UNIT I INTRODUCTION Growing IT Security Importance and New Career Opportunities – Becoming an Information Security Specialist – Conceptualizing Information Security – Information Security Principles of Success.  

Objectives Recognize the growing importance of information security specialists Develop a strategy in the career in information security Comprehend information security in the context of the mission of a business

Introduction To protect computers, networks, and the information they store, organizations are increasingly turning to information security specialists An information security specialist is more than a technician who prevents hackers from attacking a Web site

Growing IT Security Importance and New Career Opportunities Increased services to both end-users and employees create risks to the confidentiality, integrity, and availability of confidential or sensitive data

Becoming an Information Security Specialist Get the right certification Certified Information Systems Security Professional (CISSP) Global Information Assurance Certification (GIAC):www.giac.org Consider earning a graduate degree in INFOSEC Increase your disaster recovery and risk management skills Build a home laboratory Get on a project working with strategic partners Take a second look at government jobs

Becoming an Information Security Specialist contd.. i) Schools Are Responding to Demands Hundreds of community colleges, four-year universities, and post-graduate programs are offering degrees and certificates in emergency preparedness, counterterrorism, and security

Contextualizing Information Security Information security draws upon the best practices and experiences from multiple domains

Contextualizing Information Security contd.. Information Security Careers Meet the Needs of Business To support business operations a number of common positions and career opportunities are needed Security administrators Access coordinators Security architects and network engineers Security consultants Security testers

Information Security Principles of Success. Objectives Build an awareness of 12 basic principles of information security…to help you to determine how these basic principles are applied to real life situations. Distinguish between the three main security goals Learn how to design and apply the principle of “Defense in Depth” Explain the difference between functional and assurance requirements

No two systems are identical in solving the security problems, and no books to consult on how to solve security problems, so you have to depend on principle –based analysis and decision making.

There Is No Such Thing as Absolute Security Principle 1 There Is No Such Thing as Absolute Security

Principle 2 The security goals are Confidentiality, Integrity, and Availability (CIA)

Defense in Depth as Strategy Principle 3 Defense in Depth as Strategy

Principle 4 When Left on Their Own, People Tend to Make the Worst Security Decisions

Principle 5 Computer Security Depends on Two types of Requirements: Functional and Assurance Requirements

Security Through Obscurity Is Not an Answer Principle 6 Security Through Obscurity Is Not an Answer

Security = Risk Management Principle 7 Security = Risk Management

Security Controls: Preventative, Principle 8 Security Controls: Preventative, Detective, and Responsive

Complexity I of Security Principle 9 Complexity Is The Enemy of Security

Principle 10 Fear Uncertainty Doubt Do Not Work in Selling Security

Technology Are All Needed Principle 11 People, Process Technology Are All Needed

Open Disclosure of Vulnerabilities Is Good for Security Principle 12 Open Disclosure of Vulnerabilities Is Good for Security

Summary Computer security specialists must not only know the technical side of their jobs but also must understand the principles behind information security These principles are mixed and matched to describe why certain security functions and operations exist in the real world of IT