Information security questions

0 pts.
Tags:
Compliance
configuration
CRM
Disaster Recovery
patching
PEN testing
Platform Security
Policies
Risk management
Security
Security Program Management
vulnerability management
Hi everyone, I am new to this field as a 2nd career, previously was in mfg. engineering for a lot of years. Need some help with the following questions for a class I am taking. Need to get feedback with professionals in the field to determine what issues they think are important for information security.
  • What is happening today in the field of information security?
  • What is the greatest challenge to a security specialist?
  • What recommendations would you make to someone who is just starting out in the field?
Any help is appreciated. Thanks in advance, frankAZ
ASKED: March 2, 2006  1:04 AM
UPDATED: December 12, 2013  5:22 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.
  • What is happening today in the field of information security? Malware (includes, viruses, worms, trojans, spyware) is evolving like there biological counterparts. They are getting more clever – look at the Nyxem virus. Hackers and viruses are what make headlines. The reality is more than 70% of security incidents occur from inside an organisation – lack of staff awareness, information theft, lack of security policy. Most companies deal with incidents quickly to avoid negative publicity.
  • What is the greatest challenge to a security specialist? Staying up to date with vulnerabilities. An attacker needs to only find one way in. A security person needs to ensure all the ways in are protected.
  • What recommendations would you make to someone who is just starting out in the field? Get a formal qualification – you can self study for quite a few of them. Get experience – this will count more than your qualifications. Start off slow and build on what you know.

Discuss This Question: 11  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • CheckSix
    ?What is happening today in the field of information security? Everything. The field is getting a lot of attention due to some high profile incidents, SOX and the fact that the hackers and the spammers are teaming up - the $$$ are there now making it profitable to hack for cash. ?What is the greatest challenge to a security specialist? Until the company feels the pain, or sees the pain coming, they still don't want to spend the resources. Making a solid business case for your recommendations. Learn to speak C level language. Getting people to involve Security from the start - not trying to bolt on security as an afterthought. ?What recommendations would you make to someone who is just starting out in the field? Get broad experience first and put your time in. Volunteer for everything! Get to know the security guards, the Risk Management team, the lawyers, the facilities manager and the programming staff. There are 10 domains to study just for the CISSP, along with demonstrated time in the field and for a good reason. Get expert in two or three of the domains and have a good exposure to the rest. Security touches on everything! Sorry, but experience counts - along the way you may just find something you click with that you had no idea when starting out. Understand that it takes time and a lot of study. Take a basic programming class. Spend a lot of time with the facilities folks. Manage a network and do every job function until you understand it, and build your own network at home. Take people to lunch and pick their brains. Look at the security aspect of EVERYTHING as a matter of habit - this means out in the world, not just at work. Get your MCSA and your CCNA and get exposure to Unix/Linux. Have fun through it all and don't sweat the detours. CheckSix, CISSP and finally the CISO! (after 25+ years in the biz)
    15 pointsBadges:
    report
  • Atomas
    Only one answer to these questions: it all depends on you. If you go into IS and don't know yet what is your interest, you might get lost. What attracted you to IS? Governance? Firewalls? Forensics? Pen testing? Audits? Disaster recovery planning? Cryptography? Law? Standards? etc... I think you can't just say to yourself : "I think today I want to be a security specialist". One suggestion: try to see sites like isc2.org, isaca.org, cccure.org and I know there are tons of these. Hope I was not too hard on you.
    0 pointsBadges:
    report
  • Ronboviscous
    Hey Frank! In addition to a formal certification, expose yourself to as much of the field and experts as much and often as possible (but not by flashing, please!). For instance, become a member of local security groups and attend security seminars as they come your way. Also, subscribing to several (but not too many) newsletters and groups like this one will help. Little by little, you'll pick up industry hot spots, best practices, terminology, etc. Good luck! rb
    0 pointsBadges:
    report
  • PERFMGT
    My answers are from the perspective of an Implementation Manager. I see the challenges imposed by security issues when trying to implement large global networks linking Fortune 50 companies to one another. ?What is happening today in the field of information security?..........Things are safer than they have ever been, but yet the attacks are getting more and more complex and sophisticated. There is a constant threat that requires IT Managers to always be current and up to date on the next BIG THING in security, be it a new security technology or a new hole in the system. It is a very challenging environment and also very rewarding in the constantly changing work environment. ?What is the greatest challenge to a security specialist? ..........The lack of accepted standards for security from Company to Company. In any project, so many roadblocks are put up due to everyone believing they are the expert and not wanting to accept other possible solutions. This adds endless cycles of wasted energy in trying to implement any project. If the industry could settle on a group of accepted standards, a lot more work would get completed and on time! ?What recommendations would you make to someone who is just starting out in the field?..........Try to get a job working with a large corporation in there IT department and work with the implementation people. You will gain hands on knowledge of the different types of networks, the security challenges each implementation faces and how they are resolved.
    0 pointsBadges:
    report
  • Whitecap
    ?What is happening today in the field of information security? The most important factor is a realisation that Information Security is not just about IT and more 'Tin'. It is all about people. Another factor is protecting information wherever it is yet be able to share that information with clients, partners and customers. ?What is the greatest challenge to a security specialist? Getting the buy in from senior management for security, though factors such as Sox and other regulations have made this easier ?What recommendations would you make to someone who is just starting out in the field? Work towards a reputable qualification e.g. CISSP (there are many others. Make contacts in the industry through associations such as ISSA, who have a mentoring program for new entrants to the industry.
    0 pointsBadges:
    report
  • ItDefPat1
    What is happening today in the field of information security? There are numerous sources of infosec news (even CNN has one). There are RSS feeds or email from places like SEARCHSECURITY.com . . . sans.org, 2600, cisco, digg, ENT news, esecurity planet, networkworld (several), InfoWorld (several), IT Compliance institute, mal-aware.org, microsoft (several), network computing (several), O'reilly radar, redmond news, Schneier's blog, security pipeline, security focus, security strategies, security tracker vulnerability headlines, spyware guide, tech.memeorandum, technology review, the register, wired news security blanket, zdnet news security (and others). There's probably a few that I've overlooked . . ;-) If that is overwhelming, my favorite feeds are located http://full-spectrum-feeds.blogspot.com/ which is "the best of" all those at the top.
    15 pointsBadges:
    report
  • ItDefPat1
    PART 2: The greatest challenge to a security specialist? InfoSec is the challenge. Awareness by users and management. politics and drama. It is you against an unlimited/unknown number of adversaries (threats) utilizing an unlimited/unknown number of vulnerabilities against an ever changing landscape of hardware and software. And people. Balancing technology, schedule and budget. Go beyond technology - its about policy, procedure and people.
    15 pointsBadges:
    report
  • ItDefPat1
    ?What recommendations would you make to someone who is just starting out in the field? 1. Get qualified. are you going to work in technology? server administration, setting up infrastructure and networks. There are several certification, like Security+ and the MS certs. CWNA (wifi). Cisco has several starting with CCNA. (I hope I got the letters in the right order). Get in to several different areas. 2. You can also find some good conferences that offer training, like SANS (Orlando FL this week), MISTI (Orlando end of the month), and CSI. SANS offers an intro to infosec program the last time I checked. Think broad. 3. For technology, get vendor/technology certs, such as Cisco and several others. CWSA Cert Wireless sec is another good one. Build experience. This may mean some specialization (or more than one). 4. Get professionally certified. This is true certification. Certs include SSCP, CISSP and some Cisco also. Most are not technology-focused or vendor specific. They are Broad ("general" but I don't mean intro level). The CISSP is the ultimate cert. It is also very difficult to acquire. It is broad/general in that you don't have to be an expert in any domain. 5. Beyond. CISSP has several add-on certs that are specializations. In my opinion, the ISACA "CISM" cert goes here- it focuses on things like risk and management (it could be in #4 just as well). These are the certs for experts. At any point above, participate. Join the group, like ISSA and ISACA. Publish and present (MISTI and CSI both Call for Papers for their conferences). Sorry, this is more than just "starting out"; start at #1 above with an idea of the following steps. There are also good tips on searchsecurity on the certs and such.
    15 pointsBadges:
    report
  • ItDefPat1
    I almost forgot two more great info sources: http://cccure.org/ http://www.certifiedsecuritypro.com/ What's happening in InfoSec... Too much focus on technology. Too much looking for the silver bullet solution. Too much focus on SSL, forgetting the other layers (OSI model). Trojans, worm, viruses, malware, rootkits, backdoors, and bots. Rule #1 of infosec, if they control your computer, the own you. OK, I've got to let the brain cool off for a while, but I'll probably be back.....
    15 pointsBadges:
    report
  • Richl01
    what is happening is compliance. new rules new regs, should be basic security but they now need regs to enforce and make companies spend $ for what they should have been doing all along. the greatest chalange is the user. trying to figure out how the user will circumvent your security practices before they do. and also keeping high security compliance with programs that dont care about security but should. then making sure the users can work and do thier job properly with all the security. recomendations run (just kidding) certs and specialize in a specific area like network or compliance regs, after you master one the others are simular for the basic ground work.
    0 pointsBadges:
    report
  • TyllerDurdent
    What is happening today in the field of information security? This is really a good question, i think the most important issue is the mobility. With the opening of the nets(specially Wi-Fi), the protection is becoming a headeche. Find politics and systems for improve the mobility security is a big challenge, without affect the speed and access to the net. What is the greatest challenge to a security specialist? This answers is based in three points of view: 1.Social: concientize people(inside the company) the risks, the vunerabilities and the preventions occurr in the net. 2.Tecnology: create new strategies for prevent and combat information delicts. 3.Personal: minimize the bugs, errors and vulnerabilities generated for fast development in my generated software. What recommendations would you make to someone who is just starting out in the field? Fisrt open your mind an increse your skills in all the ambits you can discover(nets, software programing, old and new used tecnologies, standards aplicated in the industry ,etc). After grand this mision, the second is specialize in any topic you like; is the only way you can become a good ISO(Information Security Officer).
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following