Well, what to write about.  Besides my week from hell, hum.  I'll start with that.  My luck was shining through, starting last Friday.  Got off work a couple hours early and thought I was going to have a nice long relaxing weekend.  Huh.  The car overheated and broke down, luckily it was just a hose, then my laptop decided it didn't like me and died as I was finishing up my homework and getting ready to submit it.  Found out it is just dead.  Waiting to get my files off of it, if I can.  I did manage to get a new one, but gosh, what a decision to make.  There are so many systems out there anymore to choose from.  Try reading reviews and researching and it's not any less confusing.  My daughter tried to take me to the dark side and tried to convince me to by a MAC, but I was able to resist...this time.  Bahahaaha.  Ended up getting an HP Envy, which I'm a little concerned because it reported that I already a ton of things that needed to be cleaned off when I installed the virus protection, which was a whole other decision.
I have some type of protection offered through my local cable company, but you know the salesman, it's on sale, here, you gotta get it.  Last time I bought virus protection for my computer I bought Kaspersky and loved it.  This time they talked me into trying Webroot.  We'll see how I like that one, I guess.
The other big thing this week is all the hacking being done and all the celebrity photos being leaked that are stored on the cloud.  I find this interesting because I wondered how long it would take for someone to hack into a cloud provider.  The cloud was being presented as being more secure and reliable and it hasn't taken hackers long at all to figure out how to get in.  So, do the pics belong to the celebrities who are in the pics or into the cloud service and who is going to attempt to pursue these hackers?  I guess first of all, you should really think about what you store in the cloud until it is proven to be a little more secure, and second, you would think they would have learned by now, there is no way in this day and age that you can say or do anything or take a pic that you don't want released for public consumption.  It is just far too easy for people to get their hands on things whether you think they are secure or not.

September 14, 2014

Gosh, what to address this week.  It's kind of been a busy week, so not much time to do any extra reading besides what has been required for class.  Our reading and assignments had to do with Threat Modeling and tools that can be used to perform threat modeling.  It was very interesting to read about the different tools available.  It seems like they all have some step that incorporate STRIDE.  To me, that shows how beneficial STRIDE is to the security community.

This week I did hear that the Home Depot breach may be even bigger than the Target breach last winter.  I have not had time to dig into this incident very much, but found it entertaining when I heard on my local news the other night that Home Depot will not force it's customers to pay for any unauthorized charges to their account.  I found that laughable as I thought that was the standard with credit cards.  Plus, when the organization itself is the one that has the breech, that seems like a no-brainer.

Credible Sources

This week we are told that one of the first steps in our threat modeling process should be to identify credible sources of information for threats, vulnerabilities, updates, and security news in general. In our blog post this week, we are told to include a list of sources we consider to be credible and why we consider them to be credible.

1.  One of my favorite sites, and one I subscribe to and get regular updates from, is techtarget.com, also has SearchSecurity.  I have utilized techtarget.com over and over for various information.  They also have SearchSecurity which contains information on a multitude of topics regarding IT security, Access Management, Governance and more.  I have always found techtarget and SearchSecurity to be reliable and current on all their information and consider them a very credible source.

2.  Another newsletter that I get that I consider a credible source is IT News Daily.  They discuss everything; issues with Android, MAC; they also discuss patches and other news in the IT world.  I have found them to be up to date and credible.  They are a good source of both news of what is going on in the IT world as well as information on current issues out there.

3.  I also find CNet a reliable source.  They are another source that is a wealth of information, including information security issues.  They have always proved to be dependable and timely.