Week 12 Wrap-Up

Past Blog Topics

 

IT Security interesting facts

Top Paying IT Security Jobs

Top Security Breach of 2012

      IT Security training

Information Technology Infrastructure Library

Security Education, Training, and Awareness

Personal Security

Securing Your Mobile Devices 

      Security for a Business 

Biometric Measures for Security

Threats-Vulnerabilities-Assets(TVA) worksheet and Ranked Vulnerability Risk worksheet

Business Continuity

Confidential Vs. Sensitive

Information Security

Introduction

New IT Security Blogger

Well now that my semester and Information Security Mgmt. class is coming to an end I would like to take some time out to discuss everything that I blogged about over the past 12 weeks.  I wrote about a variety of topics just because I didn’t want to stick with one realm of information security.  The topics that I chose to talk about came from a variety of sources online.  I believe that my topics would be helpful to a information security professional because they are all things that could be useful at some point.  Whether they are a student, new to a information security career, or looking to get into IT security they can find these topics helpful on any level.  For the next group of students to do blogs, as a word of advice, choose topics that interest you and do a variety of topics to keep it interesting.  I think when it’s something you’re interested in it will make it easier to type up your blog!  Good Luck!!   

Top Paying IT Security Jobs

While reading through my assigned reading this week for my Information Security Mgmt. class, the book discussed security positions. Being that I'm new to IT Security and I am not a "all about money" within my career, I decided to do some research the top IT security jobs last year. Based on an article that I found entitled, "Best Paying IT Security Jobs In 2012" written by Mathew J. Schwartz states that Robert Half Technology pints out that the data security analyst position is the hottest job in 2012 and that the salary should increase by 6%. 

The other top IT Security jobs are as follows:  network security administrator, systems security administrator, information systems security manager, and the new role of network security engineer. Data shows the salary range between all of these positions in 2012 is $85,000-$143,500 a year. This salary range seems I be due to the fact that IT security is a hot area to be in within the next few years. According to Hord Tipton, executive director of (ISC)2, in an interview states "92% of last year's breaches could have been avoided through implementation of basic security controls. The demand for professionals with broad knowledge, experience, and a specific technical specialty [or specialties] will surely increase." It is great to know that there is such a high demand for what I am getting Masters Degree in.  Tipton also expects by 2015 the demand may have increased even further, due to the increasing number of data breaches and online attacks affecting businesses.

Another item that can enhance a IT security professional's experience/resume and is also in demand is CISSP and CompTIA Security+ certifications. Robert Half Technology reported that certifications are especially good for the role of information systems security manager.

References

"Robert Half® Technology 2013 Salary Guide." Robert Half International. . N.p., n.d. Web. 26 May 2013. <s3.amazonaws.com/DBM/M3/2011/Downloads/SalaryGuide_RobertHalfTechnology_2013.pdf>.

Swartz, Mathew J.. "Best Paying IT Security Jobs In 2012 - Security - Security ." InformationWeek | Business Technology News, Reviews and Blogs. N.p., n.d. Web. 26 May 2013. <http://www.informationweek.com/security/management/best-paying-it-security-jobs-in-2012/232200152?nomobile=1>.

Whitman, Michael E., and Herbert J. Mattord. "Security Management Models." Management of information  security. 3rd ed. Boston, MA: Course Technology, Centage Learning, 2010. 385-426. Print.

Biometric Measures for Security

Some organizations are looking towards biometrics for security reasons. Whether they certain individuals to gain access to a highly secure room or to gain access to extremely sensitive data, this is an option for any organization to use to give authorized employees access. There are many options for a company to choose from to implement and so many vendors to purchase from. When a IT Security Manager is thinking of implementing these products they want to choose a biometric method that is cost efficient, extremely reliable, and most importantly very secure. The biometric options that are available are as follows:

Fingerprints
ID card (Face Representation)

Palm scan

Facial recognition

Hand geometry

Retinal scan

Hand topology

Iris scan

Among all of these options only three of them are considered unique, fingerprints, retina, and iris. So when the IT Security department looks into implementing this software for authorization reasons they should employ, one or two of these biometric methods.

Securing Your Mobile Devices

The way of the world now is that everyone has a smart device.  Whether you are a child or an adult, you are familiar with smart devices.  From an iPad, to a droid cellphone, to a Kindle Fire the world has definitely evolved in this area of mobile devices.  We use these devices to get through everyday life.  Even now in school, teachers have been implementing apps and the use of these electronics to teach and connect with their students.  Being that everyone are using these devices, the main question now is....how can you secure your device?  People tend to believe that mobile devices are already secure but that is not necessarily true.  Users must be educated on the fact that there are apps that aren't secure and malware can attack your device as well.  Here are a few tips on keeping your device and information safe.

1. Lock your device when stepping away from it.
2. Minimize the sensitive data you store on the mobile device.  
3. If misplaced quickly go to your "Find Me" app to locate and lock your device.
4. Download a mobile security app from a trusted company like Norton or McAfee

Be mindful of what you keep on your mobile device, what you download, where you surf online, and who has access to your devices!


Reference:
http://www.computerworld.com/s/article/9176870/Protect_your_mobile_device_and_yourself?taxonomyId=17&pageNumber=2

Threats-Vulnerabilities-Assets (TVA) worksheet and Ranked Vulnerability Risk worksheet

Threats-Vulnerabilities-Assets (TVA) worksheet is a combined prioritized list of assets and threats.  This worksheet is used when completing the Risk Identification phase and starting with the Risk Assessment phase.  The purpose of the TVA worksheet is to show an organization the most critical/important vulnerabilities and threats in a convenient method to view the exposure.  The TVA worksheet is a prioritized combination of the most important assets (x-axis) and threats (y-axis), the output will have the most dangerous at the top of the worksheet.   The TVA worksheet enables organizations to have a one shot view of the threats and vulnerabilities that their company may be exposed to. 

Ranked Vulnerability Risk worksheet assigns a risk-rating ranked value to each uncontrolled asset-vulnerability pair. This worksheet is the initial working document for assessing and controlling risks.  Both the TVA and Ranked Vulnerability Risk worksheet are tools that are used as risk identification and assessment deliverables.  

References

Whitman, M. E., & Mattord, H. J. (2010). Security Management Models. Management of information security(3rd ed., pp. 211-246). Boston, MA: Course Technology, Cengage Learning.

Information Technology Infrastructure Library

What is ITIL? Information Technology Infrastructure Library is the most widely adopted approach for IT Service Management in the world.  The ITIL framework is said to be practical and a no nonsense approach for identifying, planning, delivering and supporting IT services to an organization.  ITIL consists of a collection of methods and practices for managing the development and operation of information technology infrastructures.  The Information Technology Infrastructure Library is a produced series of books that each covers a different IT management topic.  ITIL can be tailored to many IT organizations due to its significant IT related practices.  Today, you will see a lot of organizations are beginning to add ITIL to their organization. 

Individuals can also receive certifications in Information Technology Infrastructure Library.  There are three levels of certifications levels, Foundation, Practitioner, and Manager.  Foundation Certificate is designed to provide a foundation level of knowledge in IT Service Management.  Practitioner’s Certificate is aimed at those who are responsible within their organization for designing specific processes within the IT Service Management.  Manager’s Certificate is aimed at those who need to demonstrate a capability for managing ITIL-based solutions across the breadth of the Service Management subjects.

 

References

ITIL Certifications. (n.d.). ITIL, ITSM and ISO 20000 News. Retrieved April 28, 2013, from http://itsm.the-hamster.com/itsm9.htm

Whitman, M. E., & Mattord, H. J. (2010). Security Management Models. Management of information security (3rd ed., pp. 211-246). Boston, MA: Course Technology, Centage Learning.

Security Education, Training, and Awareness

Security Education, Training and Awareness (SETA) program is defined as an educational program that is designed to reduce the number of security breaches that occur through a lack of employee security awareness. A SETA program is quite beneficial for companies that deal with secure information and to make their employees aware of security risks.   Security Education, Training, and Awareness will set the tone of security for employees of an organization, and can be very impactful to make new employees aware at their time of hire. Awareness programs can help employees protect their personal and confidential work information from security breaches.  Before and after all employees go through Security Awareness training, to keep morale up in a company, it is a good idea to send out reminders to the employees on Information Security to keep a reduction of breaches and viruses down.

Reference
http://www.infosecwriters.com/text_resources/pdf/SETA_SHight.pdf

Top Security Breach of 2012

Information Security covers a lot things but today I am going to talk about the biggest breach of 2012. 

The biggest breach of 2012 was from the Government Sector which it was reported that 268 individual data breaches occurred over a period of three years.  The government reportedly exposed over 94 million records that contained personal information that could identify these individuals.  It is also stated that this number has escalated since 2009......scary right?  There are several ways for individuals to protect themselves on their personal computers and e-mails.  It is extremely hard to protect your personal information if somewhere like a bank or government agency has a data breach.  It is quite un-nerving to know that someone may have access to all of my personal information and plan to maliciously use this information for their gain.  It is always good to keep an eye on your credit report just in case someone has your information! 

 

Business Continuity

How important is Business Continuity to your organization? Does your organization have a Business Continuty plan in place, in case of a disaster? In my opinion, this is very important to think about and have in place so that your business can still operate if there were ever a fire or another kind of disaster to occur.  A company can look at three options to consider which type of site is the most beneficial for their organization.  They have the option to choose a hot site, warm site, or a cold site.

A hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data.

A warm site is a compromise between hot and cold. These sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. 

A cold site is the least expensive type of backup site for an organization to operate. It does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. 

Choosing one of these options can make sure a business does not "go out" of business after a major disaster. Every company should think about a "just in case" disaster and a business continuity plan. 

Reference

Backup site - Wikipedia, the free encyclopedia. (n.d.). Wikipedia, the free encyclopedia. Retrieved April 7, 2013, from http://en.wikipedia.org/wiki/Backup_site

Confidential Vs. Sensitive

This week in my Information Security class one of our assignments was to come up with definitions of confidential and sensitive information and list some examples.  I guess I never looked at them as falling in two different categories until now.  So today, since I work at a university, I will be showing you all the difference between confidential and sensitive data within a university setting along with examples.

Confidential Data  is stated to be institutional data for which there is a legal obligation not to disclose. These data elements require the highest levels of restriction due to the risk or harm that will result from disclosure or inappropriate use.

Eamples:

• All federally protected data
• Social Security and credit card numbers

Sensitive Data is stated to be institutional data that is not legally protected, but should not be made public and should only be disclosed under limited circumstances. Users must be granted specific authorization to access since the data's unauthorized disclosure, alteration, or destruction may cause perceivable damage to the institution.

Examples:

• All information identifiable to an individual (including students, staff, faculty, trustees, donors, and alumni), including but not limited to dates of birth, driver's license numbers, employee and student ID numbers, license plate numbers, and compensation information.

 

References

Sensitive vs Confidential. (n.d.). GHSU | Georgia Health Sciences University. Retrieved March 30, 2013, from http://www.georgiahealth.edu/faculty/orientation/itss/Sensitive.html

Information Security

Hello All!!!

Since I am new to blogging and Information Security, I decided this week that I would discuss what Information Security is. 

Based on the definition from Wikipedia,

"Information security (sometimes shortened to InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)".

Being that I am working on MS in Management Information Systems with a concentration in Cybersecurity IT security is the area that I am planning on moving my career into.  IT Security is basically information security that is applied to technology and most of the time security for some form of computer system. 

I am looking forward to learning more about Information Security and sharing with all of you!

New IT Security Blogger

Hello Everyone!

I am new to the blogging world in general and new to the Security world.  I am currently a Technology Support Analyst at a University in North Carolina.  I am obtaining my Master Degree (MS) in Management Information Systems with a concentration in Cybersecurity.  I will receive my degree later on this year!!!  I would eventually like to change my career to a security position in IT and also teach college level courses after completion.   

I’m open to advice and excited about learning new/different things about IT security.  I am looking forward to sharing security stories with you all throughout the year!