Assignment:
To know about a field and keep abreast with what happens, especially a field that changes and advances fast, it is important to know the "Who's Who" in the field. Bruce Schneier is a top information security technologist and author, and has been named by The Economist as "security guru" (see https://www.schneier.com). It will be worthwhile for you to visit his website on a frequent basis in you want to pursue a Chief Security Office career.
The following multi-media presentation delivers what Schneier's view on information security management. If you have bandwidth issue and can't watch the video, then you can hear his speech from the audio stream. In the presentation, Schneier suggests a framework of "feeling, reality, and model" and explains how these three should be in sync. He also emphasizes how the "feeling" of security plays a role and how important a person's cognitive perception (partially coming from the person's belief and culture) is.
Bruce Schneier discusses on Ted Talks the Security Mirage, October 2010 at
If you can't watch the video or hear the audio, then you must read the following article which covers the topic. Otherwise, you should still scan through the article to refresh what you heard and grasp some new concepts that didn't get explained in-depth in the presentation:
Schneier, B. (2008). The Psychology of Security.
Another "Who's Who" in the security field is Mark Seiden (a Cutter Consortium consultant, 35 yrs of programming experience, on the technical advisory board of Counterpane, among top 50 CyperElite). Please listen to his speech, where Mark emphasized the need to build proper organizational and customer awareness of security needs.
Seiden, M. Speech.
There are many factors influencing one's belief. Culture is one factor, upbringing is another one. So is a person's education and exposure on the subject. I can't affect your culture or upbringing, but I would like to educate/expose to you some concepts that can influence what you think regarding to security. Remember, I am only scratching the surface here. You need to continue educate yourself and build awareness of security for yourself and your organization.
Mercuri, Rebecca T.; Neumann, Peter G. (2003) Security by obscurity. Communications of the ACM, 46 (11),160-160. (TUI library).
Hoepman, Jaap-Henk; Jacobs, Bart. (2007) Increased security through open source. Communications of the ACM, 50(1), 79-83. (TUI library).
Now it is time to write about what you learned in the background readings. Writing about what you learned is like digesting food. Only through your own language, you can truly assimilate and absorb.
After you have "strategically" read the above materials, and, more importantly, thought about them critically and inter-connectively, compose a 4- to 6-page paper on the topic:
Why is it important to build one's awareness and proper perception of information security? And how does one build such awareness/proper perception in the management of an organization?
In preparing your paper, you need to discuss the following issues, and support with arguments and evidence:
- What is the framework suggested by Schneier? Do you agree or disagree?
- How is Schneier's framework connected with the framework suggested in Module 1?
- Summarize key points from Seiden's speech.
- What are your views on "security by obscurity" and "enhancing security via open source"? What are they? Why do you hold your views?
- How would you help the managers in an organization to build security awareness and proper perceptions?
Assignment Expectations
Length: Minimum 4 to 6 pages excluding cover page and references (since a page is about 300 words, this is approximately 1,200 to 1,800 words).