UNIT I INTRODUCTION Growing IT Security Importance and New Career Opportunities – Becoming an Information Security Specialist – Conceptualizing Information Security – Information Security Principles of Success.
Objectives Recognize the growing importance of information security specialists Develop a strategy in the career in information security Comprehend information security in the context of the mission of a business
Introduction To protect computers, networks, and the information they store, organizations are increasingly turning to information security specialists An information security specialist is more than a technician who prevents hackers from attacking a Web site
Growing IT Security Importance and New Career Opportunities Increased services to both end-users and employees create risks to the confidentiality, integrity, and availability of confidential or sensitive data
Becoming an Information Security Specialist Get the right certification Certified Information Systems Security Professional (CISSP) Global Information Assurance Certification (GIAC):www.giac.org Consider earning a graduate degree in INFOSEC Increase your disaster recovery and risk management skills Build a home laboratory Get on a project working with strategic partners Take a second look at government jobs
Becoming an Information Security Specialist contd.. i) Schools Are Responding to Demands Hundreds of community colleges, four-year universities, and post-graduate programs are offering degrees and certificates in emergency preparedness, counterterrorism, and security
Contextualizing Information Security Information security draws upon the best practices and experiences from multiple domains
Contextualizing Information Security contd.. Information Security Careers Meet the Needs of Business To support business operations a number of common positions and career opportunities are needed Security administrators Access coordinators Security architects and network engineers Security consultants Security testers
Information Security Principles of Success. Objectives Build an awareness of 12 basic principles of information security…to help you to determine how these basic principles are applied to real life situations. Distinguish between the three main security goals Learn how to design and apply the principle of “Defense in Depth” Explain the difference between functional and assurance requirements
No two systems are identical in solving the security problems, and no books to consult on how to solve security problems, so you have to depend on principle –based analysis and decision making.
There Is No Such Thing as Absolute Security Principle 1 There Is No Such Thing as Absolute Security
Principle 2 The security goals are Confidentiality, Integrity, and Availability (CIA)
Defense in Depth as Strategy Principle 3 Defense in Depth as Strategy
Principle 4 When Left on Their Own, People Tend to Make the Worst Security Decisions
Principle 5 Computer Security Depends on Two types of Requirements: Functional and Assurance Requirements
Security Through Obscurity Is Not an Answer Principle 6 Security Through Obscurity Is Not an Answer
Security = Risk Management Principle 7 Security = Risk Management
Security Controls: Preventative, Principle 8 Security Controls: Preventative, Detective, and Responsive
Complexity I of Security Principle 9 Complexity Is The Enemy of Security
Principle 10 Fear Uncertainty Doubt Do Not Work in Selling Security
Technology Are All Needed Principle 11 People, Process Technology Are All Needed
Open Disclosure of Vulnerabilities Is Good for Security Principle 12 Open Disclosure of Vulnerabilities Is Good for Security
Summary Computer security specialists must not only know the technical side of their jobs but also must understand the principles behind information security These principles are mixed and matched to describe why certain security functions and operations exist in the real world of IT