what most people will think. Most of people’s knowledge of information security system is to block hacker hack into their computer, and stop virus attack.
After learned what information security system is, I learned that secure computer data base is not just having an anti-virus program installed in the computer. It’s about a team work, company needs to have an IT security to monitor all the IT works, and also it’s about management, management team needs to train their employees before worse thing happen. Learning information security system also teach me few specific types of virus, and what will they damage your computer system.
Information security system also teach me about the law system, I learn the rule about information security system, ethics issues about acceptable behavior, and ofcause understanding different cultural is important to fixed moral attitudes or customs of a particular group.
How what you've learned complements other areas of knowledge you have or hope to gain
Learning and understanding are not going to help me to secure my system completely; planning and take actions will be the hardest part of information security system.
Management’s responsibilities and role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines.
The hardest part will be maintenance, because IT is always changing, which will continuing bring company new problems and new threats. Managers must understand each new threat and come out with a new solution to defense the risk the company will get, which means manger has to go back to the first stage and develop new plan, and enforce employees to operate and monitor this new threat.
what you consider to be the most important aspects of information security and why
I think Risk management is the most important aspect of information security, because knowing the risks can reduce threats to the company. And be able to identify risks of the security, we have to examine and understand the information and systems currently in place, both for ourselves and the enemies. We also need to be able to control those risks, and also need to protect our classify database. People can steal our classify information both internal and external, for securing external threats, we can develop a strong IT secure team, but internal threats will be a lot harder to secure.
We can develop a security clearances, each data user assigned a single level of authorization indicating classification level. Before accessing specific set of data, employee must meet need to know requirement, and also set up extra level of protection ensures information confidentiality is maintained.
Even though company’s having the security clearances, still a lot of holes in the system, because if the employee works long enough in the company, he still have away to break into the system; there isn’t a 100% system for this problem.
what you haven't learned but had hoped to
I was planning to have lessons about how to secure my own computer with programming, but this course is more about theories of information secure system of an organization.
For example, if I want to stop hackers get into my computer and steal my personal data, the only way to stop them is be able to know the computer programming, because having firewall isn’t good enough, be able to stop them come into the door, need to understand how they come in.
what aspects of information security interested and/or bored you the most
Learning about security and personal is more interested than others, because it makes me understand what are the qualifications and requirements to be a security manager.
Such as I would never think human resource will get into this subject, human resource must be addressed positioning and naming; staffing; evaluating impact of information security across every role in IT function; integrating solid information security concepts into personnel practices. At the same time, try not to make employees to feel threaten.
There are different levels of qualifications and requirements for different position, such as upper management should learn about budgetary needs of information security function; IT and management must learn more about level of influence and prestige the information security function should be given to be effective.
These are something more involve for the head boss to be consider what type of employee he needs to hire be able to secure his company’s data, at the same time, need to have someone to monitor these security officers work. Most of the smaller company will choose to monitor by themselves.
what topics you found particularly easy or difficult to grasp
Learning about implementing information security took me the longest to understand, because too many strategies and models that I had hard time to understand.
Such as SecSDLC implementation phase accomplished through changing configuration and operation of organization’s information systems. Be able to find out the configuration, we need to start with company’s procedures, people, hardware, and software. We have to use the blueprint for information security into a concrete project plan. Project plan also involve with WBS, which is another complicated structure to understand.
how the course could have been facilitated better to assist your understanding and
knowledge.
I will recommend to upload some video clips of news, current situation, and graphic. It will help students to understand more than just listen and watch power points.
There are few video clips in each section, but because of each section has many different structures, one or two videos cannot explain every point clearly.
About Me
Thursday, 19 November 2009
Wednesday, 18 November 2009
Week 12, Section 12
Definition of hacker is who shares an anti-authoritarian approach to software development now associated with the free software movement.
Ensuring that you have adequate network protection is vital, but protecting your system from hackers who use social engineering to get inside should also be a priority. Even the best employee may create system vulnerabilities if they aren't aware of the threat, and companies often overlook this hacking angle.
Hackers can be smooth operators. They may call looking for advice, offering flattery in the attempt to gain your employees trust. They use this connection to talk their way into getting information about the security your company has in place and the programs you run. They may also prey on your employee's confidence in the network in order to gain specific details and shortcomings about your system operations. By using social engineering to obtain even small amounts of information about how your system operates and what programs you use, the hackers can run software on their end that will not only give them greater detail on your system, it can show them how to get inside.
Suavely manipulating an individual isn't the only social engineering method hackers use. Some hackers are far more direct. It's hard to believe, but they may directly call a business and impersonate an authority in the company. Employees can be easily swayed by a person issuing a direct request in an authoritative tone. Employees have been known to do what the hacker says because they believe they are being asked on behalf of the company. They may change passwords or issue new ones, allowing the hacker access to your system. The hacker may start small and simply ask for access to their email account, which is generally that of a system administrator. Once they have access to this account, they can issue credible commands to gain further access to and control over your business systems.
No one wants to think that getting access to their company's system could be so easy, but it can and does happen. Using these tricks to gain access to business networks is actually quite common. The key to limiting this risk is comprehensive training for your employees so they learn to see through the hackers ploys.
(Guidance Consulting INC) http://www.guidance-consulting.com/articles/94-how-hackers-use-social-engineering-to-get-inside.html
Frederick Wood, of Seattle, has been convicted and sentenced to 39 months in prison in prison this week for using the infamous P2P client Limewire to steal personal information from over 100 unsuspecting sharers. Kathryn Warma, assistant U.S. attorney in the Computer Hacking and Internet Crimes Unit of the U.S. Attorney's Office says the identify theft is very common, but not to many people know it exists. Wood, says Warma, would type keywords such as "tax return" or "bank account" into the Limewire search box which allowed him to download files with that type of personal information from shared folders of naive or unsuspecting Limewire users. The convicted felon also searched specifically for college financial aid forms, says PCWorld, which include "exhaustive personal and financial information about the family." Wood would then use the info to open accounts, receive credit cards, and make purchases in their names.
http://www.afterdawn.com/news/archive/18862.cfm
Limewire is the biggest P2P downloading software, you can get almost every moves, music, games, and others from it.
It is really hard for user to 100% sure their computer is secured, because Limewire has the access to get into your hard drive be able to download data, hackers can use this to hack into your computer and steal personal information.
Users can only choose not to use and P2P downloading software and limit their entertainments, or take the risk of using it.
Ensuring that you have adequate network protection is vital, but protecting your system from hackers who use social engineering to get inside should also be a priority. Even the best employee may create system vulnerabilities if they aren't aware of the threat, and companies often overlook this hacking angle.
Hackers can be smooth operators. They may call looking for advice, offering flattery in the attempt to gain your employees trust. They use this connection to talk their way into getting information about the security your company has in place and the programs you run. They may also prey on your employee's confidence in the network in order to gain specific details and shortcomings about your system operations. By using social engineering to obtain even small amounts of information about how your system operates and what programs you use, the hackers can run software on their end that will not only give them greater detail on your system, it can show them how to get inside.
Suavely manipulating an individual isn't the only social engineering method hackers use. Some hackers are far more direct. It's hard to believe, but they may directly call a business and impersonate an authority in the company. Employees can be easily swayed by a person issuing a direct request in an authoritative tone. Employees have been known to do what the hacker says because they believe they are being asked on behalf of the company. They may change passwords or issue new ones, allowing the hacker access to your system. The hacker may start small and simply ask for access to their email account, which is generally that of a system administrator. Once they have access to this account, they can issue credible commands to gain further access to and control over your business systems.
No one wants to think that getting access to their company's system could be so easy, but it can and does happen. Using these tricks to gain access to business networks is actually quite common. The key to limiting this risk is comprehensive training for your employees so they learn to see through the hackers ploys.
(Guidance Consulting INC) http://www.guidance-consulting.com/articles/94-how-hackers-use-social-engineering-to-get-inside.html
Frederick Wood, of Seattle, has been convicted and sentenced to 39 months in prison in prison this week for using the infamous P2P client Limewire to steal personal information from over 100 unsuspecting sharers. Kathryn Warma, assistant U.S. attorney in the Computer Hacking and Internet Crimes Unit of the U.S. Attorney's Office says the identify theft is very common, but not to many people know it exists. Wood, says Warma, would type keywords such as "tax return" or "bank account" into the Limewire search box which allowed him to download files with that type of personal information from shared folders of naive or unsuspecting Limewire users. The convicted felon also searched specifically for college financial aid forms, says PCWorld, which include "exhaustive personal and financial information about the family." Wood would then use the info to open accounts, receive credit cards, and make purchases in their names.
http://www.afterdawn.com/news/archive/18862.cfm
Limewire is the biggest P2P downloading software, you can get almost every moves, music, games, and others from it.
It is really hard for user to 100% sure their computer is secured, because Limewire has the access to get into your hard drive be able to download data, hackers can use this to hack into your computer and steal personal information.
Users can only choose not to use and P2P downloading software and limit their entertainments, or take the risk of using it.
Thursday, 5 November 2009
week 11, Section 11
Company can ask them to complete a personal information form, allow the HR department to have a background check.
Each staff in the company should have their own profile, user name and password to access into the company operation.
IT department and manger should check each individual task.
UB already has an IT department to manage all students account access. Normally student can only access to other account if they have the other’s id and password , or someone else forgot to log-off from public computer.
How do you think the Information Security department at UB is structured?
UB should have a Service desk, who answer all enquires; IT manager, who operate the internal
system; technical team, whom write programs, database security, and fixing problems.
Termination should be one thing UB should concern about. When employee leaves organization, there are a number of security-related issues. Key is protection of all information to which employee had access. Once cleared, the former employee should be escorted for premises. Many organizations use an exit interview to remind former employee of contractual obligations and to obtain feedback.
Each staff in the company should have their own profile, user name and password to access into the company operation.
IT department and manger should check each individual task.
UB already has an IT department to manage all students account access. Normally student can only access to other account if they have the other’s id and password , or someone else forgot to log-off from public computer.
How do you think the Information Security department at UB is structured?
UB should have a Service desk, who answer all enquires; IT manager, who operate the internal
system; technical team, whom write programs, database security, and fixing problems.
Termination should be one thing UB should concern about. When employee leaves organization, there are a number of security-related issues. Key is protection of all information to which employee had access. Once cleared, the former employee should be escorted for premises. Many organizations use an exit interview to remind former employee of contractual obligations and to obtain feedback.
week 10, Section 10
When a company looking for outsourcing, they have to do lots of budgeting concern, such as if it’s worthy to hire someone and spend money and time to train them, or spend same amount of money to hire someone already been trained.
There are different benefits between contractor and sub-contractor, also another thing for the company to concern.
Just as some organizations, outsource IT operations, organizations can outsource part or all of their information security programs.
When an organization has outsourced IT services, information security should be part of the contract arrangement with the outsourcer.
Because of the complex nature of outsourcing, the bests advice is to hire the best outsourcing specialists, and then have the best attorney possible negotiate and verify the legal and technical intricacies of the outsourcing contract.
RFP is when the company sends a specific detailed proposal to its suppliers. This can show suppliers risks and benefits, and make sure it will suit both parties’ requirements.
Evaluation, before the company starting outsourcing, they have to make sure that a clear sub-contract is ready to process. Lots of company has failed to do such things, result came out with lots of refund and repair to the customers after the service has been completed.
Contract award, Manager will agree with the 3rd party after negotiation.
Exit Strategy, Contract between customer and outsourcer. A solution for when the service fail.
Company has many reasons for why they are hiring outsourcing, both internal and external problems. In almost all the service industry, WOM is the most important marketing strategy for the image of the brand. Failure will damage the brand image, and decrease the reputation of the company.
There are different benefits between contractor and sub-contractor, also another thing for the company to concern.
Just as some organizations, outsource IT operations, organizations can outsource part or all of their information security programs.
When an organization has outsourced IT services, information security should be part of the contract arrangement with the outsourcer.
Because of the complex nature of outsourcing, the bests advice is to hire the best outsourcing specialists, and then have the best attorney possible negotiate and verify the legal and technical intricacies of the outsourcing contract.
RFP is when the company sends a specific detailed proposal to its suppliers. This can show suppliers risks and benefits, and make sure it will suit both parties’ requirements.
Evaluation, before the company starting outsourcing, they have to make sure that a clear sub-contract is ready to process. Lots of company has failed to do such things, result came out with lots of refund and repair to the customers after the service has been completed.
Contract award, Manager will agree with the 3rd party after negotiation.
Exit Strategy, Contract between customer and outsourcer. A solution for when the service fail.
Company has many reasons for why they are hiring outsourcing, both internal and external problems. In almost all the service industry, WOM is the most important marketing strategy for the image of the brand. Failure will damage the brand image, and decrease the reputation of the company.
Week 9, Section 9
How safe is the data on your computer, especially if your computer is lost or stolen? If you were working for a large multinational business or government department, what measures do think might be in place to mitigate the risks of physical theft or loss?
I don’t have too much important data in my personal computer, I stored most of them in my external hard drive, which means if my computer crushed, I will not worry about losing those data.
I do have secure code in my external hard drive, in case if I lose it or someone steals it.
I am currently working in a multination business organization. They have CCTV set up behind the counter; it can view the whole office, staff s actives and clients presentation. The whole company is monitor from the head office in their IT department. Every single activates in the company can be watched. Each worker in here has their own user name and password to log into the company system, the IT department can see who does what and when.
Each branch manager has a great responsibility to manage his workers, and monitor their works. But there is still something the company needs to improve in the information security system, because of the budgeting problems, and the worthiness of the data, spending money on the insurance is a better option for increase security system.
I don’t have too much important data in my personal computer, I stored most of them in my external hard drive, which means if my computer crushed, I will not worry about losing those data.
I do have secure code in my external hard drive, in case if I lose it or someone steals it.
I am currently working in a multination business organization. They have CCTV set up behind the counter; it can view the whole office, staff s actives and clients presentation. The whole company is monitor from the head office in their IT department. Every single activates in the company can be watched. Each worker in here has their own user name and password to log into the company system, the IT department can see who does what and when.
Each branch manager has a great responsibility to manage his workers, and monitor their works. But there is still something the company needs to improve in the information security system, because of the budgeting problems, and the worthiness of the data, spending money on the insurance is a better option for increase security system.
Week 6,7,8, Section 6,7,8
1.Which architecture for deploying a firewall is most commonly used in businesses today? Why?
Screened Subnet Firewalls (with DMZ) is most commonly used in businesses today.
The dominant architecture used today, the screened subnet firewall provides a DMZ. The DMZ can be a dedicated port on the firewall device linking a single bastion host, or it can be connected to a screened subnet.
A common arrangement finds the subnet firewall consisting of two or more internal bastion hosts behind a packet filtering router, with each host protecting the trusted network:
Connections from the outside or untrusted network are routed through an external filtering router.
Connections from the outside or untrusted network are routed into—and then out of—a routing firewall to the separate network segment known as the DMZ.
Connections into the trusted internal network are allowed only from the DMZ bastion host servers.
The screened subnet is an entire network segment that performs two functions:
· It protects the DMZ systems and information from outside threats by providing a
network of intermediate security.
· It protects the internal networks by limiting how external connections can gain access to internal systems.
DMZs can also create extranets, segments of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.
2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
Installing internetwork connections requires using leased lines or other data channels provided by common carriers, and therefore these connections are usually permanent and secured under the requirements of a formal service agreement.
In the past, organizations provided remote connections exclusively through dial-up services like Remote Authentication Service (RAS).
Since the Internet has become more widespread in recent years, other options, such as Virtual Private Networks (VPNs), have become more popular.
3.Will biometrics involve encryption?
How are biometric technologies dependent on the use of cryptography?
Biometrics must use encryption to secure their digital data.
When user trying to log in to the system, that’s when they need cryptography.
Screened Subnet Firewalls (with DMZ) is most commonly used in businesses today.
The dominant architecture used today, the screened subnet firewall provides a DMZ. The DMZ can be a dedicated port on the firewall device linking a single bastion host, or it can be connected to a screened subnet.
A common arrangement finds the subnet firewall consisting of two or more internal bastion hosts behind a packet filtering router, with each host protecting the trusted network:
Connections from the outside or untrusted network are routed through an external filtering router.
Connections from the outside or untrusted network are routed into—and then out of—a routing firewall to the separate network segment known as the DMZ.
Connections into the trusted internal network are allowed only from the DMZ bastion host servers.
The screened subnet is an entire network segment that performs two functions:
· It protects the DMZ systems and information from outside threats by providing a
network of intermediate security.
· It protects the internal networks by limiting how external connections can gain access to internal systems.
DMZs can also create extranets, segments of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.
2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
Installing internetwork connections requires using leased lines or other data channels provided by common carriers, and therefore these connections are usually permanent and secured under the requirements of a formal service agreement.
In the past, organizations provided remote connections exclusively through dial-up services like Remote Authentication Service (RAS).
Since the Internet has become more widespread in recent years, other options, such as Virtual Private Networks (VPNs), have become more popular.
3.Will biometrics involve encryption?
How are biometric technologies dependent on the use of cryptography?
Biometrics must use encryption to secure their digital data.
When user trying to log in to the system, that’s when they need cryptography.
Monday, 2 November 2009
Week 6, Section 4
What is the best value that should be assessed when evaluating the worth of an information asset to the organization - replacement cost or lost income while repairing ?
Replacement cost will be the most important when a company purchases new asset, such as factory machines, which cost more than the parts.
What is the likelihood value of a vulnerability that no longer must be considered?
What is the likelihood value of a vulnerability that no longer must be considered?
Process works best when people with diverse backgrounds within organization work iteratively in a series of brainstorming sessions, this kind of workers are no longer be considered as a risk.
In what instances is baselining or benchmarking superior to cost benefit analysis?
Benchmarking – an alternative strategy to the cost benefit analysis and its attempt to place a hard dollar figure on each information asset is to approach risk management from a different angle.
Benchmarking is process of seeking out and studying practices in other organizations that one’s own organization desires to duplicate.
How can we find out what an organization's risk appetite is? Why is this important?
We must identify, examine and understand the information, and system, currently in place. In order to protect our assets, defined here as the information and the systems that use store, and transmit it, we have to understand everything about the information.
It is important because a risk management strategy calls on us to “know ourselves” by identifying classifying, and prioritizing the organization’s information assets.
Tuesday, 22 September 2009
Week 5 - Section 3
General computer crime laws
The Commonwealth Cybercrime Bill 2001 was tabled in the House of Representatives on 27 June 2001. The Senate Senate Legal and Constitutional Legislation Committee was asked to undertake an inquiry into the Bill and the Committee's Report was issued in August. The Bill was approved by the Parliament with minor amendments on 27 September 2001.
The legislation is an overbroad knee-jerk reaction to recent well-publicised virus attacks, and has the potential to criminalise innocent behaviour such as possession of security software. It also introduces an alarming law enforcement provision requiring release of encryption keys or decryption of data, contrary to the common law privilege against self-incrimination.
Privacy laws
Types of privacy
The type of privacy covered by the Privacy Act and our Office is the protection of people's personal information.
However, this is just one aspect of privacy. Other types of privacy can include territorial privacy and physical or bodily privacy and privacy of your communications.
This Office generally handles privacy issues which involve a person's personal information. This can include privacy issues associated with information about your location, your health and body and your communications with others.
What is personal information?
Personal information is information that identifies you or could identify you. There are some obvious examples of personal information, such as your name or address. Personal information can also include medical records, bank account details, photos, videos, and even information about what you like, your opinions and where you work - basically, any information where you are reasonably identifiable.
Information does not have to include your name to be personal information. For example, in some cases, your date of birth and post code may be enough to identify you.
Export and Espionage laws
The Criminal Code Amendment (Espionage and Related Matters) Act 2002
The Criminal Code Amendment (Espionage and Related Matters) Act 2002 enhances Australia's national security legislative framework by strengthening Australia's espionage laws. The maximum penalty for a person convicted of espionage is now 25 years imprisonment. In addition to strengthening the offence provisions, the Act supports the process of bringing cases of espionage to trial.
Copyright laws
Copyright is a type of property that is founded on a person's creative skill and labour. It is designed to prevent the unauthorized use by others of a work, that is, the original form in which an idea or information has been expressed by the creator.
Copyright is not a tangible thing. It is made up of a bundle of exclusive economic rights to do certain acts with an original work or other copyright subject-matter. These rights include the right to
copy, publish, communicate (eg, broadcast, make available online) and publicly perform the copyright material.
Copyright creators also have a number of non-economic rights. These are known as moral rights. This term derives from the French droit moral. Moral rights recognised in Australia are the right of integrity of authorship, the right of attribution of authorship and the right against false attribution of authorship. These rights are explained more fully at paragraphs state and local regulations.
It is the responsibility of the information security professional to understand state laws and regulations and insure the organization’s security policies and procedures comply with those laws and regulations.
I think privacy laws is the most important for information security, because the Privacy Act regulates how your personal information is handled, It covers how your personal information is collected; how it is then used and disclose; its accuracy; how securely it is kept ; your general right to access that information.
The law also covers the use of your tax file number and how credit worthiness information about you is handled by credit reporting agencies and credit providers.
Monday, 21 September 2009
Week 4 - Section 2
Virus – I was downloading songs and movie from a P2P program few years ago, and accidently downloaded a virus data which automatically deleting all my flies one by one.
Ended up have to change a new hard drive, and every since that happened, I always denied the unknown file which comes out from my anti-virus program warning.
Trojan horse – I used to download a lot of new programs from www.download.com. Most of the un-popular programs always have Trojan horse, which made readme.exe automatically install.
I stopped trying un-popular programs.
Back door – Friend of mine got heck in her computer and the attacker turned on her webcam.
There has been few same cases happened. Police tell user to block their webcam with a piece of paper.
Worm – Few years ago, pop out was the most popular worm from a lot of websites, especially pornography, and almost every single porn site has warm.
All the new explores has block pop out programs, which makes pop out isn’t a treat anymore.
A new virus is relying on some old tricks to infect Windows Mobile users. The so-called 'companion virus' attack uses a method of assuming the identity of an existing file and moving the old file to a different location. The appearance of this new virus for Windows Mobile phones may mark a change from for-profit Trojans and spyware to the more experimental form of viruses.
This virus will damage most of the business uses mobile phone data, lose information, delay of meetings, and attackers can also steal privet database.
A virus detection chip has created for detect virus in the mobile phone, and blocking virus. It is installed in most of the recent phones now, when users go online with their phones, they will get lower ricks of getting virus.
University of Ballarat must has a information secure team to implement controls to limit damage and prepare contingency plans for continued operations.
Ended up have to change a new hard drive, and every since that happened, I always denied the unknown file which comes out from my anti-virus program warning.
Trojan horse – I used to download a lot of new programs from www.download.com. Most of the un-popular programs always have Trojan horse, which made readme.exe automatically install.
I stopped trying un-popular programs.
Back door – Friend of mine got heck in her computer and the attacker turned on her webcam.
There has been few same cases happened. Police tell user to block their webcam with a piece of paper.
Worm – Few years ago, pop out was the most popular worm from a lot of websites, especially pornography, and almost every single porn site has warm.
All the new explores has block pop out programs, which makes pop out isn’t a treat anymore.
A new virus is relying on some old tricks to infect Windows Mobile users. The so-called 'companion virus' attack uses a method of assuming the identity of an existing file and moving the old file to a different location. The appearance of this new virus for Windows Mobile phones may mark a change from for-profit Trojans and spyware to the more experimental form of viruses.
This virus will damage most of the business uses mobile phone data, lose information, delay of meetings, and attackers can also steal privet database.
A virus detection chip has created for detect virus in the mobile phone, and blocking virus. It is installed in most of the recent phones now, when users go online with their phones, they will get lower ricks of getting virus.
University of Ballarat must has a information secure team to implement controls to limit damage and prepare contingency plans for continued operations.
Week 3 - Section 1
The main things I've learned.
The history of Information security.
The history of Information security; earlier versions of the German code machine Enigma were first broken by the Poles in 1930; in 1960s, Advanced Research Procurement Agency (ARPA) was testing networks supports for military to exchange information and communication. In December 1973, discovered problems of ARPANET, included no safety procedures for dial-up connections to ARPANET and non-existent user identification and authorization to system, which had security threats in late 1970s; in 1990s, networks of computers became more common; now a day, internet brings millions of computer networks into communication with each other, each connected computer needs to be secure.
After the introduction of Information security, I also learned the definition of security and types of information security. How to develop an information security. The system development life cycle is designed for implementation of information security within an organization.
Information secure project team is to design to update and protect the organization’s information security.
What I find difficult to understand.
There are few keywords I found hard to understand such as, security blueprint, security model, security model and security posture.
What interests or doesn't interest me.
Information secure project team is the one thing really interests me, because it also related to management and team development.
Didn't get too interest of the history of the information security.
Recent news article (on the Internet)
http://www.securityfocus.com/brief/1014
Social-networking sites short on securityPublished: 2009-09-18
Web 2.0 sites that allow user-generated content make up the majority of top distributors of malicious software, stated a report that security firm Websense published this week.
The report, which covers Internet security trends for the first half of 2009, found that a stunning 95 percent of user-generated comments to blogs, chat rooms and message boards are either spam or contain links to malicious programs. In all, the number of malicious sites detected by Websense more than tripled in the last six months, growing almost eight-fold in the last year. The report also found that more than three-quarters of the Web sites hosting some malicious code are legitimate sites that have been compromised.
"The very aspects of Web 2.0 sites that have made them so revolutionary -- the dynamic nature of the content on the the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks -- are the same characteristics that radically raise the potential for abuse," the company stated in the report.
The report echoed a recent survey by researchers from TippingPoint and Qualys, who found that legitimate Web sites are failing to patch significant vulnerabilities, leaving themselves open to compromise.
The Websense report found that 61 of the Top 100 Web sites "either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious content."
Websites we use everyday including facebook, myspace, msn, emails or other comment board are either spam or contain links to malicious programs, which related to information security system, non-existent user identification and authorization to system.
Wednesday, 12 August 2009
Task 1
-Why have you chosen to study this course?
-What do you hope to learn this semester?
-What is your definition of information?
-What is your definition of information security?
-How will the knowledge of information security you gain this semester help you in the future?
- Information security is very important in our daily lives. Personal, company, or national information need to be secure. Our national guard almost got attacked by terrorist this week that was because of our lack of information security from the national security department to let them had chance to planed and got in board. Taking this course gives me the opportunity to learn how important to secure my own information or at the work place.
- How to secure my own Information.
- Information means data, directions, details, instruction, communication, representation and knowledge.
- Information security means secure private data, directions, details, instruction, communication, representation and knowledge.
- Knowledge of information security will help me to be aware of strangers hacking and secure my own privacy in the future.
-What do you hope to learn this semester?
-What is your definition of information?
-What is your definition of information security?
-How will the knowledge of information security you gain this semester help you in the future?
- Information security is very important in our daily lives. Personal, company, or national information need to be secure. Our national guard almost got attacked by terrorist this week that was because of our lack of information security from the national security department to let them had chance to planed and got in board. Taking this course gives me the opportunity to learn how important to secure my own information or at the work place.
- How to secure my own Information.
- Information means data, directions, details, instruction, communication, representation and knowledge.
- Information security means secure private data, directions, details, instruction, communication, representation and knowledge.
- Knowledge of information security will help me to be aware of strangers hacking and secure my own privacy in the future.
Subscribe to:
Posts (Atom)