Sunday, March 2, 2014

Week 12 - Summary of the Blog for Week 1 to 12.

This Post Blog was done on Feb, 27 2014
I was change the the blogger design, but whole posting date is change by current date and time.


Question: Time to finish up your blog. This last assignment should be a retrospective look at your postings over the last 11 weeks. Time for a little analysis. Write up an entry that provides a summary of what you chose to write about.
I wrote a different topic for each Weeks, getting my sources from the textbook and the internet.

The week 1: Microsoft patches vulnerability attackers used to target IE users.
 Explain about the ActiveX component vulnerability for security hole. (Need patches).
The week 2: Management Controls.
 Explain the scope of the security management (Risk, Control, Plan, and Measure)
The week 3: Hacking behavior.
 Explain of the hacking use the software for the taken your information.
The week 4: Two part of planning for the information security.
 Explain the organizational planning and contingency planning.
Week 5: Information Security Policy.
 Explain the policy for the organization group limited access control.
Week 6: Security Education, Training, and Awareness.
 Explain why we need the security education to employee.
Week 7: Security Architecture Models.
 Explain different of situation model for study that give more security knowledge.
Week 8: Risk assessment for identification and TVA.
 Explain estimate of impact damage cost by simulation for risk plan.
Week 9: Without risk plan that will make unbelievable cost occur.
 Explain example of the history damage value for without risk plan.
Week 10: Network device of Firewall configuration.
 Explain electronics component for the protection data.
Week 11: Job position of security
 Explain Job requirement and description of field.

Question: First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?
Week1:
Categorize – IE Microsoft Operating System Browser for the virus.
The internet browser is a gate to the cyber world for finance of home banking, checking the social security information, and inputting the knowledge information at the database.
We have to authenticate for validation that will identity myself by the digital code and authorization for permission to be granted to access, update, or delete information asset.
When, the IE browser has vulnerability from the hacker then we aren’t in the safe zone anymore.
We need to patch the browser to a service provider like, Microsoft.
I choose this topic, because they have to get the correct information to protect our information.
Week2:
Categorize – Organization management controls topics for user errors.
There are many different sources that can threaten our life, we don’t know, when, how, and/or what kind of prosperity damage or body injury it will make. But we can be prepared from all of the different situations for our data and reduce the damage from a big wave.
Especially, the organization needs a much more detailed plan to each department managers and staff duty.
I choose this topic for the responsibility of the separated group and tracking the schedule inside of the company.
Week3:
Categorize – Hacker’s Behavior for the virus
The system policy is very important in the company or IT system for the protection of data.
We have to find out the hacker’s behavior to patch the internal hole to block the intruder gate.
I choose this topic, because the percentage of the damage are increasing by the hacker’s attacks.
Week4:
Categorize – The IT controls the system by two different plans for the user errors.
The operation plan for the non-stopping operates the company rule from an incident, and makes a fake model for a virtual scenario and practice it for minimizing the damage plan.
When we have some of experience, we can quickly respond to those things.
Week5:
Categorize – Policy for the virus.
The policy is limited accessing control for the different groups for protecting the data and controlling the system.
In this topic, it is important to understand the security management.
Week6:
Categorize – Education IT Security for the user errors.
The most fault damages that occur is a mishandling by an inner employee.
The company has to educate the employees about security awareness.
This topic will update the employee’s knowledge information through the regularly training schedule.  
Week7:
Categorize – Model of the fake simulation for the user errors.
The company tries to reduce damage by exercising the model.
It has a good standard security model for industrial.
So, they can practice as much as they want to get the experience.
Week8:
Categorize – Estimate the damage value for the budget control – the user errors.
They have to input the estimated future damage value to control finance.
I selected this topic from the text book, so we can simply estimate the number of impact.
That number is really helpful to us for preparing the company asset balance.
Week9:
Categorize – Disaster -
We can’t control the natural disaster, which is a major problem to all managements.
We have to find the best solution for the IT security management from a natural disaster.
Distributing the data structure will save the system or using the cloud system is better for this scenario.
Week10:
Categorize – Internal protection device for the virus.
The firewalls is a network protection device.
Two different things are required for this topic.
One is hardware device selection, and two is configuration system device.
First they have to understand that each different layer structure for communication data, like the client Layer – Web Layer – Application Layer –ODBC Layer – Database Layer for controlling the firewalls device and configuration.
Week11:
Categorize – Job Position
The job title has different responsibilities and requirements for certification or field experience.
I choose this topic, because if someone didn’t know how to contact a person to solve this problem.
They have to understand the IT organization flow chart supports different education knowledge.
 
 Question: Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?
My main source is from the text book, and a relative topic is from a Web site.
I like the text book source for most of the topic knowledge, because the book has a professional filtering information on the security management knowledge.
I also used the Web source that has so many information out there, that I couldn’t judge which source is best for me, but I tried to find a very similar Web site on the topic like the textbook has. 

Question: As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.
My blog will help other students for reference, because following the textbook that contains a lot of information of security management.
I did not mixed up the topic and subject to focus on the information security.
When following my Weeks on my blog, they will draw a bigger picture on the information security management.

Reference.

Whitman, M. & Mattord, H. (2010).  “Management of Information Security.”
Boston, MA, Course Technology, Cengage Learning. 


No comments:

Post a Comment