Security Controls For Effective Cyber Defense

Decent Essays

The research document “United Airlines May 2015 Data Breach: Suggested Near, Mid and Long-Term Mitigating Actions Using the 20 Critical Security Controls”, was written from the view of an external security consultant “Philip G. Rynn”, and published by the SANS Institute, which is an educational organization that has the largest collection of research documents regarding information security. The paper correctly examined the United Airlines breach in May 2015 and offered near, mid and long-term actions that should be executed by the United Airlines’ senior security staff to alleviate the effects of system breaches and lessen the probability of further occurrences. The nature of the United Airlines (UA) breach was related to specific but …show more content…

Also, he defined all the technical key terms that any reader could be confused with, especially with the Sakula malware. Furthermore, the author assumptions about how the attacks were related and had one common source were clearly explained and illustrated. The author 's language in the paper was very easy to follow and clear to understand even if the reader has no technical background. The author was fair when weighing different sides of assumptions, without being bias or ignoring the other undesirable side. The overall logic and organization of the paper were comprehensible and easy to perceive.
In my opinion, the paper made me agree with many significant aspects in connecting several data breaches that were recently happened, along with some strategy insights that could be deployed to strengthen and prevent similar incidents in the future. Starting with the introduction, the author was informative in convincing me on the important and the impact of information security not only in the public and privet sector of a country, but in general by enlightening me about cyber security, its different forms, and the reasons why attackers perform it. Then, the author goes further in clarifying the situation regarding the UA breach, even when there were some questions about the motive behind it since the compromised information is not on

Get Access