Designing and Executing Information Security Strategies

Coursera – Designing and Executing Information Security Strategies (University of Washington)
WEBRip | English | MP4 | 960 x 540 | AVC ~59.1 kbps | 29.970 fps
AAC | 128 Kbps | 44.1 KHz | 2 channels | 10:05:53 | 960 MB
Genre: eLearning Video / Information Technology, Computer Science, Security

Many of you will be aware of the Massive Open Online Course (MOOC) platform Coursera and the great content they offer. Among many other interesting online courses they occasionally run courses relevant to Information Security and while not all of them are worthwhile i’d like to highlight one in particular.

The ‘Designing and Executing Information Security Strategies’ course led by Mike Simon (University of Washington) provides a great no nonsense, non technical glimpse into the real world of Information Security practitioners. It does not get hung up on theoretical issues but focuses on real challenges and scenarios from Mike’s experience in the field. Obviously it is not ‘Zero to Hero’ Information Security professional course but it is a good introduction particularly to those who are not overly familiar with Information Security and like to know what all the fuss is about.
Financial Services ASP, provides credit clearance software services for 20 large banks worldwide
We provide the platform and the software, their (the banks) people operate the system
Our DBAs have access to the banks databases for support reasons
Network security, database security, application security are all ours
All of our customers audit us, using whatever standard they see fit ISO 27002, BS 7799, SS 627799, etc

Information in the database includes
Date of birth
Financial details (income, savings, net worth)
Credit Card info
They want to know that every person with access to the data meets certain criteria
Background checked
Qualified for the work
Authorized specifically for access to their data

They want to know that there is distinct separation of duties for adding authenticated access to the database
They want to know exactly how network (not authenticated) access to web servers, application servers and database servers is protected
They want to know who has access to what, and they want to audit these accesses.

(Buy premium account for maximum speed and resuming ability)