Security Policies and Standards – Best Practices – VLT2

I was warned going into this that every degree program has at least one class that you just have to suck it up and power through. VLT2 was it for me, so fair warning, some of this may be less “advice for you” and more “cathartic venting for me”. I found neither of the course tips particularly helpful, and most of the feedback I found about this course centered around it being particularly awful, without a lot of constructive help as to how to succeed in it. On the plus side, a couple of the tasks included straightforward templates. Also, the same supporting document is used throughout, which saves a great deal of time comprehending multiple disparate hypotheticals. This is also the first class where I did fire and forget submissions, with at one point having three tasks awaiting feedback simultaneously. I continued with this strategy in all further courses, and highly advise its use.

Page counts are for reference only, should not be considered a guide, and exclude the title and reference pages.

Task 1: I first created an excel spreadsheet to build threat tables for each of the environments. I then went through the table for each section and created individual subsections for each threat to support my likelihood assessments and discuss countermeasures. It seemed straightforward, and I figured I would just cruise through it. I was mistaken. This task seems to have some very specific criteria which are stated absolutely nowhere I could find. My first submission came back with “Not Evident” in every single section of the rubric. If this happens to you, don’t panic. What had happened was that I had failed to have entries for specific threat categories, and because those were considered incomplete, literally nothing else was evaluated. I never did find where these threat categories were ever listed other than in this feedback, but once I had them, I simply adjusted my threats and their subsections appropriately, and figured I was done. I was again mistaken. And while two out of three threat sections were passing this time, again nothing else was evaluated. For my third attempt, I renamed the threats which the evaluators had flagged in the one section to names I thought might be more recognizable. No other changes were made, and I passed on that attempt. In retrospect, I think I could have spared myself some grief by including references for my threats so that the onus of credibility was not entirely on me and my descriptions. No sources used, eleven pages.

Task 2: This one was relatively straightforward, and I used the rubric to build the paper using Word’s APA style paper template, matching section headings to rubric criteria. As mentioned, the supporting document was the same as for the first task, so I was already familiar with it. I found the objectives were clear and easy to write to. I consider this by far the least onerous task in this class. No sources used, five pages.

Task 3: This was the first template based task, and while I appreciate the effort that went into creating it, I personally found it difficult to shoehorn my thoughts into their tables. I accept that may just be my own personal preferences revealing themselves, though. I nonetheless have two further grievances with it which I believe are more valid. First, it asks a completely superfluous question, so don’t second guess yourself if you find yourself giving the same answer throughout the task. Second, the remaining questions are so narrowly constrained as to almost mandate strictly formulaic answers. That said, I passed by simply sticking to that formula, and such exercises do have validity in that they prepare you for the similar experiences during audits and the like. Still, I don’t think “object lesson in bureaucratic tedium” was necessarily the lesson they were going for. Sources used, six pages.

Task 4: The first portion was remarkably similar to the previous task, with my opinion on the matter unchanged. Again, don’t second guess yourself if you fill in one of the blanks the same way throughout. With regard to the second portion, I found it easier to use a spreadsheet rather than write out answers longhand. Sources used, six pages and a five by ten spreadsheet.

Leave a Reply

Your email address will not be published. Required fields are marked *