• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.001 ■ Spring 2024 ■ David Lanter
  • Homepage
  • Instructor
  • Syllabus
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Data Breach at Equifax
    • Participation
    • Team Project
  • Harvard Coursepack

My question to discuss with my classmates

January 24, 2024 by David Lanter 13 Comments

Filed Under: 03 - Planning and Policy Tagged With:

Reader Interactions

Comments

  1. Ooreofeoluwa Koyejo says

    January 27, 2024 at 10:56 pm

    Would you consider referencing all the standards and guidelines we have reviewed on this topic as mandatory in the process of system security planning?

    Log in to Reply
    • Celinemary Turner says

      January 30, 2024 at 8:24 am

      System security planning relies on adhering to various standards and guidelines. These include ISO/IEC 27001, NIST SP 800-53, NIST Cybersecurity Framework, PCI DSS, and CIS Controls. Adhering to pertinent standards and guidelines is considered a best practice for system security planning. Although it is strongly advised to consult these standards, the specific application may differ based on the type of organization, the sector it works in, and the security requirements. It’s critical to customize security measures to the particular needs and hazards faced by the company.

      Log in to Reply
  2. Eyup Aslanbay says

    January 28, 2024 at 5:50 pm

    What made the Sarbanes-Oxley Act significant for the field of IT security?

    Log in to Reply
    • Edge Kroll says

      January 30, 2024 at 6:22 pm

      It emphasizes data retention and recovery policies, encouraging organizations to invest in secure storage and backup solutions. Non-compliance with SOX results in severe penalties, compelling companies to prioritize IT security to safeguard financial information and demonstrate commitment to transparency and accountability. Overall, SOX significantly influences IT security by shaping practices that ensure the integrity and protection of financial data.

      Log in to Reply
  3. Yannick Rugamba says

    January 28, 2024 at 6:17 pm

    How would you prioritize and implement the key elements of a cybersecurity policy in a small to medium-sized business, considering limited resources and the diverse range of potential threats?

    Log in to Reply
    • Celinemary Turner says

      January 30, 2024 at 8:58 am

      Establishing cybersecurity in a small business requires a step-by-step approach: assessing risks, developing policies (data classification, access controls), prioritizing employee training, and creating an incident response plan. Implementing network security measures and continuously monitoring and improving them through auditing and patch management. Manage your vendors securely, consider cybersecurity insurance, and maintain ongoing efforts such as regular updates, employee engagement, and collaboration with colleagues. This adaptive plan addresses limited resources while promoting a culture of awareness in the face of evolving threats.

      Log in to Reply
  4. Celinemary Turner says

    January 28, 2024 at 6:27 pm

    Is there a need for effective placement of security staff in the organizational structure to ensure comprehensive IT security? If yes ,discuss why.

    Log in to Reply
    • Eyup Aslanbay says

      January 30, 2024 at 10:11 pm

      Yes, the placement of security staff within an organization is crucial for effective IT security. Proper positioning ensures that security strategies align with the company’s goals, as security experts need to work closely with top management. Being in key positions allows them to enforce security policies effectively, ensuring that the entire company takes security seriously. They also need adequate resources, so being well-placed means they can secure the necessary funding, personnel, and tools. Collaboration with other departments like IT and HR is essential for comprehensive security management.

      Log in to Reply
  5. Bo Wang says

    January 28, 2024 at 8:58 pm

    Even with the implementation of the law on personal security and privacy, there are still a large number of users’ personal information leaked, which leads companies to risk the disclosure of personal privacy information in violation of the law.

    Log in to Reply
  6. Edge Kroll says

    January 28, 2024 at 10:40 pm

    What is the importance of threat intelligence, and how does it contribute to proactively defending against threats?

    Log in to Reply
    • Celinemary Turner says

      January 30, 2024 at 11:05 am

      Threat intelligence is like a GPS for navigating the cyber threat landscape. It provides direction, awareness, and guidance to help organizations steer clear of danger and reach their destination of secure operations.
      Why it’s so important:
      Threat intelligence helps you decipher attackers’ motives, tactics, and tools. You learn about their preferred targets, attack vectors, and vulnerabilities they exploit. This knowledge allows you to anticipate their moves and plug security holes before they can be weaponized.
      Proactive Defense: You can proactively implement countermeasures by understanding the specific threats targeting your organization. This could include patching vulnerabilities, deploying intrusion detection systems, or training your employees to recognize and report suspicious activity. This proactive approach significantly reduces the likelihood of a successful attack.

      Log in to Reply
  7. Jon Stillwagon says

    January 28, 2024 at 11:32 pm

    Do they ever add any more or change the specifications for minimum security requirements or have they been the same for years?

    Log in to Reply
    • Ooreofeoluwa Koyejo says

      January 29, 2024 at 11:10 pm

      This is a valid question especially with evolving technologies like cloud, AI, threat intelligence etc.

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (1)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (4)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (6)
  • 11 – Data Protection (4)
  • 12 – Incident and Disaster Response (5)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in