This week, I am to talk about action plans and what problems I encountered while doing them.
OK, I admit it. I cheated. I found the PERFECT action plan layout and downloaded it.
Taking business courses before computer classes helped me understand the importance of "scanability." It also taught me the importance of making sure your audience can understand what you are reading.
Throughout this whole process, I am applying a lot of theory. It's tough to do a process model and a threat analysis when the information is still just a concept in my head. I have had the chance to discuss this stuff with a person who is a professional in the cybersecurity field and he was more than happy to tell me where I was weak in some of my understandings.
With the ability to use the template, it made it easier for me to "itemize" what actions need to be taken. Add that it is easily scannable for any management personnel made it ideal. The hard part is thinking of everything and giving everything a priority. How do you decide what goes first? How do determine which threat is the one that is most likely to happen?
The scenario Harry & Mae's scenario in which we are working with has a huge amount of security "no-nos."
For instance, the default password is not required to be reset, passwords are allowed to be easy and are not required to be changed.
They have a Spam/Anti-virus firewall hardware that they do not subscribe to and so the signature files are all out-of-date.
They did not configure their firewall and their wireless access points allow connectivity from anybody as well as all traffic going in and out.
And these are just a few of the scenarios we were given to analyze. When looking at that, I found it hard to determine which one was of the highest priority. All leave the company's system vulnerable to anyone and any hacker would have easy access to their customers' information, even a script kiddie!
Another hard time I had was determine a "time frame." Since I have not done these things in real life (except for my own home network), it is hard to figure out how long it would take. When I fix friends' computers, I find that sometimes an easy job ends up taking longer than expected. So, I am apparently not experienced enough to gauge time estimates for any job. Of course, I tend to find Murphy's Law pops up at the most inconvenient time. This sometimes extends when the job will be done.
While I have been focusing on my A+ certification, I begin to realize that I need to focus on my Security+ certification. This will help me get my foot in the door so I can actually see how all this works.
What has made all this easier is "Coach" and my classmates. I couldn't have made it this far without them!
No comments:
Post a Comment