Vikas on Security

CASE 1 : Control Analysis    Q 1 :  Explain and support information assurance controls for access to sensitive client banking information by HMC employees? My Response  :  1.     In this case, the key task is to ensure sufficient access control mechanism exist to protect sensitive  client banking information . The key concerns here are:- ·           Distinct separation of duties. ·          How to network access to servers is protected. ·          Who has to access to what information ? ·          How to audit these access ? 2. To address these concerns firstly it is necessary to carry out the risk assessment of the system .  This would  involve assuring the prevent security and access controls present as well as the new risks raced  du...

         The first case of  the course " Designing and Executing Information Security Strategies"   deals with control analysis and recommendations. The scenario and questions posed are given below. I will post my response in the next post.  Day 0, life is normal Q 1 :  Explain and support information assurance controls for access to sensitive client banking information by HMC employees? Q2. Explain and support information assurance controls for how access control is handled administratively? Yesterday’s Status ·           Financial Services ASP, provides credit clearance software services for 20 large banks worldwide ·           We provide the platform and the software, their (the banks) people operate the system ·           Our DBAs have access to the banks databases for support re...

After two very stimulating and informative course from University of Washington on Coursera, a third course titled "  Designing and Executing Information Security Strategies"  has   been launched recently. Why this course is unique is that it follows the case study approach. Mike Simon , the course instructior will introduce current real world cases and ask you to solve these cases by writing a response which will be peer reviewed. You would also be required to review other student's assignment.   As per the official site, the aim of the course is  "  This course provides you with opportunities to integrate and apply your information security knowledge. Following the case-study approach, you will be introduced to current, real-world cases developed and presented by the practitioner community. You will design and execute information assurance strategies to solve these cases " I believe that this really a great way to learn and p...