Week 9 Reflections on Current
Trends in Cybersecurity
Threat
environment changes rapidly with evolving information technology and the IoT
(Internet of Things). It is even difficult to keep up with methods and
techniques to access and mitigate information system threats, vulnerabilities
and business operations risks. However, a structured approach to threat
modeling helps in the design of appropriate security architecture and control
system in managing a distributed network system or any system. In implementing
a resilient and responsive security control system, it is imperative to adopt
multilevel and multilateral security system. After the information system
security has been implemented, it is necessary to monitor and meter (audit,
system evaluation and assurance) and gauge the performance of the controls as
to ensure effectiveness and compliance to industry standards, government
regulations, and meet business function needs.
The
threat modeling process and tools used in the security analysis need be tested,
evaluated, refined as to appropriately address identified IT risks and
vulnerabilities that will impact organization critical assets. An Action Plan
and Client Presentation to professionally present to the ERB (Executive Risk
Board) security findings and recommendations to mitigate security gaps is a
sine qua non. One thing I may
wish to observe in the college Cybersecurity program, is an information
security business management class to be able to put together an estimate, the
cost-benefit (in terms of money value). The question the members of the
executive risk board would have at the end of client presentation would be how
much would it cost us to implement this recommendation and what is the time
frame for it?
In threat
modeling, one challenge to consider is the balance on trade-offs – avoiding,
addressing, accepting, transferring, and ignoring risks. Another is threat
modeling in technologies, cryptosystems, human factors and usability, and
tricky areas, like web and cloud platforms.
In
all, it is good for an information security professional to not only get the
relevant certifications, but to keep abreast of the latest development,
challenges and data compromises and mitigation or remediation response as to
remain relevant in the ever-changing world of information security systems and business
operations.
No comments:
Post a Comment