Sherwood Applied Business Security Architecture

I completed my SABSA Foundation training, passed the exam and earned the.SABSA Chartered Security Architect credential.

SABSA is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives. It is also widely used for Information Assurance Architectures, Risk Management Frameworks, and to align and seamlessly integrate security and risk management into IT Architecture methods and frameworks.
SABSA is comprised of a series of integrated frameworks, models, methods and processes, used independently or as an holistic integrated enterprise solution, including:

  • Business Requirements Engineering Framework (known as Attributes Profiling)
  • Risk and Opportunity Management Framework
  • Policy Architecture Framework
  • Security Services-Oriented Architecture Framework
  • Governance Framework
  • Security Domain Framework
  • Through-life Security Service Management & Performance Management Framework

Global Privacy Launch

IAPP

In the face of cyber attacks managing to breach industries as diverse as multimedia giants, global retailers and online social networks, the importance of securing our personal information has never been more in the spotlight. The growing demand to address these risks has been recognized across the information security field, and I was recently given the opportunity to participate in the launch of my firm’s own global privacy service line.

During this launch, I was lucky enough to meet many experienced privacy practitioners from all over the world, including New Zealand, South Africa, Japan and the USA. These security professionals generously shared their insights with me, based on their diverse experiences and individual challenges. Interestingly, I discovered that although privacy legislation varies country-by-country, the basic principles remain the same.

I was able to attend multiple interactive workshops, in which I learned how to perform privacy impact and maturity assessments. The week concluded with the IAPP Foundation and other certifications.

The experience I gained with data protection laws and the knowledge I obtained during these training sessions helped me to successfully obtain the Certified Information Privacy Manager and Certified Information Privacy Technologist credentials. These certifications will allow me to demonstrate my knowledge and skills and bring value to this truly exciting security arena.


Information Security E-Learning Part 2

ID-100188595

In my previous post I discussed free online courses in information security. Here  I would like to share a few more resources.

Hardware Security

“In this course, we will study security and trust from the hardware perspective. Upon completing the course, students will understand the vulnerabilities in current digital system design flow and the physical attacks to these systems. They will learn that security starts from hardware design and be familiar with the tools and skills to build secure and trusted hardware.”

Software Security

“This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them — such as buffer overflows, SQL injection, and session hijacking — and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a “build security in” mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems.”

Usable Security

“This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.”

Internet History, Technology, and Security

“The impact of technology and networks on our lives, culture, and society continues to increase. The very fact that you can take this course from anywhere in the world requires a technological infrastructure that was designed, engineered, and built over the past sixty years. To function in an information-centric world, we need to understand the workings of network technology. This course will open up the Internet and show you how it was created, who created it and how it works. Along the way we will meet many of the innovators who developed the Internet and Web technologies that we use today.”

Malicious Software and its Underground Economy: Two Sides to Every Story

“Cybercrime has become both more widespread and harder to battle. Researchers and anecdotal experience show that the cybercrime scene is becoming increasingly organized and consolidated, with strong links also to traditional criminal networks. Modern attacks are indeed stealthy and often profit oriented.

Malicious software (malware) is the traditional way in which cybercriminals infect user and enterprise hosts to gain access to their private, financial, and intellectual property data. Once stolen, such information can enable more sophisticated attacks, generate illegal revenue, and allow for cyber-espionage.

By mixing a practical, hands-on approach with the theory and techniques behind the scene, the course discusses the current academic and underground research in the field, trying to answer the foremost question about malware and underground economy, namely, “Should we care?”.

Students will learn how traditional and mobile malware work, how they are analyzed and detected, peering through the underground ecosystem that drives this profitable but illegal business. Understanding how malware operates is of paramount importance to form knowledgeable experts, teachers, researchers, and practitioners able to fight back. Besides, it allows us to gather intimate knowledge of the systems and the threats, which is a necessary step to successfully devise novel, effective, and practical mitigation techniques.”

Building an Information Risk Management Toolkit

“In this course, you will explore several structured, risk management approaches that guide information security decision-making. Course topics include: developing and maintaining risk assessments (RA); developing and maintaining risk management plans (RM); regulatory and legal compliance issues affecting risk plans; developing a control framework for mitigating risks; risk transfer; business continuity and disaster recovery planning from the information security perspective.”

Image courtesy of cooldesign/ FreeDigitalPhotos.net