Blog Summary

A major newsworthy topic and central to my blog content was the ongoing debate surrounding the National Security Agency and the security breach resulting from leak of classified documents to a U.S. news agency by a contract employee, Edward Snowden. A retrospective analysis of my blog content and the sources used reveal a progression of topics dealing with various security issues from outsourcing security personnel and its associated risks to lack of adequate security processes creating vulnerability and ultimately a threat to the NSA. Numerous sources were used during the course of the blogging exercise consisting of the course text, The Huffington Post, Bloomberg News, Daily Finance, ABC news, and Tech Target.

The initial posting served as an introduction to readers on the purpose of the blog followed by the introduction of the NSA topic where scrutiny of the NSA’s hiring practices along with privacy versus security debate highlighted. Understanding threats became an important topic and the need to mitigate risks through proper development of a SecSDLC was discussed as an important priority for the NSA. The drive to outsource IT functions and the pros and cons of this IT strategy in dealing with highly classified information was debated with questions to the need for policies, training and education and whether these things could have prevented the security breach. A close monitoring of the NSA’s response to the security breach continued followed by a suggestion to use the SSE-CMM mature security model as a framework to protect the agency from threats. It was learned that the NSA would employ the two man rule as a measure to prevent highly classified information from walking out the door.  The initial July posting focused on the documented evidence to support implementation and management of basic security measures as critical to decreasing security vulnerability. This information tied in with the NSA’s lack of attention to securing data from internal threats that created the security breach and their administrative oversight solution to prevent future breaches. Week 7 focused on the anti-leak control measures the NSA implemented that included a physical security layer, encryption,  among others previously highlighted as basic security measures necessary to build a solid control management program. U.S. citizen’s privacy and the need for laws to protect overreach by organizations such as the NSA were discussed as was the easy access to one’s personal data through legal means with a question about the privacy and security of information in general. The final security blog posting tied in with the course human resource recruiting topic by delving into the hiring practices of the NSA and IT personnel working for organizations such as Booz Allen Hamilton (BAH), a subcontractor to the NSA and former employer of Edward Snowden. There seemed to be a stark contrast on the vetting process at both organizations with the NSA taking up to a year to process a new hire unlike the BAH employee reporting his hiring process took a total of a week.

In all honesty, when first learning that a weekly blog entry was a course requirement, I was less than enthusiastic but found that thinking through a topic of importance related to my coursework was stimulating and thought provoking. In retrospect, my blog entries became lengthier as the weeks progressed showing a growth in IT security knowledge. This was a bit of an epiphany. A suggestion for future classes would be to incorporate comment requirements to blog entries by classmates, maybe in lieu of a discussion post response requirement.  I believe following a topic of interest where a broad source of security measures can be addressed makes for good blogging!

 

Chronology of topics

·       Week 1—Blog introduction

·       Week 2—Contractor Vetting process and feedback on what the NSA should have done differently to maintain adequate security

·       Week 3—NSA SecSDLC was inadequate

·       Week 4—Outsourcing positions as a measure to prevent security breaches

·       Week 5—Need for use of the SSE-CMM mature security model as a framework

·       Week 6—Breakdown in utilization of basic security measures cause breaches

·       Week 7-- Anti-leak control measures, a step in the right direction for a control management policy

·       Week 8—Heightened awareness of U.S. securities agency practices in targeting citizen’s internet activity.

·       Week 9—Stringent NSA hiring practices versus Booz Hamilton Allen, subcontractor practices