[Isabelle Tubbs]

A couple years ago Aaron Swartz decided to pull off a technological heist. Using his programming gifts and internet knowledge, he understood how to navigate through MIT’s campus network and complete large downloads. He had the means to do so from his knowledge of the internet and his previous experience with download huge amounts of files (Zimmerman, n.d.). Swartz’s motive for downloading JSTOR’s 4.8 million files was to upload them onto the internet because he believed others should access it for free (Zimmerman, n.d.). Swartz had the opportunity to do this task because of the way MIT’s security was implemented. To them, it simply looked like a suspicious amount of downloads on their system, they only thing they could eventually do was to to block most IP addresses to prevent more files from being downloaded (JSTOR, 2013). This is not an ideal protection mechanism because it hinders users’ productivity, but it eventually became necessary. Because of this, they made attempts to restore system use while also maintaining strong authentication, but even their systems could not detect some of the large downloads (JSTOR, 2013). If their system had been stronger, Swartz would have had less opportunity to do all of this.

References
JSTOR. (2013, July 30). JSTOR Evidence in United States vs. Aaron Swartz. https://docs.jstor.org/summary.html
Zimmerman, T. (n.d.). ‘Hacktivist or Thief?’: What the Aaron Swartz Case Means to the Open Access Movement. Conference on College Composition & Communication. https://cccc.ncte.org/cccc/committees/ip/ipreports/swartzcase?/

[Isabelle Tubbs]

Hi, Carlos. It was great that you described those safety measures as being proactive. Going beyond the fire marshal’s requirements and having a good level of safety requires proactivity. Continuing to work on prevention and training measures is necessary for being responsible against potential fire disasters.

[Isabelle Tubbs]

Hi, Mjulius. Completing assessments, backups, employee training, and maintenance are all great actions to take to prevent disasters on an organization’s system. Maintenance in particular can seem small, but it is necessary for all security measures. It is not just enough to start these actions, but to make sure they continue to be effective.

[Isabelle Tubbs]

Fire can be detrimental to an organization’s resources and data. As a result, it is vital to have measures in place for when a fire happens and also measures to prevent fires. Complying to fire regulations established and those listed by a fire marshal is helpful, but it is also good to go beyond that to be even more secure.
It is always good to ensure that fire suppression tools are working properly and are in their right place, such as fire extinguishers, sprinkler systems, etc. These should be within reach at places that are susceptible to fires like places with a lot of electrical and power components.
Another good practice is teaching employees what the procedure is for handling certain components so that they do it in a safe manner. They should also be educated on what to do when a fire does occur so that everyone can know what the appropriate steps are.
Ultimately, these fire measures should protect people and data, so practices should be incorporated around this priority.

[Isabelle Tubbs]

A security officer must prepare an organization for many different scenarios. Creating plans in case something goes wrong is vital for an organization, but it is even better to have measures to prevent these scenarios in the first place as well.

One way to prevent disasters is creating backups. Having information and even certain mechanisms backed up can save a company so much. If something happens to the data or system, the backup can be right there to restore what was lost. This will save much more time and money compared to having no backup and having to start again with things.

Another preventive measure for a security officer is to look at places where the system has vulnerabilities. The system is only as secure as its greatest weakness, so addressing a system’s weakness will make it overall more secure from attacks. This prevents attacks from being able to cause as much damage in the first place, saving much time, data, and money.

A third preventative measure are inspections/tests. Even if there is already a security measure in place, it is always good to go back and make sure that everything is working correctly and that the security is being effective.

Finally, training employees is a good way to prevent disasters. If employees are educated on good and bad practices with their resources, some disasters caused by users can be prevented from occurring in the first place. It is also good to put controls so that one user’s controls cannot bring down the system completely.

[Isabelle Tubbs]

Jesus’ heavenly authority includes Jesus’ power over evil spirits. In this instance from the devotional’s passage, Jesus can command evil spirits to leave. The evil spirits have to obey because Jesus is Lord. Being the Son of God includes His power that they must obey what He speaks. In fact, legion even says that Jesus is the Son of the Most High God. Legion acknowledges Jesus’ position and power because they have to.
Thankfully, Jesus is our Savior in our lives because He is greater. When Jesus speaks a word, no one can devoid it of its power. Relating to last week’s devotional, focusing on Jesus being with us reminds us of how having His power and grace in our situations makes a big difference. Jesus set the man free from the torturous evil spirits that were in him, bringing him freedom and peace. The man went on to share his testimony out of the great joy he experienced from being set free.

[Isabelle Tubbs]

Jesus calming the storm is a great reminder of the power of His presence with us. Jesus being with us will not mean that storms will never come, but it is much better to have Jesus in the boat with us during the storm than without Him. He makes all the difference because of how powerful and sovereign He is. However, how much we worry about the storm is determined by our view of God. To fully trust Jesus to keep us safe during the storm, we need to keep our focus on Him even when things happen, and we need to remember how big our God is. The storm is real, but God is bigger. The storm will come, but Jesus is with us. This perspective makes a big difference. Also, it is important to call on Jesus. The disciples called on Jesus before He got up to calm the storm. Once we know that Jesus is the One who can truly make the change in a situation, we must go to Him for help and salvation.

[Isabelle Tubbs]

Hi, Mjulius. I agree that putting in a variety of security measures is a great way to protect against advanced attacks. Regularly updating the system to have different security controls helps to keep up against any new attacks that are created. Protecting the system in many different ways is necessary because attacks will come in many different ways as well.

[Isabelle Tubbs]

Hi, Mjulius. You brought up a great point about insufficient testing before launching a system. It can seem tempting to push things early to move along a timeline faster, but not doing the proper testing to ensure security could end up creating greater consequences than taking more time for testing in the first place. Testing early can prevent leaving weaknesses in a security system.

[Isabelle Tubbs]

Hi, Joseph. Your explanation of SDLC’s importance to a security officer was great. Because it is an important software cycle, it is good to ensure that each step goes smoothly and has the right levels of security. The earlier something is caught, the better a security officer can protect the system before it becomes an even bigger issue.

[Isabelle Tubbs]

As methods of attacking get more and more advanced, security officers need to make adjustments accordingly to the security system to make sure the system continues to be prepared against these attacks. Just like technological tools and attacks continue to grow, security should as well. Otherwise, a new type of attack could penetrate a system simply because there was not a security measure in place to address the attack.
Some advanced forms of malware go through an entire process to eventually attack a system before getting caught. Ransomware can be especially dangerous because it can affect a system and demand a ransom to fix it or not release information (if the attacker actually follows through). Another advanced attack is when there are vulnerabilities in a third party’s resources. This can be tricky when a third party was expected to be trustworthy, but they did not realize there was a vulnerability that was exploited.
A security officer should run regular scans and do patches/updates to make sure the system has updated security against these advanced attacks. Another good strategy is to see how much power a system is using to see if there is other activity going on that should not be. Finally, educating users on ways to prevent committing compromising actions can help prevent attacks.

[Isabelle Tubbs]

Because databases are holding a large amount of data in their system, which can potentially be really important and sensitive information, they must be kept secure from outside attacks or internal threats.
One database issue I have heard of is SQL injecting/cross-site scripting attacks (XSS). This occurs when someone maliciously enter code on a site and allows the attacker to execute commands on the database. The system must be protected from this by using tools that check that the information that is put into the system before it is uploaded and used in the database. To do this, it is also important to test the website to make sure its protection is working correctly. In fact, a major second issue with databases is a lack of testing in general. Failing to test a database properly means there could be holes in the software, which would lead it to be vulnerable to attacks. Weaknesses in the system must be found addressed to prevent anyone else from exploiting it. This should be done early in the process, but it should also be done later by creating patches or updates to the site.

[Isabelle Tubbs]

Hi, Trae. From reading your post, I can definitely see how detrimental ransomware can be to a system. It can essentially lock everything on the system, affecting many different levels of the system. Backups, patches, and user training are great ways to prevent these types of attacks from happening.

[Isabelle Tubbs]

Back doors can be detrimental to a system. They allow an attacker to have access to a system without having the access rights or credentials to get in. They can access it at any time and access things they should definitely not be allowed access to. From there, a hacker can unleash many different types of threats and obtain sensitive information. Security Officers must be aware of the dangers of back doors and prevent these types of attacks in their security planning and measures. Before software is deployed, any threats that may potentially linger on the system must be removed. Also, a security officer must learn the different ways a back door can be created on a system. For example, a back door can be created using a Trojan horse or SQL injections. Educating users on what actions to avoid so that they do not compromise a system can prevent Trojan horses from being effective. Using the tools to check data that is put into a site and ensuring its safety before accepting it can prevent SQL injections. Actions like these can prevent large consequences.

[Isabelle Tubbs]

Hi, Mjulius. You highlighted how easily an attack can happen to a system, which ends up causing great damage to a system. Security officers do need to put measures and tools in place to prevent this, like the training, filtering, and monitoring you mentioned. This is how to prevent an easy mistake causing a great amount of damage.

[Author]

Posts