Week 12 CYBR 650 Blog


End of coursework...beginning of a new path.
I started this Cybersecurity program many years ago. Work and other life obligations have prolonged it more than I would have liked, nevertheless, this is the end. It is also coinciding with the end of my military career next spring, and along with that, the choice to decide what work I actually want to do going forward. There are so many niches in Cybersecurity that it is hard to narrow down what to focus on. This program, much like the CISSP I got before starting, is an inch deep and a mile wide. I leave feeling like I know a great deal about nearly all of the critical concepts, yet still understand that each of these topics take years of education and real-world application to even begin to consider yourself an expert. I understand a lot, yet feel like I know very little. 
Current Trends in Cybersecurity Conclusion
The CYBR 650 course was a great introduction to the topics of assessing the security of a system. In the course we learned how to define our own process for threat modeling, which detailed how to go from point A, a completely unknown system and run it through a comprehensive security assessment, to get to point Z, resolving all of the identified risks to a system.

The key milestones along the way included conducting a system assessment, or getting to know every facet of the system. Conducting a weakness and vulnerability assessment, and identifying threats to the system. This all gets assessed and we created an action plan based on the information, which recommended courses of action to resolve the identified threats.

This is an excellent phased approach to comprehensively assess and hopefully secure systems of varying complexity. Thankfully the target system, Harry and Mae’s, was a well-known quantity with several glaring issues. Accomplishing a threat model on a more complex system would be a whole different ballgame, as the individual components mentioned above are much harder to assess.

One issue I struggled with during this course, and really for all scenarios, is understanding threats on a level great enough to confidently assess likelihood. To assess the likelihood, you definitely need to consider how easy it is to exploit any of the identified vulnerabilities, like we did in class, but there are also more complex assessments required. You need to understand other qualities such as intent, capability, and the threat’s risk. These are much harder to capture, and sometimes they can be largely unknown. This almost sounds like suggesting that we should perform not just our own risk assessment, but one from the perspective of our enemy. Is their perceived reward worth the risk? Are they even at risk of capture or failure? Do they have the capability to exploit a vulnerability? How do we even know that?

These are all questions that ran through my head while accomplishing this. I am starting to conduct something similar in my work, and the threat assessment consistently appears to be the most difficult and most argued about topic in threat modeling. The concepts needed to accomplish this are one thing that I will continue to educate myself on. Each of the variables in risk have an equal say on the overall risk exposure, however the most contentious of these, which is the threat assessment in my opinion, is the one that is often just an educated guess.

Comments

Post a Comment

Popular posts from this blog

Week 5 CYBR 650 Blog

Image
Will Harry and Mae’s Diner Ever Listen to their Paid Consultants? This week in class we are working through the familiar (at least for Bellevue Cybersecurity students) Harry and Mae’s case study . This examines a franchise of diners, and depending on the class you are in, you examine it through the lens required…it could be risk management, secu re network design, or threat analysis. One item I got to thinking about this week is the individual franchises under a company like this, and how much leeway they have when deciding how to run their own infrastructure. This is especially important when the headquarters policies dictate an insecure implementation of the IT equipment, such as is the case with Harry and Mae's. In my specific experience with them, this will be the third time I have recommended basic security configurations without any visible action on their part. Point of Sale Security Certainly, a hot-topic over the last few years, point of sale devices a...
Read more

Week 7 CYBR 650 Blog

Week 7 Blog Its National Cybersecurity Awareness Month! October is designated as Cybersecurity Awareness Month , generally a time of the year for the Government to post some helpful guidelines for everyday people to read about how cyber security could impact their lives. Typically, these involve a good exposure of common threats and vulnerabilities to personnel without much direct cybersecurity knowledge. This year there are four themes for the four weeks of the month: Cybersecurity at home, careers in cybersecurity, workplace cybersecurity, and critical infrastructure cybersecurity.   More specifically, week 4, Oct. 22–26 will be about safeguarding the Nation’s Critical Infrastructure. When most read this they correctly assume this means energy, financial, and emergency systems or maybe centralized communications and transportation. Those are all considered critical infrastructure, and afforded enhanced protection resources through that designation. One item that many ma...
Read more

Finally Here!

Hello all, welcome to my blog covering the final course in the Bellevue Cybersecurity Master's program. This has been quite a journey, starting back in the Winter of 2014. I am fully aware that four years is kind of excessive to complete 12 classes, but I went through at a pace that allowed me to enjoy life and accomplish other goals at the same time. My original goal was to complete my MS degree before retiring from the Air Force. Well, I hit that retirement button yesterday, requesting a retirement date of next year. So pending the results of this course (and the concurrent Risk Management course), mission accomplished! A bit about me. I am 37 years old and currently residing in Anchorage, AK. I married my high school sweetheart 18 years ago, and we have three wonderful children. We love Alaska, and all of the amazing things that you can only do here. I have about a year left to enjoy it, before we retire and transition to civilian life in Colorado, my hometown. I love fishing,...
Read more