These
are the things I learned in CYBR 650 - Current Trends in Cybersecurity
1.
I learned to think and communicate more
clearly in terms of cybersecurity threats, vulnerabilities, and the risks they
pose to an Enterprise.
2.
I
learned to create and communicate a practical risk management framework that
will help mitigate and control risks to a level with which a business can
operate with open eyes, understanding the risks that they need to manage using
finite resources.
3.
I
learned the importance of cybersecurity issues and threats in modern society as
we saw cybersecurity and Cyberwar issues come up numerous times, in things like
a Presidential Executive Order, a State of the Union Address, and the Mandiant
Report that described the extend of the Chinese Espionage Cyberattacks.
4.
I
learned that we are in a cyberweapons arms race with Russia and China, and that
though it is highly classified, the U.S. has significant offensive
capabilities.
5.
I
learned that cyberwarfare and PPD 20 topics are so hot that I could submit to
and get accepted by two prominent cybersecurity-related conferences, thereby immediately
applying what I have learned from this Cybersecurity Graduate Program at
Bellevue University.
6.
I
learned that Cybersecurity topics are so hot that I could submit to and get
accepted by three prominent cybersecurity-related magazines, thereby continuing
to applying what I have learned from this Cybersecurity Graduate Program at
Bellevue University.
7.
I
learned that I will be eligible for distinguished, prestigious certificates,
adding to my current list of certifications.
8.
I
learned that the majority of students of my three classes that I teach at the
Illinois Institute of Technology are impressed and inspired and impressed by my
accomplishments in this Cybersecurity Graduate Program at Bellevue University and
in writing, and that they too have now decided to pursue cybersecurity for
their future studies and career direction.
9.
I
learned that my fellow students are great students and cybersecurity
professionals, and they each contributed significantly to my learning and
motivation during this this Cybersecurity Graduate Program at Bellevue
University.
10.
I
learned that Professional Ronald Woerner, founder and director and teacher of this
this Cybersecurity Graduate Program at Bellevue University, is a consummate
cybersecurity educator and professor, and that he is willing to take the
11.
I
learned that I made the right choice to pursue this this Cybersecurity Graduate
Program at Bellevue University, and that for the duration of my career, I will
know that I made the correct choice to pursue studies in this program.
12.
Finally,
I learned that despite my sacrifices of weekends and long hours since August
2011 when I entered this Cybersecurity Graduate Program at Bellevue University,
I could not have made it without the help and support of my lovely wife and my
wonderful in-laws. The love and
encouragement and support that they provided far exceed what I paid to
participate in this program. I will
never forget or be able to repay the kindness and love they showed me during
this program.
==================================================
References:
Anderson, R. (2008). Security
Engineering, second edition. Indianapolis, IN: John Wiley.
Bellevue University. (2012). Harry and Mae Case Study. Retrieved
from http://idcontent.bellevue.edu/content/CIT/cyber/generic/harryAndMaes/ December 14, 2012.
Cokins, G. (2009). Performance Management: Integrating Strategy
Execution,
Methodologies, Risk, and Analytics.
Hoboken, NJ: John Wiley & Sons, Inc.
HP. (2012). HP Openview download website. Retrieved from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=427224&prodTypeId=12169&prodSeriesId=81198&swLang=13&taskId=135&swEnvOID=227
on December 16, 2012.
Landoll, D. L. (2011). The
Security Risk Assessment Handbook: A Complete Guide for Performing Security
Risk Assessments, second edition. Boca Raton, FL: CRC Press.
McCumber, J. (2008). Assessing and Managing Security Risk in IT
Systems: a Technology-independent Approach. Retrieved from the web at https://buildsecurityin.us-cert.gov/swa/downloads/McCumber.pdf
on August 31, 2011.
Microsoft. (2012). Microsoft Systems Center Operations Manager
Technical Data. Retrieved from
http://technet.microsoft.com/en-us/library/hh205987.aspx on December 16, 2012.
National Institute of Standards
and Technology (NIST). (2011). NIST SP
800-39 - Managing Information Security Risk: Organization, Mission, and
Information System View. Published by
the National Institute of Standards and Technology, U.S. Department of Commerce
in March 2011. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
on June 11, 2012.
National Institute of Standards
and Technology (NIST). (2011). NIST SP
800-39 - Managing Information Security Risk: Organization, Mission, and
Information System View. Published by
the National Institute of Standards and Technology, U.S. Department of Commerce
in March 2011. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
on June 11, 2012.
O’Donnell, A. (2012). What Is
SCAP? – An article published at About.com. Retrieved from http://netsecurity.about.com/od/newsandeditorial1/g/What-Is-Scap.htm December 16, 2012.
OGC. (2007). ITIL v3 Service
Operation. London, U.K.: The Stationary Office.
Olzak, T. (2006). Get Control of Vulnerability Management. An article published at Toolbox.com on Apirl
1, 2006. Retrieved from http://it.toolbox.com/blogs/adventuresinsecurity/get-control-of-vulnerability-management-8569
on February 12, 2013.
Quinn, S., et al. (2012). NIST SP
800-117 - Guide to Adopting and Using the Security Content Autommation Protocol
(SCAP) version 1.2 (Draft). Retrieved
from http://csrc.nist.gov/publications/nistpubs/800-117/sp800-117.pdf
on December 3, 2012
Senft, S., et al. (2013).
Information Technology Control and Audit, fourth edition. Boca Raton, FL: CRC
Press.
Swiderski, F. and Snyder, W.
(2004). Threat Modeling. Redmond, WA:
Microsoft Press.
Talbot, J. and Jakeman, M.
(2009). Security Risk Management Body of
Knowledge. Hoboken, NJ: John Wiley & Sons, Inc.
Waltermire, D. (2012). NIST SP
800-126 - The Technical Specification for the Security Content Autommation
Protocol (SCAP), version 1.2, revision 2.
Retrieved from http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf
on December 3, 2012.
White House. (2013). Executive Order
on Improving Critical Infrastructure Cybersecurity. Retrieved from http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity-0
on February 12, 2013
Wheeler, E. (2011). Security Risk Management: Building an
Information Security Risk Management Program from the Ground Up. Boston, MA: Syngress.
Windrem, R. (2013). Expert: US in
cyberwar arms race with China, Russia.
An article published at NBCNEWS.com on February 20, 2013. Retrieved from http://openchannel.nbcnews.com/_news/2013/02/20/17022378-expert-us-in-cyberwar-arms-race-with-china-russia?lite
on February 20, 2013
Witte. G., et al. (2012).
Security Automation Essentials:
Streamlined Enterprise Security Management and Monitoring with
SCAP. New York, NY: McGrawHill.
= = = = = = = = = = = = = = = = = =
William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL
United States of America