While I knew the broad strokes of identity management, I was not aware of a lot of the specifics involved. Specifically, the specific ways of classifying and solving identity and access management challenges. In my job I work with OIAM frequently but am not often informed of the steps and actions that they take behind the scenes to do their jobs efficiently and securely. Details like the Silo Model and Centralized Versus Federation allowed me to feel like I was seeing how things work outside of my scope in my current career. This info is certainly intriguing to me because it allows me not only insight into my own role as an employee, but also allows me to interface more clearly with teams that manage identity and access management in my organization as a whole
Chapter 59 was interesting but a wake-up call. It is scary to see how sophisticated the sites are getting. It makes me think of people that are not technically inclined and have no idea about verified secured stamps on sites and don’t even know how to check if that is legitimate or not. I think it will only get worse for users may fall on banking bill pay to take on the risk that is involved with online payments. Even when I read about the plain vs fancy layout on the authentic payment notification section, it was hard to tell the difference and with AI ramping up it will get harder to identify what is legitimate or not sooner than later. It will be interesting to see what Technlogies emerge from the AI sector that will help and may hurt users when it comes to their identity.
I also thought about this too. The perception that phishing and scare ware sites are able to be avoided makes me feel relatively secure in my use of the internet. The idea that bad actors can create nearly identical sites to real ones that can fool people already trained to detect phishing etc. like ourselves is concerning, not only for my own privacy, but also in the context of how we go about future SETA programs and educating users on security
Hi Professor Lanter, this question seem an open one, reason my answer move away from Protection of Information Asset course towards what I read in Business Skill for ITACS Professionals course this week. The book is called Your voice is Your Business and I read chapter six specifically and Chapter 6 of “Your Voice is Your Business” intrinsically delves into the relationship between physiology and the human voice. It underscores the integral role physical health plays in maintaining optimal vocal performance, exploring how vocal exercises and targeted physical training can facilitate the development of a strong, resilient voice. Furthermore, it elucidates the negative repercussions of improper vocal usage, emphasizing the risk of irreversible damage. The chapter also integrates a guide on nurturing vocal health through a balance of exercise, rest, and proper nutrition, illuminating the methodological precision required in sustaining a healthy voice. Lastly, it suggests a new perspective – viewing one’s voice as a professional asset to be valued and adequately maintained. This marks a departure from the conventionally casual attitude towards vocal health which can often lead to inadvertent misuse. This chapter is an essential read for anyone relying on their voice for professional purposes and this is interesting here too because ITACS professionals most time rely on their voices for professional presentation and reportage to both Information owners and Business owners.
Great Post and stood out for me as I speak for a living. It is very true on exercises that you can do and how negative actions can lead to a different sounding voice. Besides vocal heath I also use different tunes and speaking tactics depending on what person or audience I am speaking to and what their tone is like as well. Matching or shifting tones in a business conversation can be a make it or break it point just like in a meeting with IT professionals and other people that are not IT educated etc. They say it’s not what you say but how you say it and I can say that is very true and something that took me years to master as I’m on the business end in the tech world and have to educate everyday people on technical subjects.
sincerely the way that book “Your Voice is Your Business” compellingly discusses the intimate connection between physiology and vocal abilities. It amplifies the significance of maintaining physical health for optimal voice performance, revealing that strategic vocal exercises and physical training boost voice solidity and resilience. It further enlightens us about the ramifications of improper vocal usage, chiefly the risk of irreparable harm. Besides, the chapter outlines a strategy for maintaining vocal health that harmonizes exercise, rest, and balanced nutrition, spotlighting the meticulous consistency needed for continuous vocal health. It introduces a fresh perspective, considering one’s voice as an essential professional asset that warrants careful maintenance and distances us from the typically nonchalant approach to vocal health. This chapter becomes indispensable for professionals, particularly ITACS professionals, who heavily depend on their vocal capabilities for professional presentations and communication with business and information owners
The interesting point I have gleaned from this week’s readings lies within the realm of cognitive psychology – the concept of ‘schema theory’. In essence, schema theory posits that all knowledge we possess is organized into units or schemata, shaping our perceptions and responses to information and situations.
This theory piques my interest primarily due to its far-reaching implications across various fields, underscoring the pivotal role of experiences in shaping our cognitive frameworks. The assimilation of new information, as posited by the theory, occurs via two measures: accommodation, where existing schema is adjusted to suit new information; and assimilation, where new information is incorporated into existing schema.
This view on knowledge organization and human cognition holds paramount importance in understanding not just cognitive functioning, but also various aspects of human behaviour and interaction. This attention to schema theory paved the way for a deeper insight into human cognition, truly a fascinating takeaway from this week’s readings.
This is a good topic, Michael. This topic leads my brain to database schemas and how applications are essentially a bunch of tables and queries working behind the scenes. However, the connection between psychology and technology is what I believe to be the driving force behind the innovation of AI.
One point I found interesting was how autonomous access control (DAC) offers great trade-offs. It ensures user flexibility while reducing IT’s management overhead. DAC is discretionary because the owners can transfer objects or any authenticated information to other users. The owner can determine the access privileges. But malware can work within the user’s identity (security context). The user is a local administrator or has a root account, once the malware is installed, they can do anything. It’s not even possible to protect the system from the huge damage that can be done by security.
While reading the chapter on “Identity Theft”, I was taken aback by the information on the “Unsubscribe” Spam Attack. Although my spam emails are usually filtered out of my general inbox, occasionally, I come across promotional email previews. Admittedly, I’ve found myself clicking on the “unsubscribe” link without thoroughly evaluating the email content after encountering these messages frequently. I realize now that I’ve been fortunate so far.
Before reading this section, I found it interesting to learn about people falling for spam emails with misspellings and incorrect grammar, resulting in significant financial losses totaling $3 billion. The scale of individuals affected is much higher than I initially thought. It’s becoming increasingly alarming.
Akiyah your reflection on the unsubscribe spam attack is definitely eye-opening. It’s concerning how easily people unknowingly engage with potentially harmful content. In light of this, what proactive steps do you think individuals and organizations can take to raise awareness and educate users about these sophisticated phishing tactics, reducing the risk of falling victim to such attacks?
It was truly eye-opening. Individuals should exercise more caution, considering options like unsubscribing via the website’s notification settings (not the one provided in the email). Reporting such emails as spam is another option, allowing the service provider to handle it appropriately. Organizations can enhance their security measures to detect and contain these types of attacks, and incorporate them into security awareness training.
Akiyah I have been in the same situation thinking if I just click unsubscribe and be done with it, not realizing I can potentially harm my system. We get so busy and in my case so technically charged that I forget to check the things the seem trivial. Thank you for the reminder and letting know to be careful and take our time.
Yes, it’s the little things that can get you. It’s amazing how the smallest details or actions can have a significant impact, often when you least expect it.
In this week’s reading, I found The Onion Routing (TOR) technique intriguing for achieving anonymous communication over a network. The text explained how data transmissions are secured in layers, similar to the layers of an onion, using encryption. These encrypted layers pass through nodes called onion routers, revealing the next destination at each step.
The sender’s identity remains anonymous as the final layer is decrypted only when the message reaches its destination. Each intermediary node is unaware of more than its preceding and following nodes, ensuring robust security and anonymity.
This caught my interest, especially as someone who advocates for layered defense strategies, appreciating how TOR, while a single line of defense with data encryption in transit, incorporates multiple security approaches in its inherent process.
Hi Chidi,
I was fascinated by the multiple layers of encryption offered by Tor. It’s also interesting that one can stay anonymous by using Tor. Even though Tor is meant to keep us anonymous, do you think the developers or law enforcement agencies can reveal one’s identity?
One aspect of this week’s reading that I find interesting is The Onion Routing and Tor. Onion routing is used to connect to the internet anonymously. The reading explained how onion routing works below the application layer of the OSI model. While reading, I found out that it was created by the Naval Research Library.
I also found the onion routing and tor interesting this week. When it was created for military, I’m sure that the government never had the intention of having it accessible for public use. It makes me wonder how the public knew about Tor/Onion and how to use it.
The most interesting point I read this week was in Vacca’s chapter 51 where it talks about how privacy has many definitions. Before I read this, I thought privacy just meant not being observed by other people as well as a right for all. Well, it goes deeper than that account to where privacy is not one thing but several depending on the situation and context. The text mentions where a contributor called the term privacy a misnomer. While privacy is valued, we need to be aware of the many aspects of privacy.
The part of the readings this week I found the most interesting was in Chapter 71: Online Identity and User Management Services, I liked reading about the main model used for identity management (Silo Model) and how it worked and why we’re beginning to adopt the federated identity management model realizing the flaws such as inoperability. It’s interesting to me because it’s valuable commentary on the current state of identity management, where its leading to and why as well as the array of alternative approaches available for identity management.
Alex, you bring up an excellent point where this continues to change with new tools and new ways to hack, the model continues to change. Identity management has gone from show me your id card to biological sampling and even more. The approaches seem to be endless on how it will be addressed in the future,
Chapter 53, Onion Routing and TOR, stood out to me among the chapters we read. I discovered that onion routing enables anonymous communication by encrypting data through volunteer-operated servers known as onion routers. This multi-layered encryption obscures the origin and destination of communication, thus enhancing privacy. The Tor network, the primary application of onion routing, facilitates anonymous internet browsing. Due to its ability to facilitate anonymous internet browsing, it raises questions about privacy and censorship. The practical applications of onion routing, especially through Tor, extend to secure internet browsing, protecting whistleblowers, and enabling confidential communication, showcasing its global impact in addressing evolving challenges in online privacy and security.
I agree that Chapter 53, focusing on Onion Routing and Tor, is fascinating. Encrypting data through volunteer-operated onion routers to obscure communication origins and destinations is a powerful tool for privacy. As the primary application, Tor allows anonymous browsing and raises important questions about privacy and censorship. Beyond secure browsing, Tor’s practical applications extend to protecting whistleblowers, enabling confidential communication, and facilitating access to censored content. This global impact highlights its potential to address evolving privacy and security challenges. For further exploration, consider delving into specific examples of how Tor helps journalists, activists, and individuals living under oppressive regimes. Additionally, analyzing the potential drawbacks of Tor, like its association with illegal activity and slower browsing speeds, offers a more nuanced understanding of its role in the online world. I had a forensics class (SANs FOR500) with an entire chapter on TOR and how hackers use it to help evade being caught. Good stuff.
This week’s readings regarded one of my favorite topics, IAM. What I found interesting is User Centricity and essentially the first law in Cameron’s Laws of Identity which is user control and consent. User-centric identity management is a digital identity infrastructure where the end-user has “substantially independent control over the dissemination and use of their identifier(s) and personally-identifiable information (PII)” according to Vacca. I find this interesting because it is a concept that will continue to evolve over time and Vacca even notes that a new paradigm to solve problems of usability, scalability, and universal SSO is still to be discovered. The synergy between systems and applications will largely keep this topic ever evolving as well as the flexibility in organization sizes. I always been pretty adamant about keeping applications catered to the end user and the end user can be any single person especially within an organization. User centricity in all things tech matters to me since there is nothing more frustrating than finding that an application does not do what is expected of your typical end user. Empowering the user to take more control of their identity on the internet is substantial.
This week’s most captivating point from the readings (IMO) is the potential of decentralized identity management (DID) to revolutionize online privacy and security. Unlike traditional systems where a central entity controls user identities, DID empowers individuals by giving them sole ownership and management of their identity data. This decentralization reduces the risk of single points of failure and enables users to selectively share information with services, fostering greater control and privacy online. This shift is exciting because it challenges the current power dynamics and offers a potentially more secure and user-centric approach to identity management in the digital age.
While I knew the broad strokes of identity management, I was not aware of a lot of the specifics involved. Specifically, the specific ways of classifying and solving identity and access management challenges. In my job I work with OIAM frequently but am not often informed of the steps and actions that they take behind the scenes to do their jobs efficiently and securely. Details like the Silo Model and Centralized Versus Federation allowed me to feel like I was seeing how things work outside of my scope in my current career. This info is certainly intriguing to me because it allows me not only insight into my own role as an employee, but also allows me to interface more clearly with teams that manage identity and access management in my organization as a whole
Chapter 59 was interesting but a wake-up call. It is scary to see how sophisticated the sites are getting. It makes me think of people that are not technically inclined and have no idea about verified secured stamps on sites and don’t even know how to check if that is legitimate or not. I think it will only get worse for users may fall on banking bill pay to take on the risk that is involved with online payments. Even when I read about the plain vs fancy layout on the authentic payment notification section, it was hard to tell the difference and with AI ramping up it will get harder to identify what is legitimate or not sooner than later. It will be interesting to see what Technlogies emerge from the AI sector that will help and may hurt users when it comes to their identity.
I also thought about this too. The perception that phishing and scare ware sites are able to be avoided makes me feel relatively secure in my use of the internet. The idea that bad actors can create nearly identical sites to real ones that can fool people already trained to detect phishing etc. like ourselves is concerning, not only for my own privacy, but also in the context of how we go about future SETA programs and educating users on security
Hi Professor Lanter, this question seem an open one, reason my answer move away from Protection of Information Asset course towards what I read in Business Skill for ITACS Professionals course this week. The book is called Your voice is Your Business and I read chapter six specifically and Chapter 6 of “Your Voice is Your Business” intrinsically delves into the relationship between physiology and the human voice. It underscores the integral role physical health plays in maintaining optimal vocal performance, exploring how vocal exercises and targeted physical training can facilitate the development of a strong, resilient voice. Furthermore, it elucidates the negative repercussions of improper vocal usage, emphasizing the risk of irreversible damage. The chapter also integrates a guide on nurturing vocal health through a balance of exercise, rest, and proper nutrition, illuminating the methodological precision required in sustaining a healthy voice. Lastly, it suggests a new perspective – viewing one’s voice as a professional asset to be valued and adequately maintained. This marks a departure from the conventionally casual attitude towards vocal health which can often lead to inadvertent misuse. This chapter is an essential read for anyone relying on their voice for professional purposes and this is interesting here too because ITACS professionals most time rely on their voices for professional presentation and reportage to both Information owners and Business owners.
Great Post and stood out for me as I speak for a living. It is very true on exercises that you can do and how negative actions can lead to a different sounding voice. Besides vocal heath I also use different tunes and speaking tactics depending on what person or audience I am speaking to and what their tone is like as well. Matching or shifting tones in a business conversation can be a make it or break it point just like in a meeting with IT professionals and other people that are not IT educated etc. They say it’s not what you say but how you say it and I can say that is very true and something that took me years to master as I’m on the business end in the tech world and have to educate everyday people on technical subjects.
sincerely the way that book “Your Voice is Your Business” compellingly discusses the intimate connection between physiology and vocal abilities. It amplifies the significance of maintaining physical health for optimal voice performance, revealing that strategic vocal exercises and physical training boost voice solidity and resilience. It further enlightens us about the ramifications of improper vocal usage, chiefly the risk of irreparable harm. Besides, the chapter outlines a strategy for maintaining vocal health that harmonizes exercise, rest, and balanced nutrition, spotlighting the meticulous consistency needed for continuous vocal health. It introduces a fresh perspective, considering one’s voice as an essential professional asset that warrants careful maintenance and distances us from the typically nonchalant approach to vocal health. This chapter becomes indispensable for professionals, particularly ITACS professionals, who heavily depend on their vocal capabilities for professional presentations and communication with business and information owners
Thanks Mike, going to look that book up now.
The interesting point I have gleaned from this week’s readings lies within the realm of cognitive psychology – the concept of ‘schema theory’. In essence, schema theory posits that all knowledge we possess is organized into units or schemata, shaping our perceptions and responses to information and situations.
This theory piques my interest primarily due to its far-reaching implications across various fields, underscoring the pivotal role of experiences in shaping our cognitive frameworks. The assimilation of new information, as posited by the theory, occurs via two measures: accommodation, where existing schema is adjusted to suit new information; and assimilation, where new information is incorporated into existing schema.
This view on knowledge organization and human cognition holds paramount importance in understanding not just cognitive functioning, but also various aspects of human behaviour and interaction. This attention to schema theory paved the way for a deeper insight into human cognition, truly a fascinating takeaway from this week’s readings.
This is a good topic, Michael. This topic leads my brain to database schemas and how applications are essentially a bunch of tables and queries working behind the scenes. However, the connection between psychology and technology is what I believe to be the driving force behind the innovation of AI.
One point I found interesting was how autonomous access control (DAC) offers great trade-offs. It ensures user flexibility while reducing IT’s management overhead. DAC is discretionary because the owners can transfer objects or any authenticated information to other users. The owner can determine the access privileges. But malware can work within the user’s identity (security context). The user is a local administrator or has a root account, once the malware is installed, they can do anything. It’s not even possible to protect the system from the huge damage that can be done by security.
While reading the chapter on “Identity Theft”, I was taken aback by the information on the “Unsubscribe” Spam Attack. Although my spam emails are usually filtered out of my general inbox, occasionally, I come across promotional email previews. Admittedly, I’ve found myself clicking on the “unsubscribe” link without thoroughly evaluating the email content after encountering these messages frequently. I realize now that I’ve been fortunate so far.
Before reading this section, I found it interesting to learn about people falling for spam emails with misspellings and incorrect grammar, resulting in significant financial losses totaling $3 billion. The scale of individuals affected is much higher than I initially thought. It’s becoming increasingly alarming.
Akiyah your reflection on the unsubscribe spam attack is definitely eye-opening. It’s concerning how easily people unknowingly engage with potentially harmful content. In light of this, what proactive steps do you think individuals and organizations can take to raise awareness and educate users about these sophisticated phishing tactics, reducing the risk of falling victim to such attacks?
Hi Alex,
It was truly eye-opening. Individuals should exercise more caution, considering options like unsubscribing via the website’s notification settings (not the one provided in the email). Reporting such emails as spam is another option, allowing the service provider to handle it appropriately. Organizations can enhance their security measures to detect and contain these types of attacks, and incorporate them into security awareness training.
Akiyah I have been in the same situation thinking if I just click unsubscribe and be done with it, not realizing I can potentially harm my system. We get so busy and in my case so technically charged that I forget to check the things the seem trivial. Thank you for the reminder and letting know to be careful and take our time.
Hi Erksine,
Yes, it’s the little things that can get you. It’s amazing how the smallest details or actions can have a significant impact, often when you least expect it.
In this week’s reading, I found The Onion Routing (TOR) technique intriguing for achieving anonymous communication over a network. The text explained how data transmissions are secured in layers, similar to the layers of an onion, using encryption. These encrypted layers pass through nodes called onion routers, revealing the next destination at each step.
The sender’s identity remains anonymous as the final layer is decrypted only when the message reaches its destination. Each intermediary node is unaware of more than its preceding and following nodes, ensuring robust security and anonymity.
This caught my interest, especially as someone who advocates for layered defense strategies, appreciating how TOR, while a single line of defense with data encryption in transit, incorporates multiple security approaches in its inherent process.
Hi Chidi,
I was fascinated by the multiple layers of encryption offered by Tor. It’s also interesting that one can stay anonymous by using Tor. Even though Tor is meant to keep us anonymous, do you think the developers or law enforcement agencies can reveal one’s identity?
One aspect of this week’s reading that I find interesting is The Onion Routing and Tor. Onion routing is used to connect to the internet anonymously. The reading explained how onion routing works below the application layer of the OSI model. While reading, I found out that it was created by the Naval Research Library.
Hey Akintunde,
I also found the onion routing and tor interesting this week. When it was created for military, I’m sure that the government never had the intention of having it accessible for public use. It makes me wonder how the public knew about Tor/Onion and how to use it.
The most interesting point I read this week was in Vacca’s chapter 51 where it talks about how privacy has many definitions. Before I read this, I thought privacy just meant not being observed by other people as well as a right for all. Well, it goes deeper than that account to where privacy is not one thing but several depending on the situation and context. The text mentions where a contributor called the term privacy a misnomer. While privacy is valued, we need to be aware of the many aspects of privacy.
The part of the readings this week I found the most interesting was in Chapter 71: Online Identity and User Management Services, I liked reading about the main model used for identity management (Silo Model) and how it worked and why we’re beginning to adopt the federated identity management model realizing the flaws such as inoperability. It’s interesting to me because it’s valuable commentary on the current state of identity management, where its leading to and why as well as the array of alternative approaches available for identity management.
Alex, you bring up an excellent point where this continues to change with new tools and new ways to hack, the model continues to change. Identity management has gone from show me your id card to biological sampling and even more. The approaches seem to be endless on how it will be addressed in the future,
Chapter 53, Onion Routing and TOR, stood out to me among the chapters we read. I discovered that onion routing enables anonymous communication by encrypting data through volunteer-operated servers known as onion routers. This multi-layered encryption obscures the origin and destination of communication, thus enhancing privacy. The Tor network, the primary application of onion routing, facilitates anonymous internet browsing. Due to its ability to facilitate anonymous internet browsing, it raises questions about privacy and censorship. The practical applications of onion routing, especially through Tor, extend to secure internet browsing, protecting whistleblowers, and enabling confidential communication, showcasing its global impact in addressing evolving challenges in online privacy and security.
I agree that Chapter 53, focusing on Onion Routing and Tor, is fascinating. Encrypting data through volunteer-operated onion routers to obscure communication origins and destinations is a powerful tool for privacy. As the primary application, Tor allows anonymous browsing and raises important questions about privacy and censorship. Beyond secure browsing, Tor’s practical applications extend to protecting whistleblowers, enabling confidential communication, and facilitating access to censored content. This global impact highlights its potential to address evolving privacy and security challenges. For further exploration, consider delving into specific examples of how Tor helps journalists, activists, and individuals living under oppressive regimes. Additionally, analyzing the potential drawbacks of Tor, like its association with illegal activity and slower browsing speeds, offers a more nuanced understanding of its role in the online world. I had a forensics class (SANs FOR500) with an entire chapter on TOR and how hackers use it to help evade being caught. Good stuff.
This week’s readings regarded one of my favorite topics, IAM. What I found interesting is User Centricity and essentially the first law in Cameron’s Laws of Identity which is user control and consent. User-centric identity management is a digital identity infrastructure where the end-user has “substantially independent control over the dissemination and use of their identifier(s) and personally-identifiable information (PII)” according to Vacca. I find this interesting because it is a concept that will continue to evolve over time and Vacca even notes that a new paradigm to solve problems of usability, scalability, and universal SSO is still to be discovered. The synergy between systems and applications will largely keep this topic ever evolving as well as the flexibility in organization sizes. I always been pretty adamant about keeping applications catered to the end user and the end user can be any single person especially within an organization. User centricity in all things tech matters to me since there is nothing more frustrating than finding that an application does not do what is expected of your typical end user. Empowering the user to take more control of their identity on the internet is substantial.
This week’s most captivating point from the readings (IMO) is the potential of decentralized identity management (DID) to revolutionize online privacy and security. Unlike traditional systems where a central entity controls user identities, DID empowers individuals by giving them sole ownership and management of their identity data. This decentralization reduces the risk of single points of failure and enables users to selectively share information with services, fostering greater control and privacy online. This shift is exciting because it challenges the current power dynamics and offers a potentially more secure and user-centric approach to identity management in the digital age.