Coursera - Designing and Executing Information Security Strategies
University of Washington with Dr Mike Simon
WEBRip | English | MP4 | 960 x 540 | AVC ~59.1 kbps | 29.970 fps
AAC | 128 Kbps | 44.1 KHz | 2 channels | 10:05:53 | 960 MB
Genre: eLearning Video / Information Technology, Computer Science, Security
This course provides you with opportunities to integrate and apply your information security knowledge. Following the case-study approach, you will be introduced to current, real-world cases developed and presented by the practitioner community. You will design and execute information assurance strategies to solve these cases.
Many of you will be aware of the Massive Open Online Course (MOOC) platform Coursera and the great content they offer. Among many other interesting online courses they occasionally run courses relevant to Information Security and while not all of them are worthwhile i’d like to highlight one in particular.
The ‘Designing and Executing Information Security Strategies’ course led by Mike Simon (University of Washington) provides a great no nonsense, non technical glimpse into the real world of Information Security practitioners. It does not get hung up on theoretical issues but focuses on real challenges and scenarios from Mike’s experience in the field. Obviously it is not ‘Zero to Hero’ Information Security professional course but it is a good introduction particularly to those who are not overly familiar with Information Security and like to know what all the fuss is about.
Financial Services ASP, provides credit clearance software services for 20 large banks worldwide
We provide the platform and the software, their (the banks) people operate the system
Our DBAs have access to the banks databases for support reasons
Network security, database security, application security are all ours
All of our customers audit us, using whatever standard they see fit ISO 27002, BS 7799, SS 627799, etc
What’s important to our customers
Information in the database includes
Date of birth
Financial details (income, savings, net worth)
Credit Card info
They want to know that every person with access to the data meets certain criteria
Qualified for the work
Authorized specifically for access to their data
Important, Part 2
They want to know that there is distinct separation of duties for adding authenticated access to the database
They want to know exactly how network (not authenticated) access to web servers, application servers and database servers is protected
They want to know who has access to what, and they want to audit these accesses.