Bring Your Own Device (BYOD): Organizations allowing employees to use their own personal devices such as smart phone and tablets to conduct organization business. The SANS Reading Room article, SANS Survey on Mobility/BYOD Security Policies and Practices found that 61% of organizations allowed personal devices to connect to protected company systems, but only 9% of organizations were truly… Read More »
An Acceptable Use Policy (AUP) is an agreement between two or more parties, usually a business or service, and users of an information system. The AUP expresses in writing a policy of certain standards of behavior relating to the proper usage of specific hardware and software services. In other words, it is a set of rules created and… Read More »
When considering the implementation of security policies, an organization must also consider how employee behavior often varies depending on whether the organization uses a flat or hierarchical management structure. In flat organizations, there are less layers between management and employees so decisions and problem solving generally happens faster and at a lower level. Smaller organizations tend to be… Read More »
Threats from within an organization. Insider security threats are the most significant threat to today’s information systems. Insiders often have elevated access within an organizations information systems which often gives them a level of authorized access that can cause a lot of damage if misused intentionally, or unintentionally. In the SANS Reading Room article; Insider Threat Mitigation Guidance,… Read More »
A Bastion Host (BH) is a computer on a network perimeter which is running a hardened Operating System (OS). This protection includes patches, authentication, encryption, and eliminates unnecessary software and services (Weaver, Weaver, Farwood, & Weaver, 2012). Weaver et al.’s (2012) provides the following list of BH characteristics: A machine with adequate memory and processor speed. All patches… Read More »
Terms and Acronyms Used in Security+ Term Acronym Triple Digital Encryption Standard 3DES Authentication, Authorization and Accounting AAA Access Control List ACL Advanced Encryption Standard AES Advanced Encryption Standards 256-bit AES256 Authentication Header AH Annualized Loss Expectancy ALE Access Point AP Application Programming Interface API Advanced Persistent Threat APT Annualized Rate of Occurrence ARO Address Resolution Protocol ARP… Read More »
Security+ General Information The CompTIA Security+ Certification is often a first step towards more advanced security certifications. About The CompTIA Security+ certification is a vendor-neutral, internationally recognized credential used by organizations and security professionals around the globe to validate foundation level security skills and knowledge. Candidates are encouraged to use this document to help prepare for CompTIA security+… Read More »
The Process of Migrating an Application to the Cloud Applications can be moved to the cloud quickly with little problem if the migration is planned correctly. The process of constructing a plan for migrating a system to the cloud generally includes the following steps: Define the system goals and requirements. This process includes considering several factors such as… Read More »
The Governance of Cloud-Based Systems The Dot Com crash of 2000 and corporate scandals such as Enron highlighted the need for better laws to oversee financial organizations, and also highlighted the need for better corporate governance. IT Governance is the part of corporate governance that includes policies, procedures, and controls that relate to information systems use, performance, Return… Read More »
Service-Oriented Architecture (SOA) Web Services Service-Oriented Architecture (SOA) is a system of solutions characterized in terms of one or more services. Web services as a type of SOA allow programmers to use web services within their programs to perform specific functions. The following are features and benefits of SOA: The Service feature provides the benefits of improved information… Read More »