Week 8 Discussion
There are many methods, mechanisms, and practices discussed for the management of security. Discuss what you deem is the most effective security management framework for your organization and why. Peers in your responses, I encourage you to respectably rebut their selection and or point out the gaps/vulnerabilities?
Example: Use as example only.
Hello everyone,
Here we are again at the end of yet another course. Hope everyone had a great Thanksgiving holiday and didn’t eat too much. This week we are discussing what we perceive as the most effective security management framework for our organization and why. Being in the military the last 20+ years, I would have to select the defense in depth method. A defense in depth method leverages multiple overlapping security measures including administrative, physical, and logical / technical controls. Administrative controls include such mechanisms as access control restrictions, having employees sign acceptable use agreements, and posting regulations banning unauthorized employee activities. Separately, physical controls include the use of fences, gates, security cameras, badge readers, door locks and keypads. Physical access controls tend to garner much of the focus due to the ability to physically see the security mechanisms in place, as opposed to administrative or logical controls. Lastly, logical controls include the use of network firewalls, encryption, patch management, and antivirus/anti-malware protection. There are numerous other mechanisms and access control measures that are included in a defense in depth strategy, but as we learned in the first week’s reading regarding the multiple areas of security, each layer’s defense is complemented and reliant on all the other layers of security.
-Chris
Reference:
Fortinet. (2022). Defense in depth. Fortinet, Inc. Retrieved November 26, 2022, from https://www.fortinet.com/resources/cyberglossary/defense-in-depth.
Jacobs, S. (2015). Engineering information security: The application of systems engineering concepts to achieve information assurance. John Wiley & Sons, Incorporated.