Thursday, September 25, 2014

Security Definitions

More frequently than not the terms Vulnerability, Threat, Risk, and Exposure are often interchanged. 

It is important to acknowledge that these words have are separate and unique meanings.


Vulnerability

- the lack of a countermeasures or a weakness in those countermeasures in place 

 e.g., services running on a server, unpatched applications or operating systems, an unrestricted wireless access point,
Threat
- any potential danger that is associated with the exploitation of vulnerabilities

e.g., someone, or something, will identify a specific vulnerability and use it against the company or individual


 Risk
- the likelihood of a threat agent exploiting a vulnerability and the corre- sponding business impact.

 Exposure
- an instance of being exposed to losses 

Thursday, September 18, 2014

Fundamental Principles of Security


Within security there are 3 core fundamental goals which security must provide: Availability, Integrity, and Confidentiality. These pillars create the AIC triad which is designed to serve protection for critical assets. 



Each asset requires different levels of protection, security controls, mechanisms, and safeguards to be implemented to provide one or more of these protection types, and all risks, threats, and vulnerabilities are measured for their potential capability to compromise one or all of the AIC principles.


Availability

- ensures timely and reliable access to data and resources to authorized individuals

 e.g., RAID array drives, redundant data and power lines


Integrity

 assures accuracy by restricting unauthorized modifications and creates reliability of information and systems

 e.g., Hashing (data integrity), Configuration management (system integrity), Change control (process integrity) 
Confidentiality

 - verifies that a necessary level of secrecy has been enforced at various junctions of data processing to prevent unauthorized disclosure

 e.g., Data Encryption at rest (whole disk, database encryption), Data Encryption in transit (IPSec, SSL, PPTP, SSH) 




Tuesday, September 16, 2014

10 CISSP Domains





In the last post, I mentioned that the CISSP Certification Exam covers ten different security domains. These disciplines are defined as:
  1. Access Control
  2. Telecommunications and Network Security
  3. Information Security Government and Risk Management
  4. Software Development Security
  5. Cryptography
  6. Security Architecture and Design
  7. Security Operations
  8. Business Continuity and Disaster Recovery Planning
  9. Legal, Regulations, Investigations, and Compliance
  10. Physical (Environmental) Security

Monday, September 15, 2014

Defining CISSP

At this point, you may be wondering what exactly it takes to become a CISSP. Firstly, you should know that before you can earn the CISSP designation, you must take the CISSP Certification Exam.

The CISSP certification allows companies to find workers with the ability and experience necessary to implement solid security practices by risk analysis and other countermeasures. These measures are further defined below.
  • Growing demand in the security field
  • Increase knowledge on concepts and practices
  • Bring expertise to your occupation
  • To be more marketable and competitive in the workforce
  • To show dedication to the security discipline
  • Increase your salary for more employment opportunities
Out of the ten domains, these reasons are highly considered to become a CISSP. Although, the exam questions do require an individual to be familiar with different security subjects; however, there are many questions on the exam that are not detailed and do not require expertise in every subject.

Wednesday, September 3, 2014

Intro

Hello,

 My name is Albert Adeseye, I am a Management Information Systems (MIS) major in the Terry College of Business from the University of Georgia.

 For the next 16 weeks, I will be studying under the supervision of Dr. Piercy of the MIS department focusing on IT security and governance. Our main point of concentration will be guided by the CISSP (Certified Information Systems Security Professional) exam guide, which would further my goal to pursue security in the technology sector and its systems.

 As computing becomes ubiquitous and more pervasive in our everyday lives, internet  security continues to be a growing concern. Throughout this course, I aim to understand what steps can be implemented to prevent current security vulnerabilities and what measures should be undertaken for the future of technology.

 -AA

Subscribe to: Posts (Atom)