IT risk management

1.       Create a blog entry on your blog. Make some personal reflections on how the security virtue of higher focus relates to IT risk management.

2.       Part of the reason IT Risk Management is required is that the IT landscape is under regular change. Consider in your blog how the following technologies have changed corporate (and personal) practices over the last decade or so:

·         The Internet and the Web

·         Outsourcing IT services

·         USB devices

·         Wireless and Mobile communication

·         Virtualisation

·         Cloud Computing

The author of Inside the Security Mind makes the following statement about the eight rules of security: ‘Each security rule exists in a symbiotic relationship with the other rules’ (Day 2003, p. 71). Do you understand what Day means by this statement? Make a comment on your blog.

2. In chapter 4 of Inside the Security Mind, the author states (p. 51) that: “Security patches should always be installed unless the risk of applying the patch is higher than the risk of being compromised”. Patching is a problematic activity since patches and upgrades are meant to improve software, but they may also disrupt a running system if they are not properly tested and may have unintended consequences on the patched system, or a system dependent on the patched system. Based on this observation, how might you determine if the new patch is worth installing? How do you approach this issue at work? Can you develop a better approach? In your blog answer please consider the two (2) observations from independent researcher Eric Rescorla, where he observes that security vulnerabilities are probably not patched quickly and why.