etrinhsecurity.ca Open in urlscan Pro
20.48.202.160  Public Scan

URL: https://etrinhsecurity.ca/
Submission: On June 23 via automatic, source certstream-suspicious — Scanned from CA

Form analysis 0 forms found in the DOM

Text Content

ERIC TRINH'S CYBER BLOG

Send Email


HI, I'M ERIC!

Hello lovely people! Thank you for taking the time to stop by this website to
view my works and projects. I am hoping that by showing my projects in
Cybersecurity to interest potential employees with my skill set. Please enjoy
your stay, and my work. All feed back is appreciated!




BLOG POSTS


WHO SHOULD HAVE THE FINAL SAY ON PRODUCT SECURITY DECISIONS, THE BUSINESS OR THE
SECURITY DEPARTMENT?

SECURITY DECISIONS, GOVERNANCE, RISK, AND COMPLIANCE.

A popular debate, at least for me, is what the title suggests! To start with,
lets talk about the "whos". When making decisions for security, the first who is
normally the security team. In this case, it could be the NSOC team. A reason to
start with them is because they are the backbone of the security operations, so
they should have the final say; but as a whole there is more members of an
organization to include. We have the CTO who would also want to implement
certain security aspects that the NSOC team has not thought about. In addition
to both NSOC and CTO, there are also the regular users as well who will be the
ones that need to go through the changes that the security team makes. Theres
another team does you would think wouldn't make sense, and thats actually the
management team. A common thing is "Can we afford if X gets compromise?" or "If
we are to implement this, how much would it cost?" Overall, its really difficult
to see who is the one that should have the final say on product security
decisions as every department would have a say in how it could affect them. From
simple user level issues to "Theres an extra layer of authentication we have to
go through now" to the finance department trying to justify if this product is
worth it to improving security, if the fees cost more than what we could save.
But thats just one man's rambling about security product decisions. Let me know
what your opinions are to this by clicking that "Send Email" button at the top!


ARE HUMANS REALLY THE WEAKEST LINK IN SECURITY?

SOCIAL ENGINEERING, PHISHING, END USER TRAINING

Now I know the first thing you probably don't think of is "Why did I receive an
email from my boss asking me to click on this link to talk to him?" but in the
real world, sometimes this instance happens and we fall for it. That my friends,
is what we call a phishing attempt, which raises the question of "Are humans
really the weakest link in security?". In order to answer that, we need to take
a look at several factors. In the example from earlier, I gave the example of
someone's boss emailing them to click on a link. If I didn't know any better,
I'd click on the link as well because they are my boss, and generally if they
need me to complete a task, I will do it. This raises the problem of social
engineering. People can fall for these attempts if they aren't observant to spot
it. The best way to rectify, or solve it, is to provide training for everyone to
better spot these phishing attempts and recognize social engineering attempts
via Outlook, or through phone. To answer the questions of "Are humans really the
weakest link in security" the answer, to me, is yes. Humans can fall for the
simplest things. However, the same can be true for technology as well. If
something is not configured to detect properly, or if the technology itself
isn't ready for certain obstacles, we have introduced new variables that could
be taken advantage of. Other than another blog rambling, let me know what you
think! I'm always ready to respond and hear back about my thoughts and discuss.