Major Areas Of Focus:
- Incident Response
- Computer Forensics
- Network Security
- Secure Architecture
( Read More: CISO Platform Top IT Security Influencers (Part 1) )
Conceptual (Understand How-It-Works):
- Fundamental security concepts- CIA Triad(Confidentiality,Integrity,Availability),Authentication vs Authorization vs Access control, Non-Repudiation etc.
- Working Principles & Protocols of Internet- TCP/IP, IPV4, IPV6 etc.
- Security Domains- MDM, IDS/IPS, Database, DLP etc.
- Transport Layer- SMTP, MIME etc.
- Social Engineering tactics
- **Network security (Protocols, Configurations, Infrastructure, Vulnerabilities)- MIM, Spoofing, Firewall, Routers, Public Data networks etc.
- **Coding Practices- Secure coding, Malicious code, Buffer Overflows,Cross-site scripting etc.
- ** Coding Languages- C, Java, Perl, Shell, Awk etc.
- **Encryption (Processes & Algorithms)- Digital Signature & Certificate, Hash Algorithms & Encrypted Hash, AES, DH Key Exchange, PGP, DES & Triple DES, Blowfish, Twofish, Serpent
** - Preferably expertise level understanding and HandsOn in these areas, however basics must be tested first.
Expertise & handsOn:
- Internet protocols - DNS, TLS, IPSEC, HTTP, TCP, UDP etc.
- OS - Windows,UNIX/Linux etc.
- File system - Zfs, NTFS, FAT etc.
- Encryption - PGP, symmetric/asymmetric, ECB/CBC operations, AES etc.
- DLP - network vs endpoint DLP, Vontu, Websense, Verdasys etc.
- eDiscovery & Digital Forensics Concepts/Technologies - Encase, FTK etc.
- Threat or Risk Modelling - STRIDE, DREAD, FAIR etc.
- Pentesting Fundamentals
- Technical expertise - Windows, Linux, Solaris, AIX, OS400, Apple, Databases, Routers/Firewalls
- Process- Data Extraction, Data Imaging, Data Preservation & Data Handling
- Methodology for proper copy of storage devices that can be used as evidence
- Tools like FTK, AccessData
- Popular tools- FTK, Access Data,Caine,EnCase etc.
- Techniques- Cross Drive Analysis(CDA), File Carving or Carving, Live Analysis, Steganalysis or Steganography Tools, Volatile Data Analysis
- ENCE(Encase Certified Examiner),
- CCE, GCFE(GIAC Certified Forensic Examiner ),
- GCFA(GIAC Certified Forensic Analyst),
- GREM(GIAC Reverse Engineering Malware),
- GCIA(GIAC Certified Intrusion Analyst),
- GCIH(GIAC Certified Incident Handler),
- CHFI, QSA, EnCE,
- CCE(Certified Computer Examiner),
- ACE(AccessData Certified Examiner),
- Good Management abilities
- Stress Handling Capability
- Impromptu action taker
- Good Reasoning abilities
- Process defining abilities
- Good Communication skills
- Team worker
1. Test scenarios.Hand over test scenarios to the recruit, the process of resolving the problem will demonstrate - logical thinking, spontaneity, knowledge, forensic basics. This can be also done in idle teams as an exercise.
2. Learner.Since information security changes every day, the personnel should be open to learning and eager to demonstrate them. Educational courses made can also be useful for other members outside CIRT.
3. Think of hiring a hacker. Big companies are hiring hackers full-time to hack their systems, this enables faster resolving the easiest hackable points, moreover the hacker thinks like a hacker!
4. Domain experts of certain fields can be a good choice like- applications, network, mail and database.
5. Consider outsourcing this effort to a consultancy which results in lower costs as you don't need a team waiting for incidents to take place, rather treat only when affected. However, this must be preceded by references and study.
6. A Legal Advisor can be of umpteen help, in assisting of gathering information, recommendations and remediation when an incident/breech takes places
(Read more: CISO Guide for Denial-of-Service (DoS) Security)