Post your thoughtful analysis about one key point you took from this assigned reading. (This first week you are not required to post: One question to ask your fellow classmates to facilitate discussion, nor are required to post In The News nor comment on other students’ postings.)
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Being that the book was published in 2015, there are obviously aspects that are outdated. There was a section in the first chapter where the authors talked about discovering vulnerabilities. The point that was made was “software companies rarely pay vulnerability discoverers. As a consequence, a growing number of analysts sell vulnerability discoveries on one of several vulnerability black market.” The interesting thing is, to my knowledge, this has drastically changed since 2015. Bug bounty programs seem to have taken off. And the rewards keep increasing every year. To use a DarkReading.com article, “In 2018, for example, ethical hackers made $19 million through HackerOne’s vulnerability-program management platform, compared to $11.7 million the prior year.” I wonder what this has done to the black market for vulnerabilities.
Jonathan,
I agree about the 2015 point, I wonder if the authors still feel the same way about the book in 2021
A key point that I took from this chapter is the threat environment is vast and ever changing for organizations. Organizations have to deal with a wide array of different adversaries, attack vectors, and deal with the aftermath of successful compromises. The different adversaries could include current/former employees, organizational competition, nation-state, and more. These adversaries have many avenues to perform their attacks, e.g. web based, extortion, or various types of malware. Lastly, in the event a compromise is successful and violates one of the security objectives: confidentiality, integrity, and availability, it could cost the organization millions of dollars. This money may be used to notify customers of the incident, lawsuits, remediation of the vulnerability, or long term financial loss from losing customers and bad reputation.
One key point is that employees otherwise dubbed the “trusted insider” pose arguably the most significant threat to confidentiality, integrity and availability of information systems – be it intentionally or accidentally. Employees have knowledge and access to internal systems, knowledge of the system controls and are aware of ways to avoid detection and above all, they are trusted.
The key point that I found interesting from Chapter 1 was that IT security professionals believe that the threat environment will continue to change and become more sophisticated. I think this point is very concerning since just a few weeks ago United States government became a victim of a massive cyberattack. It is believed that a Trojan horse software has infiltrated many different departments and agencies within the United States’ government. These include the Department of the Treasury, Department of Homeland Security, Department of Energy, Department of Defence, and the Department of Commerce just to name a few. The Trojan was name SUNBURST by FireEye, a world-renowned cybersecurity firm. Confidential information is believed to have been exposed and shared with the Russian government, which could be considered an act of cyberwar. The effects and implications of this data breach may become evident in the coming years.
The point in chapter 1 is that the professionals believe that the environment will continue to change. Tis makes sense and should definitely be considered, There will always be someone who is looking for the next greatest thing, This can be used with technology, To be the first with the next greatest technology comes as a risk, because now someone will attempt to better you or look for ways to down
grade.