Current Trends in Cybersecurity

Week 9                       Reflections on Current Trends in Cybersecurity

Threat environment changes rapidly with evolving information technology and the IoT (Internet of Things). It is even difficult to keep up with methods and techniques to access and mitigate information system threats, vulnerabilities and business operations risks. However, a structured approach to threat modeling helps in the design of appropriate security architecture and control system in managing a distributed network system or any system. In implementing a resilient and responsive security control system, it is imperative to adopt multilevel and multilateral security system. After the information system security has been implemented, it is necessary to monitor and meter (audit, system evaluation and assurance) and gauge the performance of the controls as to ensure effectiveness and compliance to industry standards, government regulations, and meet business function needs.

The threat modeling process and tools used in the security analysis need be tested, evaluated, refined as to appropriately address identified IT risks and vulnerabilities that will impact organization critical assets. An Action Plan and Client Presentation to professionally present to the ERB (Executive Risk Board) security findings and recommendations to mitigate security gaps is a sine qua non. One thing I may wish to observe in the college Cybersecurity program, is an information security business management class to be able to put together an estimate, the cost-benefit (in terms of money value). The question the members of the executive risk board would have at the end of client presentation would be how much would it cost us to implement this recommendation and what is the time frame for it?

In threat modeling, one challenge to consider is the balance on trade-offs – avoiding, addressing, accepting, transferring, and ignoring risks. Another is threat modeling in technologies, cryptosystems, human factors and usability, and tricky areas, like web and cloud platforms.

In all, it is good for an information security professional to not only get the relevant certifications, but to keep abreast of the latest development, challenges and data compromises and mitigation or remediation response as to remain relevant in the ever-changing world of information security systems and business operations.