Monday, June 3, 2013

Week 12 Wrap-Up


Past Blog Topics
 
IT Security interesting facts
Top Paying IT Security Jobs
Top Security Breach of 2012

      IT Security training
Information Technology Infrastructure Library
Security Education, Training, and Awareness

Personal Security
Securing Your Mobile Devices 

      Security for a Business 
Biometric Measures for Security
Threats-Vulnerabilities-Assets(TVA) worksheet and Ranked Vulnerability Risk worksheet
Business Continuity
Confidential Vs. Sensitive
Information Security

Introduction
New IT Security Blogger

Well now that my semester and Information Security Mgmt. class is coming to an end I would like to take some time out to discuss everything that I blogged about over the past 12 weeks.  I wrote about a variety of topics just because I didn’t want to stick with one realm of information security.  The topics that I chose to talk about came from a variety of sources online.  I believe that my topics would be helpful to a information security professional because they are all things that could be useful at some point.  Whether they are a student, new to a information security career, or looking to get into IT security they can find these topics helpful on any level.  For the next group of students to do blogs, as a word of advice, choose topics that interest you and do a variety of topics to keep it interesting.  I think when it’s something you’re interested in it will make it easier to type up your blog!  Good Luck!!   
Posted by at No comments:

Sunday, May 26, 2013

Top Paying IT Security Jobs

While reading through my assigned reading this week for my Information Security Mgmt. class, the book discussed security positions. Being that I'm new to IT Security and I am not a "all about money" within my career, I decided to do some research the top IT security jobs last year. Based on an article that I found entitled, "Best Paying IT Security Jobs In 2012" written by Mathew J. Schwartz states that Robert Half Technology pints out that the data security analyst position is the hottest job in 2012 and that the salary should increase by 6%. 

The other top IT Security jobs are as follows:  network security administrator, systems security administrator, information systems security manager, and the new role of network security engineer. Data shows the salary range between all of these positions in 2012 is $85,000-$143,500 a year. This salary range seems I be due to the fact that IT security is a hot area to be in within the next few years. According to Hord Tipton, executive director of (ISC)2, in an interview states "92% of last year's breaches could have been avoided through implementation of basic security controls. The demand for professionals with broad knowledge, experience, and a specific technical specialty [or specialties] will surely increase." It is great to know that there is such a high demand for what I am getting Masters Degree in.  Tipton also expects by 2015 the demand may have increased even further, due to the increasing number of data breaches and online attacks affecting businesses.

Another item that can enhance a IT security professional's experience/resume and is also in demand is CISSP and CompTIA Security+ certifications. Robert Half Technology reported that certifications are especially good for the role of information systems security manager.


References
"Robert Half® Technology 2013 Salary Guide." Robert Half International. . N.p., n.d. Web. 26 May 2013. <s3.amazonaws.com/DBM/M3/2011/Downloads/SalaryGuide_RobertHalfTechnology_2013.pdf>.

Swartz, Mathew J.. "Best Paying IT Security Jobs In 2012 - Security - Security ." InformationWeek | Business Technology News, Reviews and Blogs. N.p., n.d. Web. 26 May 2013. <http://www.informationweek.com/security/management/best-paying-it-security-jobs-in-2012/232200152?nomobile=1>.

Whitman, Michael E., and Herbert J. Mattord. "Security Management Models." Management of information  security. 3rd ed. Boston, MA: Course Technology, Centage Learning, 2010. 385-426. Print.

Posted by at 1 comment:

Sunday, May 19, 2013

Biometric Measures for Security


Some organizations are looking towards biometrics for security reasons. Whether they certain individuals to gain access to a highly secure room or to gain access to extremely sensitive data, this is an option for any organization to use to give authorized employees access. There are many options for a company to choose from to implement and so many vendors to purchase from. When a IT Security Manager is thinking of implementing these products they want to choose a biometric method that is cost efficient, extremely reliable, and most importantly very secure. The biometric options that are available are as follows:
Fingerprints
ID card (Face Representation)
Palm scan
Facial recognition
Hand geometry
Retinal scan
Hand topology
Iris scan

Among all of these options only three of them are considered unique, fingerprints, retina, and iris. So when the IT Security department looks into implementing this software for authorization reasons they should employ, one or two of these biometric methods.

Posted by at No comments:

Sunday, May 12, 2013

Securing Your Mobile Devices

The way of the world now is that everyone has a smart device.  Whether you are a child or an adult, you are familiar with smart devices.  From an iPad, to a droid cellphone, to a Kindle Fire the world has definitely evolved in this area of mobile devices.  We use these devices to get through everyday life.  Even now in school, teachers have been implementing apps and the use of these electronics to teach and connect with their students.  Being that everyone are using these devices, the main question now is....how can you secure your device?  People tend to believe that mobile devices are already secure but that is not necessarily true.  Users must be educated on the fact that there are apps that aren't secure and malware can attack your device as well.  Here are a few tips on keeping your device and information safe.

  1. Lock your device when stepping away from it.
  2. Minimize the sensitive data you store on the mobile device.  
  3. If misplaced quickly go to your "Find Me" app to locate and lock your device.
  4. Download a mobile security app from a trusted company like Norton or McAfee

Be mindful of what you keep on your mobile device, what you download, where you surf online, and who has access to your devices!


Reference:
http://www.computerworld.com/s/article/9176870/Protect_your_mobile_device_and_yourself?taxonomyId=17&pageNumber=2
Posted by at No comments:

Sunday, May 5, 2013

Threats-Vulnerabilities-Assets (TVA) worksheet and Ranked Vulnerability Risk worksheet


Threats-Vulnerabilities-Assets (TVA) worksheet is a combined prioritized list of assets and threats.  This worksheet is used when completing the Risk Identification phase and starting with the Risk Assessment phase.  The purpose of the TVA worksheet is to show an organization the most critical/important vulnerabilities and threats in a convenient method to view the exposure.  The TVA worksheet is a prioritized combination of the most important assets (x-axis) and threats (y-axis), the output will have the most dangerous at the top of the worksheet.   The TVA worksheet enables organizations to have a one shot view of the threats and vulnerabilities that their company may be exposed to. 

Ranked Vulnerability Risk worksheet assigns a risk-rating ranked value to each uncontrolled asset-vulnerability pair. This worksheet is the initial working document for assessing and controlling risks.  Both the TVA and Ranked Vulnerability Risk worksheet are tools that are used as risk identification and assessment deliverables.  



References
Whitman, M. E., & Mattord, H. J. (2010). Security Management Models. Management of information security(3rd ed., pp. 211-246). Boston, MA: Course Technology, Cengage Learning.

Posted by at No comments:

Sunday, April 28, 2013

Information Technology Infrastructure Library


What is ITIL? Information Technology Infrastructure Library is the most widely adopted approach for IT Service Management in the world.  The ITIL framework is said to be practical and a no nonsense approach for identifying, planning, delivering and supporting IT services to an organization.  ITIL consists of a collection of methods and practices for managing the development and operation of information technology infrastructures.  The Information Technology Infrastructure Library is a produced series of books that each covers a different IT management topic.  ITIL can be tailored to many IT organizations due to its significant IT related practices.  Today, you will see a lot of organizations are beginning to add ITIL to their organization. 

Individuals can also receive certifications in Information Technology Infrastructure Library.  There are three levels of certifications levels, Foundation, Practitioner, and Manager.  Foundation Certificate is designed to provide a foundation level of knowledge in IT Service Management.  Practitioner’s Certificate is aimed at those who are responsible within their organization for designing specific processes within the IT Service Management.  Manager’s Certificate is aimed at those who need to demonstrate a capability for managing ITIL-based solutions across the breadth of the Service Management subjects.

 

References

ITIL Certifications. (n.d.). ITIL, ITSM and ISO 20000 News. Retrieved April 28, 2013, from http://itsm.the-hamster.com/itsm9.htm

Whitman, M. E., & Mattord, H. J. (2010). Security Management Models. Management of information security (3rd ed., pp. 211-246). Boston, MA: Course Technology, Centage Learning.
Posted by at No comments:

Sunday, April 21, 2013

Security Education, Training, and Awareness

Security Education, Training and Awareness (SETA) program is defined as an educational program that is designed to reduce the number of security breaches that occur through a lack of employee security awareness. A SETA program is quite beneficial for companies that deal with secure information and to make their employees aware of security risks.   Security Education, Training, and Awareness will set the tone of security for employees of an organization, and can be very impactful to make new employees aware at their time of hire. Awareness programs can help employees protect their personal and confidential work information from security breaches.  Before and after all employees go through Security Awareness training, to keep morale up in a company, it is a good idea to send out reminders to the employees on Information Security to keep a reduction of breaches and viruses down.

Reference
http://www.infosecwriters.com/text_resources/pdf/SETA_SHight.pdf
Posted by at No comments:
Subscribe to: Posts (Atom)