Information Security Management. Question 1
Security Breaches and the Six Dumb Ideas
Consider a recent (2016, 2017 or 2018) security breach popular in the media. Analyze in the context of what you have learned thus far in this course.
The “Six Dumb Ideas” will be discussed at some point in class. You can review them here http://www.ranum.com/security/computer_security/editorials/dumb/
Requirements
- You will need to write at least two paragraphs.
- One paragraph needs to be devoted to your comments related to assumptions, convenience, cost and simplicity. Your viewpoint can be from either the hacker or the organization (or both).
- A second paragraph needs to address the “six dumb ideas” as they relate to the security breach.
- Minimum 500 words.
Question 2
Target Breach
For this question, you will investigate the breach at Target.
Please read the article Target Ignored Data Breach Alarms at http://www.darkreading.com/attacks-and-breaches/target-ignored-data-breach-alarms/d/d-id/1127712 and Target May Have Ignored Pre-breach Intrusion Warning at http://www.infosecurity-magazine.com/view/37442/target-may-have-ignored-prebreach-intrusion-warning/.
You are also free to research other sources for information on the Target data breach for this discussion.
Requirements
- Based on the benefit of hindsight, discuss how you would manage security at Target differently in order to prevent the intrusion or quickly detect and isolate the intrusion.
- Identify and explain policies, procedures and any technical controls that you would implement either to prevent or mitigate the breach.
- Your submission must be at least 300 words.
I have attached two files with below names.
infosecurity-magazine.com-Target May Have Ignored Pre-breach Intrusion Warning.pdf Target Ignored Data Breach Alarms.pdf
Question 3
The Internet of Things
As the “Internet of Things” or as some are calling it “The Internet of Everything” evolves more and more, what do you see as the emerging technology that will be used to protect critical data and assets? Remember to cite any sources.
Requirements
- Do you think traditional security methods will still be valid? Why or Why not? Explain your answer.
- Will hacking and breaches become more predominant? Explain your answer.
- Minimum of 300 words.
Question 4
Security Context
Security personnel are increasingly having to think about the location of their data in a world where data is becoming ever-more distributed. That and the concerns that organizations have about governmental and private surveillance are yet another burden these overworked folks need to shoulder. Data security looks fundamentally different to how it looked in the past. There truly are no hard parameters for data: it exists within organizational premises, in the cloud, on all manner of social media, on mobile devices of every flavor and, increasingly as we move towards the Internet of Things, on distributed sensors.
A 2014 survey of CISOs revealed data location is a huge concern. But the key question to ask is how much of the concern is related to security personnel’s hyper-sensitivity about risk, and how much is actually a reflection of a more risky environment? And this question speaks to what I believe will be the future of information security: context. For the purposes of this assignment, I classify context as location, time, type of device, type of user.
Requirements
- How can user context be used to more effectively control data? Provide specific examples.
- Identify at least three companies that have software that manages user context.
- Minimum of 300 words.