Blog results for Canadian Bacon over the course of this class

Below are my blog subjects that I wrote about during this course. I tended to follow the chapters of the book and write about subjects from each chapter and what I found was either interesting or an area that I wanted to better understand. I would say risk management, access control and malware were my biggest areas of interest.

Most of my information I gained through the reading of our text book or current events that I was reading during the week. I was surprised when reading the paper or watching the news how many information security crimes there are and how pertinent the subject is to everyday life and not just to people that work in technology.

In examining my blog traffic I was very surprised that anyone would be interested in my obscure blog. I had 264 hits over 12 weeks mostly from a site called viperstat which had 59 hits. I don’t want to research viperstat because I’m afraid it’s a hacker site or something that might target my PC. I was also surprised by the number of hits from Russia and Africa.  

• Information Security Jobs – The future looks brigh...
• Uncle Sam using Biometrics to make America a Safer...
• How do you quantify risk?
• Risk Management and Risk Ranking.

• Role Based Access Control (RBAC) is most popular.
• What’s the difference between Malware and Viruses?...
• How Low will Identity Thieves Go? Apparently 6 fee...
• No-one is safe from Hackers - not even the First L...
• Hacktivist are hurting themselves as much as other...
• Browser Malware Protection (Trusteer)
• Intro to Canadian Bacon Security Blog

Countries Accessing blog:

US - 165

Russiona - 29

Morocco -1

Germany -12

Pakistan - 12

Indonesia -10

United Kingdom -4

South Africa 3

Egypt -1

Information Security Jobs – The future looks bright

Many recent reports show that a demand for information security jobs continues to grow especially for middle management and senior roles for information security. New regulations are aiding the growth in information security jobs such as: the US Patriot Act, HIPPA, GLBA and so on. Recent reports of cyber espionage from China and the eastern European block add to the general awareness that information security is important to businesses and for national security.  

On Feb 12 2013 President Obama announced that Cyber Threats represent one of the nation’s most serious threats to national security and to the economy.  As a result the President created the Cyber Security Office and appointed a Federal Chief Information Office. The organizations primary goals are to 1) Improve our resilience to cyber incidents and 2) reduce cyber threats.

According to Robert Half data security positions are on the rise with average salaries ranging from $89,000-121,000 depending upon experience.  Security certifications such as the Certified Information Systems Security Professional (CISSP) are in high demand with approximately 10,000 certifications last year. It’s no wonder that as the internet continues to rise and malware strains morph out of control that the need for Information Security jobs will continue to grow. 

http://www.computerworld.com/s/article/9237394/Demand_for_IT_security_experts_outstrips_supply

http://www.informationweek.com/security/management/best-paying-it-security-jobs-in-2012/232200152

http://www.sans.org/20coolestcareers/

http://www.whitehouse.gov/cybersecurity

Uncle Sam using Biometrics to make America a Safer Place

Since 911 the need for Biometrics has increased and the US Department of Defense (DOD) has been at the forefront developing systems for use by: homeland security, US Immigration, US Border Patrol, the US Military, and law enforcement. The FBI has developed the IAFIS system, integrated automated fingerprint identification system which is a national database of fingerprints. But it also contains information such as mug shots, aliases, hair and eye color, physical characteristics and other biometric identifiers. Currently the IAFIS system has more than 70 Millions criminal subjects in its master file including 34 Million civil prints. The average response time is 27 minutes. 

Biometrics is no longer used in the movies and in spy novels. It is used every day by immigration and border patrol, law enforcement, and the US military. As visitors enter the US their finger print identification is captured along with their credentials to determine how many times they enter and when they leave.  Border patrol used it to identify potential trafficker and illegal immigrants that cross the boarders. And the US military use biometrics to track down terrorists. 

A number of laws promote the use of Biometrics such as; The US Patriot Act, the Enhances Border Security and Visa Entry Reform Act of 2002, the Responsibility and Work Opportunity Act of 1995,  and the Immigration Control and Financial Responsibility Act of 1996. For more information about the use of Biometric by the US government visit the following sites:

http://www.biometrics.gov/ReferenceRoom/Introduction.aspx

http://www.dhs.gov/government-agencies-using-us-visit

https://www.eff.org/wp/biometrics-whos-watching-you

How do you quantify risk?

There are a number of ways to quantify risk. Here are two approaches to help quantify risk.

Say your company produces widgets and has two machines in the manufacturing process. Machine A is worth $100,000 and would take months to replace if it was damaged. Machine B is worth $20,000 and can be replaced quickly. In order to protect this asset you probably have insurance and some type of maintenance is performed on the machine on a regular basis to keep it from breaking down.

Let’s say that the annual costs of  maintenance is $10,000 for Machine A and $1,000 for Machine B. Machine A breaks down one per quarter and Machine B breaks down twice a year. Each time a machine breaks down it cost your company revenue which has an impact on your profitability and your reputation.  

    

Approach 1 is the Weighted Factor Analysis:

Simply calculate the risk factor by multiplying the results in each category to determine which machine present the most risk for the organization.

Asset	Revenue Impact	Profitability Impact	Reputation Impact	Weighted Score
Weight Factor 1-100	30	40	30
Machine A	.8	.9	.5	75
Machine B	.8	.9	.6	78

Based upon the weighted score Machine B has more value and more risk for the organization.

Approach 2: Annualized Loss Expectancy

Each machine has as exposure factor (EF) that it is going to fail. Let say that Machine A is .1 and Machine B is .2. This means that the for each loss the Single Loss Expectancy (is cost of each down time) can be calculated as follows: SLE = Asset value * EF

Machine A’s  SLE = $100,000 * .1 = $10,000

Machine B’s SLE = $20,000 *.2 = $4,000

We already know that Machine A breaks down one per quarter and Machine B breaks down twice a year. 

So the Annualized loss expectancy (ALE) for each machine is:

Machine A’s ALE = $10,000 * 4 = $40,000

Machine B’s ALE = $4,000 * 2 = $8,000

Machine A is clearly the most valuable machine in the organization and causes the most loss from breakdowns each year. From this information it is probably worth exploring a risk mitigation alternative for Machine A such as: more frequent maintenance, spare parts on hand, or training on maintenance prevention to reduce the expense of downtime. In the first approach Machine B is more at risk but taking a further look at approach 2 indicates that the Annualized Loss Expectancy for Machine A is really more costly for the organization.