Lesson 7: Why HR Policies complement Information Security

The perception of most employees to both the HR and Cybersecurity Department is that they exist so they can look for a mistake and punish you. Some say that HR is the principal's office, while the Cybersecurity team is the surveillance arm.  Although most of the time during investigations, the cybersecurity team becomes the expert … Continue reading Lesson 7: Why HR Policies complement Information Security

Lesson 6: Organizational Security

Coming from a technical team, organizational security might be seen as a domain that only focuses on paper-based policies (sometimes, just copy-paste templated policies), budgets and risk assessment results. There's also a gap between highly technical security members who have been doing hands-on security and those management guys who may have their MBAs but whose … Continue reading Lesson 6: Organizational Security

Machine Project in Infosec

Objectives ■To be able to configure, implement an open-source security tool. ■To simulate a real-world attack scenario where the security tool can be used. ■To show how to configure necessary functionalities of the security tool. Tasks ■Each group will be assigned a specific security tool. Each group will research about the topic and download an … Continue reading Machine Project in Infosec

Research Paper on Emerging Technologies

Introduction A Case Study will be held as an academic symposium during the midterms week to discuss various emerging technologies in the field of information security. Each group will be tasked to research on a specified topic, explore and answer key issues about the subject. As its culminating activity, an academic paper with a required … Continue reading Research Paper on Emerging Technologies

Lesson 4: Types of Authentication and Access Control

Authentication Authentication is defined as proving who you are claiming to be. By default, we have 3 types of authentication: Something that you know – A form of authentication coming from what you know (residing in the mind) Ex. Password, pin Something that you have – A form of authentication that is tangible. Ex. Token, … Continue reading Lesson 4: Types of Authentication and Access Control

Lesson 3: Defense in Depth and related concepts

We have agreed that we protect data/information in Infosec. And as we have discussed in Lesson 1, the scope of Infosec is very broad and IT Security is just part of it. We have also learned in Lesson 2 that preventive controls are incomplete without detective controls and response. With former concepts discussed, a more … Continue reading Lesson 3: Defense in Depth and related concepts