The Introduction to Information Security Management course at ICL made clear to me how vital it is to ensure that digital assets are more secure than ever before in our ever-more threatening and hyper-connected digital world. I gained a basic knowledge of risk analysis, controls, and security policy as well as various compliance schemes around the world like ISO 27001, thanks to this course. It contributed to my understanding the importance of information security as a strategic tool in safeguarding data integrity, confidentiality, and availability on the organizational level.
One of the most crucial lessons gained in the course was the ability to detect the weaknesses, and assess the threats, and put in place preventative actions in order to mitigate the risks. These ideas were not only abstract, but they were practically applicable as well As an example, when I was working on the De Nature Glow, I implemented key security controls, including the HTTPS integration, secure coding, and basic access controls to enable me to protect user information and keep the site safe.
This practical exercise reinforced my knowledge on the fact that security should not be an add-on at the end of the development rather it should be incorporated into the process. It also emphasized on the use of culture creation on cybersecurity awareness among teams and organization.
In the future, I will focus on using these principles both in school and career. I will also raise the awareness of secure design practices, encourage regular risk assessments, and be able to support the constant awareness training within the team that I will be working on. I am also keen to pursue certificates like the CompTIA Security+ to build upon my knowledge and credentials further by obtaining more detailed information about security of systems, network security, and threat identification.
All in all, the course has been a solid basis of what I can expect of working in the IT field as it instilled the skills and mentality of thinking ahead of and about any changes in the field of cybersecurity that would need to be dealt with.