2. Tim Warren
Company: Neuberger Berman
Industry: Financial Services
We manage investments for
people and institutions
Located: New York
Title: Lead Engineer/Vice President
4. What Is Information Security
Information Security is the process of keeping information
secure: maintaining
Confidentiality
Integrity
Availability
The terms information security, computer security and
information assurance are frequently used interchangeably.
These fields are interrelated and share the common goals of
protecting the confidentiality, integrity and availability of
information; however, there are some subtle differences
between them.
5. Information Security Programs
Companies build programs to run their Infosec departments
Infosec programs are built around the core objectives of the CIA triad:
Confidentiality
Integrity
Availability of IT systems and business data.
These objectives ensure that sensitive information is only
disclosed to authorized parties (confidentiality)
prevent unauthorized modification of data (integrity)
guarantee the data can be accessed by authorized parties (availability).
6. What are the subject mater areas of
Information Security
7. Information Security Organizations
Large enterprises create a dedicated security group to implement and maintain the
organization's InfoSec program.
The security group is generally for conducting risk management, a process through which
vulnerabilities and threats to information assets are continuously assessed, and the appropriate
protective controls are decided on and applied.
The goal in part is to protect the organization from
Ransom warePhishing Attacks Identity TheftMalware
8. Information Security Organizations
Jobs within the information security field vary in their titles, but some common
designations include :
Chief Information Security Officer (CISO)
$103,071 - $214,236
Chief Security Officer (CSO)
$64,735 - $200,000
Security Engineer
57,254 - $125,073
Information Security Analyst
$49,478 - $102,185
Security Systems Administrator
$41,197 - $97,375
IT Security Consultant
$53,206 - $108,696
12. Information Security
Identity Management(IdM)
In computer security, identity and access management (IdM) is the security and business
discipline that "enables the right individuals to access the right resources at the right
times and for the right reasons". It addresses the need to ensure appropriate access to
resources across increasingly heterogeneous technology environments and to meet
increasingly rigorous compliance requirements.[1]
IdM covers issues such as how users:
gain an identity
the protection of that identity
the technologies supporting that protection (e.g., network
protocols, digital certificates, passwords, etc.).
14. Daily
Ensure that User records where processed in over night batch jobs
Communicate to hiring mangers their users status
Check application logs for errors
Update project status
Plan for afterhours and weekend changes
New project initiation
Engineering for new integrations
Level 3 support
15. Systems
Active Directory – For authentication and group membership
Virtual Directories for authentication and attribute extension
Secure Token – Token for 2nd factor authentication
Public Key Infrastructure PKI, SSL/TLS Certificates and encryption
Single Sign On(SSO)
User Onboarding systems
Help Desk management of users
Employee Information systems
16. Additional Questions
Education requirements after high school?
A minimum of an Bachelors Degree for entry level positions
For advance positions at least 5+ years of additional experience
What should students take to prepare themselves for this career?
Mathematics
Programming
Psychology
Advice
The security landscape changes day to day. Ground yourself in the basic concepts you need to know
such as
Fundamental computer science or how a computer works. CPU’s, RAM, registers, gates, etc
TCP/IP networking and routing
17. Resources
Your Librarian – Yes your library
Security Now – Podcast/Webcast
https://twit.tv/shows/security-now
How the Internet works https://twit.tv/shows/security-now/episodes/309
How SSL/TLS Works https://twit.tv/shows/security-now/episodes/195
SANS Institute – Information Security Resources
https://www.sans.org/security-resources/
Notas do Editor
Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take
People confuse Information with computer security and cyber security
Companies develop information security programs around a model know as the CIA
Confidentiality
Integrity
Availability of IT systems and business data.
These objectives ensure that sensitive information is only
disclosed to authorized parties (confidentiality)
prevent unauthorized modification of data (integrity)
guarantee the data can be accessed by authorized parties (availability).
What are the subject that make up Information security?
Network Security Access Controls
Business Continuity
Confidentiality
Risk Assessment
Compliance
To deter attackers and mitigate vulnerabilities at various points, multiple security controls are implemented and coordinated as part of a layered defense in depth strategy. This should minimize the impact of an attack. To be prepared for a security breach, security groups develop incident response plan (IRP). This should allow them to contain and limit the damage, remove the cause and apply updated defense controls.