Friday, March 1, 2013

Post 016 – CYBR 650














These are the things I learned in CYBR 650 - Current Trends in Cybersecurity

1.     I learned to think and communicate more clearly in terms of cybersecurity threats, vulnerabilities, and the risks they pose to an Enterprise.
2.    I learned to create and communicate a practical risk management framework that will help mitigate and control risks to a level with which a business can operate with open eyes, understanding the risks that they need to manage using finite resources.
3.    I learned the importance of cybersecurity issues and threats in modern society as we saw cybersecurity and Cyberwar issues come up numerous times, in things like a Presidential Executive Order, a State of the Union Address, and the Mandiant Report that described the extend of the Chinese Espionage Cyberattacks.
4.    I learned that we are in a cyberweapons arms race with Russia and China, and that though it is highly classified, the U.S. has significant offensive capabilities.
5.    I learned that cyberwarfare and PPD 20 topics are so hot that I could submit to and get accepted by two prominent cybersecurity-related conferences, thereby immediately applying what I have learned from this Cybersecurity Graduate Program at Bellevue University.
6.    I learned that Cybersecurity topics are so hot that I could submit to and get accepted by three prominent cybersecurity-related magazines, thereby continuing to applying what I have learned from this Cybersecurity Graduate Program at Bellevue University.
7.    I learned that I will be eligible for distinguished, prestigious certificates, adding to my current list of certifications.
8.    I learned that the majority of students of my three classes that I teach at the Illinois Institute of Technology are impressed and inspired and impressed by my accomplishments in this Cybersecurity Graduate Program at Bellevue University and in writing, and that they too have now decided to pursue cybersecurity for their future studies and career direction.
9.    I learned that my fellow students are great students and cybersecurity professionals, and they each contributed significantly to my learning and motivation during this this Cybersecurity Graduate Program at Bellevue University.
10.                      I learned that Professional Ronald Woerner, founder and director and teacher of this this Cybersecurity Graduate Program at Bellevue University, is a consummate cybersecurity educator and professor, and that he is willing to take the 
11.                      I learned that I made the right choice to pursue this this Cybersecurity Graduate Program at Bellevue University, and that for the duration of my career, I will know that I made the correct choice to pursue studies in this program.
12.                      Finally, I learned that despite my sacrifices of weekends and long hours since August 2011 when I entered this Cybersecurity Graduate Program at Bellevue University, I could not have made it without the help and support of my lovely wife and my wonderful in-laws.  The love and encouragement and support that they provided far exceed what I paid to participate in this program.  I will never forget or be able to repay the kindness and love they showed me during this program.


==================================================

References:

Anderson, R. (2008). Security Engineering, second edition. Indianapolis, IN: John Wiley.
Bellevue University. (2012).   Harry and Mae Case Study. Retrieved from  http://idcontent.bellevue.edu/content/CIT/cyber/generic/harryAndMaes/   December 14, 2012.
Cokins, G. (2009).  Performance Management: Integrating Strategy Execution, Methodologies, Risk, and Analytics.   Hoboken, NJ: John Wiley & Sons, Inc.
Landoll, D. L. (2011). The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, second edition. Boca Raton, FL: CRC Press.
McCumber, J. (2008).  Assessing and Managing Security Risk in IT Systems: a Technology-independent Approach. Retrieved from the web at https://buildsecurityin.us-cert.gov/swa/downloads/McCumber.pdf  on August 31, 2011.
Microsoft. (2012).  Microsoft Systems Center Operations Manager Technical Data.  Retrieved from http://technet.microsoft.com/en-us/library/hh205987.aspx on December 16, 2012.
National Institute of Standards and Technology (NIST). (2011).  NIST SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View.  Published by the National Institute of Standards and Technology, U.S. Department of Commerce in March 2011. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf  on June 11, 2012.
National Institute of Standards and Technology (NIST). (2011).  NIST SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View.  Published by the National Institute of Standards and Technology, U.S. Department of Commerce in March 2011. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf  on June 11, 2012.
O’Donnell, A. (2012). What Is SCAP? – An article published at About.com. Retrieved from  http://netsecurity.about.com/od/newsandeditorial1/g/What-Is-Scap.htm   December 16, 2012.
OGC. (2007). ITIL v3 Service Operation. London, U.K.: The Stationary Office.
Olzak, T. (2006).  Get Control of Vulnerability Management.  An article published at Toolbox.com on Apirl 1, 2006. Retrieved from http://it.toolbox.com/blogs/adventuresinsecurity/get-control-of-vulnerability-management-8569  on February 12, 2013.
Quinn, S., et al. (2012). NIST SP 800-117 - Guide to Adopting and Using the Security Content Autommation Protocol (SCAP) version 1.2 (Draft).  Retrieved from http://csrc.nist.gov/publications/nistpubs/800-117/sp800-117.pdf  on December 3, 2012
Senft, S., et al. (2013). Information Technology Control and Audit, fourth edition. Boca Raton, FL: CRC Press.
Swiderski, F. and Snyder, W. (2004).  Threat Modeling. Redmond, WA: Microsoft Press.
Talbot, J. and Jakeman, M. (2009).  Security Risk Management Body of Knowledge. Hoboken, NJ: John Wiley & Sons, Inc.
Waltermire, D. (2012). NIST SP 800-126 - The Technical Specification for the Security Content Autommation Protocol (SCAP), version 1.2, revision 2.  Retrieved from http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf   on December 3, 2012.
White House. (2013). Executive Order on Improving Critical Infrastructure Cybersecurity. Retrieved from http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity-0  on February 12, 2013
Wheeler, E. (2011).  Security Risk Management: Building an Information Security Risk Management Program from the Ground Up.  Boston, MA: Syngress.
Windrem, R. (2013). Expert: US in cyberwar arms race with China, Russia.  An article published at NBCNEWS.com on February 20, 2013.  Retrieved from http://openchannel.nbcnews.com/_news/2013/02/20/17022378-expert-us-in-cyberwar-arms-race-with-china-russia?lite  on February 20, 2013
Witte. G., et al. (2012). Security Automation Essentials:  Streamlined Enterprise Security Management and Monitoring with SCAP.  New York, NY: McGrawHill.
Young, C. S. (2010).  Metrics and Methods for Security Risk Assessment.  Boston, MA: Syngress. 

= = = = = = = = = = = = = = = =  = =

William Favre Slater, III 
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation 
Project Manager / Program Manager
CYBR 650 Blog:
http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career  
Chicago, IL
United States of America

No comments:

Post a Comment