IT Risk Management

--Originally published at TC2027 – Titel der Website

IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:

The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise or organization

IT risk management can be considered a component of a wider enterprise risk managementsystem.^[1]

The establishment, maintenance and continuous update of an Information security management system (ISMS) provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.^[2]

Different methodologies have been proposed to manage IT risks, each of them divided into processes and steps.^[3]

According to the Risk IT framework,^[1] this encompasses not only the negative impact of operations and service delivery which can bring destruction or reduction of the value of the organization, but also the benefit enabling risk associated to missing opportunities to use technology to enable or enhance business or the IT project management for aspects like overspending or late delivery with adverse business impact.^{[clarification needed incomprehensible sentence]}

Because risk is strictly tied to uncertainty, decision theory should be applied to manage risk as a science, i.e. rationally making choices under uncertainty.

Generally speaking, risk is the product of likelihood times impact (Risk = Likelihood * Impact).^[4]

The measure of an IT risk can be determined as a product of threat, vulnerability and asset values:^[5]

$Risk=Threat*Vulnerability*Asset$

A more current Risk management framework for IT Risk would be the TIK framework:

$Risk=((Vulnerability*Threat)/CounterMeasure)*AssetValueatRisk$ ^[6]

https://en.wikipedia.org/wiki/IT_risk_management

This is my last Blog post for this course. So i just decided to make it super easy for myself

The information from WIKI gives a super good overview about the topic.

Greetings from a German

Certifications in Computings Security

--Originally published at TC2027 – Titel der Website

Certification is a process by which the detailed requirements are presented.
Certification is a sub-process of conformity assessment. Certifications are issued on a temporary basis by independent certification bodies such as: For example, in Germany DQS, TÜV or DEKRA awarded and the standards independently or proprietary controlled.

Request areas for Certifications:

Products and services and their respective manufacturing processes including trade
relations
people
systems
Companies

Few types of certification:

Proof of educational standards or specially developed specialist standards for personal certifications. The standard for certification bodies that certify persons is regulated in EN ISO / IEC 17024 („Conformity assessment – General requirements for bodies that certify persons“), which is also available as a DIN standard.
Proof of educational standards in the recognition of training institutes, such as those carried out by professional associations (non-university education is sometimes referred to as „certified“ training institutes and partly „accredited“ training institutes, which are also authorized to carry out personal certifications or parts thereof).
Internationally recognized proof of personal competence, eg as PMP (Project Management Professional) by the PMI (Project Management Institute) IPMA Certificates Level D-A for Project Managers.
Certification of a management system (for example, according to ISO 9001, ISO 14001). According to the International Organization for Standardization (ISO), more than 1 million certificates based on the ISO 9001 standard and about 223 149 certificates based on ISO 14001 were issued internationally in more than 150 countries by the end of 2009. [1]
Certification of products or services. Certification bodies operating certification systems for products or services are EN ISO / IEC 17065 (formerly EN 45011 or ISO / IEC Guide 65).

Found this informations in WIKI.

Information security

--Originally published at TC2027 – Titel der Website

Information security refers to the characteristics of information processing and storage (technical or non-technical) systems that meet the confidentiality, availability and integrity protection goals.

Security meets threats, avoiding economic damage and minimizing risks.

In practice, information security is based on IT security management under the international ISO / IEC 27000 series. In German-speaking countries, a procedure based on IT-Grundschutz is widespread.

In the area of evaluation and certification of IT products and systems, the standard ISO / IEC 15408 (Common Criteria) is frequently used.

Why should we study computing security?

--Originally published at TC2027 – Titel der Website

It has many reasons why we should study computing security!

The IT gets super fast more importans at it also gets bigger and bigger. Programming is the future for a lot of companies. Datas of the normal human being is a new currency. So computing security is not just important for the important things. It is also important for the little information which we have in the internet. Malware and hacker is the keyword why everybody should now more about security in computing.

Nowadays everybody is a potential victim of those two keywords. And to make sure, that you scale down the risk of being a victim it is more than necessary to know more about security in the internet.

Until now, i just learned so much from Ken. I am not one of those IT experts. But even super simple things which i learned just give me a better feeling when i am surfing in the internet.

Formatting of a Windows Computer

--Originally published at TC2027 – Titel der Website

Thats a blog post for two courses of Ken. TC1017 & TC 2027.

The reason why i took this topic is first of all, that Ken talked a lot in this semester about reason why we should Format a computer. Reasons are, that a student clicks a lot of times not serious links or just download a lot of trash to the computer. The result is most of the time a super slow computer. A computer which worked 1000 times slower than the first day of using.

An other reason is a personal reason. I guess i am one of the students, which did a lot of mistakes with clicking links and download trash. So why i post this is, i just Format one time in my life a computer by my own. I just want to do that again. To learn how it works and to rescue my lovely Surface 4

To the operative work:

It is super easy to format a Windows computer nowadays.

The first step is to safe all your Datas, which you not want to lose. But important is, to realize that maybe movies, music or other stuff from strange websites could be the reason why a computer is not running like it should. So think twice if you also want to safe all the trash!

The reason for the first step is, that the computer will be empty after the process for Formatting.

Now the steps

Simultaneously press the [Windows] and [R] keys to open the Run command.
Enter „diskmgmt.msc“ here and confirm with „OK“. Subsequently, the disk management opens.
Select the desired hard disk from the list and click on it with the right mouse button.
Select the option „Format“ and confirm the process via the „OK“ button.
Then the hard

Continue reading "Formatting of a Windows Computer" →

Operating System Security (OS Security)

--Originally published at TC2027 – Titel der Website

What is a Operating System Security?

The Definition of a OS is the process of ensuring OS integrity, confidentiality and availability. It uses special provisions to protect the system against threats, viruses, worms malware etc.

OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised.

Techopedia explains Operating System Security (OS Security)

OS security encompasses many different techniques and methods which ensure safety from threats and attacks. OS security allows different applications and programs to perform required tasks and stop unauthorized interference.

OS security may be approached in many ways, including adherence to the following:

Performing regular OS patch updates

Installing updated antivirus engines and software

Scrutinizing all incoming and outgoing network traffic through a firewall

Creating secure accounts with required privileges only (i.e., user management)

Security on the Web

--Originally published at TC2027 – Titel der Website

I found a german article in the internet about Web-Security. The article was posted from the website http://www.computerbetrug.de.

Here the most important topics about this article.

Nowadays web-security is more important than ever. Every internet user can be in a super short term a victim of internet criminals.

This dangers are waiting for victims:

Trojans, spyware, scareware, phishing – these are real threats to your money, your data and your integrity. When you’re on the Internet, you do not have to know every technical term. But you have to know what dangers lurk where and how to protect yourself from them. We have summarized the currently biggest dangers for you here.

A recommendation is also to protect your reputation in the internet. the talk is about blogs, forums and wikipedia. Nowadays anyone can publish virtually anything on the internet. So it is always important to think twice about the stuff you may post. Otherwise you can be victim of Cyber-Mobbing.

Anyone surfing the internet in Germany or running their own website has to follow hundreds of laws and regulations – and must count on a false step or a wrong decision with warnings, fines or even criminal consequences.

You do not have to be an IT professional to be reasonably safe from data thieves, scammers and rip-offs moving through the Internet. It is important that they protect themselves against the greatest risks and protect themselves where necessary.

Network & Wireless Security

--Originally published at TC2027 – Titel der Website

What is Network Security?

Network security is not a single established term, but includes all measures for planning, execution and monitoring of security in networks. These measures are by no means only of a technical nature, but also relate to the organization the operation (how can I apply network security in practice, without interrupting the operation at the same time?) and finally the law (which measures may be used?).

Wireless Security

The right wireless encryption for your router

WLAN name – SSID: This abbreviation stands for „Service Set Identifier“ and means the name of your WLAN. By default, this is usually the name of the DSL wireless router, such as Fritzbox 7270th These and all the following settings can be seen in the configuration interface of the router, which you can reach through your browser. The matching address is in the manual. Often it is something like this: 192.168.0.1, 192.168.178.1, fritz.box or speedport.ip.

https://www.pcwelt.de/tipps/Die_richtige_WLAN-Verschluesselung_fuer_Ihren_Router-WLAN-Einstellungen-7567027.html

A recommendation is to assign a new, neutral name for the SSID. But don´t use the option to hide the name. It may happen, that hardware like Computer and Tablets cant connect with your WLAN

Encryption Standards – WEP, WPA, WPA2: The oldest standard has the abbreviation WEP (Wired Equivalent Privacy). Due to systemic vulnerabilities, the process is considered uncertain. The key to this encryption can be cracked in minutes. If your router or WLAN card in the PC only offers this standard, you should think about buying a new one. WPA (Wi-Fi Protected Access) is an evolution of the older WEP standard, but provides additional protection. But he has not yet built the better encryption with AES (Advanced Encryption Standard). This is only possible with the current standard WPA2.

WPA2 is

Continue reading →

Security Policies

--Originally published at TC2027 – Titel der Website

A security policy describes the aspired security claim of an institution for example company or association. The word safety means normally information security. The focus today is in the field of electronic data processing and the associated security requirements. This is based on the assumption or fact that information represents a value or their protection is required by law or regulation.

In the context of information security, the meaning and purpose of a security policy can be comprehensively described with the provision of confidentiality, integrity, availability and authenticity of the information. The security policy is passed by the management of a institution and is adopted and exemplified by the management. It must be noted, understood and followed by all members of the institution.

A security policy defines the information security goals chosen by the institution as well as the information security strategy pursued.

The most essential contents are:

Importance of information security and importance of IT for task goal
Naming the security objectives and describing the security strategy
Description of the organizational structure
Assurance that the security policy is enforced by the management and that violations are sanctioned wherever possible
Statements on the periodic review of security measures
Responsibilities in the information security process

Security Policies

--Originally published at TC2027 – Titel der Website

A security policy defines the information security goals chosen by the institution as well as the information security strategy pursued.

The most essential contents are:

Importance of information security and importance of IT for task goal
Naming the security objectives and describing the security strategy
Description of the organizational structure
Assurance that the security policy is enforced by the management and that violations are sanctioned wherever possible
Statements on the periodic review of security measures
Responsibilities in the information security process