Joseph Doss
Forum Replies Created
-
Posts
-
“His perfect timing” is a good way to understand it, we may pray and ask “why is it still a struggle, why is it still here” but maybe it is not time for the struggle to be taken, we may not like that God may seem to wait to take a struggle from our hands, but perhaps there is a reason a greater lesson to be taught or make you come out stronger showing what He can do. Think of the story of Lazarus, but relate his death to spiritual death as opposed to a physical one.
Disaster in nearly unavailable, but must be prevented as much as possible and prepared for when it does occur both digitally and physically. We have to protect not only the data and company property but its employees, customers and contractors. Proper escape routs and tools must be provided and in easy access for events like fires, training and drills for security threats. On the digital side firewalls must be properly set and devices such as IDS and IPSs should be used when necessary. Also when it comes to data backup, backup, backup.
Regular inspection and replacement of equipment, especially more frequently but within budget of the company is one way of staying ahead of the fire marshals’ requirements. Proper training and drills for employees should be done, both new hires and those who have been with the company a while. Keeping proper documentation of check, drills and equipment, and keeping it easy to find is also important. Aside from equipment and drills a clean work environment with clear halls and unblocked doorways especially emergency exist is a must, tripping hazards or blocked exits could be extremely dangerous in the event of an emergency, also areas around fire extinguishers and fire alarms should be clear for easy access.
I am definitely in a storm, seemingly worse as the year goes on, but I’m alive and desperate the growing mountain of stress and troubles, God seems to keep me on top not something I often thinking on, but probably should. I have a lot going on and seem to be fine with it (not just on the outside but the inside as well) its likely that “joy that surpasses all understanding” gifted to us by God Himself.
The SDLC from the prospective of a IT security officer is or should be extremely important as flaws in software can lead to anything from minor bugs to system crashes to work arounds for hackers to breach and gain access to sensitive information. This can be especially harmful as the software being developed may be sold as a product to clients who may be impacted by any flaws which could lead to financial or legal issues no your company. The SDLC has seven steps. Planning, defining, designing, Building, Testing and Deployment. As its name implies it is a cycle cycling back on itself as software evolves and updates are pushed. This ensures or attempts to ensure that software stays secure during its lifetime.
Several of the top 15 include Malware, Phishing and DDoS attacks. Each of which many have herd of but still affect many people and industries. Malware can get on devices through many different ways, downloading the wrong free software, clicking the wrong link or using a USB drive found in the parking lot it is software that is installed on a device used to destroy, steal data or launch other attacks like DDoS. A DDoS or Distributed Denial of Service attack floods networks or servers with traffic in order to crash or prevent others from accessing the service. Phishing targets individuals or groups or individuals by sending scam emails that appear trustworthy or important to trick people into opening a link to install malware or to send sensate Information.
Firewalls are the “bouncers” of network infrastructure ensuring that any unauthorized traffic is blocked from entering a given network or device. Specific parameters can be put in place to define what is allowed and what is not, traffic from defined ip ranges, locations, types of devices even types or traffic. There are various types of firewalls as well including, stateful, packet-filtering (the most basic type) also proxy. some functioning on different levels of the OSI model.
It is important that firewalls be set up correctly as a breach could potentially be devastating to a company and its data, leading to stolen data or attacks.God unites and is unshakable, if the church resist the devising attempts of Satan it will also stand. Satan’s house however, will fall as Satans spectrality is dividing. his house will fall on its own.
AES uses a mathematical equation a “key” to encrypt data into something unreadable. Putting very simply, lets say the data we are hiding is the number 2, and our key is “+2” the encrypted result is 4 (2+2=4). If you receive the encrypted data (4) do not know the equation (+2) you cannot get the original data because the number 4 can be the result of many equations (3+1, 5-1, 8/2)
The primary difference between symmetric and asymmetric cryptography is the handling of the decryption keys, in symmetric cryptography the key is the same across all ends, anyone with the key can decrypt the data this allows for faster encryption and decryption but less secure. Asymmetric on the other hand has a public and a private key the public key encrypts, the private, which only stays with the sender, is used to decrypt. allowing for more security but less speed.
It seems easy to fall into the carnal christianity, spiritual walk becomes nothing more than habit. I personally think that when we become comfortable in certain aspects of our lives it becomes even easier to fall into that state. Our minds tell us everything in okay, but spiritually we can be far from it.
Two frameworks include TOGAF (The Open Group Architecture Framework) and CIMM (Continuous Information Monitoring and Management)
The key features of CIMM are continuous monitoring, risk assessment, corrective and preventive actions to maintain security and compliance as well as audits and reporting. CIMM is for realtime oversight and management of security
TOGAF provides the alignment of IT strategy with business goals, encourages standardization and supports risk management. It is used to ensure IT supports business objectives.
Hiring IT security expert, Responsibilities: must be able to work in a fast-paced environment keeping downtime to a minimum. Keep proper records and documentation. Must understand fire codes and regulations. Will need to properly handle data when dealing with third parties, will also need to understand backups and proper data disposal.
Company provided devices must be kept secure, with strong passwords.
Each identity management, authentication techniques, single sign-on, and access control monitoring, are involved with security and data access.
Authentication techniques are means of accessing sensitive data and can be something you have, something you know, or something you are.
Something you have could be a key or phone. Something you are would be biometric, and something you know would be a PIN or password/passphrase
A SSO (single sign on) involves complex tokens used in a way that only requires the user to sign on a single time to access a site or resource, a social media profile like facebook would be a good example.
