CYBR650 Week 12 Final Entry

I made it through all the week to week 12! This class has been exciting, informative, and very stimulating. Believe it or not, the most difficult part of this course was developing my own threat model. The feedback from the professor and my classmates helped tremendously to help me stay on track! One of the best parts of this class was the ability to review other classmates’ assignments. This gave me a great opportunity to learn from others in the class. I believe this class will help to push me into the cyber security world in the company I work for, and I know the objectives and concepts taught in this class will be a great starting point for me. I know that I can now analyze the various elements of an information system, conduct an analysis for risks, threats, and vulnerabilities, and develop a process model to help identify the existing and future threat landscape.

This blog assignment was one of my favorites, as it gave me an opportunity to explore other topics related to current trends in cyber security, and to post my thoughts and opinions. I now browse through several online sites weekly in search of the latest news related to the world of cyber security, and this is a habit I will continue long after the class is over. One of my preferred online sources is Security Week. This online magazine was ablaze this week as the European Union’s new data protection rules went into effect. The EU’s General Data Protection Regulation (GDPR) seem to have far-reaching effects, as I have been receiving a large amount of emails and mail with privacy update notices. This new law is supposed to provide greater protection of people's online information, but as with many other consumers, I am skeptical. I appreciate that individuals must explicitly grant permission for their data to be used, but believe big companies will soon find loopholes or other ways around it. Read more here: https://www.securityweek.com/eus-new-data-protection-rules-come-effect.

Now that we have the EU’s GDPR in effect, how about someone start working on protecting us from the real bad guys? I mean, it’s great that the GDPR is focused on big companies like Facebook, WhatsApp, and Twitter, but is going after the hackers and other illegal actors on the cyber security stage? The news is currently highlighting the attack by alleged Russian hackers who have infected at least 500,000 routers and storage devices in over 50 countries. Now the FBI is warning that the attackers could collect user information or shut down network traffic on these home and office routers. Read more here https://www.reuters.com/article/us-usa-cyber-routers/fbi-warns-russians-hacked-hundreds-of-thousands-of-routers-idUSKCN1IQ2DY and here https://www.securityweek.com/us-disrupts-russian-botnet-500000-hacked-routers. Now that we’ve potentially ordered big corporations to place better security measures to comply with the GDPR, we need to also invest even more time and resources into going after the bad guys, and stopping them before they can attack.

My final entry for this class is a synopsis of a really good article on Security Week by Joshua Goldfarb. He talks about the 10 security behaviors that anger us. It is one of the most-commonsense pieces of security advice I’ve read in a long time. One of the 10 security behaviors is fire fighting; where a security team seems to running from one emergency to another. Companies often bring this upon themselves, when they refuse to threat model, or to hire enough properly trained It professionals. The result is a reactive one, where the security team has to put out endless ‘security’ fires. Another security behavior is probably the most common one: writing down passwords. We all know that writing down passwords is considered a terrible security habit. Yet, our password policies dictate that we create complex passwords that include upper and lower case letters, mixed with numeric and special characters, and with a particular length. If we didn’t write down our passwords somewhere, we’d be kicked out of our computer systems constantly. Companies need to help us with password management systems so we can keep track of all these unique passwords we need. You can read the full article at https://www.securityweek.com/10-security-behaviors-anger-us.