[Amy Hastings]

I would have to say that Data Breaches are one that can cause the most harm to an organization as well as the Ransomware included. While ransomware can completely destroy the organizations data and their systems in general, data breaches are able to release the organizations important information, everything that was confidential can get released and will. Data breaches can cause financial loss as well as the organization gaining fines. I chose this one to discuss about specifically because ransomware was mentioned above and I truly also believe this one should be discussed as well as it is equally as important for an organization, it can cause just as much damage than ransomware can.

A security officer should have multiple security options within the organization, as well as limiting the access of who has access to what. The most important would be to limit the access of everyone, only certain trained people should be given access to any of the important data. They could also have security guards stand in and out of the organization to have more security of who is around and allowed in.

[Amy Hastings]

I can agree with you on knowing the strengths and weaknesses of these topologies, it is truly an important thing to get to know when working in the security field. You have a great amount of information here as well as I think you explained them perfectly.

[Amy Hastings]

I liked the three that you have included and enjoyed reading you discussion over each one. I really think everything you have here is a great way to let someone learn how important it is to know these.

[Amy Hastings]

You have great information here and I believe you have covered everything greatly. I really like the amount of information you have provided and think this is a great discussion about the firewalls and their characteristics. I also think you have great information on why it is so important for a security officer to have an understanding of.

[Amy Hastings]

The three Cybersecurity issues that I choose are Ransomware, malware, and insider threats. Ransomware is a type of malware that does not allow you to have access to your device or any of the information that is on it. This is also caused by different things like the malicious websites and phishing emails. The purpose of ransomware is to hold your data hostage pretty much. Ransomware is important to a security officer to know of because it puts a huge threat towards the organization, they must be able to understand this so that they can prevent it from happening to their best ability.

Malware is the second one and it is a software that is made to harm or damage computers and servers as well as the client without them ever knowing. Malware is a major problem because it can lead to vulnerabilities within the computers. This is also used to steal data from organizations. A security officer should be aware of this because it is super important to know as a security officer, this can have huge impacts on the company as it can cause system failure if it’s not found in time.

Insider threats are last, and this is another type of cyber-attack, and this happens when a person with unauthorized access causes harm to the organization. This is also a risk that is inside the organization and not an external source. Insider threats are important for a security officer to understand as well because they can cause huge risks the organizations assets and information. These types of attacks are also one of the harder ones to detect so usually they have to go on a breach if not found in time to stop them.

[Amy Hastings]

Firewalls are a very important network security device. A firewall is used to control and monitor any type of outgoing and ingoing network traffic. There are different types of firewalls but the main two would be the network based and the host-based firewalls. A network-based firewall is a physical object, and this object acts like a gatekeeper of the information and monitors as well as controls the incoming and outgoing traffic. The host-based firewall is different software programs that are installed on different computers and systems.

The characteristic of a firewall includes the intrusion protection, stateful inspection, and access control. The access control determines what different devices can be used to access the network and tis also helps the organization to prevent any type of unauthorized information getting in. The stateful inspection lets the firewall track a session at a time a whole session instead of each individual packet.

Firewalls are a very important tool for a security officer to know of because they are one of the main things in the networking security system. This can help protect their systems as well as many other things, this also allows the security officer to have some control over who can and who cannot access any specific data in the network.

[Amy Hastings]

Two topologies that I would choose would be the Hybrid topology and the Ring topology. The Hybrid topology is a network structure that is known and used to connect the different topologies together in order to create another network structure. For the security officers, they can work through the challenges of a hybrid topology by using or having a consistent security system, they also can and should be working on improving the visibility that they have over the different environments needed and used. The security officers must be able to see clearly and have a clear line of sight over all of their responding resources that are on both, the premises and the cloud. These are both required from the security officers so that they can respond to different threats over the access controls as well as the incident protocol.

Next is the Ring topology and this one is the use and work of connecting different devices together in a circular formation, but each device must be connected to two other devices for this topology to work and function correctly. This topology is also used to transmit the data to go in one direction around the ring until it finally reaches the point at which it needs to be. This kind of topology is also an easier one to use. Security officers can work with the challenges of a ring topology if they focus on the security of each node and also by assuming their data’s encryption. The security officers should also be aware of their data flow that is in a ring topology.

[Amy Hastings]

This devotional to me says that those who claim to be religious or claim to love God must show it in everything in their everyday lives and not just in a church setting. This devotional to me also says that Jesus wants to help the ones who can admit they have sinned and not the ones who are already righteous. Meaning his main goal is to help those who need it, and just because you are sitting with the people who may have sinned dose not also make you a sinner. This devotional is very touching but can be hard to understand fully, I cannot say I fully understand the meaning behind it but to me this is what it is saying.

[Amy Hastings]

Symmetric Cryptography is a key cryptography meaning that it only uses one key that it used by the sender as well as the receiver. The sender and receiver use this key to communicate secretly so just they know what the message is. This also does help keep their conversation private.

A con of symmetric cryptography is that if the key is not safely transmitted then it can lead to a vulnerability towards the users. The key has to be transmitted safely so it cannot get interrupted while its being transmitted. Another con is that if the key somehow gets compromised this will also cause your data to become at risk.
A pro of symmetric cryptography is that it is a lot faster using one key and it requires less work than that of the asymmetric cryptography. The symmetric cryptography is also less expensive than the asymmetric cryptography.

Asymmetric Cryptography is where the company uses two keys, and they are a public and a private key. The use of each is pretty simple, the public key is usually shared between people while the private key is kept secret between other people. One is also used for encryption while the other is used for decryption.

Pros of asymmetric cryptography is that it has a lot more security than symmetric cryptography does because with this one you do not have to exchange keys back and forth. It also uses things like online signatures that the sender has to sign so that way the receiver can use the private key to verify it, so it is more protected.
Cons of asymmetric cryptography is that it is slower than the symmetric cryptography is and this causes it to not be able to hold a large amount of data encryption. Another is that if you have the private key then anyone that has access to it can unfortunately disrupt your data.

[Amy Hastings]

A Symmetric Cipher is simply a private way to share information among your friends or another person like a key or code. It’s like if you and one other person were to want to speak to one another privately without anyone else knowing what you’re writing. This is kind of like when you were in school and came up with a “made-up” language by using other things than letters to create a message. This helps you and whoever you’re writing to keep your letter confidential.
A common Symmetric Cipher is DES or Data Encryption Standard. This is used to also use a secret key or code to send messages to another person. This key or code can only be used by you unless you let someone else have access or tell them what your code is. The only one that would be able to know what you wrote would be the one who has that key. So simply a Symmetric Cipher is a way to send messages confidentially with a secret made up code or language made by you.

[Amy Hastings]

Our company is searching for a responsible and reliable Operations Security Manager to come and join our company’s team. By applying for this position, you will be responsible for ensuring the protection of our data and personal information.

The basic responsibilities in taking this position are monitoring, to ensure the security in the organization and be able to identify threats as well as responding to security incidents. You will also be required to manage records within the system and change the control process, review and approve of changes.

You will also have to meet the requirements of patch management as well as access rights, this does include the whole patch management system program, you must be able to monitor and report effectiveness. Lastly, you will be responsible for overseeing the access control systems and to keep the appropriate permissions for the employees as well as the system.

If this sounds like something you’d be interested in, and you meet the matching requirements we would love to have you on our security management position in our team!

[Amy Hastings]

The two frameworks I choose were VRIO and TOWS, VRIO is an analysis that is able to gain access to a company’s resources and other information such as their value as well as their rarity. VRIO is also commonly used to help the company using it to find any advantages within the company and this has a big impact on helping their company plan. The value as mentioned above, is what helps the company to have better performance. Also, since VRIO is considered a rarity, it is harder for unauthorized people or users to gain access to the company’s information.
TOWS is an analysis that helps to build onto the SWOT framework or analysis, it helps build onto SWOT because it builds off of the relationships that an organization or a company has with its strengths and weaknesses. This helps a company to find some better solutions or options to better help the company using it. TOWS is an important framework or analysis to have inside a company because it also takes SWOT’s findings and put it to use.

[Amy Hastings]

The access control characteristics and threats to the access control system are identification, authentication, and authorization. Identification is used to identify things within the system such as the user or the device being used while authentication is the use of passwords and usernames in order to keep the user’s information secure. Authorization is the process of finding the best action to take depending on the problem or depending on what the user is allowed to have access to. Some weaknesses of the access control characteristics would be inside threats including things such as someone gaining access to information outside of the user’s control. Broken access controls would be another threat for this because it can leave your system vulnerable to more threats.

[Amy Hastings]

Identity management, authentication techniques, single sign-on, and access control monitoring all ways to protect your data from those who do not have the correct levels of access or from unauthorized people. The Authentication techniques are passwords or is a multi-factor authentication such as passwords or fingerprint passwords, lots of different ways. The single sign-on is a way to let the users only log into the app or site one time and they can do multiple things without having to keep re-entering the password. Lastly, the access control monitoring is the way that they use to track or helps to identify different risks throughout.

[Amy Hastings]

Information security management is crucial for a company’s success because it protects the integrity and safeguards important information. From what I have read, data leakage can have a huge negative impact on a company, it is important to keep this from happening in order to keep the company from getting violations. Maintenace should always be used and considered in any company. Maintenance in this means to keep processes and protecting confidential information, this also helps keep up with software updates and many other things. Goals in information security management is to keep the company’s information safe, and this is done by implementing the access controls as well as encryption. The RAID systems also require backups and having more than one solution to it.

[Author]

Posts