CIS 608 Logo

CIS 608 Logo
CIS 608 - Information Security Management

Friday, December 9, 2011

Post 069 - CIS 608




The M.S. in Cybersecurity at Bellevue University
(Click for more information)

I started this program on Monday, August 29, 2011. The links below will take you to the course blog that has been set up for each course in this program:

=========================================================

CIS 608 - Information Security Management
CYBR 515 - Security Architecture and Design
CYBR 510 - Physical, Operations, and Personnel Security
CIS 537 - Introduction to Cyber Ethics
CIS 607 - Computer Forensics
CYBR 520 - Human Aspects of Cybersecurity
CYBR 610 - Risk Management Studies
CYBR 615 - Cybersecurity Governance and Compliance
CYBR 625 - Business Continuity Planning and Recovery
DET 630 - Cyber Warfare & Deterrence
CYBR 525 - Ethical Hacking and Response
CYBR 650 - Current Trends in Cybersecurity


=========================================================

If you are interested in me and my career, here are some additional links:

Resume
Career
Certifications
Credentials
ISO 27001
M.S.
MBA
Bio
Writing
Thoughts
Secrets
Chicago
Love Story

====================================

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
slater@billslater.com
Chicago, IL

Sunday, November 20, 2011

Post 068 - CIS 608






The Fat Lady Has Sung, So This Blog Has Completed - Thanks for Reading!

It's over. The Fat Lady Has Sung, So This Blog has now completed. Thanks for reading, Folks!

Do you want to hear the Fat Lady sing? Click here! (Turn it up!)

=================================

William Favre Slater, III, PMP

MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
Group 2
CIS 608 Blog: http://cis608.blogspot.com
http://billslater.com/career
Chicago, IL

Post 067 - CIS 608







Analyzing and Summarizing this CIS 608 - Information Security Management Blog

Assignment 12.4 (Post to your Blog and to the Week 12 Forum)

This assignment is worth 50 points.

Time to finish up your blog. This last assignment should be a retrospective look at your postings over the last 11 weeks. Time for a little analysis. Write up an entry that provides a summary of what you chose to write about.

First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?

Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?

As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.

To get credit for this assignment, the URL must be posted in this assignment.

============================== Answers ============================

Part 1 - First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?

(See chart above)

Summary Topic with Count
CIS 608 - Week Assignment - Blog = 2
CIS 608 - Week Assignments = 13
Cloud Computing, Security and Certifications = 1
Current Event in Information Security - Computer Crime = 9
Current Events in Information Security - International Cyberwar Threats = 10
Cybersecurity Policies = 1
Discussion about Secret Message Communications from World War II = 1
Domain Names related to Information Security = 1
Electronic Health Records - The Need for Security and Privacy = 1
Framework for Information Security Management = 1
Freedom of Information Act (FOIA) Resources and Information Security = 1
How the USA PATRIOT ACT Affects The Bill of Rights 1 Incident Response Plans = 2 Information Asset Classification = 1
Information Security and Information Security Tools = 1
Information Security Awareness Training = 3
Internet History and Growth = 1
IT Professional Certifications, Value and Relevance = 3
Leadership as a Component of Information Security = 2
News about an Information Security Blog = 1
Resources for Information Security Topics = 5
Return on Security Investment (RoSI) = 3
Security Architecture and Design - CYBR 515 Assignment = 3

----------------------------------------------------------------------
Part 2 - Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?

No. Different sources each week.

Yes - a variety of sources. See summary below and above.

CIS 608 Assignment = 6
CIS 608 Material = 12
Course Text = 1
Current Event = 1
CYBR 515 Assignment = 1
CIS 608 Material = 3
Electronic Text Reference = 7
Industry Reference on Web = 1
Information Security Blog = 1
Information Website = 4
Self = 4
Various Texts = 1
Various Web URLS = 8
Web Article = 14
Website for Tool = 2
White Paper = 2

----------------------------------------------------------------------
Part 3 - As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.

As a certified Information Security who is also a graduate student, I found this blog exercise very useful because it forced me to regularly look for Information Security topics to analyze and blog about as part of this course requirement. I completed and analyzed 66 blog entries and learned a lot while doing it. It will remain here on the web as a snapshot of the Information Security landscape here at the end of 2011.

Besides the amazing things I learned and wrote about, I learned that I probably blogged too much. It took me about 10 to 12 hours to do this last assignment where I had to analyze and summarize my blog. With my busy schedule, that is just too much time.

Parting comments: I hope we will all be getting smarter about how we do things in cyberspace, because the consequences of slipping up and letting our guard down become more severe each day as more and more of our lives are enveloped by the world of the web and cyberspace.

Thank you for reading this blog (URL - http://cis608.blogspot.com).

================================

Bill

William Favre Slater, III, PMP
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
Group 2
CIS 608 Blog: http://cis608.blogspot.com
http://billslater.com/career
Chicago, IL

Post 066 - CIS 608




"Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says"


This is an alarming news story and points out the vulnerability of infrastructure points in the U.S. It hits very close to home also because I think these hackers probably attacked the Jardine Water Treatment Plant (information here)that is operated by the City of Chicago. This plant pumps over one billion gallons of water out of Lake Michigan every day, and I am one of nearly 8 million people who use this water from the Jardine Water Treatment Plant daily to cook, shower, etc.

Sadly, people have been aware of such vulnerabilities for some time and such attacks have been predicted as far back as 10 to 15 years ago.

Let's hope home our city and national authorities are paying attention to this news and that they will act before it is too late.

===========================

William Favre Slater, III, PMP

MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
Group 2
wfslater@bellevue.edu
CIS 608 Blog: http://cis608.blogspot.com
http://billslater.com/career
Chicago, IL


Friday, November 18, 2011

Post 065 - CIS 608


EDF used Trojans to spy on Greenpeace


EDF is a giant French Energy company. The head of nuclear energy at EDF was fined 1.5 million euros for commissioning Kargus Consultants to use Trojans to attack Greenpeace's Yannick Jadot’s computer in 2006, stealing 1,400 documents relating to the organisation’s campaign against nuclear power. Jadot was then head of campaigns in France.

This judicial ruling was extremely important because it was the largest of its kind that was ever awarded.

From the article:

"The court in Nanterre handed EDF’s former security head, Pascal Durieux, a three-year jail sentence with one suspended, while his deputy Pierre-Paul Fran├žois was given three years with 30 months suspended.

"The head of Kargus, Thierry Lorho, was given three years in jail with two suspended and a 4,000 euro fine while his technical expert and former secret service man, Alain Quiros, was given two years suspended."

"The evidence presented at the trial showed that the espionage undertaken by EDF in its efforts to discredit Greenpeace was both extensive and totally illegal. The company should now give a full account of the spying operation it mounted against its critics," said Greenpeace UK executive director, John Sauven.

What was especially astounding was that Pascal Durieux was a retired rear admiral from the French Navy and Pierre-Paul Fran├žois had worked as a policeman.




Thursday, November 17, 2011

Post 064 - CIS 608


Week Twelve Assignments- Maps to Course Obj. 6

Read/Review

: Chapter 12, Management of Information Security, 3e.

: Powerpoint Slides, Chapter 12, located in Course Documents, Lecture Notes

Learning Objectives - Week 12

Differentiate between law and ethics
Understand the role of culture as it applies to ethics in information security
Access current information on laws, regulations, and relevant professional organizations
Assignment 12.1
This assignment is worth 50 points.
Complete the peer evaluation form (top of page - PeerEval.xls) for your group members and post it to the assignment link.


Assignment 12.2
This assignment is worth 50 points.
Provide background on the Communications Decency Act. Why was it enacted? When? Who sponsored it? Now provide information on the organization which led the effort to have this overturned... again, why? when? who? What was the outcome? Include any opinions you may have on this.

..
Assignment 12.3 (post to the Week 12 Forum)
This assignment is worth 50 points; 25 points for your original posting, and 25 points for participation.
Using any resource at your disposal, find out what laws your state (or country) has passed to prosecute computer crime and provide a short description of them. Were you surprised at what you found? Disappointed in what you found?
Minimum Posting Requirements: You must post at least five messages to get credit for participation. The first message is your original posting, due no later than Wed. At least two of the other messages must be responses to other student original postings. This is a pass/fail type of grade. If you meet the minimum requirements you get the points. If you do not meet the minimum requirements, you'll get no points for participation. Messages must be posted on more than one day. Don't wait until the last minute!


Group Assignment-Week 12
This assignment is worth 50 points.
As a group, determine a best response to the Case Exercises for RWW, Inc. at the end of the chapter. Use your group forum area for discussion, located under the Groups button to the left...
Have one person in your group post the group consensus, labeled as "Week12 Post - Grade Me" to your group forum.

Assignment 12.4 (Post to your Blog and to the Week 12 Forum)
This assignment is worth 50 points.
Time to finish up your blog. This last assignment should be a retrospective look at your postings over the last 11 weeks. Time for a little analysis. Write up an entry that provides a summary of what you chose to write about.
First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?
Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?
As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.
To get credit for this assignment, the URL must be posted in this assignment.

Sunday, November 13, 2011

Post 063 - CIS 608





Unresolved Questions Dog International Cybersecurity Policies

Unresolved questions dog international cybersecurity policies This short article that was published on the web on November 9, 2011, highlights the difficult and legal complexities of a world that is waking up to the idea that we are now a globalized society that is very connected via the Internet. The concerns stem from the fact that internationally-directed data breaches are occurring and an increasing awareness that cyberspace (connected via the Internet) will be the new landscape of international confrontation, up to and including battles and wars fought in cyberspace. The dangerous realities we are now facing in cyberspace are something that only existed in the minds of famous cyberpunk science fiction writers such as William Gibson (who actually coined the term "cyberspace"), Bruce Sterling, and Neal Stephenson back in the early to mid-1990s.

Now we all are playing catch up, realizing that it is absolutely essential to have laws and international cooperation between the nation state stakeholders of cyberspace. Welcome to the brave new world in which our leaders are now having to understand and legislate cyberspace on a level that makes it safer for business and personal interactions.

Nevertheless, the answers to all these difficult issues may be right here.

======================

William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27002, MCP #3585
Project Manager / Program Manager
Chicago, IL
slater@billslater.com
http://billslater.com/career