Final..!!!

what you have learned most from completing this course

Before I took this course, I thought studying information security system is just something that tells me how to secure my own data from my computer; this is what most people will think. Most of people’s knowledge of information security system is to block hacker hack into their computer, and stop virus attack.
After learned what information security system is, I learned that secure computer data base is not just having an anti-virus program installed in the computer. It’s about a team work, company needs to have an IT security to monitor all the IT works, and also it’s about management, management team needs to train their employees before worse thing happen. Learning information security system also teach me few specific types of virus, and what will they damage your computer system.
Information security system also teach me about the law system, I learn the rule about information security system, ethics issues about acceptable behavior, and ofcause understanding different cultural is important to fixed moral attitudes or customs of a particular group.


How what you've learned complements other areas of knowledge you have or hope to gain

Learning and understanding are not going to help me to secure my system completely; planning and take actions will be the hardest part of information security system.
Management’s responsibilities and role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines.
The hardest part will be maintenance, because IT is always changing, which will continuing bring company new problems and new threats. Managers must understand each new threat and come out with a new solution to defense the risk the company will get, which means manger has to go back to the first stage and develop new plan, and enforce employees to operate and monitor this new threat.

what you consider to be the most important aspects of information security and why


I think Risk management is the most important aspect of information security, because knowing the risks can reduce threats to the company. And be able to identify risks of the security, we have to examine and understand the information and systems currently in place, both for ourselves and the enemies. We also need to be able to control those risks, and also need to protect our classify database. People can steal our classify information both internal and external, for securing external threats, we can develop a strong IT secure team, but internal threats will be a lot harder to secure.
We can develop a security clearances, each data user assigned a single level of authorization indicating classification level. Before accessing specific set of data, employee must meet need to know requirement, and also set up extra level of protection ensures information confidentiality is maintained.
Even though company’s having the security clearances, still a lot of holes in the system, because if the employee works long enough in the company, he still have away to break into the system; there isn’t a 100% system for this problem.


what you haven't learned but had hoped to


I was planning to have lessons about how to secure my own computer with programming, but this course is more about theories of information secure system of an organization.
For example, if I want to stop hackers get into my computer and steal my personal data, the only way to stop them is be able to know the computer programming, because having firewall isn’t good enough, be able to stop them come into the door, need to understand how they come in.


what aspects of information security interested and/or bored you the most


Learning about security and personal is more interested than others, because it makes me understand what are the qualifications and requirements to be a security manager.
Such as I would never think human resource will get into this subject, human resource must be addressed positioning and naming; staffing; evaluating impact of information security across every role in IT function; integrating solid information security concepts into personnel practices. At the same time, try not to make employees to feel threaten.
There are different levels of qualifications and requirements for different position, such as upper management should learn about budgetary needs of information security function; IT and management must learn more about level of influence and prestige the information security function should be given to be effective.
These are something more involve for the head boss to be consider what type of employee he needs to hire be able to secure his company’s data, at the same time, need to have someone to monitor these security officers work. Most of the smaller company will choose to monitor by themselves.


what topics you found particularly easy or difficult to grasp


Learning about implementing information security took me the longest to understand, because too many strategies and models that I had hard time to understand.
Such as SecSDLC implementation phase accomplished through changing configuration and operation of organization’s information systems. Be able to find out the configuration, we need to start with company’s procedures, people, hardware, and software. We have to use the blueprint for information security into a concrete project plan. Project plan also involve with WBS, which is another complicated structure to understand.

how the course could have been facilitated better to assist your understanding and
knowledge.


I will recommend to upload some video clips of news, current situation, and graphic. It will help students to understand more than just listen and watch power points.
There are few video clips in each section, but because of each section has many different structures, one or two videos cannot explain every point clearly.