Information Security Professional

Tags:

Preview:

Click to see full reader

DESCRIPTION

ITSec Pro - UIN JAKARTA IT Security Seminar

Citation preview

Information SecurityProfessional

UIN - 16 Nov 2011 - @y3dips

Wednesday, November 16, 11

• Freelance IT Security Consultant

• More than 9 years in IT Security

• Founder of “ECHO” one of Indonesian Hacker Community, established 2003

• Founder of IDSECCONF - Indonesia Security Conference

@y3dips

y3dips

Wednesday, November 16, 11

InfoSec

Means protecting information and information systems from unauthorized

access, use, disclosure, disruption, modification, perusal, inspection,

recording or destruction [1]

[1]  h&p://wikipedia.org

Wednesday, November 16, 11

http://en.wikipedia.org/wiki/Information_system
http://en.wikipedia.org/wiki/Information_system
http://wikipedia.org
http://wikipedia.org

Information Security• Information : Set or collection of data that has meaning

• Level [2]

• Non-Classified

• Public Information

• Personal Information

• Routine Business Information

• Classified

• Confidential

• Secret

• Top Secret

[2]  h&p://wikipedia.org

Wednesday, November 16, 11

http://wikipedia.org
http://wikipedia.org

InfoSec Pro

People Working in Information security

Wednesday, November 16, 11

InfoSec Pro

Background• Natural Born Hacker

• Formal Education

Wednesday, November 16, 11

HackersNatural Born Hacker, Gain their InfoSec Knowledge by Hacking; Hack to Learn not

Wednesday, November 16, 11

Hacker

• Newbie

• Script Kiddie

• Develop Kiddie

• Hacker

• 1337

Wednesday, November 16, 11

Newbie

A wanna be hacker

Wednesday, November 16, 11

Script Kiddies

Know the Tools, Able to use the tools;

But, Not how the tool “really” works

Wednesday, November 16, 11

Develop Kiddies

Able to Create a Tools,

Know how the tool “really” works

But Still lack with attitude

Wednesday, November 16, 11

Hacker

Know Exactly What they’re Doin and

How to Do it

Wednesday, November 16, 11

1337

Nobody Know what They are Doing

Wednesday, November 16, 11

Hacker

[+]

• Proven Skill and Exprerience

• Able to do a proof of concept

[-]

• Lack of Metodhologies

• Lack or Organizations/Managerial

Wednesday, November 16, 11

!Professional

• Bug Hunter

• OS/App Developer

• Botnet owner (DDOSer)

• Fraudster

Wednesday, November 16, 11

Wednesday, November 16, 11

Wednesday, November 16, 11

InfoSec StudentGain Information Security Knowledge from formal Education, Course, Certification

Wednesday, November 16, 11

InfoSec Student

[+]

• Strong in Concept and Metodhologies

[-]

• Lack of Skill and Experience

• Unable to do Proof Of concept

Wednesday, November 16, 11

InfoSec Pro

• IT Security Officer

• IT Security Analyst

• IT Security Auditor

• IT Security Engineer

Wednesday, November 16, 11

Security Officer

• Security Contact Point for Organization

• Principle Advisor for IT Security

• Ensure Security Program Running ( Security Awareness course, etc)

• Creating Security Policy, Procedures, Hardening guide

Wednesday, November 16, 11

Security Analyst

• Monitor all type of access to protect confidentiality and integrity

• Provides Direct Support and Advise to the IT Security Manager

• System Security Analyst, Network Security Analyst

Wednesday, November 16, 11

Security Auditor

• Auditing an Organizations Technology processess and security.

• IT General Controls Reviews

• Application Controls Reviews

• Security Auditor, Penetration Tester

Wednesday, November 16, 11

Security Engineer

• Maintenance Computer Hardware and Software that comprises a computer Network

• Doing a Security hardening and Configuration

• System Security Engineer, Network Security Engineer

Wednesday, November 16, 11

Requirements

• Skill

• Experience

• Attitude

• Able to work independent/group

• Certification?

Wednesday, November 16, 11

Skill

• In depth knowledge of Operating System

• In depth knowledge of Networking

• In depth knowledge of Application

• In defpth knowledge of Programming

• Much more :)

Wednesday, November 16, 11

Experience

• How long you’ve been in that field

• + the Security afterward.

Wednesday, November 16, 11

Attitude

With Great Power Comes Great Responsibilities

Wednesday, November 16, 11

Work

• Able to work Alone (individualist),

• or a Team Player

Wednesday, November 16, 11

Certification

• In someway, its a [+]

• Is it badly needed?

Wednesday, November 16, 11

Limitation

• Government Rule : UU ITE

• Organization/company Rule: NDA

Wednesday, November 16, 11

Failed

• Always Take not Give

• Lack of Attitude

• Kiddies Minded

• Lazy to Improve

Wednesday, November 16, 11

Wednesday, November 16, 11

Information SecurityProfessional

UIN - 16 Nov 2011 - @y3dips

Wednesday, November 16, 11

Recommended

ECSO Information and Cyber Security Professional Certification · ECSO Information and Cyber Security Professional Certification European Cyber Security Organisation (ECSO) • 6
Documents
Fundamentals of Network Security Preparation for Security+ Certification Essential for any Information Technology professional
Documents
This Candidate Information Bulletin provides the followingThe Certified Information Systems Security Professional (CISSP) is an information assurance professional who has demonstrated
Documents
Certified Professional for Information Security Professional for Information Security CERTIFIED LEAD IMPLEMENTER PROFESSIONAL Information Security Management System BSI Group India,
Documents
CNIT 125 Information Security Professional (CISSP Preparation) Information Security Professional (CISSP Preparation) Last revised 8-18-14 9:44 am
Documents
CISSP - Certified Information Systems Security Professional · 1 CISSP - Certified Information Systems Security Professional The primary goal of the CISSP program is to prepare students
Documents
Certified Information Systems Security Professional Security... · Certified Information Systems Security Professional ... Your own digital copy of the new Official ISC2 Guide to
Documents
Course Outline - s3. · PDF fileCISSP - CISSP - Certified Information Systems Security Professional 2015 Course Outline CISSP - Certified Information Systems Security Professional
Documents
02 Legal, Ethical, and Professional Issues in Information Security
Technology
Legal,Ethical and Professional Issues in Information Security
Documents
web Commerce security€¦ · Krutz is a Certified Information Systems Security Professional (CISSP) and Information Systems Security Engineering Professional (ISSEP). He coauthored
Documents
Professional Master in Information Security
Documents
Certified Information Systems Security Professional (CISSP ) …€¦ · the Certified Information Systems Security Professional (CISSP®) Official Training. The CISSP is an objective
Documents
Penetration Test (Part I) - Professional Information Security Association
Documents
IT Information Security Professional Career Opportunities and Development · 2010-01-27 · IT & Information Security Professional Career Opportunities and Development December 2009
Documents
Seminar: CISSP – Certified Information Systems Security ... · ESG Cyber Training Center CISSP – Certified Information Systems Security Professional Rainer Rehm ist autorisierter
Documents
Certified Information Systems Security Professional (CISSP) · 2019-01-30 · Certified Information Systems Security Professional (CISSP) Course Introduction 9m Domain 1 - Information
Documents
Principles of Information Security, Fifth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security
Documents
The Impact of Professional Information Security Ratings on Vendor
Documents
INFORMATION MANAGEMENT AND SECURITY - NASCdms.nasc.org.np/sites/default/files/documents/Information... · INFORMATION MANAGEMENT AND SECURITY Professional Training in Information
Documents