NISM Reflection

As technology advances further, so do security issues. There is a correlation between cybercrimes and the growth of technology (Utica University, n.d.). New technologies mean new touchpoints for cybercriminals to take advantage of (Moore, 2019). The OWASP top ten list is always updated every year, which often introduces new vulnerabilities and threats. Let alone the time it takes for the knowledge of a new vulnerability discovered, it takes up to 205 days on average to fix the vulnerability (Greig, 2021). That means a system stays vulnerable for more than half a year. And if we think about OWASP’s top ten list, it listed vulnerabilities from data gathered from previous years (OWASP, n.d.), which also means some vulnerabilities stays hidden and untouched for years.

Although there is no way to completely secure the application from vulnerabilities, there are strategies that we can use to reduce the risk. For the past three months, I’m taking two modules at once: Secure Software Development (SSD) and Network and Information Security Management (NISM), and I think there are conjunctions between them that can reinforce one another. For example, from SSD I learned that we have to integrate security measurements into the software development lifecycle (SDLC). Whilst SSD taught me to study UML to find possible vulnerabilities, knowledge about Threat Modelling from NISM can also be used to prioritize the vulnerabilities we spot from UML analysis and testing.

Throughout the course, we were having a lot of team activities. Since we were distributing our tasks equally among team members, other than for the core works, I also contributed as secretary for the team for activities like scheduling, and initiate a meeting proposal if I think a discussion on Slack needed to be discussed via conference call, writing down notes, etc. For the core works, I gave my contributions by doing hands-on, giving ideas and reviewing others’ works.

It is important to always remember that we were a diverse team. I learned that at least I have to have understanding and openness to be able to get along with the team. We were coming from different cultures and different backgrounds. Having understanding helped me in keeping and managing my relationship with the team. While openness, and being proactive and honest, helped to keep the trust of team members towards me.

I would say 3 months probably is a short time. But I think I can still do some more exercise during my spare time about things learned from this course. I can also start bringing the knowledge and best practices at work. Even though I work as a Data team manager, skilling myself up is always worth it. The most important thing is the behaviour and trait of lifelong learning. New things will be discovered from time to time. NISM has taught me how to learn something that’s out of my everyday life – like work.

References

Greig, J., 2021. Average Time to Fix Critical Cybersecurity Vulnerabilities Is 205 Days: Report. [Online] Available at: https://www.zdnet.com/article/average-time-to-fix-critical-cybersecurity-vulnerabilities-is-205-days-report/ [Accessed 30 May 2022].

Moore, R., 2019. Expansion of Technology Will Increase Cyber Security Threats. [Online] Available at: https://www.plansponsor.com/expansion-technology-will-increase-cyber-security-threats/ [Accessed 30 May 2022].

OWASP, n.d. OWASP Top Ten. [Online] Available at: https://owasp.org/www-project-top-ten/ [Accessed 30 May 2022].

Utica University, n.d. Ten Ways Evolving Technology Affects Cybersecurity. [Online] Available at: https://programs.online.utica.edu/resources/article/ten-ways-evolving-technology-affects-cybersecurity [Accessed 30 May 2022].