Looking back over this semester, undertaking this course was a new and different experience for myself after completing e-Business foundation unit the previous semester. Venturing back to my very first blog entry in this subject my reason for deciding to undertake this course was structured only having online content and no set classes. After completing this course the reasons were what i expected and there were no real surprises in the subject.
I stated in my first blog entry that i hoped to learn several aspects out of completing this subject. These included that i hoped to expand my knowledge of areas such as online security, protection of my personal information and learn about new areas that i was not aware of before completing this subject.
After going through this subject i have definitely expanded my knowledge of online information security. Vast amounts of information and detail were covered over the duration of the subject. It can be said i learnt and took something out of each topic. In some of the topics i already had some knowledge of the content that was covered. For example i already knew a bit about physical security from working and training in the workplace, i have also learnt about physical security through general knowledge. But even in this topic i discovered vast amounts of new information and areas that i had absolutely no idea about before participating in this course.
In my very first blog entry i also stated that i hoped from under taking this subject i could use my knowledge gained to help me in my professional life as an accountant. In the world of accounting, accountants are privy to vast amounts of financial information which they need to keep secure for any individual or company that is a client of their firm. Information security plays a huge role in this area and is a very important aspect that accountants needs to be aware of. Going back through most of, if not all of the topics covered in this course, including the need for information security, Risk management, implementing security, etc.., all of these are relevant and can be of use to any accountant in the business world. Hopefully, knowledge i have learnt here can be of use to me in my professional life in the accounting field. Knowledge from completing corporate information security hopefully can complement knowledge i have learnt and will learn in the future in all areas of business.
Personally i do not believe that one particular area of information security is more important than another area. Together all the aspects of information security work together to strengthen any entity's information security system. Having a weak link in the chain will allow the entity to be vulnerable to threats and attacks of various natures. If there is one weak link then the entire system is vulnerable, an entity must be willing to employ several individuals or a team that can look after an entity's information security needs.
Aspects which i thought i may have learnt more about were more technically based computer knowledge. I expected to learn about how to actually install and implement information security, even if it was only on a small basis such as just a personal computer, for example my own. I thought the course may involve more technical jargon and computer based work, as i do not really understand this sort of stuff it may have been useful to learn. However technical aspects about computers do not really interest me, so them not really being part of the subject did not really bother me.
Before participating and undertaking in corporate information security i had a very limited understanding and idea of the depth and importance that this aspect of a business can have to protect entity's. I suppose from never doing a lot of this sort of work, except for a bit of Risk management in some other business subjects i never really understood the full meaning of information security.
The aspects of this subject which i found most interesting were the topics of the need for security and the legal, ethical and professional issues. I found the legal, ethical and professional issues topic interesting as i have completed a few law subjects and this related to those involving aspects of the law, they were new aspects that i did not previously know about and i found interesting to learn about. Aspects of the subject which i found uninteresting and appealing to myself were topics which included a lot technical jargon as i am not really interested in that sort of stuff as i stated previously. I also did not find topics that were over flowing with information to interesting either.
Other than the first topic which was an introduction to information security, the topic on physical security was another topic which i found relatively easy to understand. None of the topics covered in the subject were too difficult to get a basic understanding of, concepts in each topic required some reading and thought. To master these topics though is a task which would take years of training, experience and practice.
In regards to how this subject was facilitated, overall i found it fairly sufficient. I personally feel that going to lectures and tutorials aids my learning style a lot better as i am a more kinaesthetic learner and learn by doing, rather reading slides and slabs of text which at times i find it does not really help to learn new concepts.
Thursday, November 18, 2010
Monday, November 1, 2010
Week 12 Blog Entry
Write about ways that penetration analysts limit the risk they pose to internal systems.
Ways that penetration analysts limit the risk they pose to internal systems:
- A penetration test, which offers an invalueable and compelling way to establish a baseline assessment of security as seen from outside the boundaries the organisation's network. Properly done these tests can show vulnerabilities that may exist and network penetrations thet may be possible.
(http://www.isss.net)
- Perform tests during off peak times, when systems are not in use. Doing this means that even if the systems have slow or if its performance is hampered, the impact will not be huge.
(http://corpinfosec.blogspot.com/2009_11_01_archive.html)
Looking at News stories related to computer vulnerabilities.
Network Security Magazine. com (http://www.network-security-magazine.com)
Network Security Threats
- How Advanced Persistent threats bypass your network security.
Advanced Persistent Threats have been attacking hundreds of companies around the world. It is reported in the article that "Advanced Persistent Threats(ATP's) are sophiticated forms of cyber attacks through which hackers mine for sensitive corporate data over the long term". The ATP's are not easily purged from the system and usually take days to erase.
This description of an ATP is very accurate and in line with what is written by researchers.
Ways that penetration analysts limit the risk they pose to internal systems:
- A penetration test, which offers an invalueable and compelling way to establish a baseline assessment of security as seen from outside the boundaries the organisation's network. Properly done these tests can show vulnerabilities that may exist and network penetrations thet may be possible.
(http://www.isss.net)
- Perform tests during off peak times, when systems are not in use. Doing this means that even if the systems have slow or if its performance is hampered, the impact will not be huge.
(http://corpinfosec.blogspot.com/2009_11_01_archive.html)
Looking at News stories related to computer vulnerabilities.
Network Security Magazine. com (http://www.network-security-magazine.com)
Network Security Threats
- How Advanced Persistent threats bypass your network security.
Advanced Persistent Threats have been attacking hundreds of companies around the world. It is reported in the article that "Advanced Persistent Threats(ATP's) are sophiticated forms of cyber attacks through which hackers mine for sensitive corporate data over the long term". The ATP's are not easily purged from the system and usually take days to erase.
This description of an ATP is very accurate and in line with what is written by researchers.
Tuesday, October 26, 2010
Week 11 - Blog entry - Security and personnel
What actions can each person in an organisation take to minimise the risk of identity theft?
Individuals within an organisation can take several actions to minimise the risk of identity theft-
- Hard records or information on paper should be kept and stored in locked filing cabinets, and only authorised individuals should have access or other individuals without authorisation need to be supervised.
- All computer networks should be password protected, so no one can freely browse through someones computer. Information databases should have passwords and restricted access to only authorised personnel.
- Information that is no longer of any use to the organisation should be disposed of correctly, eg. shredded.
- They can avoid openly releasing personnal information.
Discuss and generate a list of concrete actions each student can take to control this risk at UB.
- Students can change their password regularly, as the universityalready makes us do every six months, maybe more often than this.
- Do not leave their computer unattended whilst logged in.
- Do not give personal information to anyone who they do not trust.
- Report the loss of ID card if lost.
How do you think the information security department at UB is structured? You do not need to know the correct answer to this, but based on your understanding of UB's size and types of information it needs to secure, what roles do you imagine exist here?
The University of Ballarat is not the biggest University around, but it would still have an information security structure similar to anywhere else.
The University's information security structure may include functions such as:
- A Cheif Security Officer: who would be at the top of the tree. This person would overlook the university's information security program. This person would also approve information security policies, develop security budgets, make recruiting, hiring and firing decisions or reccommendations. They would also be the spokesperson for the information security division and would have the required qualifications.
- A Security manager: who would run the day-to-day operation of the information security program.
-A information security adminisatrator
-Physical security: Most likely one main physical security officer who overlooks all the physical security and report to the cheif security officer. There would also be other personnel who go around computer rooms and areas to ensure computers are up to correct standard and ensure computers are safe and secure. There would be several security guards who may ensure everything is locked at closing time and ensure the overnight labs are constantly safe and secure, this may be outsourced to a security company.
- An Information security technician: Who configures security and hardware , this indivdual or individuals would be specialised and have needed qualifications.
- In all these functions there would be other personnal who work with each section to assist them in completing their job.
Individuals within an organisation can take several actions to minimise the risk of identity theft-
- Hard records or information on paper should be kept and stored in locked filing cabinets, and only authorised individuals should have access or other individuals without authorisation need to be supervised.
- All computer networks should be password protected, so no one can freely browse through someones computer. Information databases should have passwords and restricted access to only authorised personnel.
- Information that is no longer of any use to the organisation should be disposed of correctly, eg. shredded.
- They can avoid openly releasing personnal information.
Discuss and generate a list of concrete actions each student can take to control this risk at UB.
- Students can change their password regularly, as the universityalready makes us do every six months, maybe more often than this.
- Do not leave their computer unattended whilst logged in.
- Do not give personal information to anyone who they do not trust.
- Report the loss of ID card if lost.
How do you think the information security department at UB is structured? You do not need to know the correct answer to this, but based on your understanding of UB's size and types of information it needs to secure, what roles do you imagine exist here?
The University of Ballarat is not the biggest University around, but it would still have an information security structure similar to anywhere else.
The University's information security structure may include functions such as:
- A Cheif Security Officer: who would be at the top of the tree. This person would overlook the university's information security program. This person would also approve information security policies, develop security budgets, make recruiting, hiring and firing decisions or reccommendations. They would also be the spokesperson for the information security division and would have the required qualifications.
- A Security manager: who would run the day-to-day operation of the information security program.
-A information security adminisatrator
-Physical security: Most likely one main physical security officer who overlooks all the physical security and report to the cheif security officer. There would also be other personnel who go around computer rooms and areas to ensure computers are up to correct standard and ensure computers are safe and secure. There would be several security guards who may ensure everything is locked at closing time and ensure the overnight labs are constantly safe and secure, this may be outsourced to a security company.
- An Information security technician: Who configures security and hardware , this indivdual or individuals would be specialised and have needed qualifications.
- In all these functions there would be other personnal who work with each section to assist them in completing their job.
Thursday, October 14, 2010
Blog entry - Section 10 - Implementing Information Security
Outsourcing in very simple terms refers to the process of contracting work to a third-party, in this situation information security. The decision by organisations to outsource or fulfill tasks themselves may be depend on certain factors including costs, availability of resources and capital. Depending on the situation it may be beneficial to complete the task ourselves or outsource the task.
Advantages of outsourcing information security may include-
- Improved service
- Improved skiils on tasks/projects
- Improved Return On Investment(ROI)
- Reduced costs
- Shorter implementation cycles
- Business can concentrate on their core business operations
Disadvantages of outsourcing information security may inclyde-
- May risk brand or reputation
- Investments that you may have already made in this area become sunk
- Loss of control to some point
- May not be able to control quality of service
What is a RFP?
Request For Proposal or RFP is an invitation for providers of a product or service to bid on the right to supply that product or service to thwe individual or entity that issued the RFP. As in this situation a request of information security may be made via an RFP, then the organisation can decide how to proceed once they recieved and looked over each RFP.
Evaluation
After recieving RFP's from interested businesses, their proposals need to be evaluated to explore their options of picking one of the proposals and to ensure it is a good option. Before choosing to go into business with another business the business should do thorough investigation and inspection into the prospective business partners history, reputation and products, to ensure a good decision is made.
Contract Award
Is where the business informs the bidding business partner of their acceptance of the submitted bid.
Exit Strategy
There may need to be an agreement between customer and outsourcer, that in the situation the relationship is not working, either party can pull out of the agreement. There may need to be some rules put in place to guide such an event.
"The goal of an information secuity blueprint is to gather an organization's requirements, provide a visualization of those requirements and initiate the process of interweaving information security as part of the organization's culture. The blueprint explains an organization's needs, desired results, factors that could influence the outcome and a strategy to execute",
(http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1319948,00.html).
An exit strategy may be necessary if outsourcing this above process because the process which has been outsourced is not being fulfilled effectively and is not up to the standard of that business, therefore they may wish to have an exit strategy so they can end that partnership at any time as it may not be beneficial to the business but more of a disadvantage.
Advantages of outsourcing information security may include-
- Improved service
- Improved skiils on tasks/projects
- Improved Return On Investment(ROI)
- Reduced costs
- Shorter implementation cycles
- Business can concentrate on their core business operations
Disadvantages of outsourcing information security may inclyde-
- May risk brand or reputation
- Investments that you may have already made in this area become sunk
- Loss of control to some point
- May not be able to control quality of service
What is a RFP?
Request For Proposal or RFP is an invitation for providers of a product or service to bid on the right to supply that product or service to thwe individual or entity that issued the RFP. As in this situation a request of information security may be made via an RFP, then the organisation can decide how to proceed once they recieved and looked over each RFP.
Evaluation
After recieving RFP's from interested businesses, their proposals need to be evaluated to explore their options of picking one of the proposals and to ensure it is a good option. Before choosing to go into business with another business the business should do thorough investigation and inspection into the prospective business partners history, reputation and products, to ensure a good decision is made.
Contract Award
Is where the business informs the bidding business partner of their acceptance of the submitted bid.
Exit Strategy
There may need to be an agreement between customer and outsourcer, that in the situation the relationship is not working, either party can pull out of the agreement. There may need to be some rules put in place to guide such an event.
"The goal of an information secuity blueprint is to gather an organization's requirements, provide a visualization of those requirements and initiate the process of interweaving information security as part of the organization's culture. The blueprint explains an organization's needs, desired results, factors that could influence the outcome and a strategy to execute",
(http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1319948,00.html).
An exit strategy may be necessary if outsourcing this above process because the process which has been outsourced is not being fulfilled effectively and is not up to the standard of that business, therefore they may wish to have an exit strategy so they can end that partnership at any time as it may not be beneficial to the business but more of a disadvantage.
Friday, October 8, 2010
Blog Entry - Section 9 - Physical Security
The concepts discussed throughout section 9 (this weeks work) were fairly straightfoward and self explanatory. As the topic was Physical security a lot of the concepts were of general jnowledge such as physical access controls including ID cards, badges, locks, keys, etc... The detail of these concepts and how they linked with the issue of physical security were not as well known to myself, so it was beneficial to learn about these concepts in more detail. This section taught me a lot of new things i knew about but did not fully understand such as how locks and keys actually work and the different types that are out there. This topic really pulled together a lot of ideas such as fires, physical security measures and many concepts and they can be of great importance within any organisation, with my new found knowledge of these things hopefully i can utilise some of these concepts now and in the future to my benefit.
In regards to the physical security of the data and information on my computer, it is probably not that secure. The only defense mechanism on my computer is a password or fingerprint access into my user. If i was to lose or my computer was stolen, it probably would not be that hard to break into my user and steal any information that is contained on my computer.
In the situation of me working for a large multinational business or government department, measures which i could take to mitigate the risks of physical theft or loss may be vast. The main measure i could take would be to ensure i never left my computer alone and always have it with me, especially whilst travelling.
There are a couple of measures which could help me including CompuTrace and Burglar Alarms.
In regards to the physical security of the data and information on my computer, it is probably not that secure. The only defense mechanism on my computer is a password or fingerprint access into my user. If i was to lose or my computer was stolen, it probably would not be that hard to break into my user and steal any information that is contained on my computer.
In the situation of me working for a large multinational business or government department, measures which i could take to mitigate the risks of physical theft or loss may be vast. The main measure i could take would be to ensure i never left my computer alone and always have it with me, especially whilst travelling.
There are a couple of measures which could help me including CompuTrace and Burglar Alarms.
Friday, September 10, 2010
Week 7 Blog entry
1.Which architecture for deploying a firewall is most commonly used in businesses today? Why?
The most commonly used architecture for deploying a firewall is screened subnet firewalls (with DMZ). The DMZ or Demilitarised zone can be a dedicated port on the firewall device linking a single bastion host or it can be connected to screeened subnet. A common arrangement finds the subnet firewall consisting of two or more internal bastion hosts behind a packet filtering router, with each host protecting the trusted network. Connections from the outside or untrusted network are routed through an external filtering router. Connections from the outside or untrusted network are routed in to and then out of a routing firewall to the separate network segment known as the DMZ.
Screened subnet firewalls are the most commonly used architecteture for various reasons including that it provides flexibility especially for internet based applications, such as e-mail, Web services and e-commerce. It also allows servers that must be accessible to the interent while still protecting back office services on the secure internal network or intranet. The use of the DMZ can harden up the exposed servers by using security Tools and Checklists for server operating systems.
The subnet firewall rather than using only the packet-filtering router as the front door to the DMZ, a second firewall is added behind for further inspection of traffic. These features of a screened subnet firwall (with DMZ) are why it is the most commonly used architecture for deploying a firewall.
2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
A VPN is a private and secure network connection between systems that uses the data communication capability of an unsecured and public network. VPN's are commonly used to extend securely an organisation's internal network connections to remote locations beyond the trusted network.
Reasons why VPN technology has become the dominant method for remote workers to connect to the organisations network include that it allows employees to safely log into company networks from anywhere. It is extremely convinient for individuals who travel as they can stay connected to the to the corporate intranet over long distances. The VPN allows users to use public networks like the internet rather than to rely on private leased links that are expensive, this alows the organisation to also cut costs. Individuals from the organisation can thus work at customer sites, business partners, hotels and other untrusted locations to access the corporate network safely over dedicated private connections. This comes throught the use of restricted-access networks that utilise the same cabling and routers asd a public network, and they do so without sacrificing features or basic security.
3.Will biometrics involve encryption? How are biometric technologies dependent on the use of cryptography?
Encryption is the process of converting an original message into a form that is unreadable by unauthorised individuals.
Biometrics "is the science and technology of measuring and analysing biological data. In information technology biometrics refers to technolgies that measure and analyse human body characteristics, such as DNA, fingerprints, eye retinas and irises, voice patterns and hand measurements for authentification purposes", (http://searchsecurity.tehtarget.com/sDefinition/0,,sid14_gci21166,00.html). Yes, biometrics will involve encryption. Biometric encryption is the process of using a characteristic as a method to code or scramble/ descramble data. Encrypted biometric information is going to make it very difficult for an attacker to steal or break passwords or personal identification numbers. As biometric data is one of a kind human information it is very difficult to copy and if it is encrypted it is difficult to make this information rreadible by a user.
Cryptography " can be difined as the conversion of data into a scrambled code that can be deciphered and sent across a public or private network" (www.barcodesinc.com).
Biometric technologies are dependent on the use of cryptography as it allows Biometric information to be scrambled into code which can be sent across networks.
The most commonly used architecture for deploying a firewall is screened subnet firewalls (with DMZ). The DMZ or Demilitarised zone can be a dedicated port on the firewall device linking a single bastion host or it can be connected to screeened subnet. A common arrangement finds the subnet firewall consisting of two or more internal bastion hosts behind a packet filtering router, with each host protecting the trusted network. Connections from the outside or untrusted network are routed through an external filtering router. Connections from the outside or untrusted network are routed in to and then out of a routing firewall to the separate network segment known as the DMZ.
Screened subnet firewalls are the most commonly used architecteture for various reasons including that it provides flexibility especially for internet based applications, such as e-mail, Web services and e-commerce. It also allows servers that must be accessible to the interent while still protecting back office services on the secure internal network or intranet. The use of the DMZ can harden up the exposed servers by using security Tools and Checklists for server operating systems.
The subnet firewall rather than using only the packet-filtering router as the front door to the DMZ, a second firewall is added behind for further inspection of traffic. These features of a screened subnet firwall (with DMZ) are why it is the most commonly used architecture for deploying a firewall.
2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
A VPN is a private and secure network connection between systems that uses the data communication capability of an unsecured and public network. VPN's are commonly used to extend securely an organisation's internal network connections to remote locations beyond the trusted network.
Reasons why VPN technology has become the dominant method for remote workers to connect to the organisations network include that it allows employees to safely log into company networks from anywhere. It is extremely convinient for individuals who travel as they can stay connected to the to the corporate intranet over long distances. The VPN allows users to use public networks like the internet rather than to rely on private leased links that are expensive, this alows the organisation to also cut costs. Individuals from the organisation can thus work at customer sites, business partners, hotels and other untrusted locations to access the corporate network safely over dedicated private connections. This comes throught the use of restricted-access networks that utilise the same cabling and routers asd a public network, and they do so without sacrificing features or basic security.
3.Will biometrics involve encryption? How are biometric technologies dependent on the use of cryptography?
Encryption is the process of converting an original message into a form that is unreadable by unauthorised individuals.
Biometrics "is the science and technology of measuring and analysing biological data. In information technology biometrics refers to technolgies that measure and analyse human body characteristics, such as DNA, fingerprints, eye retinas and irises, voice patterns and hand measurements for authentification purposes", (http://searchsecurity.tehtarget.com/sDefinition/0,,sid14_gci21166,00.html). Yes, biometrics will involve encryption. Biometric encryption is the process of using a characteristic as a method to code or scramble/ descramble data. Encrypted biometric information is going to make it very difficult for an attacker to steal or break passwords or personal identification numbers. As biometric data is one of a kind human information it is very difficult to copy and if it is encrypted it is difficult to make this information rreadible by a user.
Cryptography " can be difined as the conversion of data into a scrambled code that can be deciphered and sent across a public or private network" (www.barcodesinc.com).
Biometric technologies are dependent on the use of cryptography as it allows Biometric information to be scrambled into code which can be sent across networks.
Sunday, September 5, 2010
Week 6 Blog entry
Incident classification is based on the judgement of the information security professionals involved. How would you determine if any given circumstances is business as usual, an incident or a disaster?
Classifying information securtiy incidents is normally done into three categories business as usual, an incident or a disaster. Business as usual means incidents which occur in the normal course of an activity, mainly in circumstances that occur on a day-to-day basis. These may just be small events which happen daily. An incident would be an occurrence or event which interupts normal procedures, this type of event would not occur on a daily basis. It would be events which occur from time to like security threats or warnings. A disaster on the other hand would be an event which causes widespread destruction and distress, this may occur if the whole information security system is taken out, major amounts of information stolen or a major breach of security.
It's often said that information security begins with solid policy. Why is this so?
A policy is desribed as a principle or rule to guide decisions and achieve rational outcomes. Which this kept in mind if managers use solid policy to guide them when dealing with infomation security they should be able to make more informed and educated decisions. Thus leading to more successful information security and protection of their information.
Keeping policy current is critical. How do you think policy needs to be updated to accomodate current events? Give examples where possible.
Policy needs to be continuously controlled and monitored to accomodate current events as technology is forever evolving and growing, organisation's policy must stay constantly new and with the times to ensure they can plan their security measures and processes. All sorts of new attacks and threats are occuring daily, these need to be countered by organisation's to ensure they are not vulnerable to any threats.
Classifying information securtiy incidents is normally done into three categories business as usual, an incident or a disaster. Business as usual means incidents which occur in the normal course of an activity, mainly in circumstances that occur on a day-to-day basis. These may just be small events which happen daily. An incident would be an occurrence or event which interupts normal procedures, this type of event would not occur on a daily basis. It would be events which occur from time to like security threats or warnings. A disaster on the other hand would be an event which causes widespread destruction and distress, this may occur if the whole information security system is taken out, major amounts of information stolen or a major breach of security.
It's often said that information security begins with solid policy. Why is this so?
A policy is desribed as a principle or rule to guide decisions and achieve rational outcomes. Which this kept in mind if managers use solid policy to guide them when dealing with infomation security they should be able to make more informed and educated decisions. Thus leading to more successful information security and protection of their information.
Keeping policy current is critical. How do you think policy needs to be updated to accomodate current events? Give examples where possible.
Policy needs to be continuously controlled and monitored to accomodate current events as technology is forever evolving and growing, organisation's policy must stay constantly new and with the times to ensure they can plan their security measures and processes. All sorts of new attacks and threats are occuring daily, these need to be countered by organisation's to ensure they are not vulnerable to any threats.
Friday, August 27, 2010
Week 5 Blog Entrty
Difficulties faced in this section-
This section of work relating to risk Management was reasonably easy to understand all the concepts involved, the difficult thing was really to put everything together and make sense of the different ideas discussed in this section. Without actually having a lecture it is sometimes difficult to relate certain concepts to real situations which would help me understand each topic better. The length and amount of information dicussed in this section was also a little bit overwhelming to get a grip on everything. It is difficult to know what information and ideas which are mostly relevant and how they all link together.
I found the following questions answered in my blog difficult to find answers to and really just understand what the question was asking as i could not find any reference to it in the notes for this section.
1) What is the best value that should be assessed when evaluating the worth of an information asset to the organisation - replacement cost or loss income while repairing or replacing?
The best value that should be assessed while evaluating the worth of an information asset can vary throughout different organisations and type of information asset. A efficient machine or piece of equipment can be priceless in some organisation's as it is the linch pin of the organisation, income losses could be quite severe. Replacement costs may not be greatly expensive but the difficulty in finding another is sometimes difficult and time consuming. Repairing and replacing these assets can also be quite costly in terms of sales revenue, most of the times these occurencies are inconveniences that are not needed in an organiation.
2) What is the likelihood value of a vulnerability that no longer must be considered?
Likelihood is 'the probability that a specific vulnerability within an organisation will be successfully attacked'. When doing risk assessment's a numerical value is assigned to vulnerability and one which is no longer really considered is close to zero.
3) In what instances is baselining or benchmarking superior to Cost Benefit Analysis?
In my view these concepts are relatively different. A CBA refers to either helping appraise , or assess the case for a project, programme or policy proposal. It can also refer to an approach to help make economic decisions of any kind. Whereas baselining and benchmarking relates to comparing various factors within organisation's.
4) How can we find out what organisations risk appeitie is? Why is this important?
An organisation's risk appetite is "the amount of risk exposure, or potential adverse impact from an event, that the organisation is willing to accept/retain". To work out an organisation's risk appetite they must ask themselves the following questions :
- Where do we feel we should allocate our limited time and resources to minimise risk exposures?
- What level of risk exposure requires immediate action? Why?
- What level of risk requires a formal response strategy to mitigate the potentially material impact? Why?
- What events have occured in the past and at what level were they managed? Why?
Each question is followed by a 'why' because the organisation should be able to articulate the quantitative and/or qualitative basis for the appetite. The overall aim of the organisation is to keep the risk within the organisations accepted range.
"http://www.continuitycentral.com/feature0170.htm'
This section of work relating to risk Management was reasonably easy to understand all the concepts involved, the difficult thing was really to put everything together and make sense of the different ideas discussed in this section. Without actually having a lecture it is sometimes difficult to relate certain concepts to real situations which would help me understand each topic better. The length and amount of information dicussed in this section was also a little bit overwhelming to get a grip on everything. It is difficult to know what information and ideas which are mostly relevant and how they all link together.
I found the following questions answered in my blog difficult to find answers to and really just understand what the question was asking as i could not find any reference to it in the notes for this section.
1) What is the best value that should be assessed when evaluating the worth of an information asset to the organisation - replacement cost or loss income while repairing or replacing?
The best value that should be assessed while evaluating the worth of an information asset can vary throughout different organisations and type of information asset. A efficient machine or piece of equipment can be priceless in some organisation's as it is the linch pin of the organisation, income losses could be quite severe. Replacement costs may not be greatly expensive but the difficulty in finding another is sometimes difficult and time consuming. Repairing and replacing these assets can also be quite costly in terms of sales revenue, most of the times these occurencies are inconveniences that are not needed in an organiation.
2) What is the likelihood value of a vulnerability that no longer must be considered?
Likelihood is 'the probability that a specific vulnerability within an organisation will be successfully attacked'. When doing risk assessment's a numerical value is assigned to vulnerability and one which is no longer really considered is close to zero.
3) In what instances is baselining or benchmarking superior to Cost Benefit Analysis?
In my view these concepts are relatively different. A CBA refers to either helping appraise , or assess the case for a project, programme or policy proposal. It can also refer to an approach to help make economic decisions of any kind. Whereas baselining and benchmarking relates to comparing various factors within organisation's.
4) How can we find out what organisations risk appeitie is? Why is this important?
An organisation's risk appetite is "the amount of risk exposure, or potential adverse impact from an event, that the organisation is willing to accept/retain". To work out an organisation's risk appetite they must ask themselves the following questions :
- Where do we feel we should allocate our limited time and resources to minimise risk exposures?
- What level of risk exposure requires immediate action? Why?
- What level of risk requires a formal response strategy to mitigate the potentially material impact? Why?
- What events have occured in the past and at what level were they managed? Why?
Each question is followed by a 'why' because the organisation should be able to articulate the quantitative and/or qualitative basis for the appetite. The overall aim of the organisation is to keep the risk within the organisations accepted range.
"http://www.continuitycentral.com/feature0170.htm'
Friday, August 20, 2010
Week 4 Work
Do you see any disparity between local (Australia) law and International law? What could be the implications when information security breaches cross borders?
Overall from what i can see from my research of information security globally most of the laws seem to be fairly similar and similar regulations are in place. The U.S. and U.K. seem to be a bit ahead of Australia in the laws which they have made and the detail and broadness of their laws. This is reasonably expected as it could be said they are a bit more technologically advanced and have faced these threats more regularly and for a longer period of time.
Their could be very significant implications relating to information security breaches which cross international borders. As seen in this case of a U.K. hacker being extradited to the U.S. to face trial regarding his attempts to hack N.A.S.A's computers, the U.S. Department of Defense and several military branches. Extraditing an individual to another country is a very extreme measure and is probably one of the highest implications for an information security breach. It can become very different when information security breaches are internationally committed as country's attempt not to allow their citizens to be extradited as in this case where the man was allowes to be extradited. It can become a very messy situation between nations when they want to charge individuals from other country's, all sorts of issues can arise legal-political, economical or sociocultural which may cause all kinds of issues relating to breaks and charges on these breaches.
Thoughts on Video - "British 'UFO' hacker loses extradition battle"
This is a very highly debated topic and a difficult one to pass judgement on. As the attack was undertaken in the U.K. against computers in the U.S. it seems fair that as the attack was against the U.S. the charges should be made in the U.S.. Then on the other hand as the offence was essentially committed in the U.K. it brings up a whole lot of issues for discussion. I can now see and understand why there is so much controversy about extraditing individuals for crimes such as this one i previously did not understand what extradition was but after just thinking about it for a few minutes it really brings about many dilemas in a persons thinking. Is it right that someone can be trialed in another country or should they be trialed in their country and fulfill theri penalties there. It really brings up some dilema's especially in this case as the individual in question as Asperger's Syndrome. This in it's self brings up many issues both ethical and moral as would it be right to sentence him in the U.S. away from his who he would heavily rely depend on because of his condition or should he really be sentenced at all, instead maybe he needs help with his disability to overcome certain issues.
If the hacker was identified as being from China or a country less friendly with the U.S., the circumstances may be different. This may be because of national relations, cultures and laws in place in these countries. These countries may also not allow one of their citizens to be extradited to a foriegn country for trial instead attempted to put barriers in place to stop this extradition.
Overall from what i can see from my research of information security globally most of the laws seem to be fairly similar and similar regulations are in place. The U.S. and U.K. seem to be a bit ahead of Australia in the laws which they have made and the detail and broadness of their laws. This is reasonably expected as it could be said they are a bit more technologically advanced and have faced these threats more regularly and for a longer period of time.
Their could be very significant implications relating to information security breaches which cross international borders. As seen in this case of a U.K. hacker being extradited to the U.S. to face trial regarding his attempts to hack N.A.S.A's computers, the U.S. Department of Defense and several military branches. Extraditing an individual to another country is a very extreme measure and is probably one of the highest implications for an information security breach. It can become very different when information security breaches are internationally committed as country's attempt not to allow their citizens to be extradited as in this case where the man was allowes to be extradited. It can become a very messy situation between nations when they want to charge individuals from other country's, all sorts of issues can arise legal-political, economical or sociocultural which may cause all kinds of issues relating to breaks and charges on these breaches.
Thoughts on Video - "British 'UFO' hacker loses extradition battle"
This is a very highly debated topic and a difficult one to pass judgement on. As the attack was undertaken in the U.K. against computers in the U.S. it seems fair that as the attack was against the U.S. the charges should be made in the U.S.. Then on the other hand as the offence was essentially committed in the U.K. it brings up a whole lot of issues for discussion. I can now see and understand why there is so much controversy about extraditing individuals for crimes such as this one i previously did not understand what extradition was but after just thinking about it for a few minutes it really brings about many dilemas in a persons thinking. Is it right that someone can be trialed in another country or should they be trialed in their country and fulfill theri penalties there. It really brings up some dilema's especially in this case as the individual in question as Asperger's Syndrome. This in it's self brings up many issues both ethical and moral as would it be right to sentence him in the U.S. away from his who he would heavily rely depend on because of his condition or should he really be sentenced at all, instead maybe he needs help with his disability to overcome certain issues.
If the hacker was identified as being from China or a country less friendly with the U.S., the circumstances may be different. This may be because of national relations, cultures and laws in place in these countries. These countries may also not allow one of their citizens to be extradited to a foriegn country for trial instead attempted to put barriers in place to stop this extradition.
Thursday, August 12, 2010
Article Summary Week 3 Work
Article name: FTP login credentials at major corporations breached.
By Greg Masters, posted June 29, 2009.
http://www.securecomputing.net.au/News/148759,ftp-login-credentials-at-major-corporations-breached.aspx
"A Trojan was reportedly uncovered that is harvesting FTP login data of major corporations, including the Bank of America, BBC, Amazon, Cisco, Monster.com, Symantec and McAfee". It is a ZBot trojan which is known for capturing keystrokes to obtain login credentials, along with credit card or other sensitive information.
Once a PC was infected, user's stored FTP login credentials were stolen.
The major impacts of this trojan were stolen login credentials for around 68,000 websites. Also some versions of the trojan are capable of getting snapshots of an infected user's system.
Measures that these organisations can take to prevent these threats and attacks in future include warning site users about these problems. Ivan Macalintal, a threat researcher manager at Trend Micro said that traditional antidotes can be used including not clicking on suspicious or solicited links, browse safely and securely using web filtering, update patches and use safe computing practices. These are the main measures which can be taken to prevent any future attacks by the users, other than these i am sure that these major corporations have taken some approaches to stop any future attacks but the artical does not discuss these.
In regards to measures that the University of Ballarat has in place to deal with information security the Network and Infrastructure team have dedicated team that focuses on information security. The ICT security staff has implemented a number of strategies to protect our data, services and systems. Measures that have beeen taken include use of state of the art fire walls, virus and spyware protection, anti-spam software, multi tiered password protection, secure login via Access@UB, secure data storage, security alerts, educating UB students and staff and access to free anti-virus software(sophos).
By Greg Masters, posted June 29, 2009.
http://www.securecomputing.net.au/News/148759,ftp-login-credentials-at-major-corporations-breached.aspx
"A Trojan was reportedly uncovered that is harvesting FTP login data of major corporations, including the Bank of America, BBC, Amazon, Cisco, Monster.com, Symantec and McAfee". It is a ZBot trojan which is known for capturing keystrokes to obtain login credentials, along with credit card or other sensitive information.
Once a PC was infected, user's stored FTP login credentials were stolen.
The major impacts of this trojan were stolen login credentials for around 68,000 websites. Also some versions of the trojan are capable of getting snapshots of an infected user's system.
Measures that these organisations can take to prevent these threats and attacks in future include warning site users about these problems. Ivan Macalintal, a threat researcher manager at Trend Micro said that traditional antidotes can be used including not clicking on suspicious or solicited links, browse safely and securely using web filtering, update patches and use safe computing practices. These are the main measures which can be taken to prevent any future attacks by the users, other than these i am sure that these major corporations have taken some approaches to stop any future attacks but the artical does not discuss these.
In regards to measures that the University of Ballarat has in place to deal with information security the Network and Infrastructure team have dedicated team that focuses on information security. The ICT security staff has implemented a number of strategies to protect our data, services and systems. Measures that have beeen taken include use of state of the art fire walls, virus and spyware protection, anti-spam software, multi tiered password protection, secure login via Access@UB, secure data storage, security alerts, educating UB students and staff and access to free anti-virus software(sophos).
Wednesday, August 11, 2010
Week 3 Reflection - The need for security
The only time i believe i have had to deal with the effects of these attacks was by a worm. From my understanding of the definition of a worm it is a malicious program that replicates itself constantly without requiring another to provide a safe environment for replication. These worms can replicate themselves until they completely fill available resources.
In my experience i am not 100% sure that the attack was a worm, but the internet browser screen continually kept opening to the page which i had visited. I can not remember what page this was but i know it was my internet explorer browser. This continued for a few minutes and then i turned my computer off at the power. When i started it back up again it rebooted andeverything worked as normal. This attack if it was an attack may not have been a worm but that's the only category which i think it fits into.
Afterwards i took no precautionary measures to stop future worms or attacks and have had no trouble since this one off experience.
As i do not use the internet that regularly unless required, i may not be as prone to these attacks. It is only recently since doing eBusiness courses that i have expanded my online use, so in the future i may need to protect my self from any of these events occuring to me. Maybe through completing this course i may learn ways to do this and learn more about information security in general.
In my experience i am not 100% sure that the attack was a worm, but the internet browser screen continually kept opening to the page which i had visited. I can not remember what page this was but i know it was my internet explorer browser. This continued for a few minutes and then i turned my computer off at the power. When i started it back up again it rebooted andeverything worked as normal. This attack if it was an attack may not have been a worm but that's the only category which i think it fits into.
Afterwards i took no precautionary measures to stop future worms or attacks and have had no trouble since this one off experience.
As i do not use the internet that regularly unless required, i may not be as prone to these attacks. It is only recently since doing eBusiness courses that i have expanded my online use, so in the future i may need to protect my self from any of these events occuring to me. Maybe through completing this course i may learn ways to do this and learn more about information security in general.
Friday, August 6, 2010
Article Summary Week 2 Work
Article: Burton Group names Symantic, RSA, Websense as best data loss prevention vendors. By Robert Westerveit, Posted 19th October 2009.
http://searchsecurity.techtarget.com.au/articles/36348-Burton-Group-names-Symantec-RSA-Websense-as-best-data-loss-prevention-vendors?topic_id=176
Overall this article relates to companies being fearful of being the next victim of an information security breach. Company's are beginning to use Data Leakage Prevention(DLP) technology to track data.
Data Laekage Prevention vendors are creating new and important relationships with other parties to better integrate DLP software it can track where the data is going, it can block potential hackers or even place alarms on the data.
The article also discusses vendors of Data Leakage Prevention software and how they were rated for their services as a vendor. It discusses the issues relating to DLP technologies, making it an ongoing process that needs to be continued for the DLP software to be fully effective within the business.
On a whole this article discusses the first topic of the subject an Introduction to Information Security as it discusses Data Leakage Prevention software. This relates to Information Security as data is a form information which needs to be secured within businesses.
http://searchsecurity.techtarget.com.au/articles/36348-Burton-Group-names-Symantec-RSA-Websense-as-best-data-loss-prevention-vendors?topic_id=176
Overall this article relates to companies being fearful of being the next victim of an information security breach. Company's are beginning to use Data Leakage Prevention(DLP) technology to track data.
Data Laekage Prevention vendors are creating new and important relationships with other parties to better integrate DLP software it can track where the data is going, it can block potential hackers or even place alarms on the data.
The article also discusses vendors of Data Leakage Prevention software and how they were rated for their services as a vendor. It discusses the issues relating to DLP technologies, making it an ongoing process that needs to be continued for the DLP software to be fully effective within the business.
On a whole this article discusses the first topic of the subject an Introduction to Information Security as it discusses Data Leakage Prevention software. This relates to Information Security as data is a form information which needs to be secured within businesses.
Thursday, August 5, 2010
Week 2 Reflection - Introduction to Information Security
As this is my first journal reflection entry i am still coming to grips with what is fully required out of this exercise, so i will just learn as i go.
As this weeks chapter was an Introduction to Information Security overall it was a reasonably easy first chapter to come to grips with the concepts discussed throughout.
MAIN THINGS I LEARNT-
Whilst reading this chapter i have learnt several new concepts and ideas that i did not know or not fully understand. I have learnt about the history of Information Security dating back to the 1960's. I have learnt that the beginning of information security began after the first mainframes were developed. This produced the need for information on these mainframes needed some form of protection. I have also discovered the meaning of several terms including security, information, information security, data ownership, data custodian and data users. From studying this chapter i have a greater understanding of a lot more of the components if both information and security. From completing the online quiz i learnt the majority of what i learnt out of this topic, i found it a very useful exercise to complete.
WHAT I FOUND DIFFICULT TO UNDERSTAND-
As i previously said this chapter was an introduction to information security the overall concepts and issues discussed are really quite simple to understand. In terms of anything i found difficult to understand nothing really was that in depth that it was mind boggling. The only thing i do not fully understand is The Systems Development Life Cycle and The Waterfall Methodology. After reading it over a couple of times and thinking about it, it became clearer and easier to understand.
WHAT INTERESTS ME-
Overall the topic was fairly interesting to me as i enrolled in this course to learn more about information security. As the first chapter was an overview of this topic it lived up to my expectations about what i intended to learn about. So the concepts or ideas which i found interesting were some elements relating to both information and security. The history of information security was probably the most interesting aspect of the chapter as i now know the origin of the concept of information security. The weekly quiz was probably the best part of the work for the week and the most useful activity i completed as it made me go and hunt for the answers through the slide presentation.
WHAT DOES NOT INTEREST ME-
As i am not the most technically savy person when it comes to computers anything which is too in depth about computers does not really interest me. As there was nothing really like this in this chapter, none of the topics were not some what interesting to me.
As this weeks chapter was an Introduction to Information Security overall it was a reasonably easy first chapter to come to grips with the concepts discussed throughout.
MAIN THINGS I LEARNT-
Whilst reading this chapter i have learnt several new concepts and ideas that i did not know or not fully understand. I have learnt about the history of Information Security dating back to the 1960's. I have learnt that the beginning of information security began after the first mainframes were developed. This produced the need for information on these mainframes needed some form of protection. I have also discovered the meaning of several terms including security, information, information security, data ownership, data custodian and data users. From studying this chapter i have a greater understanding of a lot more of the components if both information and security. From completing the online quiz i learnt the majority of what i learnt out of this topic, i found it a very useful exercise to complete.
WHAT I FOUND DIFFICULT TO UNDERSTAND-
As i previously said this chapter was an introduction to information security the overall concepts and issues discussed are really quite simple to understand. In terms of anything i found difficult to understand nothing really was that in depth that it was mind boggling. The only thing i do not fully understand is The Systems Development Life Cycle and The Waterfall Methodology. After reading it over a couple of times and thinking about it, it became clearer and easier to understand.
WHAT INTERESTS ME-
Overall the topic was fairly interesting to me as i enrolled in this course to learn more about information security. As the first chapter was an overview of this topic it lived up to my expectations about what i intended to learn about. So the concepts or ideas which i found interesting were some elements relating to both information and security. The history of information security was probably the most interesting aspect of the chapter as i now know the origin of the concept of information security. The weekly quiz was probably the best part of the work for the week and the most useful activity i completed as it made me go and hunt for the answers through the slide presentation.
WHAT DOES NOT INTEREST ME-
As i am not the most technically savy person when it comes to computers anything which is too in depth about computers does not really interest me. As there was nothing really like this in this chapter, none of the topics were not some what interesting to me.
Week 1 Course Introduction
What sort of damage do you think could be done to a business who had insecure databases? Can you think of any examples where this has happened?
If a business had an insecure database various kinds of damage could be done by hackers to their businesses database. Hackers could steal various kinds of information from databases, depending the information stored on the databases businesses are very open to all kinds of hackers. Hacking businesses databases may lead to all sorts of problems for businesses whether they involve the leaking of information, stealing ideas or problems with legal issues such as privacy being breached. These hackers are a major problem for all businesses in today's business environment as more and more businesses are expanding operations onto the internet without a sufficient knowledge of what they are doing and the risks that they may be open to. Database hacking shows the need for the knowledge of corporate information security in today's business environment.
If a business had an insecure database various kinds of damage could be done by hackers to their businesses database. Hackers could steal various kinds of information from databases, depending the information stored on the databases businesses are very open to all kinds of hackers. Hacking businesses databases may lead to all sorts of problems for businesses whether they involve the leaking of information, stealing ideas or problems with legal issues such as privacy being breached. These hackers are a major problem for all businesses in today's business environment as more and more businesses are expanding operations onto the internet without a sufficient knowledge of what they are doing and the risks that they may be open to. Database hacking shows the need for the knowledge of corporate information security in today's business environment.
Tuesday, August 3, 2010
Assessment Task One
- Why have you chosen to study this course?
The reason i have chosen to study Corporate Information Security is mainly because i enjoyed eBusiness Fundamentals last semester. I found it really good how there were no classes and no set timne during a week where you had to complete set tasks. As i found out already this subject seems to be fairly similar in style which is appealing to me.
- How secure is your personal information? wherever it may exist
The security of most of my personal information is mainly the security of my house as it is mainly in a physical form. So in relation security via my computer it is not really an issue. There would be general concerns about information on social networking sites such as Facebook and the security of those sites. As i do not do a lot of things online like buying or selling online, internet banking or paying bills, my personal information is not available to be stolen through the online world by hackers or etc.
- What do you hope to learn this semester?
Throughout this semester i hope to learn a few things from completing this course. As my knowledge of the online world is not that vast i learnt a lot from doing eBusiness Fundamentals previously. I hope to expand my knowledge of obviously areas such as online security, protection of my personal information as i expand my use of the internet and learn about new areas that i am not currently aware of in the field of information security.
- What is your definition of information?
Information in my eyes can exist in many different forms, tangible or intangible, a collection of data, writing, audio or videos which becomes acquired knowledge.
- What is your definition of information security?
The protection of information of any nature, which is secured from risks and threats from unauthorised users.
- How will the knowledge of information security you gain this semester help you in the future?
The knowledge i gain from completing this information security course will hopefully be beneficial in many areas of my future life. In my field of accounting i think it will be relatively important that i know how to protect client and firm information. It will also be important in my daily life as the internet becomes more and more a part of peoples everyday lives.
The reason i have chosen to study Corporate Information Security is mainly because i enjoyed eBusiness Fundamentals last semester. I found it really good how there were no classes and no set timne during a week where you had to complete set tasks. As i found out already this subject seems to be fairly similar in style which is appealing to me.
- How secure is your personal information? wherever it may exist
The security of most of my personal information is mainly the security of my house as it is mainly in a physical form. So in relation security via my computer it is not really an issue. There would be general concerns about information on social networking sites such as Facebook and the security of those sites. As i do not do a lot of things online like buying or selling online, internet banking or paying bills, my personal information is not available to be stolen through the online world by hackers or etc.
- What do you hope to learn this semester?
Throughout this semester i hope to learn a few things from completing this course. As my knowledge of the online world is not that vast i learnt a lot from doing eBusiness Fundamentals previously. I hope to expand my knowledge of obviously areas such as online security, protection of my personal information as i expand my use of the internet and learn about new areas that i am not currently aware of in the field of information security.
- What is your definition of information?
Information in my eyes can exist in many different forms, tangible or intangible, a collection of data, writing, audio or videos which becomes acquired knowledge.
- What is your definition of information security?
The protection of information of any nature, which is secured from risks and threats from unauthorised users.
- How will the knowledge of information security you gain this semester help you in the future?
The knowledge i gain from completing this information security course will hopefully be beneficial in many areas of my future life. In my field of accounting i think it will be relatively important that i know how to protect client and firm information. It will also be important in my daily life as the internet becomes more and more a part of peoples everyday lives.
Subscribe to:
Comments (Atom)