Machine Learning, Society and Cybersecurity

Machine Learning (ML) appears to have made great strides in many areas, including machine translation, autonomous vehicle control, image classification, enabling games on Xbox, PlayStation, Nintendo, and Steam. This has made Artificial Intelligence popular and securing the information in it is challenging. Let’s take a look at an industry that many of us use. We… Continue reading Machine Learning, Society and Cybersecurity

Information Security Risk Analysis (ISRA)

The ISRA methodology is used by a system designer, manager, or security analyst to identify security concerns, develop an action plan, analyze costs, and assign responsibilities. The process allows a facilitator to perform a subjective risk assessment on a particular system, application, or other corporate assets. The ISRA involves the system users from the very… Continue reading Information Security Risk Analysis (ISRA)

Facilitated Risk Analysis and Assessment Process (FRAAP)

FRAAP is a structured approach to an accelerated assessment of each component of a system within a short timeframe. It is consistent with the National Institute of Standards and Technology October 2001 Special Publication “Risk Management Guide of Information Technology Systems” and the FFIEC December 2002 “Information Security Risk Assessment.” The approach allows us to… Continue reading Facilitated Risk Analysis and Assessment Process (FRAAP)

Employment Policies and Information Security Program

The security of any solution is as good as the weakest link. Most of the time humans who interact with the solution is the weakest link. Regardless of the security controls applied in the solution, be it physical or logical, people always try to find a way to avoid, circumvent, subvert or disable them. Humans… Continue reading Employment Policies and Information Security Program

Applying Awareness and Ethics

A successful implementation of an information security program requires a well-planned security awareness and training program that addresses policies, standards, and procedures. (Peltier & Peltier, 2004) The awareness and training program should encourage employees to make the right decision among alternatives in a manner consistent with ethical principles. (Josephson Institute of Ethics, 2016) This paper… Continue reading Applying Awareness and Ethics

Network in Small Businesses

Small cloud businesses are startup companies that rely on Infrastructure-as-a-Service (IaaS) providers for hosting their cloud applications. They could be Software-as-a-Service (SaaS) or Platform-as-a-Service (PaaS) providers for their customers. While relying on the network controls of the IaaS for their applications, small cloud businesses must maintain their own network for business operations and software development.… Continue reading Network in Small Businesses

Security in Agile Methodology

Many large organizations are moving towards the Agile software development lifecycle (SDLC) methodology. Agile methodology is a combination of iterative and incremental process models with a focus on process adaptability and customer satisfaction by rapid delivery of working software product. The general characteristics of any Agile methodology are: Prioritizing feedback. Agile teams rely heavily on the… Continue reading Security in Agile Methodology

Career in Cybersecurity

There was a time when you say you work in cybersecurity people would misunderstand you to be a security guard for some unheard company. Not anymore! Today cybersecurity is in the mainstream. If you are in the business of protecting internet-connected systems, including hardware, software, and data, from adversaries, then you are already a cybersecurity… Continue reading Career in Cybersecurity

MX Records on Amazon Lightsail

Are you considering moving your Name Server to Amazon Lightsail? You may end up looking for what that “subdomain” means for the MX records. As someone who volunteers for non-profits, I have the opportunity to try out Gmail from G-Suite. As of today (August 25, 2018), Google is yet to provide documentation for Amazon Lightsail… Continue reading MX Records on Amazon Lightsail

Best of Breed or Best Suite of Products

Should organizations implement layered defenses from different vendors? Should we rely upon a single vendor for an organization’s overall security? According to a Gartner research paper, “Two firewall platforms are not better than one. We believe there is a higher risk associated with configuring and managing firewalls from multiple vendors than from a single vendor.… Continue reading Best of Breed or Best Suite of Products