introduction to information security field
TRANSCRIPT
![Page 1: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/1.jpg)
Introduction to Information Security Field
![Page 2: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/2.jpg)
Quick Survey
![Page 3: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/3.jpg)
WHOAM I?
![Page 4: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/4.jpg)
WhatIS
InformationSecurity?
![Page 5: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/5.jpg)
Statistics ?
![Page 6: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/6.jpg)
44%of organizations are short on staff with strong cyber security
and networking knowledge.
![Page 7: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/7.jpg)
35%of organizations are unable to fill open security jobs,
despite the fact that 82 percent expect to be attacked this year.
![Page 8: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/8.jpg)
37%Is the growth rate for demand on security analysts
between 2012 - 2020
![Page 9: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/9.jpg)
74%The increase in security jobs postings between 2007 and 2013
![Page 10: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/10.jpg)
103,226Dollars ($)
![Page 11: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/11.jpg)
2.0Is the number of security jobs shortage by 2017
MILLION
![Page 12: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/12.jpg)
Sounds Good ?
![Page 13: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/13.jpg)
![Page 14: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/14.jpg)
SecurityManagement
![Page 15: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/15.jpg)
![Page 16: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/16.jpg)
Security Manager
Responsibilities
![Page 17: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/17.jpg)
Skills?
![Page 18: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/18.jpg)
What to Learn?• Practices and methods of IT strategy, enterprise architecture and security architecture• Security concepts related to DNS, routing, authentication, VPN, proxy services and
DDOS mitigation technologies• ISO 27001/27002, ITIL and COBIT frameworks• PCI, HIPAA, NIST, GLBA and SOX compliance assessments• Windows, UNIX and Linux operating systems• C, C++, C#, Java and/or PHP programming languages• Firewall and intrusion detection/prevention protocols• Secure coding practices, ethical hacking and threat modeling• TCP/IP, computer networking, routing and switching• Network security architecture development and definition• Knowledge of third party auditing and cloud risk assessment methodologies.
![Page 19: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/19.jpg)
Risk Analysis
![Page 20: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/20.jpg)
Risk Analyst Responsibilities
![Page 21: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/21.jpg)
Skills?
![Page 22: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/22.jpg)
Penetration Testing
![Page 23: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/23.jpg)
“A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky end-user behavior.”
![Page 24: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/24.jpg)
External Penetration TestingInternal Penetration Testing
Application Penetration TestingMobile App Penetration Testing
Wireless Penetration TestingSocial Engineering Testing
![Page 25: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/25.jpg)
Penetration Tester
Responsibilities
![Page 26: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/26.jpg)
Skills?
![Page 27: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/27.jpg)
What to Learn?• Windows, UNIX and Linux operating systems• C, C++, C#, Java, ASM, PHP, PERL• Network servers and networking tools (e.g. Nessus, nmap, Burp, etc.)• Computer hardware and software systems• Web-based applications• Security frameworks (e.g. ISO 27001/27002, NIST, HIPPA, SOX, etc.)• Security tools and products (Fortify, AppScan, etc.)• Vulnerability analysis and reverse engineering• Metasploit framework• Forensics tools• Cryptography principles
![Page 28: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/28.jpg)
DigitalForensics
![Page 29: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/29.jpg)
![Page 30: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/30.jpg)
Forensics Investigator
Responsibilities
![Page 31: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/31.jpg)
Skills?
![Page 32: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/32.jpg)
What to Learn?• Network skills, including TCP/IP-based network communications (much of modern forensics involves
reading network traces)• Windows, UNIX and Linux operating systems• C, C++, C#, Java and similar programming languages• Computer hardware and software systems• Operating system installation, patching and configuration• Backup and archiving technologies• Cryptography principles• eDiscovery tools (NUIX, Relativity, Clearwell, etc.)• Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)• Data processing skills in electronic disclosure environments• Evidence handling procedures and ACPO guidelines• Cloud computing
![Page 33: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/33.jpg)
ApplicationSecurity
![Page 34: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/34.jpg)
Skills?
![Page 35: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/35.jpg)
What to Learn?• An in-depth understanding of programming languages.
These can include C/C++, C#, Java/JSP, .NET, Perl, PHP, Ruby, Python, etc.• CERT/CC, MITRE, Sun and NIST secure coding guidelines
and standards• Software and web application development practices• Penetration testing and vulnerability assessments
![Page 36: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/36.jpg)
NetworkSecurity
![Page 37: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/37.jpg)
Security Admin Responsibilities
![Page 38: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/38.jpg)
Skills?
![Page 39: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/39.jpg)
What to Learn?• Knowledge of common L4-L7 protocols such as SSL, HTTP, DNS, SMTP
and IPSec• Strong understanding of firewall technologies• Juniper/Cisco/Checkpoint• Packet Shaper, Load Balancer and Proxy Server knowledge• Intermediate to expert IDS/IPS knowledge• TCP/IP, computer networking, routing and switching• Network protocols and packet analysis tools• Windows, UNIX and Linux operating systems• Firewall and intrusion detection/prevention protocols
![Page 40: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/40.jpg)
MalwareAnalysis
![Page 41: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/41.jpg)
Malware Analyst
Responsibilities
![Page 42: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/42.jpg)
Skills?
![Page 43: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/43.jpg)
What to Learn?• Operating System Concepts• High Level & Low Level Programming (familiarity is fine, working
knowledge not required at first)• Fundamentals of networking• How to use the internet to perform research.• Malware Analysis Tools.• Learn about Malware itself.
![Page 44: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/44.jpg)
Security Auditing
![Page 45: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/45.jpg)
Security Auditor
Responsibilities
![Page 46: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/46.jpg)
Skills?
![Page 47: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/47.jpg)
What to Learn?• Working knowledge of regulatory and industry data security standards
(e.g. FFIEC, HIPAA, PCI, NERC, SOX, NIST, EU/Safe Harbor and GLBA)• ISO 27001/27002, ITIL and COBIT frameworks• Windows, UNIX and Linux operating systems• MSSQL and ORACLE databases• C, C++, C#, Java and/or PHP programming languages• ACL, IDEA and/or similar software programs for data analysis• Fidelis, ArcSight, Niksun, Websense, ProofPoint, BlueCoat and/or
similar auditing and network defense tools• Firewall and intrusion detection/prevention protocols
![Page 48: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/48.jpg)
SecurityAwareness
![Page 49: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/49.jpg)
Security Awareness
Offficer Responsibilities
![Page 50: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/50.jpg)
Skills?
![Page 51: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/51.jpg)
![Page 52: Introduction to information security field](https://reader034.vdocuments.us/reader034/viewer/2022042619/58ecbc011a28ab0b078b46fb/html5/thumbnails/52.jpg)
Thank You