Weeks 3-4: I may not have the experience of security, but I do have the security of experience

Admittedly, I still had to read up again about last week's topics from the INFOSEC Moodle page. Okay, so my memory is bad. On the plus side though, of the 26 pages that chapter two has, I'm already at page 12. Heh heh. I'm gonna stop right here though since I still have this learning log to write. Without any more stalling, let's see what I learned these past two weeks...

I find it really amazing that the world of security really gets complicated, especially in the corporate world. I remember that discussion about the structure of privileges in a given system (a simple information filing system for example). These were the Biba and Clark and the other models. Honestly, I haven't even thought of that type of controlling a person's privileges. It seems that security is a lot more nuanced than I that it would be. Honestly, whenever I see the word "security", I (almost) always make it relative to my course - which is of course all about computers. Who would've thought that security would go beyond a simple "firewall"? I guess I have a lot to learn. For instance, password policies are something that I thought that people don't really use anymore with the mindset that everything has been entrusted to super high-tech computer related stuff. After what I've read in this chapter though, I can clearly see that the security is layered.

Going to the research paper I have to say that it's progressing rather well. I've had about 16 research papers now as reference. True, almost all of these papers were locked behind paywalls, but who could really resist the power of SciHub? With a bit of luck, I'm sure that roughly 2/3 of the paper should be done by the end of this coming week.

Phew, it's already 11PM. I guess it's time to wrap up this post. Until next time dear reader!!! Let's pray for a more engaging literary result next time yes?

Weeks 1-2: Maybe we can Just Kill Management?

Pretty curious title eh? Well, it won't probably be so strange if: a) You are a person working in a company as an IT employed, or b) you're a student (or at the least, was a student) in a class like Information Systems and Security. I mean, how hard do real-life financial management company sectors have to be argued with before they give in and invest in security measures before the unthinkable happens? Really, escapsim coupled with greed can really turn heads faster and in more degrees than Emily Rose's.

I'm getting ahead of myself aren't I? Since I haven't had the time (nor the motivation) to create an introductory post, let me fill you in on what INFOSEC is really about.

Per syllabus, this is what INFOSEC is: This course primarily discusses the various domains of security such as physical security, operational security, network security, host security, application security etc. I just have to tell you, I had to type all that, since the PDF in Moodle doesn't support copy-pasting for some reason. Putting it from my perspective though, INFOSEC is more of exploring concepts of various types of security, answering more of why's rather than the more practical how's. Kinda like data structures as compared to CSPROJ, or something like that.

Getting down to these weeks' highlights, we had an activity in which we were to solve a case study about a grocery store facing about P60,000 in lost merchandise. It didn't help that the store employs an honesty system. It was also explicitly stated that management can no longer allocate budget. Now, we were told not to overthink, but telling me not to overthink is like telling someone not to think of a red elephant eating a watermelon while riding a unicycle. Cutting to the chase, we made a solution changing only policies and not involving any more costs, though judging from the prof's reaction, it wasn't really satisfactory. Look's like from now on, I'll have to think more of a person really defending a cause that's good for the company. It's already 11:04, so, ciao!