Internet/Network Security/Securing Cyberspace

Advertisement


Question
Dear Mr. Sopp,
    I am currently doing a project at my school that involves the 14 Grand Challenges of Engineering. Our group targeted the topic: "Securing Cyberspace". Your expertise lies in security guidelines. I was wondering what kind of security guidelines and metrics you use to help secure cyberspace.

Answer
I think the word security can be a misnomer, as it is near impossible to completely secure anything. I like to think of security in the physical world as an analogy to security in the electronic world- as they are both very much alike.
"Lock Your Doors" can be an analogy for using a firewall for example..
Anyway, your paper topic is very very broad and honestly in today's world there isn't any complete answer to this.
You should first think of your perspective for this paper. For example you may want to just talk about ways to secure things...
In this case your topics covered could include(stated in a very general manner..)
Implement security controls to
-Restrict access to only what is needed(Access control lists, firewalls, other permission sets, segregation)
-Disable things that aren't needed(unnecessary services, control what is installed
-Keep things updated(patch management and version control)
-Search for and fix known flaws(web security scanning, pen testing, vuln scanning)
-Ensure consistent configurations
-Identify users and
-Employ proper authentication mechanisms, log sensitive actions and data access, defense in depth, malware protection mechanisms, incident response plans, DR/Backups, secure data in transit, secure data at rest..and so on

Or you can go the route of current state of cyber security(and problems that exist) and recommend ways we can improve it-this is a little harder to pull off and requires alot of research but probably more worthwhile. This may be a good starting point if you decide to go that route-http://www.engineeringchallenges.org/cms/8996/9042.aspx

In either event, take a look at the following links and see if they help spark your creativity:
http://www.dhs.gov/national-strategy-secure-cyberspace
http://csc.latech.edu/
http://www.nytimes.com/2008/12/09/technology/09security.html?_r=0

Internet/Network Security

All Answers


Answers by Expert:


Ask Experts

Volunteer


John M. Sopp

Expertise

I specialize in vulnerability management including Systems and Network Vulnerability Scanning, Vulnerability remediation/Patch Management, and Vulnerability Monitoring. I am also versed in Windows Workstation and Server Operating systems, endpoint protection technologies, risk assessment, and developing security guidelines and metrics.

Experience

I have worked in the IT security field and in IT at various levels from "help desk" and incident response roles, to security administration and engineering since around 2002.

Education/Credentials
Bachelor of Science, Computer Security/Computer Science GIAC GPEN Certified NSA 4011/4012 Certified

©2016 About.com. All rights reserved.