As mentioned in my first blog, the first and foremost reason I chose Corporate Information Security as a unit this semester was because it was the only unit available for my schedule. I did not have many expectations about how the unit would be or whether I would enjoy it or not. It turns out, the topics that were covered in the chapters were interesting and it made me realize that there are so many things we do unintentionally or without realizing that could be potentially dangerous, not only for oneself but the company that one works for as well. Doing this course has helped me realize that everyone should really think twice before doing anything, especially when it is related to corporate information security. The first case study in the first chapter was a very good example of how many people do not know what Internet Security means and how it can affect a whole business in a matter of minutes. Rapid development in technology has made it far easier for people to take advantage of lack of knowledge, training in this area.
Having worked for IBM, I did have a basic knowledge of some of the topics covered in this unit (Risk management, Outsourcing IT security and workings of Remote Access), which I believe made this unit a bit more easier for me, however I was glad I had the opportunity to delve deeper into why Information Security has become an important issue in recent years and what to expect in a real work situations. Being a business graduate, I will be aiming to find employment in a large company, therefore I believe knowing about Information Security will help me be more cautious in what I do and how I do it at work. IT has now become the lifeblood of business, where both IT and Business complement each other, I would like to work in areas related to Project Management, and therefore it makes even more sense for me to be aware of the issues that were raised while doing this unit.
The most important aspect of Information Security after undertaking this unit is the fact that employees working in an organization should be made aware of the risks of Information security, proper training should be provided so that they know what can and cannot be done. A company can have the best security measures in place; however it will not work if the employees are not made aware of the risks and the consequences of putting the company at risk.
Although I did not have a lot of expectations, when I first enrolled for the unit, I remember thinking this unit might be very technical in nature. I was half expecting to learn more about the technical part of the different means and measures used for securing information.
As mentioned earlier, having worked for IBM, I had known, seen and been through some of the measures and workings of Information Security measures taken by the company. I knew in general, what was taken as a breach of security and what simple things we could do, to make our area safe. Therefore, my perceptions about Information Security have not changed a whole lot.
While doing this unit, the topics that were most interesting were Physical Security. Within that topic, I found biometrics and cryptography very interesting so I ended up doing a bit of extra reading on the internet with the newer types of biometric security that researchers have come up with and how cryptography works. The most boring topic in this unit, I thought was Chapter 3 (Legal, Ethical and Professional Issues in Information Security), the legal area was the worst, however, I did find the article posted on Moodle titled ‘U.K. Hacker's Extradition Appeal Rejected’ was very intriguing and the fact that I learnt there is a lot of gray areas relating to international laws about Information Security.
The topics that I found that were the easiest was chapter 11 (Security and Personnel) and that was because it was mostly theory about what type of information security personnel to look for, what qualifications they require and how to conduct employee intakes. Within Chapter 2, topics related to the different types of attacks were also easy to understand, but that was mainly because I was interested in the topic. I find things easier to understand when I find it interesting. Prior to undertaking this unit, a friend of mine who is currently studying IT had explained how he had seen a documentary on hackers which he told me about, and I thought that was pretty interesting.
There were several areas that I found to be difficult. There were different Information Security Models that were hard to understand and required me to really read everything a few times; however I am still unsure if I have understood those completely. Those particular models were the NSTISSC Security Model, the VISA International Security Model and the ISO Network Management Model. Chapter 12 in particular was difficult as a whole, the most difficult chapter by far, but that was probably because it was the last chapter and I did not really pay too much attention and try to really understand it.
When I first enrolled in this unit, I was not aware that this was an online unit. As a student, I think it is better to have a face-to-face lecture and tutorial because it’s easier for me to understand the issues and topics discussed rather than self learning from the Internet. Yes, it has its benefits, but i prefer the traditional way of studying. Therefore, I would recommend, there be at least 3 lectures during the whole semester where students have to attend lectures. By doing so, I think will provide students with the chance to better understand topics and clarify their doubts about previous topics. I do understand that there is a place in Moodle where questions can be asked, but it does not feel personal.
Overall, I am glad I decided to do this unit and I believe I have taken some knowledge that will help me in the future.