skill - All Articles - CISO Platform2024-03-29T13:54:58Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/skillChecklist: Skillset required for an Incident Management Personhttps://www.cisoplatform.com/profiles/blogs/checklist-skillset-required-for-an-incident-management-person2015-06-26T11:30:00.000Z2015-06-26T11:30:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span class="font-size-5"><strong>Technical Skills:</strong></span></p>
<p></p>
<p><span class="font-size-5"><strong>Major Areas Of Focus:</strong></span></p>
<ul>
<li>Incident Response</li>
<li>Computer Forensics</li>
<li>Network Security</li>
<li>Secure Architecture</li>
</ul>
<p><span>( <span id="docs-internal-guid-7e7ed265-388e-6366-f4ef-582ef45b2677"><span>Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/ciso-platform-top-it-security-influencers"><span>CISO Platform Top IT Security Influencers (Part 1)</span></a></span></span><b> )</b></p>
<p></p>
<p></p>
<p><span class="font-size-5"><strong>Conceptual (Understand How-It-Works):</strong></span></p>
<ul>
<li><strong>Fundamental security concepts</strong>- CIA Triad(Confidentiality,Integrity,Availability),Authentication vs Authorization vs Access control, Non-Repudiation etc.</li>
<li><strong>Working Principles & Protocols of Internet</strong>- TCP/IP, IPV4, IPV6 etc.</li>
<li><strong>Security Domains</strong>- MDM, IDS/IPS, Database, DLP etc.</li>
<li><strong>Transport Layer</strong>- SMTP, MIME etc.</li>
<li><strong>Social Engineering tactics</strong></li>
</ul>
<ul>
<li>**<strong>Network security</strong> (Protocols, Configurations, Infrastructure, Vulnerabilities)- MIM, Spoofing, Firewall, Routers, Public Data networks etc.</li>
<li>**<strong>Coding Practices</strong>- Secure coding, Malicious code, Buffer Overflows,Cross-site scripting etc.</li>
<li>** <strong>Coding Languages</strong>- C, Java, Perl, Shell, Awk etc.</li>
<li>**<strong>Encryption (Processes & Algorithms)</strong>- Digital Signature & Certificate, Hash Algorithms & Encrypted Hash, AES, DH Key Exchange, PGP, DES & Triple DES, Blowfish, Twofish, Serpent</li>
</ul>
<p>** - Preferably expertise level understanding and HandsOn in these areas, however basics must be tested first.</p>
<p></p>
<p></p>
<p><strong><span class="font-size-5"><strong>Expertise & handsOn:</strong></span></strong></p>
<ul>
<li><strong>Internet protocols</strong> - DNS, TLS, IPSEC, HTTP, TCP, UDP etc.</li>
<li><strong>OS</strong> - Windows,UNIX/Linux etc.</li>
<li><strong>File system</strong> - Zfs, NTFS, FAT etc.</li>
<li><strong>Encryption</strong> - PGP, symmetric/asymmetric, ECB/CBC operations, AES etc.</li>
<li><strong>DLP</strong> - network vs endpoint DLP, Vontu, Websense, Verdasys etc.</li>
<li><strong>eDiscovery & Digital Forensics Concepts/Technologies</strong> - Encase, FTK etc.</li>
<li><strong>Threat or Risk Modelling</strong> - STRIDE, DREAD, FAIR etc.</li>
<li><strong>Pentesting Fundamentals</strong></li>
<li><strong>Technical expertise</strong> - Windows, Linux, Solaris, AIX, OS400, Apple, Databases, Routers/Firewalls</li>
</ul>
<p></p>
<p></p>
<p></p>
<p><span class="font-size-5"><strong>Computer Forensics:</strong></span></p>
<ul>
<li><strong>Process</strong>- Data Extraction, Data Imaging, Data Preservation & Data Handling<br /> - Methodology for proper copy of storage devices that can be used as evidence<br /> - Tools like FTK, AccessData</li>
<li><strong>Popular tools</strong>- FTK, Access Data,Caine,EnCase etc.</li>
<li><strong>Techniques</strong>- Cross Drive Analysis(CDA), File Carving or Carving, Live Analysis, Steganalysis or Steganography Tools, Volatile Data Analysis</li>
</ul>
<p></p>
<p><span>( <span id="docs-internal-guid-7e7ed265-388e-c639-4f64-16d96865e352"><span>Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/preview-security-technology-adoption-in-enterprise-annualreport"><span>Pre-launch Preview: State of Security Technology Adoption in Enterprises - Annual Report 2015</span></a></span></span><b> )</b></p>
<p></p>
<p><span class="font-size-5"><strong>Added Certification</strong></span></p>
<ul>
<li>CISSP</li>
<li>ENCE(Encase Certified Examiner),</li>
<li>CCE, GCFE(GIAC Certified Forensic Examiner ),</li>
<li>GCFA(GIAC Certified Forensic Analyst),</li>
<li>GREM(GIAC Reverse Engineering Malware),</li>
<li>GCIA(GIAC Certified Intrusion Analyst),</li>
<li>GCIH(GIAC Certified Incident Handler),</li>
<li>CHFI, QSA, EnCE,</li>
<li>CCE(Certified Computer Examiner),</li>
<li>ACE(AccessData Certified Examiner),</li>
<li>CISM</li>
</ul>
<p></p>
<p></p>
<p><span class="font-size-5"><strong>Personal Skills:</strong></span></p>
<ol>
<li>Good Management abilities</li>
<li>Stress Handling Capability</li>
<li>Impromptu action taker</li>
<li>Good Reasoning abilities</li>
<li>Process defining abilities</li>
<li>Good Communication skills</li>
<li>Team worker </li>
</ol>
<p></p>
<p></p>
<p><span class="font-size-5"><strong>Notes</strong></span></p>
<p><strong>1. Test scenarios.</strong>Hand over test scenarios to the recruit, the process of resolving the problem will demonstrate - logical thinking, spontaneity, knowledge, forensic basics. This can be also done in idle teams as an exercise.</p>
<p><strong>2.</strong> <strong>Learner.</strong>Since information security changes every day, the personnel should be open to learning and eager to demonstrate them. Educational courses made can also be useful for other members outside CIRT.</p>
<p><strong>3. Think of hiring a hacker.</strong> Big companies are hiring hackers full-time to hack their systems, this enables faster resolving the easiest hackable points, moreover the hacker thinks like a hacker!</p>
<p><strong>4. Domain experts</strong> of certain fields can be a good choice like- applications, network, mail and database.</p>
<p><strong>5. Consider outsourcing</strong> this effort to a consultancy which results in lower costs as you don't need a team waiting for incidents to take place, rather treat only when affected. However, this must be preceded by references and study.</p>
<p><strong>6. A Legal Advisor</strong> can be of umpteen help, in assisting of gathering information, recommendations and remediation when an incident/breech takes places</p>
<p></p>
<p><span>(Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/brief-on-denial-of-service-dos">CISO Guide for Denial-of-Service (DoS) Security</a>)</b></p>
<p></p>
<p><strong><span class="font-size-5">Reference:</span></strong></p>
<p><a href="https://en.wikipedia.org/wiki/Computer_forensics">https://en.wikipedia.org/wiki/Computer_forensics</a></p>
<p><a href="https://en.wikipedia.org/wiki/Information_security">https://en.wikipedia.org/wiki/Information_security</a></p>
<p><a href="http://ptgmedia.pearsoncmg.com/images/1578702569/samplechapter/1578702569.pdf">http://ptgmedia.pearsoncmg.com/images/1578702569/samplechapter/1578702569.pdf</a></p>
<p><a href="https://msisac.cisecurity.org/resources/guides/documents/Incident-Response-Guide.pdf">https://msisac.cisecurity.org/resources/guides/documents/Incident-Response-Guide.pdf</a></p>
<p><a href="http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm">http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm</a></p>
<p><a href="http://www.bankinfosecurity.in/incident-response-5-critical-skills-a-4214/op-1">http://www.bankinfosecurity.in/incident-response-5-critical-skills-a-4214/op-1</a></p>
<p><a href="http://www.cisoplatform.com/page/state-of-salary-of-it-security-professionals-in-india-2015"><img src="{{#staticFileLink}}8669801067,original{{/staticFileLink}}" class="align-full" alt="8669801067?profile=original" /></a></p></div>Cyber Security Skills Gaps lends to shortage of IS professionalshttps://www.cisoplatform.com/profiles/blogs/cyber-security-skills-gaps-lends-to-shortage-of-is-professionals2020-06-04T13:01:29.000Z2020-06-04T13:01:29.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform323<div><p><span style="font-size:10pt;">[Posted on Behalf of <strong>Dennis Leber Cybersecurity Executive | CISO | Board Member | Educator | Speaker | Author</strong>] </span></p>
<p><span style="font-size:12pt;"><strong>Cyber-Security Skills Gap</strong></span><br /><br /><span>Recent events have brought attention to cyber-security, and the need for highly skilled, and trained cyber-security professionals. Events such as the data breach of Target, which exposed 40 million credit and debit cards, resulted in 70 million records being stolen that included names, addresses, email addresses, and phone numbers, and resulted in over $200 million in cost for credit unions and banks to reissue 21.8 million cards. This breach cost Target $100 million to upgrade their payment terminals, and 1 to 3 million cards were successfully sold on the black market which resulted in approximately earning the hackers $53.7 million dollars. (“The Target Breach: By the Numbers”, 2014)</span><br /><br /><span>The shortage of cyber security professionals was highlighted in the Target case. At the time of this breach Target did not have a Chief Information Security Officer (CISO) or Chief Security Officer (CSO). (Target’s Chief Information Officer Resigns, 2014) In a recent research conducted by RAND National Security Research Division, Libicki, M., Senty, D. & Pollak, J. (2014), found that there is a shortage of cyber security professionals both inside the US Government and the private sector. This report further found that these shortcomings were larger at the top of the capability scale.</span><br /><br /><span>An overwhelming theme with these studies is the mention of the shortage of cyber-security professionals, and that the shortage is due to a lack of skills possessed by individuals to fill these shortages (Libicki, 2014) with the mention of a skills gap there is never a solid definition of these skills. It is the identification of these required skills, and the development of programs to aid IT professionals in becoming proficient in cyber security that will turn the tide, and begin to fill the numerous open positions.</span><br /><br /><span style="font-size:12pt;"><strong>Articles</strong></span><br /><span>The driving articles and theories that inspired this article are studies conducted by RAND National Security Research Division, Libicki, M., Senty, D. & Pollak, J. (2014), research conducted by the company Enterprise Strategy Group (Oltsik, 2014)</span><br /><br /><span>Some of the highlights from the RAND presented key findings:</span><br /><br /><span>Shortages occurred at the high end of the cyber-security workforce. This includes the top 1 to 5 percent of the cyber-security professionals. This shortage exists in the workforce that requires more than a base set of competencies.</span><br /><span>Larger organizations have overcome these shortages through internal promotions, education, and focused training. This is directly related to the available budget to invest in these programs. It was also determine that smaller firms simply cannot afford to take this approach and loss talent to the bigger, well-funded firms.</span><br /><span>Organizations have identified some personality traits such as the curiosity of how things work or fail as an indicator of success in cyber-security.</span><br /><span>Academia organizations have raised to the challenge of training cyber-security professionals, and done a good job of staffing qualified professors addressing individual niches in the IT industry.</span><br /><span>The ESG key findings are:</span><br /><br /><span>30% of organizations said that their network security staff skills are inadequate</span><br /><span>44% of organizations stated that the networking/security staff with strong knowledge in both security and networking is inadequate</span><br /><span>38% of the organizations stated the ability of the staff to keep up with security changes is inadequate</span><br /><span>37% of organizations stated the security staff is inadequate in keeping up with the threat landscape</span><br /><span>47% of the organizations stated a shortage in network security staff<br /></span><br /><span style="font-size:12pt;"><strong>Summary</strong></span><br /><br /><span>The shortages in cyber-security professionals; which recent breaches across various industries have highlighted, continues to demonstrate the need for specialized focus on cyber security, and investment in cyber security programs. This includes training for professionals, investment in solutions, and resources. These facts demonstrate that these investments need to be made at the top of organizations.</span></p></div>