Aaron Elliott
Forum Replies Created
-
Posts
-
Symmetric cryptography encrypts data in blocks of sixty-four bits, due to computer technology of the time of implementation. The key to encrypt and decrypt the data is a stream of ones and zeros, of varying size from sixty-four to four hundred and forty-eight bits. The same key is used to encrypt and decrypt the data. Symmetric cryptography is faster to decrypt and encrypt and the key is shared between both users, providing confidentiality and access controls. Symmetric being faster to compute makes it less secure. Symmetric is better to encrypt larger amounts of data.
Asymmetric cryptography encrypts data using two keys, one public key for encrypting and the private key for decrypting. Key sizes can be much larger the symmetric and takes significantly more time to encrypt and decrypt, so it is best used for small amount of data due to time. The key exchange is more secure as it is handled by the PKI, a third-party system to maintain integrity. Asymmetric encryption offers better security and tamper proof.
When two people wish to send information to each other but want the information to be kept secret they would try to hide it from the wrong people, they would make the information secret through the use of cryptography. A way they make the information secret is by taking plain text of a specific size, which is specified by bits, which a bit is the smallest information stored on a computer, typically a one or zero integer, and transform it into a jumbled mess of text, this is called a block cipher. A popular method is called Blowfish which is also a block cipher, which has no effective way to crack the secret of the message yet. Blowfish can keep blocks up to 64 bits of information secret and does so by having multiple layers of protection called rounds. The key to unlock the information can vary from 32 bits up to 448 bits.
Opening position: Operations Security Management.
Role Responsibilities:
Operations Security Managers are responsible for keeping up with the latest security software updates and configure patches to fit business needs. Managers will be expected to maintain logs and record keeping, along with analyzing logs and securing log data from tampering. Logs will be required to be backed up in case of data loss and adhere to the companies record retention policy. Create a change control process to document changes to operations, including who, why and when the change was made. Managers will need to maintain a schedule of preventative maintenance, with the goal to avoid emergency maintenance, this will relate to proper schedule upkeep for future concerns that may arise. Also, managers will have to upkeep a system of redundancy to avoid points of failure, for example a RAID storage system in case of hard drive failure, and backups of network images. Managers need to manage associates from being failure points by cross training and separation of duties.Daily tasks include:
Fixing hardware and software issues, among other information technology issues. Maintaining security checks and backups are performed. Handling of any incident reports, like security breaches, anomalies found in logs etc. Daily tasks needed to maintain desired performance of networks and security measures.In our lives we follow what we beleive is proper conduct, like dressing nice and what we consider proper worship or how things should be. However in God’s eyes none of what we value and expect things to be matter as God’s understanding and will exceeds mans understanding. I have felt unworthy of being God’s agent, but I always accept whatever plan God has for me.
Access control characteristics prevent unauthorized users access to business facilities and assets. Access controls include software measures, along with administration and physical measures. software access controls relate to passwords, two factor authentication, and user monitoring when access is granted. The administration access control includes security policies to regulate associate behavior with company networks and training. The physical access control would include keeping assets behind locked doors, usually with a security guard for a mantrap or under camera surveillance. Fences around the property, among other attributes to prevent physical robbery of assets.
Threats to access controls would be for the software side phishing emails to steal credentials of associates who do not have two factor authentication set up. Administrative threats would be no policy enforcement, so associates are not held to secure their access credentials properly. Physical threats could include natural and human sources, such as fires or floods destroying assets. While man threats could be piggybacking associates into the facility.
Identity management, authentication techniques, single sign on, and access control monitoring all are used in protecting a network from unauthorized users from gaining access to a network, along with assigning a unique identifier to users that is used to authorize access privileges. The mentioned terms strengthen authentication of user access to a network more than just username and password, using something the user would only know or be assigned like an authenticator, along with monitoring of user activity if any unauthorized users slip by.
Information security management is valuable to a company since security needs to be owned and well-structured to be effective, and an effective security protects important business assets. The AIC Triad policy ensures three measurable understandings of security, these features include availability of assets, be it all the time or at specific times, as determined by management. Integrity ensures that the asset is not tampered or altered. Confidential concept ensures that data is not compromised or leaked to bad actors. The triad is a good example of core values of security.
Human resources aids in security management by evaluating and onboarding one of the biggest risks to security, which are internal associates. By creating policy and accountability for failures to uphold security, human resources give security teams options to handle bad actors. Also, the screening of people during interviews helps maintain security.
Ownership is important to security as someone needs to own the security program or nothing will get done. Top management needs to agree with what needs protected and assign a team to own the protection of those assets. A chain of different levels of responsibility is constructed from management down to the user level with access controls applied and duties.
Risk management is important since managing threats to assets is actively protecting a company’s valuable information. Threat agents, which could be a person who seeks to steal data or a malfunction in a system, could halt a company’s ability to do business and potentially put the company out of business. Working with management is the first step to evaluating acceptable risk and the costs willing to be spent to prevent critical data from exposure. Risk comes in the form of poor patching schedule, not enough training, among other reasons. Controls are set in place to countermeasure obvious flaws found in risk assessments, like firewall implementations and new access restrictions.
God is my Lord and Jesus has saved me from sin. I have lived my life without working toward God’s plan, but furthering my education has given me a closer connection to God and what and why I beleive in my Christian faith. I look forward to my future by being an active member of God’s kingdom.
Having a good blueprint for the network would be a big benefit in times of crisis. When a device fails or a wire need traced to resolve an issue, especially in a critical failure, having a reference to speed the process up would be valuable. Protection from a company’s own associates, through password policies and separation of duties is critical in defending a network.
I appreciate the many specializations one can take in the field of IT. Be it from boredom of one’s current job or just wish to expand one’s horizons, there is always something to learn in IT, and many skills to learn to make one desirable employee.
A password policy would be an important policy to implement. Weak passwords can be an easy entry point for bad actors, through simple methods hackers can brute force into a network if passwords are to short and simple. A password policy forces a more complex password and can force a regular password change in certain intervals.
Mobile device policies can be tailored to security or cost savings. By associates bringing their own device that reduces company expense but has a higher risk of security breaches. Corporate owned would be more expensive but the business has full control of the device.
Remote access policies can determine what is acceptable for those at home or abroad. Considerations to what data they can print and have on hand at home or in non-business areas. Along with how they access the network, including what geological locations are permitted.
Reading chapter nine I have the impression the daily activities will involve plenty of maintenance and performance monitoring. Ensuring that there is adequate performance from devices and servers, be that replacing components being replaced in devices, or making sure bandwidth and other metrics are at appropriate usage.
Another impression I have is the importance of backing up data. To continue important business functions, any loss of data would be a major detriment, and backing up data and redundancy is the main countermeasure for such a problem. Along with data recovery, redundant site resources, like hot and cold sites for emergency operations in case of natural disasters, or back up servers are critical to keep operations running.
