Bookmark and Share
RSS

Recent Posts

2018 in Review–IT Security

January 7, 2019

This week begins a new year of IT Trendz posts. I am looking forward to exploring new trends in 2019 and re-examining some topics that I have explored since I began the blog in October 2013, more than five years ago. In 2018, I contributed 50 posts, so I would like to start the year by taking a look back at a few series that were fun and challenging to research and write. 
 
A Series on IT Security
One topic that I explored in detail in 2018 was computer security. In mid-March, I began a seven-part series on IT security. I took a look at the challenges facing the computer security team. My focus was on today’s security threats and the steps that should be taken by companies to secure their assets. After this initial post, I continued to investigate the computer security topic with a concentration on computer security hardware. I commented that many of us think about security primarily with a software focus. It seems to us that protecting and hacking is mainly about understanding and using software. You might be surprised to know about the special security hardware and its role in safeguarding data and other resources.
 
Software and Hardware Work Together
After studying an example of security hardware, I continued the computer security topic with a discussion of security software. I chose the software used to support the PCIe Cryptographic Coprocessor Version 2 (PCIeCC2) hardware security module (HSM) as a good place to start. It made sense to use this software as it directly built on the hardware in the previous post. After this deep dive on a specific instance of software, I made a broader discussion on software, exploring a few of the security software categories from IDC's “Worldwide Software Taxonomy” from 2017. Specifically, I wrote about identity and access management (IAM). Example IAM products include IBM Cloud Identity: IDaaS Family, IBM Security Access Manager and IBM Security Identity Governance and Intelligence. I also discussed endpoint security. Example endpoint security products include IBM Maas360 (mobile endpoints), IBM Security Trusteed Fraud Protection suite and IBM BigFix family. The last category I used from the IDC taxonomy was messaging security programs like secure email gateways (SEGs) that are close to 100 percent in use in enterprises.
 
People, Standards and Data 
I finished the entire series with three final topic areas—people, standards, and security and data. The focus of these three posts were: 

Topic Area Content
People What do “security people” do on a day-to-day basis in an effort to explore the human aspects of security and security administration? 

It helps to look at common IT security jobs like the four listed below:
  1. An incident responder is an IT professional who is responsible for handling security incidents, threats and vulnerabilities that arise in the day-to-day operation of an organization’s computer systems. 
  2. A security specialist is an entry- to mid-level IT professional that’s responsible for installing and configuring security solutions on corporate networks and performing vulnerability testing.
  3. A security consultant is often an outside expert who helps an organization implement the best security solutions according to their security needs.
  4. A security engineer is a mid-level employee who is responsible for both building and maintaining the IT security solutions of an organization. 
Standards What security standards are used by security professionals?
An example is ISO/IEC 27001, a standard that specifies a management system that’s intended to bring information security under explicit management control. This standard is part of a growing family of information security management standards.
Data Security What is the relationship between data and computer security?

According to Techopedia, “data security” refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data security also protects data from corruption.
 
I hope that this brief summary was helpful. If you’re interested in a career in computer security, perhaps this gave you an organized way to review the whole security domain—hardware, software and people—every area I covered in the posts.  
 
What’s Next?
Next week, I’ll continue with my retrospective on the series and posts that meant the most in 2018.   
    
 

Posted January 7, 2019| Permalink

comments powered by Disqus