First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?
I tried to stick mostly to controls and assessments with random diversions. I think when we started I was looking for a way to quantify an assessment. I found many theories, but no Holy Grail. In conclusion, until we can grade a network on a simple scale that anyone can quickly understand, assessments are going to confuse most people. It would need to be a scale that normalizes the grade so size does not matter.
If I can say a network gets an A, B, C, or D … even non-technical person could understand.
Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?
I mostly used NIST publications and interesting articles I found in various locations.
As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.
I am not sure. I think of a blog as more of a scratch pad for me. I use it for random thoughts, just whatever hits me at the moment. I definitely have a hard time using it on a regular schedule. I do not think it would be much use to the next group unless they were interested in the same items that I was interested in.
No comments:
Post a Comment