Learning Log for Information Systems Security: Week 3 and 4 (Organizational Security)

In the past 2 weeks, all we think about is the preparation for midterm paper mainly the related literature connected to our topic which is the Bitcoin. At first, I really don’t want to participate with my groups due to other activities that I am attending but because of perseverance, I had done my part when I found time for doing it. Sometimes the things you do might be boring to you but, looking at the bright side lets you see the brighter side or the positive side. Coincide with the preparation of the paper is our discussion, which is the Organizational Security. For the Week 3, I have learned that the security hierarchy are based on the organization’s priority, policies and ethics. The Operational Model are planning, implementing, monitoring, and evaluating which is a never ending cycle if maintenance for the security will be conducted. We discussed much policies in an organization and the thing that I am fascinated about is that there are some policies wherein power in the company is not an option, meaning equality was established in this policy for example, IUP or Internet Usage Policy, which is the connectivity of all the members in the organization in the internet. We also discussed the 3 types of Model, Sir JP said that there are 30 Model, but we focused for 3 models only because this are most commonly used in the organization. Let us start with Bell La Padula Model, with a misconception of Bella Padilla based on first time encounter, that is a confidentiality model that has the rules of simple security rule that doesn’t allow to read security higher or different from your department; Star property that cannot write security if lower or different from your department. Next is Biba Model which is the integrity model that has a simple integrity rule that is the contrast of Bell La Padula and also the star property. Last is the Clark-Wilson Model is an integrity model and it uses a medium for its security. This discussions are all done for the Week 3 because Week 4 was dismissed due to different kinds of events. For Week 4 first meeting, It is the end of Ramadan and Muslims had to celebrate it despite of the war in Marawi City. Second meeting, Sir JP told has that his not feeling well and unable to tutelage us for this period, so he cancelled that session, this really broke my heart. Take Care and Get Well Soon Sir JP!

Learning Log for Information Systems Security: Week 1 and 2 (Information Security)

Another year another term, same professor same activity, but this professor is the BEST in terms of Computer Networking and Security and I wouldn’t write his name here due to the privacy of that professor, but we can call him Sir. JP. For our first meeting, we were astonished that our past professor will be our current professor for computer security, so in an instance, we clapped so hard and preached his name like watching a live Fliptop battle, Sir JP!3x. After a few minutes of idolization and homecoming, we began to study the scopes of information security and I began to review my current knowledge about this topic and began to cope up with the new knowledge that I am receiving. Sir JP has summarized all his knowledge for just the title and just small amount was absorbed, and the good thing is we are just in the title portion far from the real integration of information security. Confidentiality, Integrity and Availability are the first bulleted points that I have written in my notebook and with these 3 items, I could feel the real vibe of information security. I learned the Security Architecture is almost the same with the 7 levels in the past networking lessons. Sir JP taught us the strong and the weaknesses of information security if vivid knowledge was not apprehended and also the offensive and defensive process in the system. The most interesting part of the discussion is the authoritarian level of security wherein there are certain levels that cannot be accessed by an ordinary person but a higher level can access it. Sir JP had given us a case event wherein we will analyze the problem and we must fill in the necessary requirements for the case. For the sake of the shortness and the ending of this post in the case that was given to us stating in the Recommendation section, in my personal opinion, if DDoS attack happen, have a different kind of brand for your security device because not only do you see the error but you also segregate the rotting security devices from others.