Lifelong Learning Matrix Samuel Warren IS469 – Information Security Capstone Dan Morrill City University of Seattle June 7, 2012   Lifelong Learning Matrix Executive Summary Whether one plans to become a Chief Information Officer, an Information Security professional, or an Information Auditor, there is a strong likelihood there is a certification that will greatly enhance the hiring potential. Whether one wants to get a certification in ISACA’s Certified Information Systems Management or something else, understanding the benefits and potential drawbacks of not attaining the certification is vital. Introduction The need for ongoing education in any field is crucial for continued innovation. While it is necessary in all fields, the need for it in Information Security is more critical and is directly linked to how well the field of Information Security overall does at protecting its organizations. By creating a Learning Matrix, like the one described within, the security professional can create visibility into the required tasks in the short, medium, and long terms. According to the ISACA website, for example, the CISM certified professional: • Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives • Distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program • Puts you in an elite peer network • Is considered essential to ongoing education, career progression and value delivery to enterprises. (2012) While this will not be the sum total of all learning one should achieve in their lifetime, this certification, as well as CISSP certification, are two of the most highly demanded certifications by hiring managers in the Information Security realm. The Matrix The created matrix (attached) describes five columns of goals and three rows of time frames. The major goals were chosen based on personal preference. They consist of Certified Information Systems Security Professional (CISSP) certification, Certified Information Security Manager (CISM) certification, getting a job as an Information Security professional, becoming a Chief Information Officer (CIO), and Administration of the Learning Matrix. The intersection of each Column and Row contains the required tasks associated with the major goal. For example, in the “Near-Term” for CISSP certification, finding a job that works with a majority of the CISSP domains is a task. One of the requirements for CISSP certification is a minimum of five years of experience working in the domains provided on their site (International Information Systems Security Certification Consortium, 2012). That is just the starting requirement; there is also an examination that must be passed and fees to be paid to gain certification with this organization. Another example is found in the “Mid-Term” section of the “Administration” goal. In that cell, there are tasks to do a yearly look-back and create any additional goals to the matrix as necessary. The goal of the “Administration of the Matrix” column is to create a way to adjust the matrix and goals as needed to accommodate changes in certifications and goals of the matrix owner. Measuring Success The aforementioned “Administration of the Matrix” column is used as a way to create some buffered time to allow for reflection on how successful the creator of the Matrix has been in the major goals and tasks. It is extremely important to take time to evaluate growth, successes, and failures in the goals and tasks so one can have a keen understanding of where he/she is in the process of learning at said juncture. It is also crucial to keep the goals as static as possible to prevent making the goals impossible to reach. One should make the goals specific, measurable, and attainable so he/she can feel the accomplishment of completing major goals.   References International Information Systems Security Certifcation Consortium. (2012). Certified Information Systems Security Professional. Retrieved from ISC2.org: https://www.isc2.org/cissp/default.aspx ISACA. (2012). Certified Information Security Manager. Retrieved from ISACA.org: http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx

Virtualization is the Key Samuel Warren IS308 – Internet Technologies Lawrence Masters City University June 10, 2012   Virtualization is the Key Executive Summary Virtualization is the key to several problems. The problems inherent in technology change are many, not the least of which is what to do with outdated systems. Said systems may still be needed but are no longer supported by their original manufacturer. With that said, virtualization gives IT teams the capability to maintain the legacy systems without much overhead cost. However, like everything, there are problems that could pose a serious threat to virtualization becoming a must-have in every organization. Introduction With innovation being the lifeblood of technology, it is no wonder new advancements in technology are made and discovered every day. With a pace like that, one can rest assured there will be a number of potential failures and conversely a number of winners. Typically, the number of winners and losers in technology are skewed more in the “loser” category. Virtualization is a newer concept requiring a little abstract thinking, because it deals with the idea that you do not need to have a physical device to use to be operationally effective. Some basic questions regarding virtualization shall be answered herein. What is Virtualization? Virtualization is the idea that instead of having all the hardware of a given system, web servers for example, and uses software versions of the systems as the driving force for them. There are some advantages to this, the biggest of which is one can store multiple different systems on one set of hardware. Each virtual machine can interact independently with other devices, applications, data and users as though it were a separate physical resource. Different virtual machines can run different operating systems and multiple applications while sharing the resources of a single physical computer. And, because each virtual machine is isolated from other virtualized machines, if one crashes, it doesn’t affect the others. (McCabe, 2009) Virtualization may have started with web servers (McCabe, 2009); it has expanded to other networked devices, server application tiers, and desktop software. Arguably, virtualization is one of the fastest growing areas in technology in this decade. Why Use Virtual Machines? There are many reasons why one should consider virtualization. However, anyone interested in using virtualization must look into what benefits one could have for using virtualized systems. Virtual machines can be used to consolidate the workloads of several under-utilized servers to fewer machines, perhaps a single machine (server consolidation). Related benefits (perceived or real, but often cited by vendors) are savings on hardware, environmental costs, management, and administration of the server infrastructure. (Singh, 2004) Along with that reason, Singh highlights the needs of outdated software often can be generously fulfilled without any sort of system conflict by having on separate partitions of the same core system. He also highlights the potential for testing with Virtual machines. “Virtual machines can isolate what they run, so they provide fault and error containment. You can inject faults proactively into software to study its subsequent behavior” (Singh, 2004). Whether this, or the many other reasons, virtualization is a boon to those in the IT realm, because it provides ease of use and quick deletion in the event of problems. Why Not Use Virtual Machines? However you slice it, there are always negatives to any IT concept. With virtualization, all of the positives may serve to illustrate the holes in the traditional one machine for one system architecture. With the need for so many different systems at once, it may be tempting for system administrators to let virtual machines become a catchall for their woes. Using virtual machines does have some major drawbacks. One of the most problematic issues is what Pietroforte (2008) calls “Magnified physical failures.” He uses the example of multiple servers working on one physical system (Pietroforte, 2008). He goes on to describe the hypothetical scenario that the hardware supporting those servers fails. If that happens, then all the servers on that one physical device are potentially ruined. However, the answer to that is to plan well. Thus, if your virtual infrastructure is well planned, physical failures may be less problematic. However, this means that you have to invest in redundant hardware, which more or less eliminates one of the alleged advantages of server virtualization. (Pietroforte, 2008) Add to the potential hardware failure the increased need for hardware, because the virtual systems use so much more of the system hardware and you have a recipe for disaster. Technology fails frequently, that alone is enough of a reason to very carefully consider the choices made in relation to whether or not to virtualize. What IT managers must do is avoid giving into the popularity of any given technology and make sure to do a full analysis of pros, cons, and gaps associated with a technology set prior to choosing to implement. References McCabe, L. (2009, May 7). What is Virtualization, and Why Should you Care? Retrieved from Small Business Computing.com: http://www.smallbusinesscomputing.com/testdrive/article.php/3819231/What-is-Virtualization-and-Why-Should-You-Care.htm Pietroforte, M. (2008, July 3). Seven Disadvantages of Server Virtualization. Retrieved from 4Sysops: http://4sysops.com/archives/seven-disadvantages-of-server-virtualization/ Singh, A. (2004, January). An Introduction to Virtualization. Retrieved from Kernelthread.com: http://www.kernelthread.com/publications/virtualization/

Training as an Incentive

Training as an Incentive Samuel Warren IS469 - Information Security Capstone Dan Morrill City University June 6, 2012   Training as an Incentive Executive Summary In the busy environment of corporate America, there is a real need to understand and foster ongoing training. When employers approach employees about training, what attitude is displayed? If it is an attitude of fear, cynicism, or disgust, there may be an issue with how the employer treats training. By implementing some simple incentives and creating a safe environment, employers can radically change the atmosphere of their company. Introduction Without a doubt, the biggest need in any IT group is ongoing training. Depending on the field, the training could be extremely expensive, or low to no cost. However, the need is indelibly linked to the success of the individual employee and the organization at large. If one wants to have a successful company, one must invest in the people working in the company. With that said, there are some key ways to ensure investment makes an impact outlined herein. Incentives to Grow The old paradigm, “You can lead a horse to water, but you cannot make him drink” is a relevant saying with regards to employee growth. One of the major issues employers need to understand is the paycheck alone is often not enough for employees to be satisfied with their jobs. While some may get a certain level of satisfaction from their salary, others have a driving desire to grow and expand beyond what they do everyday. Employers need to recognize and do something about that. Depending on the company and the size of the budget, this can be as simple as giving a token gift, like an employee of the month award or an award for excellence. The key is to know what an incentive is for the employees. For example, if it is coffee then simply giving a gift card to the local coffee house may be just enough of an encouragement to create a desire to grow. Then simply set a goal of accomplishment anyone in your group can meet and challenge them to grow. This will enable them to utilize newly learned tools and techniques in the workplace. Employee Initiative While employers can create incentives, there are also those employees who simply will not attempt to grow. In those cases, the employer should focus their attention on coaching the employee to understand the need for growth. A stagnant employee leads to a deficiency of creative juices and a loss of daily positive productivity. Career management through proper training provides employees with vision, opportunities, increased individual creativity and a renewed sense of energy and purpose. (K Alliance) However, at some point, the employee needs to take some initiative. The employee should feel empowered to come to their manager and outline a plan of growth and suggest an incentive without feeling like they are unheard or unwanted. Employers need to understand they are here to serve the employees, not the other way around. That said, they need to be receptive to the more vocal employees and try to draw information out of the less vocal employees. Another way to further garner employee initiative is by mutual inclusion. This is the concept of taking the group of people who are constantly fighting change and including them first. If an employee has been a vocal opponent of previous projects, by including them early and actually using their feedback, the employer can create an overall attitude of innovation and growth. By harnessing the opponents, the employers are able to not only control any negative feedback or lack of growth, but also they are in fact enticing those vocal opponents into growing and sharing growth. Share the Praise, Shoulder the Blame Finally, all employers should have a basic level of understanding around team leadership dynamics. By that, a manager should be trained to understand the team is only as good as its weakest link. Then have the manager work with their weakest human link and focus their attention on growing that person. Then the managers need to create a safe environment to fail and learn. By taking all the blame and freely sharing the praise, the managers show the employees they are a part of the team and they can fail without fear of someone pointing them out specifically and making them the target of public ridicule.   References K Alliance. (n.d.). Training is the Bridge to Employee Growth, Work Force Maturity and Sustained Productivity. Retrieved from KAlliance Press Play for Success: http://www.kalliance.com/articles/training-is-the-bridge-to-employee-growth.htm