security
DESCRIPTION
IT SecurityTRANSCRIPT
ZukoZuko LopezLopezNetwork Security ProfessionalNetwork Security Professional
http://www.myspace.com/zuko60http://www.myspace.com/zuko60
http://www.linkedin.com/in/zuko60http://www.linkedin.com/in/zuko60
http://www.task.to/http://www.task.to/
http://www.meetup.com/Toronto-CISSP/mhttp://www.meetup.com/Toronto-CISSP/members/8327532/embers/8327532/
IT SecurityIT Security
Some say that in order to achieve 100% Some say that in order to achieve 100% security in your computer or network you security in your computer or network you have to avoid buying or creating one.have to avoid buying or creating one.
But that is not IT or PC securityBut that is not IT or PC security
DAHHHHHDAHHHHH Others say that if you want 100% IT Others say that if you want 100% IT
Network or PC security buy a PC but leave Network or PC security buy a PC but leave it unpacked and DON’T create a network!!!it unpacked and DON’T create a network!!!
Humm!!!!Humm!!!!
BUT what is the purpose or use of an BUT what is the purpose or use of an unpacked PC or a non existent unpacked PC or a non existent network???network???
Even if you leave a PC unpacked you Even if you leave a PC unpacked you are not sure if it is already infected are not sure if it is already infected with a Trojan, spyware, Adware or is with a Trojan, spyware, Adware or is lacking an important security patch or lacking an important security patch or upgrade on the OS or any software or upgrade on the OS or any software or browsers that have been preinstalled.browsers that have been preinstalled.
With one simple phrase we could With one simple phrase we could confidently say:confidently say:
““100% PC or Network 100% PC or Network security is an UTOPIAsecurity is an UTOPIA.”.”
What is IT Security?What is IT Security?
IT SecurityIT Security
Before we can answer that question Before we can answer that question let us define some It Security fields, let us define some It Security fields, so that at the end you can find the so that at the end you can find the answer according to your field or answer according to your field or expertise.expertise.
IT Security Fields
IT Security
Design and Implementation
Monitoring
Management
Prevention
Auditory
Damage Control
In not particular orderIn not particular order
How I become an It security How I become an It security expert?expert?
IT security is a somewhat new and IT security is a somewhat new and old field and with many branches as old field and with many branches as you just saw.you just saw.
In the early days and IT security In the early days and IT security expert had to do everything and expert had to do everything and learn everything related to a PC or learn everything related to a PC or network security.network security.
Today is impossible to become an Today is impossible to become an expert on every field of IT security.expert on every field of IT security.
If you want to become a security If you want to become a security expert you have to find what is the expert you have to find what is the field that you like the most an prepare field that you like the most an prepare yourself toward that field and you will yourself toward that field and you will not become bored or burned out thru-not become bored or burned out thru-out your work lifetime.out your work lifetime.
Remember IT will always be a growing Remember IT will always be a growing field, industry or science as you want field, industry or science as you want to call it.to call it.
Back in the early days you became an Back in the early days you became an It security expert at the work place.It security expert at the work place.
NOW there are colleges or universities NOW there are colleges or universities or IT school programs to become an or IT school programs to become an expert on all the different fieldsexpert on all the different fields
More over there are a plethora of More over there are a plethora of certifications that you could pursue in certifications that you could pursue in order to call yourself an expert on a order to call yourself an expert on a plethora of IT security fields.plethora of IT security fields.
IT Security as seen on the previous IT Security as seen on the previous diagram could be split on diagram could be split on management, hardware and management, hardware and software.software.
Each one of these could be further Each one of these could be further split into other subfieldssplit into other subfields
Some are basic and other are more Some are basic and other are more advanced level of expertise.advanced level of expertise.
Back to our chartBack to our chart
IT Security
Design and Implementation
Monitoring
Management
Prevention
Auditory
Damage Control
In not particular orderIn not particular order
Security Security CertificationsCertifications
Not all and in not particular orderNot all and in not particular orderFor more info visit the vendors websitesFor more info visit the vendors websites
CompTIACompTIA Security +Security +
Security Certified ProgramSecurity Certified Program
Security AwarenessSecurity Awareness SCNSSCNS - - Security Certified Network SpecialistSecurity Certified Network Specialist SCNPSCNP - - Security Certified Network ProfessionalSecurity Certified Network Professional SCNASCNA - - Security Certified Network Architect Security Certified Network Architect CPE for CISSPCPE for CISSP - - CPE Credits for CISSP Certificate-CPE Credits for CISSP Certificate-
holderholder
CISCOCISCO Network SecurityNetwork Security
CCENTCCENT (entry Level)(entry Level)
CCNA SecurityCCNA Security (Associate)(Associate)
CCSPCCSP (Professional)(Professional)
CCIE SecurityCCIE Security (expert)(expert)
VPN and Security CertificationsVPN and Security Certifications
Cisco ASA SpecialistCisco ASA Specialist
Cisco IPS SpecialistCisco IPS Specialist
Cisco Network Admission Control Cisco Network Admission Control SpecialistSpecialist
Cisco Security Sales SpecialistCisco Security Sales Specialist
Cisco Security Solutions and Design Cisco Security Solutions and Design SpecialistSpecialist
CISCOCISCO Cisco Firewall Specialist Cisco Firewall Specialist Requires:Requires: CCNA + 2 Exams CCNA + 2 Exams
Cisco VPN Specialist Cisco VPN Specialist Requires:Requires: CCNA + 2 Exams CCNA + 2 Exams
Cisco IDS Specialist Cisco IDS Specialist Requires:Requires: CCNA + 2 Exams CCNA + 2 Exams
CCSP - Cisco Certified Security CCSP - Cisco Certified Security Professional Professional Requires:Requires: CCNA + 5 Exams CCNA + 5 Exams
Learning TreeLearning Tree
Security CoursesSecurity Courses
NSCP - NSCP - Network Security Certified ProfessionalNetwork Security Certified Professional
CIWCERTIFIEDCIWCERTIFIED
CIWCIW - Security Professional - Security Professional
(ISC)²(ISC)²
International Information SystemsInternational Information Systems
Security Certification ConsortiumSecurity Certification Consortium
Associate of (ISC)²Associate of (ISC)²SSCPSSCP - - Systems Security Certified PractitionerSystems Security Certified Practitioner
CAPCAP - - Certification and Accreditation ProfessionalCertification and Accreditation Professional
CSSLPCSSLP - - Certified Secure Software Lifecycle Certified Secure Software Lifecycle ProfessionalProfessional
CISSPCISSP - - Certified Information Systems Security Certified Information Systems Security ProfessionalProfessional
(ISC)²(ISC)²
CISSP ConcentrationsCISSP ConcentrationsISSAPISSAP - - Information Systems Security Architecture Information Systems Security Architecture
ProfessionalProfessional
ISSEPISSEP - - Information Systems Security Engineering Information Systems Security Engineering ProfessionalProfessional
ISSMPISSMP - - Information Systems Security Management Information Systems Security Management ProfessionalProfessional
GIACGIAC
International Information SystemsInternational Information Systems
Security Certification ConsortiumSecurity Certification Consortium
Certifications many offered Certifications many offered
Follow the linkFollow the link
http://www.giac.org/certifications/http://www.giac.org/certifications/
RSA SecurityRSA Security
RSA RSA Certified Security ProfessionalCertified Security Professional
RSA RSA SecurIDSecurID Certified Systems Engineer (CSE) Certified Systems Engineer (CSE) RSA RSA SecurIDSecurID Certified Administrator (CA) Certified Administrator (CA) RSA RSA enVisionenVision Certified Systems Engineer (CSE) Certified Systems Engineer (CSE) RSA Access Manager Certified Systems EngineeRSA Access Manager Certified Systems Enginee
r (CSE)r (CSE)
RSA Digital Certificate Management Solutions CRSA Digital Certificate Management Solutions Certified Systems Engineer (CSE)ertified Systems Engineer (CSE)
RSA DLP Suite Certified Systems EngineerRSA DLP Suite Certified Systems Engineer
BrainBenchBrainBench
Information Security AdministratorInformation Security Administrator
OtherOther Certification TestsCertification Tests offered by offered by
BrainBenchBrainBench
SECURITYSECURITY
SCP Corporate SCP Corporate
Security Certified Network Specialist Security Certified Network Specialist
Security Certified Network ProfessionalSecurity Certified Network Professional
Security Certified Network ArchitectSecurity Certified Network Architect
EC CouncilEC Council
Certified Ethical HackerCertified Ethical Hacker
CPTCPT
Certified Penetration testerCertified Penetration tester
Some but not all the companies that Some but not all the companies that offer this certification or coursesoffer this certification or courses
GIACGIAC
IACRBIACRB
EC-CouncilEC-Council
Hardware FirewallsHardware Firewalls
You can become an expert and obtain a You can become an expert and obtain a certifications on some of the most certifications on some of the most common firewalls in the marketcommon firewalls in the market
SonicwallSonicwall CiscoCisco JuniperJuniper SmoothWallSmoothWall GTAGTA
PreventionPrevention
User SecurityUser Security
You are the principal USER.You are the principal USER.
As an expert your obligation is to be up to As an expert your obligation is to be up to date in new technologies, training, date in new technologies, training, threats, patches, updates and as well to threats, patches, updates and as well to educate the non technical user at home educate the non technical user at home and at your workplace.and at your workplace.
Security starts with you and you are the Security starts with you and you are the first one whom will pay the consequences first one whom will pay the consequences of any security breach. of any security breach.
Lets begin with security basicsLets begin with security basics Antivirus, Spyware, Adware, Spam and Antivirus, Spyware, Adware, Spam and
software firewallssoftware firewalls
These can be monitor an managed at a These can be monitor an managed at a home an corporate level.home an corporate level.
There are various Antivirus suites to There are various Antivirus suites to achieve this level of security and more achieve this level of security and more often than not you become an expert by often than not you become an expert by using and monitoring these suites at using and monitoring these suites at home or workplace.home or workplace.
So far I don’t know of any certifications So far I don’t know of any certifications for this level of expertise unless that it for this level of expertise unless that it fits into another certifications.fits into another certifications.
Design and ImplementationDesign and Implementation
So Far This is all I got More to comeSo Far This is all I got More to come
ZUKO60ZUKO60