etrinhsecurity.ca
Open in
urlscan Pro
20.48.202.160
Public Scan
URL:
https://etrinhsecurity.ca/
Submission: On June 23 via automatic, source certstream-suspicious — Scanned from CA
Submission: On June 23 via automatic, source certstream-suspicious — Scanned from CA
Form analysis
0 forms found in the DOMText Content
ERIC TRINH'S CYBER BLOG Send Email HI, I'M ERIC! Hello lovely people! Thank you for taking the time to stop by this website to view my works and projects. I am hoping that by showing my projects in Cybersecurity to interest potential employees with my skill set. Please enjoy your stay, and my work. All feed back is appreciated! BLOG POSTS WHO SHOULD HAVE THE FINAL SAY ON PRODUCT SECURITY DECISIONS, THE BUSINESS OR THE SECURITY DEPARTMENT? SECURITY DECISIONS, GOVERNANCE, RISK, AND COMPLIANCE. A popular debate, at least for me, is what the title suggests! To start with, lets talk about the "whos". When making decisions for security, the first who is normally the security team. In this case, it could be the NSOC team. A reason to start with them is because they are the backbone of the security operations, so they should have the final say; but as a whole there is more members of an organization to include. We have the CTO who would also want to implement certain security aspects that the NSOC team has not thought about. In addition to both NSOC and CTO, there are also the regular users as well who will be the ones that need to go through the changes that the security team makes. Theres another team does you would think wouldn't make sense, and thats actually the management team. A common thing is "Can we afford if X gets compromise?" or "If we are to implement this, how much would it cost?" Overall, its really difficult to see who is the one that should have the final say on product security decisions as every department would have a say in how it could affect them. From simple user level issues to "Theres an extra layer of authentication we have to go through now" to the finance department trying to justify if this product is worth it to improving security, if the fees cost more than what we could save. But thats just one man's rambling about security product decisions. Let me know what your opinions are to this by clicking that "Send Email" button at the top! ARE HUMANS REALLY THE WEAKEST LINK IN SECURITY? SOCIAL ENGINEERING, PHISHING, END USER TRAINING Now I know the first thing you probably don't think of is "Why did I receive an email from my boss asking me to click on this link to talk to him?" but in the real world, sometimes this instance happens and we fall for it. That my friends, is what we call a phishing attempt, which raises the question of "Are humans really the weakest link in security?". In order to answer that, we need to take a look at several factors. In the example from earlier, I gave the example of someone's boss emailing them to click on a link. If I didn't know any better, I'd click on the link as well because they are my boss, and generally if they need me to complete a task, I will do it. This raises the problem of social engineering. People can fall for these attempts if they aren't observant to spot it. The best way to rectify, or solve it, is to provide training for everyone to better spot these phishing attempts and recognize social engineering attempts via Outlook, or through phone. To answer the questions of "Are humans really the weakest link in security" the answer, to me, is yes. Humans can fall for the simplest things. However, the same can be true for technology as well. If something is not configured to detect properly, or if the technology itself isn't ready for certain obstacles, we have introduced new variables that could be taken advantage of. Other than another blog rambling, let me know what you think! I'm always ready to respond and hear back about my thoughts and discuss.