Module 2 | Reflective Piece
Module Reflection
In this unit, I learned the importance of information security. In the new era of technology, information is critical, and information security is essential for success in technology. Today, many industries rely on technology for their operations (Min & Garza-Baker 2018). Unfortunately, the threat of information insecurity poses a significant risk to these establishments. Some of the most common network vulnerabilities that challenge a system are outdated software’s which exposes the system that runs an application. Aside from vulnerabilities, threats like malware have also been established as a common source of network insecurities. Malware attacks on the cyber world are often executed using malicious software which runs unauthorized activities in an individual’s system. Since malware attacks are not uncommon in the cyber world (Kremling and Parker, 2018), people should observe the three information security management principles.
As a cyber-security professional, I can apply principles like data confidentiality, availability, and integrity as the three most important aspects of information security. The most common application of malware attacks is extortion. Ransom is often collected from individuals under attack. Threats like malware can prevent targets from accessing their data through encrypted files. In such desperate situations, individuals under attack can easily be harassed into contributing ransom. The delivery of a malware attack has to be carefully executed for effective results. Malware attacks are always delivered via malware vectors. Part of my job in cyber security involves identifying commonly used malware vectors in cyber-attacks like Worm, Trojan, and Virus. Prevention from malware attacks can be achieved by maintaining data confidentiality. Unlike system vulnerabilities which weaken the system exposing it to threats, a threat is an adverse event that can be prevented by preventing access of unauthorized personnel into the system (McLeod and Dolezel 2018).
I also learned that information security is crucial for any organizational setting primarily because data leakage challenges an organization's management and credibility, which could affect their business (Mahjabin et al., 2017). It is crucial to protect data because when information is compromised, an organization's ability to function is also compromised. A comprehensively secured IT system also facilitates the safe operation of applications implemented on Organizational systems. Businesses must invest in a quality security package for their IT systems because they can lose essential business secrets to competitors if they do not. Organizations are encouraged to consider information confidentiality, integrity, and availability when securing their data. Authorized access is also highly emphasized because company information can be at a high risk of being accessed by people who work for the company.
Information security is a crucial part of organizational management as it prevents data loss (Li and Nurse 2020). This course taught me that information is what keeps an organization running. When the relevant data is lost, all operations have to stop. Companies apply Network security, application security, and incident response to maintain data security. An IT system can effectively be kept safe from insecurity through comprehensive threat intelligence and vulnerability management. I think that networking is an essential factor to consider in information security. When computers are linked for effective operations, an established set of rules guides the format used. Network security protocols are essential for providing security and data integrity. The TCP/IP, a transmission control protocol and internet protocol, are some communication protocols used to connect network devices on the internet (Ronquillo et al.,2018).TCP/IP consists of a set of standardized rules that facilitate information transmission between computers. It also has four layers: the application layer, the transport layer, the network layer, and the physical layer that work together to route every packet to guarantee it gets to the correct destination, ensuring no third parties in the communication (Dilmaghani 2017). While the transport layer takes care of end-to-end communication across the network, the application layer gives standardized application data. The physical layer connects nodes and hosts networks as the network layer reports errors. Aside from network security protocols, I also learned about the ping utility, which helps determine the availability of a host across an IP network.
Team/Group Reflection
I contributed to group projects and team activities by responding to members in the group chat and helping with group assignments. I ensured work was evenly divided amongst team members. For the Design Summary and Executive Summary writing projects, I completed almost 50% of the project. As a group, we discussed the first seminar preparation assignment: Stride & Dread Tools. We reached a consensus that network security solutions are the most vulnerable followed by network protocols and unsecure software. Another suggestion was insecure programming. We gave network security solutions a level 3-high risk and the other two-level 2-medium risk. We also produced seven other justifications that could be used including; zero trust, IPS/IDS, packet filtering, honeypot, account lockout, cyber training, and two-factor authentication. I could not attend seminars because I recently got a job and had to report to work. I am, however, trying to do better and manage my time and workload. Fortunately, at least one group member always attended the seminars and updated everyone through recordings which I reviewed thoroughly.
Professional/Personal Development Reflection
This course has impacted me significantly in my personal and professional development. For instance, at my current company, I was tasked with shifting their SOC from one managed service provider to another at my new company. Equipped with my education during this module, I now have an in-depth understanding of potential threats and vulnerabilities in the IT system. This course has also taught me the roles of critical security personnel, how to understand the infrastructure and network security architecture, and the importance of security vulnerability and assessment tools. I also learned that cyber security should be taken seriously because it can ruin or build a company’s good work (Andel et al., 2014).
Improvement Reflection
Next time, I will manage my time better to attend the seminars and report to work. I intend on achieving this by scheduling my classes and working hours not to clash with one another. I will also use sources outside of the information security course to help me apply these concepts. I will read technology blog posts on different cyber threats as they are ever-evolving, and I want to keep myself updated.
References
Andel, T., Campbell, M., Glisson, W., Jacobs, M., Mayr, J. and McDonald, J., 2015. Compromising a Medical Mannequin.
Dilmaghani, S.E., 2017. A privacy-preserving solution for storing and processing personal health records against brute-force attacks (Doctoral dissertation, Bilkent University).
Kremling, J.and Parker, S, A. (2018).Cyberspace, Cyber security, and Cybercrime. SAGE publishers.
Li, S., & Nurse, J. (2020). How to beat the cybercriminals and stay safe online. Futurum
Careers. https://doi.org/10.33424/futurum43
Mahjabin, T., Xiao, Y., Sun, G. and Jiang, W. (2017). A survey of a distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13(12), p.1550147717741463.
McLeod, A. and Dolezel, D., 2018. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems, 108, pp.57-68.
Min, J. H., & Garza-Baker, K. (2018). Post-stay email marketing implications for the hotel industry: Role of email features, attitude, revisit intention, and leisure involvement level. Journal of Vacation Marketing, 25(4), 405–417. https://doi.org/10.1177/1356766718814081
Ronquillo, J.G., Erik Winterholler, J., Cwikla, K., Szymanski, R., and Levy, C., 2018. Health IT, hacking, and cybersecurity: national trends in data breaches of protected health information. JAMIA Open, 1(1), pp.15-19.
Salim, M.M., Rathore, S. and Park, J.H., 2020. Distributed denial of service attacks and its defenses in IoT: a survey. The Journal of Supercomputing, 76(7), pp.5320- 5363.
Saleem, M., & Mustafa, M. B. (2020). Unsolicited SMS Marketing in Driving Consumers’
Buying Behavior through Consumer Perception. Academic Journal of Social Sciences (AJSS ), 4(3), 724–740. http://ojs.lgu.edu.pk/index.php/ajss/article/view/1084Yang,
