Wednesday, July 6, 2011

Get Securitrained: Be Aware, Be Skilled, Be Certified

With the industry full of examples gateway mt6459 keyboard, gateway mt6916 keyboard of security vulnerabilities both in commercially off-the-shelf (COTS) free it exam download products and software developed in-house, security education is critical for today's enterprise.

Having your personnel "securitrained" — that is, made aware, skilled and certified in information security areas — is essential for designing, developing and deploying secure hack-resilient software.

Chinese war strategist Sun Tzu once said that knowing your enemy but not knowing yourself will lead you to defeat every time. To put it another way, awareness is the first step in security education: awareness of product, process and personnel.

First, IT pros should be aware not only of the security features of the product, but also of the implementation of those features. Merely having secure features in a product does not constitute a secure product.

Awareness of processes also is important. My previous article, "Software Without Seat Belts," alludes to some of these process-centric tasks, covering security processes in the Systems Development Life Cycle (SDLC) that are necessary for building secure software.

In addition to product and ibm thinkpad r40 keyboard, ibm thinkpad r40e keyboard process awareness, personnel awareness is important. Employees should be aware of the consequences of breaches in software security — including data disclosures; denial of service; legal, privacy and regulatory oversight; loss of competitive advantage; and/or irreparable reputational damages — so that such detrimental outcomes can be avoided.

The next stage in security education is to get your people skilled in information security. As Queen Elizabeth II once said, "You can do a lot if you are properly trained."

Training programs should focus on changing people's ccna exam download inherent behavior so that security becomes second nature to them. Effective training programs take into account three fundamental elements: message, audience and delivery.

The message should be tailored to the audience (management, technical, operational) and should range from the very basics of information security to advanced exploit development and a hands-on technical curriculum.

Good training programs also deliver the message in creative ways, be it instructor-led (effective but inhibitive to scale), online training or live-recorded sessions. Additionally, a successful training program has a loop-back mechanism apple 922-6132 keyboard, apple 922-6901 keyboard to take user feedback and incorporate it into the training message periodically. This keeps the course relevant, dynamic and fresh.

The third step in security education is to assess and qualify your trained professionals. Security certifications validate an individual's broad knowledge of a domain area. It must be noted that these certifications are broad for a reason, as most of the in-depth knowledge is developed on the job, with hands-on experience, and therefore cannot be expected to be the same from one company to another.

In addition, security certifications aid immensely in career growth. A search for security jobs on Monster.com, Dice.com or another job board lists some kind of certification — whether it's the gold-standard Certified Information Systems Security Professional (CISSP), or another — as a free Microsoft practice tests requirement.

Ultimately, getting "securitrained" compaq presario cq60 keyboard, compaq presario cq61 keyboard is a major step for an IT security professional's career.

No comments:

Post a Comment