Weekly Recap #2

A bit late but this week was a bit tiring.

First, I learned how to cite sources correctly with APA. After reading more about citation online, I discovered there are many ways to do citation correctly. I found that APA is the most suitable for me after skimming through all the formats, as it best shows the details of referred materials (in Refrences list).

I also learned how to create Physical layouts with the Packet Tracer. Apparently sometimes simulating the logical layouts is not enough, we’d want to see how stuffs will work in real world. A physical simulation of a server room looks like this:

This is, of course, just an example of real world setup. I also learned how to configure connection to terminals in routers through RS 232 ports. For theories, I learned the OSI model & TCP/IP model – which was taught back in high school but a thing I have completely forgotten. In short, they are different models for the Internet – OSI for telecommunications and TCP/IP for the IT area.

For ISA, I learned the security design principles. Although we cannot protect everyhing, we can harden the systems by adopting the “Castle Approach”, which consists of using multiple layers of security controls to protect the systems. This doesn’t solve everything once and for all, but do increase the difficulty in breaching a system.

An example would be limiting one’s privilege in the systems, through Role-based access control. This will determine everyone’s ability to access information in the system, giving them access only when they are needed, and even then, they may not be given access to modifying the information.

To enforce security on companies, different compliances are drafted for the industry to adopt to. And there are laws punishing those who do not comply. Examples include the famous GDPR, PCI DSS and ISO/IEC27001. They outline what has to be done in order to protect information systems. It has to be noted however, complying with the laws and standards does not mean a system is perfectly secured.

In InfoSec lecture, I learned Risk Management. Risk is the chance a vulnerability will be exploited to cause damage to an information system. As not everything can be protected, we will need to assess the value of assets in order to determine which assets require top protection, Highly Confidential coming first, and Public coming last. When determining which risk need to be attended the most, Annual Loss Expectancy will be taken into account. We will also need to determine which method will be used to fix the risks when it happens. Through either Risk Avoidance, Risk Acceptance, Risk Mitigation, or Risk Transfer. Risk Acceptance is the least preferred one, because it does not solve anything.

In Python Programming, I also learned the different data types. So far the most confusing one is the difference between Sets, Dictionary, and lists. They are Arrays in Lua separated into 3 different entities. I particularly dislike this… Why can’t there be just one data type for an array?