Blog Analysis and Summary - The Final Chapter

The past 12 weeks has been a wonderful learning experience. I felt like I knew a bit about security, but I certainly did not know the management aspect of it. This blog was my way to bring the business lingo down to Earth on a level most of us could understand and relate to.

Much of the information I found was scattered across the Internet. I found articles on CNET, The Washington Post, ABC News, and Business Week. I really wanted to gather as much information on the topics as possible and not utilize the same resources over and over again. There was a lot of good information I garnered from LifeHacker. The information has been out there, I just never knew what to look for. Having this blog and the topics week-to-week helped keep me focused.

I started my blog by looking at personal security. In the corporate world, securing data is a major part of doing business today. It is no different in our personal lives. We need to make sure we are taking the appropriate precautions to ensure we protect ourselves, just as we would do as managers within a corporation.

Next, I looked at liability and security. It is good to know that we have some form of protection if our data is compromised. On the personal level, this could be with credit monitoring services and such. On the corporate level, liability can be deflected to other agencies, if services are contracted and the other agency is liable via the contract.

Over the next few weeks, I took a look at life and how it related to security awareness, risk management, and the costs associated with protecting valuable assets. Just as a corporation must have security policies in place and evaluate risk, we need to do that in our own lives too. We need to consider the costs associated with decisions. Perhaps a child downloads a program which installs a virus and wreaks havoc on your home computer. This same type of behavior can happen in the business world too!

Lastly, I looked into securing wireless networks. In the business world, leaving networks unsecured is the easiest way to lose valuable information. The same hold true in your own home. Understanding the need to secure networks is critical for protecting data from being compromised. We all have some degree of information that, if stolen from someone on the outside, could be detrimental to our own personal lives. Businesses are no different.

As you can see, I used this term to relate the business ideas to those of my personal life. It will be some time before I am able to utilize the information security principles we learned, so relating them to something I am doing now helped clarify most of the topics. I am hopeful that, by bringing these concepts down to Earth, I will remember the valuable information in this class. Hopefully it will help someone else who is new to the concepts of information security! It sure helped me!

The Chief Information Security Officer, Big Shoes to Fill!

This week, we have been looking at personnel and security. One of our assignments was to write a job description for the Chief Information Security Officer (CISO). We have been following a newly appointed CISO throughout the class, so I thought it would be easy. It was a bit more difficult than I thought. Additionally, there is a LOT the CISO is responsible for, based on the job descriptions I looked at for guidance.

I looked mainly at CareerBuilder in my quest for more information and found 31 jobs advertised for CISO. Looking at the job descriptions, it should be no surprise that the CISO is responsible for the information security and risk management programs. Another resonating topic noticed while looking at the job descriptions was communication and supervision. This should not be a surprise, since we are looking at a top-level officer in the organization. I did find something surprising, however.

I was surprised to see the experience and education requirements for a CISO in most of the listings. The listing for LRS.com did not list education as a requirement, but did ask for a minimum of seven years of experience. Another listing, a CISO job for Teledyne Technologies, indicated a minimum of five years' experience. I based my assignment on those factors, but then I began to think about it. Is that really enough experience?

After more consideration, I would change my requirements on the job description to require at least 10 years in the IT field and, preferably, a majority of those in management. If you think about the role of the CISO, it is an important asset in the organization. The CISO is the person ultimately responsible for everything related to the IT systems, their security, and the security and privacy of data. When a breach occurs, it is likely going to be the CISO answering the questions and trying to figure out just what happened. Is this where you want inexperience?

Don't get me wrong. There are a lot of individuals who excel on the job and move up the ranks very, very quickly. Perhaps these organizations are looking for those top performing, quick moving individuals. My concern, especially if I was hiring a top-level manager, is that less than 10 years just might not be enough to learn the skills necessary to head the IT operations. Am I wrong? Perhaps. Would I be elated to receive the job with just five years' experience? You bet!

Referenced Sites

http://www.careerbuilder.com/jobs/keyword/ciso

Security and Your Wireless Network

This week, we learned about protection mechanisms. These include firewalls and wireless networking protection. After reviewing this, it made me wonder about the status of wireless networks and how many users are actually educated enough to protect themselves. What I found is that I am guilty of not protecting myself more!

I found an article by Eric Geier on PCWorld and it really opened my eyes. I am one of those who will connect to public WiFi hotspots like Starbucks, McDonald's, or even the airport. I've never really paid much attention to whether or not my connection was secure. In the article, he states you should check to make sure any web pages you log into start with https. Otherwise, he shows clear examples of how anyone could snoop out your login information. Scary, huh?

Even scarier is that the same thing can happen on your own home network. Yes, that's right! This all boils down to setting up wireless network security by using either WEP or WPA. I happen to use WPA2, because I have heard it is better than WEP. I am not a professional on that, but I have found that WPA2 appears to work better with my wireless hardware. It seems more universal to me than WEP. Regardless of the protection method used, if you leave your home wireless network unsecured, there is nothing stopping a criminal or hacker from connecting to your network and monitoring your use. With the proper software, they could get your email login information and even your online banking information. Even scarier, right?

I have never used open WiFi networks in an illegal way, nor would I ever urge anyone to. However, I have connected to other open networks and utilized Internet connections. My grandma does not have Internet access and, at the time, I did not have a cell phone that could share the connection to a computer. I fired up my laptop and noticed that there were a few networks available, one of which was unsecured. Sure enough, I was able to surf the web and look up some information on things to do in the area, all without the owner knowing I was doing it. Depending on your Internet connection, that could be precious bandwidth being stolen from you. This is just another example of what people could use your open connection for, and a tame one at that!

The bottom line is that, with more and more people moving to wireless networks, there is a growing need for education and how to protect yourself from attacks. If you are using a public hotspot, know that any information you send over the network could potentially be snooped out by an "onlooker." Also, make sure your home wireless network is secured with a strong pass phrase utilizing either WEP or WPA protection. Educating and protecting yourself could save a lot of grief in the future!

Referenced Site

http://www.pcworld.com/article/2043095/heres-what-an-eavesdropper-sees-when-you-use-an-unsecured-wi-fi-hotspot.html