Play watchguard on the Web

In today’s networked world, organisations and enterprises depend on different kinds of information technology solutions such as e-commerce, e-governance, e-learning, e-banking etc.

All communications must be secured and under control as the information stored and conveyed is ultimately an invaluable resource to the business.

Securing vital resources and information in the network is the most challenging feat for a system enterprise.

A career in Information Security can be an exciting opportunity that offers the ability to significantly contribute to a company or public entity by securing their critical information assets.

The demand for cyber security experts is booming across the world, especially after the Mumbai terror attacks, Chinese cyber attacks on different countries and bomb blasts in various parts of India.   Ethical hackers have found recognition in enterprises where they help in plugging the vulnerable zones in a website or a network through which intruders can get access to unauthorised information. It has already become one of the hottest career opportunities available.

Job overview
Information Security is the protection of confidential and proprietary information on computer systems from unauthorised access, use, disclosure, disruption, modification or destruction.

Organisations are relying more on IT security professionals to protect not only their information assets but also brand reputation, market value and to meet compliance regulations. It is evident now that, security professionals have become an integral part of an organisation’s business model.

The field of information security has grown significantly in recent years. There are many areas for specialisation including Information Systems Auditing, Business Continuity Planning and Digital Forensics Science, to name a few. There are also specific information security technical certifications that can assist in getting started.

Skill set
Security professionals must be  able to deploy, manage and monitor the software and hardware that security vendors provide. Hands-on experience and industry or vendor certification count for much more than any particular academic degree.

Professionals wanting to venture into this domain will have to hone skills beyond their IT knowledge and technical know-how. Soft skills in management and communications, as well as understanding of policies, processes and personnel will only add to their advantage.

Study route
There are many different paths that you can take to get into the industry. Some of the most typical paths include:
*IT roles including people with varied application and infrastructure backgrounds
*IT Audit Professionals
*Corporate compliance groups
*Direct hires with information security degrees

A degree in a computer-related field such as Computer Science or Management Information Sciences (MIS)is a must. A more recent trend is a shift of preference towards a degree in Information Security or Information Assurance. Though there are specialised postgraduate courses in engineering for Information Security, there are specialised certification exams available too.

Obtaining information security training and certifications is one of the primary methods of getting started or advancing one’s career in Information Security.

For starters, those interested in security should pursue certifications that will help them gain general IT skills. Network certifications such as Network+ from the Computing Technology Industry Association (CompTIA) or the Cisco Certified Network Associate (CCNA) will help provide a strong foundation of general network knowledge.

In addition to network certifications, for those who wish to work with Windows systems, the Microsoft Certified Systems Engineer (MCSE): Security can prove to be useful. For general security practitioners, a good entry-level certification is the CompTIA Security+ certification. It provides the basic knowledge one needs for securing a network, and it is slowly gaining in popularity and recognition.

The most recognised certification for general security practitioners is the Certified Information Systems Security Professional (CISSP) from the International Information Systems Security Certification Consortium (www.isc2.org), a group industry leaders created in 1989. This certification requires candidates not only to demonstrate knowledge of 10 areas of information security but also document at least four years of security experience.

A thorough understanding of each of these domains is not required. For those interested in general security certifications  or more specific security certifications, SANS offers many highly-regarded certifications. Certifications such as the GIAC Security Essentials Certification (GSEC) are good for representing broad security knowledge, and more-specialised certificates such as the GIAC Certified Firewall Analyst (GCFW), GIAC Certified Forensics Analyst (GCFA) and GIAC .Net (GNET) provide more detailed coverage for precise areas of information security.

The Information Systems Audit and Control Association (www.isaca..org) offers training and certifications for those interested in auditing. Its Certified Information Systems Auditor (CISA) certification was created in 1978 and continues to be a respected and popular certification for auditors.

Some of the popular certifications that focus on information security:
*CISSP — Certified Information Systems Security Professional
*ISSAP — Information Systems Security Architecture Professional — a CISSP certification with a concentration in information systems security architecture.
*ISSEP — Information Systems Security Engineering Professional — a CISSP certification with a concentration in information systems security engineering.
*ISSMP — Information Systems Security Management Professional — a CISSP certification with a concentration in information systems security management.
*CISM — Certified Information Security Manager
*CSSLP — Certified Secure Software Lifecycle Professional
*SSCP — Systems Security Certified Practitioner
Certification in ethical hacking /penetration testing are:
*CEH — Certified Ethical Hacker
*CHFI— Computer Hacking Forensic Investigator
*LPT — Licensed Penetration Tester
Career progression
IT security is transforming from tactical strategies to information risk management. The traditional role of IT security was confined to firewall configurations and antivirus updates.

A fresher will typically  start working  as a system administrator and will gradually move on to gain the role of a security engineer. Three to four years of experience and certifications  (CISSP and CISM) will help one move on to a managerial position.

With CISM credentials, professionals will be developing information security strategies, writing information security policies, managing information security and personnel, and ensuring security policy compliance.

The next step in the hierarchy will be to concentrate on specific domain of security and proceed ahead. If a person gets a CISA certification, which is a well-reputed IT Audit certification, he/she can move on to be a security advisor to companies or can even venture into independent consulting.

Those who choose a different area of specialisation can then gain expertise into niche domains of forensics, penetration testing or IT- Governance.

Educational institutions that offer courses and certification programmes include:

*Indian Institute of Information Technology, Allahabad
*Institute of Management and Technology, Ghaziabad
*Amrita School of Engineering, Coimbatore
*Yashwantrao Chavan Maharashtra Open University, Nashik, Maharashtra
*Faridabad Institute Of Management Studies, Faridabad, Haryana
*University Of Hyderabad,  Hyderabad
*Symbiosis Centre For Information Technology, Pune
*Indraprastha Institute of Information Technology, New Delhi
*International Institute of Information Technology, Hyderabad
*Indian Institute of Technology, Guwahati
*DAV School of Computer Science and Information Technology, Indore
*Arulmigu Kalasalingam College Of Engineering, Krishnankoil, Tamil Nadu
*University of Madras
*National Institute of Technology Rourkela, Rourkela
*Ambedkar Institute of Technology, New Delhi

It’s nearly impossible to provide a complete list of certifications that might be of potential value to a security consultant — mainly because they are all too varying degrees. Check out the ISSA.org website and look up their ‘Industry Certifications’ list for more information.