Summary of the Blog:
This paper summarizes the topics that were covered for Information security class’s blog. All the topics that we see are more related to protecting your computer system from hackers, virus, and many simple but effective tips to protect from it. To sum it up, the whole blog is divided into sections which includes weeks that tells about data breach (week 10 and week 4) that happened recently, some weeks explains what threats are and some of the common hardware failures (week 6 and week 8), some weeks includes tips or measures to protect from threats (Week 7), software vulnerabilities (week 6, week 5, week 3, week 2), hardware failure (week 8) and some weeks explains about the InfoSec certifications that will boost your career (Week 9, week 11).
It is very important to keep update about the security news and security product in the market because threats are always changing. Hackers are always using different measure to get access to the system and it is an ongoing process. If we know one way to solve the threats then hackers will come up with another way to steal information. Recent example includes Jimmy John’s Reports Data Breach at 216 stores on July 30, 2014(Week 4). It is believed that the hackers have gathered personal information like cardholder’s name, verification code and card’s expiration date but believe that other information was not stolen. Jimmy John’s didn’t knew until late September that theirs system has been hacked. They believe it was hacked in between June 16 and September 5. This gives us a clear idea that security issues are an important part of information system. Security professionals working for such company should be knowledgeable and keep update on their system.
Similar data breach happened to an energy industry, Telvent Canada LTD (Week 10). On Sept. 10, 2012 it learned of a breach of its internal firewall and security systems. It is believed that the attackers installed malicious software and stole project files related to one of its core offerings- a product that helps energy firms mesh older IT assets with more advanced smart-grid technologies. Later report said that it was linked to Chinese hacking group known as Comment Group. This also tells us that hacking is not only limited to within a border or within a country. It can be hacked from anywhere in the world. This means we are more vulnerable to threat than ever.
Weeks 6 give information on software vulnerabilities and give information about vulnerabilities that are attached to some of the common applications that we use. Some of them includes Microsoft’s Internet Explorer had 218 vulnerabilities with 11% of installed program unpatched. Likewise Oracle Java 7 had 145 vulnerabilities and 42% of installed programs unpatched. Also, Apple QuickTime 7 had 11 vulnerabilities and 33% of installed programs unpatched while Adobe Reader 10 had 21 vulnerabilities and 23% of installed programs unpatched. Keeping update about the patches is a complex task, given the number of endpoints and applications at work in today’s computing environment and there are millions of vulnerable machines out there. We must be prepared to identify, and take appropriate actions. larger the attack surface, the larger the risk and consequently the more complex and challenging it is to solve incidents and avoid the consequences of a successful breach.
On week 8 explains some of the common threats and some of the common threats that we see are
- Compromise to intellectual property
- Deviations in quality of service from service providers.
- Espionage or trespass
- Forces of nature
- Human error or failure
- Information extortion
- Sabotage or vandalism
- Software attacks
- Technical hardware failures or errors
- Technical software failures or errors
Week 7 explain some practices to overcome those threats. I have included some of the practices for threat Protection. It includes some of the basic knowledge but very effective to protect from Threats. Some of them includes block access to web ports and scan traffic, Control outbound content as well as inbound, educate users about the dangers and safe use of social networking websites, encrypt sensitive data, review mail security and gateway blocking.
Week 3 and week 5 gives some tips on protecting your iOS 8. Apple has put together a handy info graphic listing in iOS 8 security tips. It keeps your password safe using your preferred browser and protect the password using Touch ID. Another security feature includes send last location, which is similar to features in lockout security for Android. It enables you to know your current location just before the battery dies out. Dash lane recommends scanning your fingerprint from different angles, making it easier for touch ID to recognize you. Week 2 features includes push notifications, which are messages that show up prominently on iPhones and iPod’s, when someone tries to change the password for their iCloud account, upload their backup account data to a new device or log into their accounts for the first time from an unknown device.
Week 8 talks about the some technical Hardware Failure. Hardware failure or errors are one of the key reasons for failure of a company. It includes some of the hardware errors are memory Errors, System Timing Problems, Resource Conflicts, and power loss.
Week 9 talks about FAIR (Factor Analysis of Information Risk). It is an Industry risk model for information security and Operational Risk. FAIR model specializes in financially derived results tailored for enterprise risk management. It has been widely accepted and used within the finance, Government, Healthcare and retail industries. Week 11 talks about advantages of getting professional InfoSec certificate to help boost your resume. It is always an advantage to have certification on your resume. It tells the recruiter that you have spent time and money and actually know the stuff.