|
The Information Security Expertise Need and Certification
 Information
protection is a critical need in the knowledge economy.
Businesses need expertise for protecting the value and
ongoing usability of assets and the integrity and
continuity of operations. This involves identifying
threats and then choosing the most effective set of tools
to combat them. Security expertise is required to ensure
protection from threats - internal and external, as well
as the intentional and the unintentional.
Surveys continually indicate that human action (inaction?)
contributes more to security failures than
technological weaknesses. Do we understand the nature of
the enemy? The enemy isn’t technology. The enemy isn’t
outside. It isn’t simply a software or anti-virus issue.
Information Security Awareness for the non tech (user,
client, manager) There is a need for individuals to
understand security threats and vulnerabilities. Users
and managers shouldn’t be content with using ICT. They
need critical knowledge and insights into the latest
technology, tools and strategies in Information security.
What are the myths
and reality? What works, what hinders Information
security? The alternative is to become a victim and become
a home or launching pad for Cyberattacks. The hackers are
prepared and ready. Are the users?
Secure operations mean fewer losses, more productivity and
a very real advantage. Many however attempt to save
money rather than secure their business. It is important
to see security as a business enabler. How would an
e-enabled corporation quantify the costs associated by
disruptions caused by hackers? There is a need for a clear
understanding of the use and misuse of ICT and
related facilities.
Thinking must change. Information security isn’t a
technology issue. There is a need to understand that
security is everybody’s business. There must be security
awareness at all levels of the enterprise from executives
and everyday users. They must all speak the same language.
Individuals and organizations need to know that their
security is only as strong as their weakest link.
Acquiring and installing the latest information security
technologies makes no sense in an environment where
behavioral safeguards are absent. Do people take the
proper steps when incidents occur? Are users aware of the
need to use the right type of passwords? If Information
security is regarded as a priority it will be seen as a
necessity rather than a burden. Users in particular must
get beyond the “I just want to work” approach when using
ICT, by being proactive about security. Danger is ever
present and everybody (users, professionals and business
managers) needs to adopt good security habits. There is a
need to strike the right balance, as too much security can
be unproductive and stifling.
Information Security Specialist (more knowledge, more
secure and efficient) The job / work of the Information
security specialist is to keep out the bad guys and help
secure information assets and network from unauthorized
access, e-mail attacks and malicious code viruses.
It requires technical ICT competence as well as mastery of
issues that include: Digital certificates, authentication,
encryption keys, VPNs, Firewalls and intrusion detection,
Business Availability, disaster recovery Planning, Social
engineering and business knowledge. Because of information
security’s impact and close relationship with crime and
society, security professionals need to have a solid grasp
of ethical and legal issues.
The Ethical hacking approach – “trying to catch a thief,
by thinking like a thief” – is an approach adopted
by many security professionals. How do cybercriminals
think? What are the weaknesses? Why and what do they
attack? It is an approach of “Let us open up the hackers
mind!”
Information security professional need knowledge tools to
close the expertise gap. They often learn from
experience and develop expertise by investing in relevant
training and certification programs. Furthermore,
Information security requires a forward thinking,
proactive mindset. Lifelong learning is imperative in the
world of constant change.
Information Security Certifications
To develop relevant IT security expertise many are turning
to certification. The great advantage of certification is
the emphasis on industry and societal needs. No
storytelling please! Where are the gaps, where are the
needs? It isn’t about academic theories. Quality
certifications are based on learning, current risks,
threats, technologies, global best practices and
standards. Good certification programs eliminate the need
to reinvent of the wheel.
Recognized information security certifications include
Security+ developed by the Computing Technology
Industry Association (CompTIA) to cover the fundamentals
of information security; The Certified Information Systems
Auditor (CISA) program – “health check” specialists,
sponsored by the Information Systems Audit and Control
Association (ISACA) covers information systems (IS) audit,
control, and security; CISSP (Certified Information
Systems Security Professional) certification from
International Information System Security
Certification Consortium, Inc (ISC)² is ideal for mid- and
senior-level managers - experienced information security
professionals; Cisco Certified Security Professional (CCSP)
certification from Cisco systems validates skills and
knowledge for installing, configuring, and maintaining
Cisco security products; The Ethical Hacking and
Countermeasures certification (CEH) developed by the
International Council of Electronic Commerce Consultants
(EC-Council) to enable experienced technology
professionals use the same knowledge and tools used by
malicious hacker, this time for ethical purposes.
The best security certification? Best is relative. What
does the individual or organization want to achieve? It
depends on the individual’s need and situation? Is the
individual a beginner or an experienced professional? What
is the corporate need for Information security expertise?
More…..
Back To
Top
|
.gif){kind=spacer}
