Section 1 (Introduction to Information Security)
This chapter provides a basic introduction to Information Security. I really enjoyed reading the brief case study with ‘Amy’ from the call centre. This case demonstrates how many people do not know what Internet Security means and how it can affect a whole business in a matter of minutes. By reading about the History of Internet Security, I learnt that many people did not even consider this to be an issue until there were incidents that took place that got people to think about how important security really is. The fact that some of the main problems with Internet Security today is because people failed to realise its importance in the earlier days is quite fascinating. I learnt that security is multifaceted such as physical, personal, operations, communications, network and information security. The CIA triangle that consists of Confidentiality, Integrity and Availability of information was quite intriguing.
I found it difficult to understand the SDLC and SecSDLC and the difference between the two. The figure on page number 13 titled NSTISSC security model was difficult to understand as well.
The article that I have chosen is called “Why employees ignore security: They have never heard of ‘policy’, that’s why” written by Joan Goodchild. This article relates to how employees ignore security policies because companies are vague about the rules and regulations relating to Information Security. She goes on to talk about how “Many companies may be sending out mixed messages to employees.” An examples of this is given by Frank Kenney: "If I work for a company where I can't use gmail, but I have access to gmail, the company isn't giving me better way to send out large files, and they haven't blocked gmail, I'm going to use gmail,".
This article relates to that part of the chapter which explains how it takes a wide range of people to support a security program within an organization.
No comments:
Post a Comment