My review of Open university course on Future Learn "Introduction to Cyber Security"

Future Learn Course - Intro to Cyber Security

As a fan of online learning and MOOC (Massive Open Online Course) I regularly search for new courses on the Internet to enhance my knowledge. Being an InfoSec professional I was intrigued when I came across the new FutureLearn course “Introuction to Cyber Security”. My initial aim was that to get pointers on what novices need to learn about Cyber Security so as to design a training module for my organization. However as I went through the various weeks I was quite happy that I had taken the course. The course gave me fresh insights in various areas of Infosec and pointed out new references for keeping my knowledge uptodate. I also learnt a lot from the engaging discussion forums of the course.
Future Learn Courses have a weekly format with each week having 10 – 15 short topics in form of short video lectures, reading materials, activities to do and case studies to study and comment. Each topic page has a comments page below where learners can post their views on the topic, ask questions, like comments and answers queries. Unlike Coursera where discussion forum is separate, in  FutureLearn it is integrated with each topic making interaction much easier and interactive.
The course itself covers a lot of ground and covers topics including cyber threats, passwords, authentication techniques, malware, phishing, botnets, antivirus, firewalls, networking and communication, WiFi security issues, cryptography, network security, firewalls, VPN, IDS, Data Loss, Cyber Laws (from a UK perspective) and Security Risks. As you would see all this is lot to cover in eight weeks. But the course puts in a lot of effort to make it simple and easy to understand. I particularly liked the  fact that each topic was relevant and up to date with latest trends and techniques.
Week 1 introduced basic cyber threats and gave a reference to Sophos Threatsaurus which is an updated reference to key terms in Cyber Security. It also covered various techniques to check password strength, tips to choose good passwords and utility of password managers. Two factor authentication wherein beside a password another level of authentication is used to access the service was also taught. To my surprise, I learnt that besides Google a host of other web services such as Facebook, Twitter, Apple, Dropbox, Paypal and Microsoft OneDrive support two factor authentication. However despite the inherent security advantage very few people use this security feature.

There was lot of material from Cryptography, Network Security to Firewalls which I already knew but I like reading the same material again to get a better perspective and read comments of other learners. This was also important to understand the perspective of average users who find security alarming, slow and intrusive to their work. Most people were not aware of the high risks which they faced and on being made aware immediately took action and commented on steps taken. This itself is a major lesson for InfoSec practitioners that they need to make user awareness a priority through various means. This should include introduction to common cyber threats and the measures needed to keep computers and various information resources safe. Many users contributed to the discussion with useful links and references for further learning and methods to remain updated.
I really liked the “Where can I find out more?” article in the first week which introduced all learners to various news sites, technology websites and InfoSec companies and blogs to follow to stay updated on Cyber Security. Though I knew some of the references, I learnt about a few new great reference sites & blogs.
I feel this course is very useful for all persons who have an active digital life both personal and professional and can serve as an effective cyber awareness campaign in organisations.
Indian Perspective
Having recently attended the 8th CSO forum I found that most Indian employees and individuals are not too concerned with cyber threats and frauds. The Govt really needs to spread Cyber Security awareness by building such courses in partnership with educational institutions.
Moreover Cyber Laws and Acts need to be formulated and updated on much regular basis to ensure that cyber criminals are caught with and dealt with severely. There is also a need to have website’s like UK’s Cyber Streetwise which help novices and beginners understand Cyber Security in a simple and easy way. Moreover there is also a need to create content in regional languages. The counterpoint is that much of this content is available online so why reinvent the wheel. However I feel that every country has it’s own dynamics and requirements for which tailored solutions have to be made. Week 7 of this course clearly laid down various Cyber Laws and steps needed to be taken by individual and organisations if affected by cyber crime in UK. There is a requirement for doing this in the Indian context too for handling cyber crimes & incidents in India effectively & timely.

Comments

Post a Comment

Popular posts from this blog

API Security - A risk based approach for CISOs

       APIs or Application Programming Interfaces are the building blocks of modern applications. As the usage of APIs  and API traffic increases it is likely to be the major attack vector for hackers. APIs are utilised for a variety of purposes such as - share data with partners, customers, and other third parties. As per Akamai, 83 % of internet traffic is driven by APis. While APIs are a powerful enabler of digital transformation, they also present new security challenges. In fact, Gartner predicts that in 2023, API abuses will be the most frequent attack vector. To substantiate that prediction, OWASP has come out with a separate OWASP Top 10 for APIs in 2019. Also multiple organisations such as Coinbase and IRCTC have been affected by API security vulnerabilities in their applications.  To tackle this emerging attack vector, CISOs should understand the key risks associated with APIs. These include: Data Breaches or Data Leakages -  Risk of data le...
Read more

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...
Read more

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...
Read more