Threat process test

I really enjoyed looking at the latest threats from DISA this past few days and determining that the greatest threat now are threats from Iran. It seems that Iran is launching some cyber attacks on us that is trying to steal credit card information and things like that so it was a fact that I could run it through my process model.  I was making sure that I was doing it right because when I wrote about the test it seemed like I was writing a description of my model again.  I pretty much just plugged in the information from a potential attack and was able to talk about all key players as the threat processed through the system.  I all went pretty smoothly for me because I was able to follow the flow the entire time and it did not get bogged down.  All of the potential problems worked through and it is all logical that it would happen this way.  In my process model their is only so much that you and your unit support can do any way. DISA is pretty much all of the guidance once a clear threat and attack has been announced.  Your security section has to report what your model finds directly to DISA and they can only recommend any changes to DISA.  DISA will determine if any sites or access has to be changed on this.  Your security section ultimately acts on the guidance from DISA and that is how it works.  Pretty much I would say that my threat process model worked for this particular threat worked and it makes sense. I hope the class enjoys reading it on the forum this week.

Credible Sources

The source that I am going to evaluate is DISA.  This source is credible every day.  If there is a problem with the network that involves security then they will put out the necessary information in a flash.  Based on the information that is provided by them units know what shape the network is in and know if they have to shut down the network or not. This is a big deal because if there is an attack and no one reacts then there is potential for a big problem in dealing with security.  Security sections put a lot of faith in DISA every day so it is important for this source to remain credible.  I would say that all DOD agencies trust DISA with all of their security needs because they are the ones who set all of the IA doctrine for the entire DOD they should be capable of being trusted.  I think that since they made the changes to email for the better they could be onto something.  They ultimately seek security out so this should be considered a good source.

Chapter 5 case study

I will have to say that the chapter 5 HAL case study was the best case study that we have done so far.  I think that the information was presented in such a way that everyone could follow it and I for once really got into the story as I went along.  The way that they broke it up between the entire chapter really kept me in suspense as well.  I think the best thing is it told you the involvement of the key players as you went on.  Susan was the IR project manager and as it was discussed she would have to be in place until the project was completed or 20 hours on duty had elapsed.  The scenario seemed to be perfectly by the book as it went smoothly and was able to be solved with her still on duty. The thing that bothered me was there were no hiccups in the scenario.  You would have thought that there would have been more action that would have caused more interaction with more than just the key players that were presented.  I know that the author is just trying to make it easier to understand and get through the study, but I would have made it go a little bit longer so there were some additional details.  As I said though this has been the most interesting case study that we have read so far.  I look forward to the oncoming weeks.

System Analysis...I caught myself napping!!!!

Well last week we did a system analysis on the case study or a system that we were familiar with.  Being as familiar with DOD computer systems as I am, I decided to analyze a Brigade level system on down.  I laid out all the basic framework and I didn't even think to include such things like the routers and switches that are actually required to run the system.  I mean in real life they are there I just didn't think to include them.  I also forgot to mention how the systems are maintained and controlled and stuff like that.  The entire S6 or commo shop is in charge of maintaining all of the systems.  Even though they appear on the individual company property books they are still incharge of conducting inventories as well as system updates.  All of this information eventually came out in response to my peers questions, but if given the chance I will edit my diagram and it will be easier to understand.

Visio!!!!!!

Well since I have been afforded the opportunity to discuss Visio this week I think I will talk about how Microsoft needs to wakeup and smell the coffee.  They are totally screweing themselves because they have not been able to make this available for the MAC as of yet.  Office has been out for MAC for almost 5 years and I think that this is one of the programs that they need to concentrate making it available.  I am able to get my work done because I spent 200.00 on a MAC specific program that will open Visio files and also allow you to edit them and let you save them as that file type as well.  It also allows you to save the file as other types such a PDF and JPEG file.  This kind of helps out, but it stinks that I have to pay an extra cost for these features when I should be able to get Visio from MSDNAA.  I would pay the reduced fee that they charge for other programs, but this is just ridiculous.  It has all of the same features as well, but this is not the point.  All MAC users have the same problems with the same programs and you should not have to install a version of windows on your computer or be expected to buy another expensive program that is MAC only.  I would like to see Microsoft make Office Project and Visio available on the MAC within the next year.  I know the capability is out there of other vendors would not be copying Microsoft and stealing their money that they could be making.