Downloaded 17 times
Uploaded byAhmed Musaad
Introduction to information security field
The document outlines the current state of information security, highlighting a significant demand for qualified professionals amid a growing skills shortage in cybersecurity. It details various roles in the field, such as security analysts, penetration testers, and security auditors, along with the essential skills and knowledge required for each position. Additionally, it emphasizes the importance of risk analysis, compliance assessments, and the necessity for organizations to bolster their security measures against anticipated attacks.
Technologyâ—¦
More Related Content
![Information security[277]](https://cdn.slidesharecdn.com/ss_thumbnails/informationsecurity277-170303155121-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Similar to Introduction to information security field
![UiPath Automation Suite Installation (Hands-On) [2/3]](https://cdn.slidesharecdn.com/ss_thumbnails/automationsuitecommunitysession2-251015095633-a6d862f1-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Introduction to information security field
- 1.
- 2.
- 3.
- 4.
- 5.
- 6. of organizations areshort on staff with strong cyber security and networking knowledge.
- 7. of organizations areunable to fill open security jobs, despite the fact that 82 percent expect to be attacked this year.
- 8. Is the growthrate for demand on security analysts between 2012 - 2020
- 9. The increase insecurity jobs postings between 2007 and 2013
- 10.
- 11. Is the numberof security jobs shortage by 2017 MILLION
- 12.
- 14.
- 16.
- 17.
- 18. What to Learn? •Practices and methods of IT strategy, enterprise architecture and security architecture • Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies • ISO 27001/27002, ITIL and COBIT frameworks • PCI, HIPAA, NIST, GLBA and SOX compliance assessments • Windows, UNIX and Linux operating systems • C, C++, C#, Java and/or PHP programming languages • Firewall and intrusion detection/prevention protocols • Secure coding practices, ethical hacking and threat modeling • TCP/IP, computer networking, routing and switching • Network security architecture development and definition • Knowledge of third party auditing and cloud risk assessment methodologies.
- 19.
- 20.
- 21.
- 22.
- 23. “A penetration test,or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky end-user behavior.”
- 24. External Penetration Testing InternalPenetration Testing Application Penetration Testing Mobile App Penetration Testing Wireless Penetration Testing Social Engineering Testing
- 25.
- 26.
- 27. What to Learn? •Windows, UNIX and Linux operating systems • C, C++, C#, Java, ASM, PHP, PERL • Network servers and networking tools (e.g. Nessus, nmap, Burp, etc.) • Computer hardware and software systems • Web-based applications • Security frameworks (e.g. ISO 27001/27002, NIST, HIPPA, SOX, etc.) • Security tools and products (Fortify, AppScan, etc.) • Vulnerability analysis and reverse engineering • Metasploit framework • Forensics tools • Cryptography principles
- 28.
- 30.
- 31.
- 32. What to Learn? •Network skills, including TCP/IP-based network communications (much of modern forensics involves reading network traces) • Windows, UNIX and Linux operating systems • C, C++, C#, Java and similar programming languages • Computer hardware and software systems • Operating system installation, patching and configuration • Backup and archiving technologies • Cryptography principles • eDiscovery tools (NUIX, Relativity, Clearwell, etc.) • Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.) • Data processing skills in electronic disclosure environments • Evidence handling procedures and ACPO guidelines • Cloud computing
- 33.
- 34.
- 35. What to Learn? •An in-depth understanding of programming languages. These can include C/C++, C#, Java/JSP, .NET, Perl, PHP, Ruby, Python, etc. • CERT/CC, MITRE, Sun and NIST secure coding guidelines and standards • Software and web application development practices • Penetration testing and vulnerability assessments
- 36.
- 37.
- 38.
- 39. What to Learn? •Knowledge of common L4-L7 protocols such as SSL, HTTP, DNS, SMTP and IPSec • Strong understanding of firewall technologies • Juniper/Cisco/Checkpoint • Packet Shaper, Load Balancer and Proxy Server knowledge • Intermediate to expert IDS/IPS knowledge • TCP/IP, computer networking, routing and switching • Network protocols and packet analysis tools • Windows, UNIX and Linux operating systems • Firewall and intrusion detection/prevention protocols
- 40.
- 41.
- 42.
- 43. What to Learn? •Operating System Concepts • High Level & Low Level Programming (familiarity is fine, working knowledge not required at first) • Fundamentals of networking • How to use the internet to perform research. • Malware Analysis Tools. • Learn about Malware itself.
- 44.
- 45.
- 46.
- 47. What to Learn? •Working knowledge of regulatory and industry data security standards (e.g. FFIEC, HIPAA, PCI, NERC, SOX, NIST, EU/Safe Harbor and GLBA) • ISO 27001/27002, ITIL and COBIT frameworks • Windows, UNIX and Linux operating systems • MSSQL and ORACLE databases • C, C++, C#, Java and/or PHP programming languages • ACL, IDEA and/or similar software programs for data analysis • Fidelis, ArcSight, Niksun, Websense, ProofPoint, BlueCoat and/or similar auditing and network defense tools • Firewall and intrusion detection/prevention protocols
- 48.
- 49.
- 50.
- 52.
Editor's Notes
- #7 ESG,  “Network Security Trends in the Era of Cloud and Mobile Computing”
- #8 ISACA and RSA, “State of Cybersecurity: Implications for 2015”
- #9Â S. Bureau of Labor Statistics
- #10 Burning Glass, “Job Market Intelligence: Report on the Growth of Cybersecurity Jobs”
- #11Â Average Salary for security analysits per year, Glassdoor.com
- #12 UK House of Lords, Digital Skills Committee http://swimlane.com/7-startling-stats-on-the-cyber-security-skills-shortage/