Tuesday, August 18, 2009

Chapter Reflection: Week 3

Section 1 (Introduction to Information Security)

This chapter provides a basic introduction to Information Security. I really enjoyed reading the brief case study with ‘Amy’ from the call centre. This case demonstrates how many people do not know what Internet Security means and how it can affect a whole business in a matter of minutes. By reading about the History of Internet Security, I learnt that many people did not even consider this to be an issue until there were incidents that took place that got people to think about how important security really is. The fact that some of the main problems with Internet Security today is because people failed to realise its importance in the earlier days is quite fascinating. I learnt that security is multifaceted such as physical, personal, operations, communications, network and information security. The CIA triangle that consists of Confidentiality, Integrity and Availability of information was quite intriguing.

I found it difficult to understand the SDLC and SecSDLC and the difference between the two. The figure on page number 13 titled NSTISSC security model was difficult to understand as well.
The article that I have chosen is called “Why employees ignore security: They have never heard of ‘policy’, that’s why” written by Joan Goodchild. This article relates to how employees ignore security policies because companies are vague about the rules and regulations relating to Information Security. She goes on to talk about how “Many companies may be sending out mixed messages to employees.” An examples of this is given by Frank Kenney: "If I work for a company where I can't use gmail, but I have access to gmail, the company isn't giving me better way to send out large files, and they haven't blocked gmail, I'm going to use gmail,".

This article relates to that part of the chapter which explains how it takes a wide range of people to support a security program within an organization.

Sunday, August 2, 2009

Task 1 : Week 2

I have chosen this unit (Corporate Information Security) because it seemed like an interesting course and the fact that it was the only other unit i could find to fit into my schedule. During this semester, i hope to learn a few more things that are related to business and IT.


Security in general is a very important issue these days... as more people have the knowledge and the necessary tools required to hack into one's system; learning, knowing and preparing oneself against this has become essential. Therefore, i think doing this course will help to some extent.


From my point of view, Information is a collection of data which is relevant to a specific topic. After reading the collection of data or 'information' people are able to make decisions. Therefore, by gather information, people can make decisions. In other words, information is something that people use to make decisions about certain topics or areas.


There are different types of information, some can be shared with everyone, some only with certain people you trust and others that have to be kept a secret. This can be from a simple password to an email account or bank account details of an organization. If other people find out such information, they may be able to access personal information which may lead to bigger problems of identity theft, spending of other people's money etc the effects of which may be detrimental. Therefore Information security is the protection of confidential information.


By studying Information Security, i think it will help me be more knowledgable, it will make me more aware of the things i should/should not do in my personal as well as professional work career.