This post is from a final discussion in my BIS 521 course at Central Michigan University (CMU). I’m nearing the completion of the MS in Information Systems, Cyber-security concentration program. I have submitted it for credit, but thought it was worth sharing on here as well.
In prior programs and in others courses a common component of finishing the class was to write a reflective paper about the course, what was learned, how new knowledge could be applied going forward, and even what we would do it differently if we were to start the course over. At first glance, the topic of governance, risk management, and compliance, might seem dry and not the most exciting. While this was true for me, quickly, I began to see the connection to the prior courses and degrees.
For prior courses in the program, a framework or a plan provides the foundation for an organization’s security. The framework provides a guide and roadmap to plan, design, and implement a security plan. From there it is easy to see that concepts and models that were learned in the project manage class would be used for implementation. For prior education, I hold an MS in Training and Development and Performance Improvement from Northern Michigan University (NMU). Performance improve is as it sounds. It entails the practical application of using frameworks and models to systematically improve individual and organizational performance. This may include a training or non-training solution. So, the implementation or improvement of a security plan would inevitably borrow from this field as well. It fits well with the project management material and this course.
One idea that was prevalent in many of my posts and the course paper was the idea that there is a variety of contributing factors that underly the technical controls. If patch updates are not completed or if there is no end user training that is developed or acquired, then it could be a people or organizational issue. This is where the performance improvement aspect would come into play and be relevant. The importance of firewalls and encryption cannot be understated, but neither can other organizational and performance factors. The performance of a security system is dependent on the people and the organization.
Also, I was glad to see a “plug” for Cybrary too. I have used it on and off for quite sometime now. It provides a nice supplement to the courses. The quality of the training can and does vary. Many of the modules are watch a video and take a few short quizzes. Hopefully, more interactive training will be available at the free level.
Salesforce, Security, and Technology 