Master's Degree in Information Systems Security

Introduction:

Myself Sai Shanthan, I'm currently pursuing master's degree in Information systems security. I have 5 years of experience working in various areas in the IT sector. Currently I'm working as a Guidewire Developer at an Insurance Company located in Dallas, TX. Using the concepts learned from this course and the knowledge gained has been incorporated into my project for better results in securing the application.

Practical Approach:

From this course I have gained knowledge on Access Control at various levels likely from organizational infrastructure security to securing software applications by limiting the access to data information.

My work involves working in windows platforms with Guidewire tool an Insurance suite for the agents to generate an insurance policy based on customer preferences. The Resultant Set of Policy (RSOP) for the external associates working in the project restricting the users having required privileges in different areas of work without effecting the daily work activities. Based on our organization architecture, to call an operation a handshake needs to happen between different integration layers.

Get quality help now

Bella Hamilton

Verified writer

Proficient in: Information Systems

5 (234)

“ Very organized ,I enjoyed and Loved every bit of our professional interaction ”

+84 relevant experts are online

Hire writer

To secure that handshake interaction I have learned and implemented the encryption keys which will have encrypted key password of the destination layer should be incorporated in the source layer for the secure connection to establish. Encrypt the password key by specific encryption algorithm. We maintain a individual security group in each layer and work on the functionality of nesting.

Based on the concepts learned, I have provided a proof of concept which involves several aspects likely, on Group policy configuring more security features in the windows workstation provided by the organization.

I've learned and enhanced the existing system of file permissions from area project based to employee role based in the organization. Server based backups on scheduled basis where the configuration, metadata and resource files on the server based virtual machines are backed up and stored to a location on the network drive. In the event of any change to the machines the data can be restored after essential tests are done on the backup files if it the restore operation would result in performance issues on the drives. The machines in the project are mostly virtual based and utilize VMware product. Build test case plan to test the efficient functioning of the recovery procedures and the improve the plan based on the findings resulted. Implement a password change policy for every month on the local workstation and every 3 months periodically on the virtual machines would result in a better password policy. Change privileges on certain programs and restricting certain installation of programs and services on the category basis would protect the workstation from the vulnerabilities of a disaster.

We follow SAFE Agile methodology of development cycle. The aspect which I learned in from this course and I have been implementing is for every code change irrespective of the quantity of the functionality change there should be a test case scenario in every aspect of the effect caused. Which helps in reaching the specification at most high standard and quality results in a better quality of code. We have been adopting a process of continuous software development and deployment using DevOps. Working in such an environment improvement in securing the code should be ideally more than the regular basis of application testing because security should also be continuous in such an environment. With the concepts learned I will be involving more in the aspect of managing the software supply chain and checking the ensuring the security of the common components and frameworks like automated testing which triggers, an incident and the incident management flow should be part of taking care of that which eventually be documented based on the cause either be it hardware or software. There should be an implementation automated scan for vulnerabilities, likely static scans and dynamic scans in the work development environment.

Conclusion:

Significant parts of the course had been executed in my flow venture which I have not recognized in my job This brought about me distinguishing in what territories can I myself fuse these prescribed procedures. Along these lines, the security and nature of work can be improved giving an ideal outcome. however, this course gave an angle to investigate on the Access Control methods in various work regions outside of mine and furthermore I have increased Informative down to earth learning.