Andres Galarza

Barack Obama Talks AI, Robo-Cars, and the Future of the World

President Obama had an interview in November’s issue of Wired and he made a few interesting points about cyber security.

OBAMA: “Traditionally, when we think about security and protecting ourselves, we think in terms of armor or walls. Increasingly, I find myself looking to…[Read more]

Oops I guess it doesn’t like “” brackets.

I am using myuserID.pem and trying to decrypt myuserID_theiruserID.enc

Running into an issue with Practical Assignment 5.2

The final step of this section where we are supposed to use our private key to decrypt the .enc file that is a combination of our userID and a partner’s userID I am given the following error.

“unable to load Private Key”

I am using the following command

1. openssl rsutl -decrypt – i…[Read more]

https://www.sec.gov/news/pressrelease/2016-133.html

“SEC Proposes Rule Requiring Investment Advisers to Adopt Business Continuity and Transition Plans”

Registered investment advisers would be required to have and execute written business continuity plans.

This could be a great thing for clients and investors who are concerned about what…[Read more]

So, I was a little confused in answering this question, because I’m not sure if you’re looking for a “X amount of hours” answer or a more general “this is what RTO” is answer. In either case, the FEMA document you mentioned as a hint has the following in Annex H, Subsection 7:

“Organizations must ensure that the communications capabilities…[Read more]

For the “health” of the business, it is very practical to do testing of the Business Continuity Plan (BCP). However, testing (by nature) can be disruptive and intrusive. In the “Disaster Recovery and Business Continuity Planning” article by Yusufali Musaji that we read this week, he gives four methods for testing.

They are:

– Hypothetical
-…[Read more]

As Dr. Singleton points out in our “What Every IT Auditor Should Know About Backup and Recovery” reading, Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) are two distinct concepts.

The DRP is put in place to address the loss or interruption of digital/business infrastructure as a result of a disaster, such as a fire or a…[Read more]

Anthony,

Thanks for the detailed explanation and sources. As someone who (regrettably) didn’t do so hot in many of his math classes, this week’s Cryptography topic has been a challenge to learn. Between your post and some YouTube lectures I found, I think I have a better understanding.

For others, here are the videos I found:

-…[Read more]

For an organization choosing among Denver Colorado, Miami Florida, Redlands California and Tulsa Oklahoma, from a physical security perspective – where would be the best place to locate their data center? Why is this place better and the other places worse?

As others have said, Denver, CO would be the best location for the data center to be l…[Read more]

‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests

NIST conducted a study on the weariness that users express when they are forced to adhere to certain types of security policies. Our program makes it clear that the largest vulnerability in an organization is it’s people. However, I think it’…[Read more]

Security Design: Stop Trying to Fix the User
https://www.schneier.com/blog/archives/2016/10/security_design.html

I think that Mr. Schneier wouldn’t necessarily absolve end-users of all responsibility, but his point on security professionals laying too much of a burden on users is well taken.

The internet has given us tools that make life…[Read more]

– Just 26% said notifying the CEO is among their top priorities, ahead of the rest of the staff (25%) and customers (18%).

That’s crazy. The article reeks of “this is not really a priority for the business leaders”.

Yu,

That YouTube video is amazing.

Although this deviates a little bit from the question being asked this week, I wanted to share a blacklisting example I run into a lot at my work.

My employer has two network types that it uses to connect to the internet. The first is used mostly for enterprise-wide communication (Outlook), the second is used mainly to conduct research and…[Read more]

Linux or Windows? Seems like nothing starts a war in the IT department like this topic… but which is better?

I’m a lifelong Windows user and have never used Linux. However, I’d hesitate to say one is comprehensively better than the other. Windows obviously enjoys a huge market share advantage over Linux in desktops, but Linux has more or c…[Read more]

Anthony,

“For one, if the logon credentials don’t yield access to sensitive information, there is little to no risk. Additionally, if the convenience factor of Single Sign-On increases productivity significantly, the financial gains the company reaps could outweigh the risk of logon credentials being compromised.”

I think this is key to t…[Read more]

This is my first semester in the ITACS program. I live in Center City, Philadelphia with my wife and 2 cats. I became interested in the program because I currently work as a Cyber Security Systems Engineer for the navy. That fancy sounding title just means that I help secure the information technology systems that operate a ship’s mechanical…[Read more]