[Isabelle Tubbs]

Hi, Mjulius. Nice summary of identity management, authentication techniques, SSO, and access control monitoring and how they provide confidentiality and integrity. Using these different concepts can help ensure the information has not been shown to just anyone, but rather anyone who tries the access the data must be identified first. Using identifiers is key for implementing these controls.

[Isabelle Tubbs]

Hi, Mjulius. I like your description of each part of the CIA triad. Providing confidentiality, integrity, and availability are vital for any company’s information security, which naturally leads to the different types of controls and policies you mentioned. To do this, a company will need a combination of security measures to make sure the information is correct and secure.

[Isabelle Tubbs]

Hi, Carlos. Nice work explaining the importance of risk management. It is good to keep in mind an organization’s tolerance and needs when creating a risk management plan. Ultimately, the plan should provide a better understanding of how to reduce risk so that the company can be better protected from attacks.

[Isabelle Tubbs]

God shows His amazing power through the things and people that He uses. He can use someone that no person would expect or think to pick as a first option, yet God can use that person in a mighty way to fulfill His purpose. I find that quite encouraging for me because God can use me even if I think I could be better at something or do more. He still chooses to use me in certain ways, and for that I am grateful. Also, this devotional reminds me of how important seemingly small things can be. The decisions we make, the way we live our lives, and what we say individually may seem small, but to God this is important. He notices every detail. With His help, we should do our best even in the small things. Those small things can be used by God in a big way. It may seem small to us, but it is big to God and that is what matters.

[Isabelle Tubbs]

Access control models are important tools for an organization to carry out certain goals from their security policy. These models must be clear ways to regulate the interactions between subjects and objects.

Discretionary access control models are very popular because the person who owns the data must determine who is allowed to access it, depending on the user’s identity. The person can use access control lists to do this, but it does not provide an extremely high level of security that some businesses may require. Mandatory access control grants users access depending on how important/sensitive the information they are trying to access is. A user must have clearance to gain access, making this system more secure.

Role-based access control means that the level of access a user receives depends on that user’s role in the organization. Administrators will assign certain people roles as a way to only grant specific people access. Rule-based access control is a model gives rules that will apply to everyone, regardless of role, identity, etc.

[Isabelle Tubbs]

Identity management, authentication techniques, single sign-on, and access control monitoring are all concepts related to the security of a system and to the identity of users.
Identity management allows user to have a unique identity that lets them access data on the system, which is key for system security. Single sign-on uses identities like this to log in a user. However, single sign-on specifically allows a user to have access to related systems by using the same log in that was used for one system. Thus, this allows a user to save time logging in while also maintaining security and their own identity on the system.
Some authentication techniques related to single sign-on can be scripting authentication (script commands) or directory services, which are network services that identify network resources. Authentication provides security by verifying a user’s identity before granting them access to the system.
Finally, access control monitoring involves reviewing logs/audits and user permissions to know what is going on when a user accesses the system. This provides security, and it matters the identity of the user in order to use that information correctly.

[Isabelle Tubbs]

Information security management is essential for protecting a company’s assets and creating controls to do so. When creating this type of management, certain factors will need to be considered. It matters how much a company is willing to spend on security, and what controls are implemented will depend on whether it aligns with company policy and overall regulations. Also, information security management plans will be expected to reduce risk (providing confidentiality, integrity, and availability) while also staying within budget. These plans must also not get in the way of users’ productivity and efficiency.
The controls that should be created can be administrative, technical, and physical. Administrative controls are management responsibilities that are necessary to protect assets, which can include employee management, testing, and awareness training. Technical controls can be defined as logical protection mechanisms that can be built into the software and hardware. These can be firewalls, encryption, etc. Finally, physical controls can protect the facility’s perimeter and internal resources by putting protection like fences or sensors.

[Isabelle Tubbs]

Risk, which can be defined as the measure of threat to an asset, is important to an organization’s level of security. In order to protect assets, security measures should be put in place to reduce risks. These controls must be working well and properly addressing certain types of threats. Adding firewalls can add a software level of protection, and implementing guards and policies can further add to protection.
A threat is essentially an unfavorable action performed by some entity on an asset. Measuring assets and potential threats is a big part of creating a good risk assessment. It is meant to give a good understanding of what threats exist, what it could mean for the company, and ways to prevent or lessen the damage of these threats.
In total, risk management could be defined as a combination of good risk assessment, monitoring resources and systems, and trying to reduce risk.

[Isabelle Tubbs]

Hi, Teisha. Yes, a key part of creating these controls is to cover many different areas of access that hackers can try to use. There are many different ways they can do this, so a wide variety of security measures should be created too. Educating users, using MFA, and limiting access are some great ways to do this. Thanks for sharing.

[Isabelle Tubbs]

Some risks to a company can be natural damage, like a natural disaster or an accident. What can be done to at least reduce the damage of this is to have physical controls in place in case something happens. For example, making sure everything in the building is up to code and that there is a plan for when something happens.
A major threat to a company is the potential for hackers to add malware or crack passwords. Keeping up with updates and running antimalware are just a few ways to maintain security against malware, and creating good password policies for users can prevent passwords from being guessed so quickly or easily.
Finally, it is important to prevent against attacks that are based in social engineering. Educating users to be wary of what information they give to people and how fake messages might look is a good way to reduce the effectiveness of this type of attack. Also, to reduce the damage that this can create, it is important not to give one person too much access on a system to begin with so that a potential hacker cannot get too much access either.

[Isabelle Tubbs]

Hi, Trae. The different types of policies you mentioned were interesting to read about and are definitely important. Access Control, Password, and Authentication policies are useful for an individual’s access to a system. Data Protection and Privacy Policy and Network Security Policy are great ways to really get technical with what measures are put in place with policies. These policies, as well as the ones you mentioned at the end, together create good security.

[Isabelle Tubbs]

Hi, Teisha. It was great to read about how access controls apply to the electric field with which you have experience. The areas you talked about definitely necessitate secure access controls to protect that data. I also like how you described access controls as a way to let the right people in. By default, someone is not granted permission, but access controls make sure those who should have access can do so.

[Isabelle Tubbs]

Access controls are put in place to only allow individuals who have been granted permission to actually use the system. This involves making sure that the person is who they say they are, which could be done with passwords and/or IDs. Once someone is verified and gets access, there must also be controls to determine what that person can access. It is always good to only give users the permissions for things that they actually need to use. Additionally, when a user is granted access, it can be helpful to keep a record of this for future reference.
Implementing these access controls aid in keeping sensitive data secure. Data that needs to be kept secure in this way could have information that is important to the company or even users’ private data, such as banking or health information. Companies need to establish trust with their users by providing a safe system for them to use.

[Isabelle Tubbs]

Hi, Trae. I like that you mentioned how cryptography can help with complying with privacy laws. Privacy is so important that there are rules in place to make sure systems do their best to maintain privacy. As a result, cryptography is one way to ensure that security measures are in accordance with laws that are established.

[Isabelle Tubbs]

Cryptography is a means of hiding data that is communicated so that its true meaning is not revealed to those for which it is not intended. Using ciphers, keys, and hashing can all be processes for protecting data through cryptography. There are different methods when using these tools, and they each have different types. The different types of ciphers vary as to whether the data will be encrypted or decrypted by bits or blocks. Asymmetric cryptography uses two separate keys for encrypting and decrypting, and symmetric cryptography uses one for both processes. Finally, hashing does not use a key, but it adds a hash value to a message.
Regardless of which tool is used, cryptography should ensure that the information that is sent is genuine and accurate. To prevent attacks on the data that is exchanged, cryptography helps protect the data so users can trust that what they have received is the right data.

[Author]

Posts