Security Fundamentals- A Students Perspective
December 5, 2011
This weeks module, “Security Fundamentals”, was a great starting point in explaining the very important fundamentals that all security professionals need to know and understand thoroughly. What is a vulnerability? What is a threat? What is an attack? What are security controls? When is it appropriate to use X control over Y control? These questions may seem easy, but you would be surprised how often you have to explain this in the real world. A couple more great topics were CIA++ and STRIDE. As you can guess, CIA++ builds upon the classic CIA definition, and STRIDE maps perfectly to CIA++ in terms of possible attack vectors. Great way to discuss and map out security.
Moore’s law was also discussed, and it’s impact on the security community. As technology is rapidly progressing, so is the attack vectors available to malicious hackers. Security always needs to be forward thinking, and paying attention to the industry and what new technologies are being introduced. As part of this discussion, the vulnerability cycle was brought up. This cycle discusses the trend that attack vectors take, and I really thought this was profound when researching the next possible hack, or trying to keep yourself bleeding edge. Staying “in the know”, I feel, is a HUGE part of security because how can you secure something you know nothing about?
The basics of qualitative risk assessment was also big in this module and made clear during the lab. I was expecting the lab to be me doing my own research, but to my surprise it actually included interaction with the instructors. Being able to explain basic security concepts clearly, explaining risk, and then being graded on the answers submitted. I can’t wait to hear the feedback.
-Kevin
