Week 9 Reflections on Current Trends in Cybersecurity
Threat
environment changes rapidly with evolving information technology and the IoT (Internet
of Things). It is even difficult to keep up with methods and techniques to
access and mitigate information system threats, vulnerabilities and business
operations risks. However, a structured approach to threat modeling helps in the
design of appropriate security architecture and control system in managing a
distributed network system or any system. In implementing a resilient and
responsive security control system, it is imperative to adopt multilevel and
multilateral security system. After the information system security has been
implemented, it is necessary to monitor and meter (audit, system evaluation and
assurance) and gauge the performance of the controls as to ensure effectiveness
and compliance to industry standards, government regulations, and meet business
function needs.
The
threat modeling process and tools used in the security analysis need be tested,
evaluated, refined as to appropriately address identified IT risks and
vulnerabilities that will impact organization critical assets. An Action Plan
and Client Presentation to professionally present to the ERB (Executive Risk Board)
security findings and recommendations to mitigate security gaps is a sine qua non.
One
thing I may wish to observe in the college Cybersecurity program, is an
information security business management class to be able to put together an
estimate, the cost-benefit (in terms of money value). The question the members
of the executive risk board would have at the end of client presentation would be how much would it
cost us to implement this recommendation and what is the time frame for it?
In threat
modeling, one challenge to consider is the balance on trade-offs – avoiding,
addressing, accepting, transferring, and ignoring risks. Another is threat
modeling in technologies, cryptosystems, human factors and usability, and
tricky areas, like web and cloud platforms.
In
all, it is good for an information security professional to not only get the
relevant certifications, but to keep abreast of the latest development, challenges
and data compromises and mitigation or remediation response as to remain
relevant in the ever-changing world of information security systems and business
operations.
No comments:
Post a Comment