Showing posts with label it security. Show all posts
Showing posts with label it security. Show all posts

Thursday, 9 June 2016

Discover 5 new accelerated IT security courses from Firebrand

 By Sarah Morgan


With over 700 million data records estimated to have been stolen in 2015, security is currently one of the most sought-after skills in IT. It is expected that the cyber security industry will be short of 1.5 million skilled professionals by 2019, as demand outstrips supply. For businesses, it is more important than ever to stay ahead of cyber criminals, implementing rigorous IT security infrastructure. Demand for skilled IT security professionals has never been higher. 
The costs of cyber crime to businesses are huge.
Photo courtesy of Flickr / SEOPlanter

This has fuelled demand for cyber security certifications alongside the development of brand new ones. Firebrand has released five new accelerated certification courses at the forefront of IT security. Below we breakdown the key information of these new certifications, highlighting what skills they’ll teach you and what makes each of them unique.

1. AXELOS Cyber Resilience: Foundation & Practitioner (RESILIA™)


The AXELOS RESILIA course gives you the knowledge and skills to prevent, detect and respond to organisational cyber attacks. It teaches you to manage the components of Cyber Resilience and blends the techniques with your existing managerial systems. It covers topics like risk management, cyber security resilience operations and continual improvement. It is the perfect certification to give you a managerial overview of implementing cyber security best practice.

Firebrand’s accelerated 3 day course, which is 50% faster than traditional training, covers both the Foundation and Practitioner curriculums and includes both exams at our training centre. This certification is from AXELOS, the creators of the world famous PRINCE2.


2. ISACA Certified Cybersecurity Practitioner (CSX)


ISACA, the creators of the CISA and CISM certifications, have recently released the CSX Practitioner. It is one of the most hands-on cyber security courses available, teaching you real-world skills you can implement immediately. It does this through five domains: Identify, Detect, Protect, Respond and Recover. These cover every stage of a potential cyber attack, giving you the complete range of knowledge and skills. Specific skills you’ll learn include implementing cybersecurity controls, analysing and monitoring network output and escalating incidents and attacks. 

Our accelerated 9 day course is 44% faster than traditional training and includes learning half of your skills through practical lab exercises in a virtual cyber environment. You’ll sit a practical performance based exam, demonstrating your skills as a cyber security first responder.


3. EC-Council Certified Chief Information Security Officer (CCISO)


The CCISO teaches you to master the technical aspects of security management through the five domains of EC-Council's CCISO Body of Knowledge. These are Governance, Information Security Management Controls and Auditing Management, Management – Projects and Operations, Information Security Core Competencies and Strategic Planning & Finance. You’ll learn knowledge and skills in areas like information security laws, regulations and guidelines, the Audit Management Process and security strategic planning.

Firebrand is the exclusive launch partner for the CCISO in England. Our 3 day course is 25% faster than traditional training and includes the exam. It’s creators, EC-Council, are the force behind the popular Certified Ethical Hacker certification.


4. GIAC Security Essentials (GSEC)

Photo courtesy of Flickr / Yuri Samoilov

The GSEC course from GIAC is among the most popular entry-level security certifications on the market. It is designed to build the strong foundations of your cyber security knowledge or bridging any gaps in your existing knowledge of IT security fundamentals. The GSEC covers a huge range of security topics like firewalls, DNS, common types of attacks, authentication and password management and vulnerability scanning.

Firebrand’s GSEC course is only 5 days (28% faster than traditional training) and is ideal for developing the knowledge of security professionals as well as managers. GIAC are also the providers of the GICSP certification in IT security. 


5. GIAC Penetration Tester (GPEN)


Learn specialist penetration testing skills with GIAC’s GPEN course. It teaches you to assess networks and find vulnerabilities that could be maliciously exploited. Penetration testing skills are rare and valuable to employers. The GPEN certification proves you have diversified your security skills into a unique and technical area .These skills increase your worth to employers. The GPEN covers areas like reconnaissance, web application probing and advanced password attacks.

On our accelerated 5 day course (28% faster than traditional training), you’ll conduct a real penetration test, giving you practical skills that are relevant and can make an immediate impact in the real-world. Plus, GIAC are the official certification body of The SANS Institute. 


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Monday, 16 May 2016

5 reasons to get ISACA CSX Practitioner certified

 By Sarah Morgan


The current shortage of cyber security skills is a massive employment opportunity. According to government research, two-thirds of big UK businesses have been targeted by a cyber attack in the last 12 months. This means businesses are searching desperately for people with the skills to make sure they’re not the victim of the next high-profile cyber attack.

The CSX Practitioner is one of the newest cyber security certifications on the market. It can be the perfect way to get the cyber security skills to take advantage of this massive opportunity. Below are the five best reasons why you should be looking to get CSX Practitioner certified.

1. Opportunity for employment


There are more cyber attacks happening than ever before, with over 700 million data records estimated to have been stolen in 2015. These include companies like TalkTalk
(157,000 records stolen, costing £60 million), EBay (145 million records stolen, costing an estimated £18 million), Target (70 million records stolen, costing £100 million) and T-Mobile (15 million records stolen, costing £13.2 million).

Cyber security job growth, at 74%, has increased at twice the rate of the overall IT jobs market since 2007. It is expected that by 2019, the industry will be short of 2 million cyber security professionals. This means there isn’t enough properly trained protection for businesses, creating a huge demand for professionals with high-level cyber security skills. The CSX Practitioner course will develop the cyber security skills that businesses are seeking. Whilst achieving the certification is the proof you have these skills.
Image courtesy of Sira Anamwong
/freedigitalphotos.net

2. Potential future career earnings


The CSX Practitioner course develops the technical security skills required in job roles like Cyber Security Analyst or Cyber Security Engineer. These roles command competitive salaries averaging around £50,000+  (all average salaries according to itjobswatch.co.uk).

The CSX Practitioner certification is the starting point for a journey towards many high-level cyber security roles. After you’ve progressed your career with experience in the cyber security industry, you’ll be able to aim for roles like Cyber Security Consultant (£62,500), Cyber Security Architect (£70,000), Cyber Security Manager (£70,000) and Head of Cyber Security (£97,500). You can also follow the CSX pathway, progressing onto the Specialist, then the Expert certifications. These will help you grow your cyber security skills throughout your career. This means starting your cyber security career with a CSX Practitioner certification gives you the potential to eventually reach a six figure salary at the top level.

3. Develop hands on skills


A key feature of the new CSX, is the hands-on nature of the skills covered. You’ll learn practical skills in all stages of the cyber security process simulating real-world scenarios. These include analysing network output, executing incident response plans, detecting incidents and performing disaster recovery plans. These are skills you’ll be able to directly implement in your IT security role. You’ll learn to identify, detect, respond to and recover from cyber attacks. Its practical nature and broad curriculum set it aside from most other IT security certifications currently on the market.

4. Learn the latest skills


As one of the newest certifications in the cyber security industry, the skills in the CSX Practitioner course are the hottest available. Getting CSX Practitioner certified guarantees you’ll have skills that can protect your business from the latest techniques threatening your business, identifying threats before they occur, implementing precautions to minimise threats and recovering from attacks. The Cybersecurity Nexus program has been developed to provide you with skills in five cyber security areas. These are:
Image courtesy of jscreationzs/freedigitalphotos.net

1. Identify
2. Detect
3. Protect
4. Respond
5. Recover

These are designed to cover the whole cyber security process, ensuring you have skills to deal with cyber attacks through every stage.

5. World renowned


ISACA have a 45 year history in which they’ve produced some of IT’s most respected certifications. Their CISA and CISM certifications are two of the most sought-after in the industry and these are supported by their CRISC and CGEIT certifications. This means you know you’re getting your cyber security skills from an industry trusted and globally recognised source. On top of this, the reputations of ISACA and the CSX extend worldwide. This means you can benefit from your certification wherever your career should take you.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.


Monday, 21 December 2015

10 best IT certifications for 2016

 By Sarah Morgan


1. (ISC)2’s CISSP


The Cyber security skills gap has been around for years now, and shows no sign of closing. The Financial Times described it as the “largest human capital shortage in the world”. (ISC)2’s CISSP continues to establish itself as the top IT certification and global standard in the field and is the perfect certification to elevate you into top level roles. It’s also now required by a vast amount of top jobs. 

It is so coveted because it covers the elite skills in both technical and managerial aspects of security including security engineering, risk management, access management, software development security and network security.

The demand for IT security will continue to soar in 2016 and getting CISSP certified will continue to be a fantastic way to reach the top security roles within the growing industry.


2. EC-Council’s Certified Ethical Hacker


EC-Council’s Certified Ethical Hacker certification can be directly used to prevent the cyber-attacks that have been making headline news recently. Ethical hackers carry out processes to simulate a real life cyber-attack on a business’s network. The difference being that when they find a weakness that could be maliciously exploited, they use their skills to protect businesses and close the gaps in security.

Because of these high profile attacks, such as JP Morgan Chase who recently lost 76 million data records, EC-Council’s CEH is continuing to be in high demand. This means the CEH is going to continue to grow to become a massive certification in the IT industry in 2016. 


Image courtesy of EC-Council

3. Cisco’s CCNA (Routing and Switching)


The skills gap is not exclusive to security. In a recent TEK Systems survey, 81% of bosses from all areas of IT say they have difficulty finding the right talent. Another of the most in demand areas is networking.

Cisco’s CCNA (Routing and Switching) is the best certification for you to get into a networking role and teaches you all the fundamental skills in areas like IP addressing, network device security, IP routing and LAN switching technologies.

The CCNA is not just a great certification to get into networking, but is a great certification to get into IT. This is because these skills are versatile, and networking is applicable in many other areas of IT. Getting CCNA certified in 2016 is a great move to get your IT and networking career moving in one of the best directions possible.


4. Microsoft Specialist: Windows 10


The release of Windows 10 back in July was probably one of the most exciting IT events of 2015. Certifications to accompany it, helping you get skilled up on the operating system are rapidly being released.

The primary certification for Windows 10 in 2016 is likely to be the new Microsoft Specialist: Windows 10. Following Microsoft Official Curriculum, the course will take you right through from installing Windows 10, to using all of Windows 10’s advanced capabilities. These include managing user profiles and state virtualisation, managing Hyper-V and managing devices using Enterprise Mobility Solutions and Enterprise Desktop.

With further development to the content and refinement as more and more people get certified, Microsoft Specialist: Windows 10 will be one of the certifications to get excited about in 2016.

Image courtesy of Microsoft

5. AXELOS PRINCE 2 AGILE


Brilliant managers who complete successful projects at a high rate are hard to find. This is why project management skills are useful in almost any workplace at almost any time, particularly in IT.

The PRINCE2 Agile certification from Axelos is one of the most comprehensive in the world as it combines two of the most popular project management methodologies. PRINCE2, the most popular methodology in the UK, along with Agile, give you unrivaled breadth of project management knowledge from a certification.

Learn the highly transferable skills that the PRINCE2 and Agile methodologies include, and you’ll be much more able to move up the careers ladder, completing successful projects at a higher rate. 


6. The Open Group TOGAF® 9.1 Certification


1000s of companies worldwide have implemented TOGAF skills to improve their productivity and the UK leads this trend accounting for 16% of all TOGAF certified professionals. Continuing this trend, many businesses are now making a TOGAF certification a requirement for a wide variety of roles in IT. 

This trend of more businesses adopting Enterprise Architecture skills like those in TOGAF, means getting certified in 2016 will be a great move for almost anyone in IT. Gaining skills and knowledge in the Architecture Development Method (ADM), The Enterprise Continuum and the TOGAF Resource Base can help you get a better return from your IT operations, helping things run faster, cheaper and reducing risk.


7. Microsoft MCSD: Azure Solutions Architect


Cloud technology made huge strides in 2015, becoming much more important to businesses and the momentum will continue throughout 2016 and beyond. In the coming year we’re likely to see an increase in the capacity and reliability of cloudops - analytics that will allow cloud performance to be monitored more closely and predict when it is likely to suffer.

Microsoft’s Azure is at the forefront of the cloud movement. If you haven’t migrated your existing on premise infrastructure to Azure (or another cloud offering), 2016 is a great time to get your business’s architecture prepared for the future.

Getting Microsoft MCSD: Azure Solutions Architect certified will teach you how to integrate into one of the world’s leading cloud platforms. You’ll have the skills to migrate your business’s architecture to the cloud, managing Azure Virtual machines and the hosting and storing of web applications and SQL data.

You’ll then be able to start reaping the benefits cloud technology brings like increased flexibility, simpler disaster recovery, better security, automatic software updates and capital-free expenditure.


8. (ISC)2 Certified Cloud Security Professional (CCSP) 



(ISC)2’s CCSP specialises in cloud security. The above-mentioned growing cloud market needs IT professionals to adopt vital skills including security, another industry currently in high demand.

The CCSP will teach you comprehensive knowledge of cloud security operations. It covers data protection, data recovery, access management, the software development lifecycle and every aspect of cloud infrastructure protection.


Image courtesy of FutUndBeidl/Flickr
2016 is a fantastic time to get cloud certified. As the technology continues to develop and expand, more professionals with cloud skills will be needed to deploy and maintain cloud architectures. It’s worth mentioning those who are slow to adapt their skills to the cloud now, will be left regretting it in the future when cloud technology becomes the norm.

9. VMware® vSphere: Fast Track [V6]


VMware’s vSphere v6 was released earlier this year and is now established in the market. It is the best way to learn how to introduce and manage a vSphere infrastructure into your business. Version 6 introduced new capacities, supporting up to 64 nodes and 8.000 VMs as well as 12 vCPUs and 4 TB vRAM. These now allow you to make more of the high availability, hardware flexibility, reduced power consumption and faster provisioning that VMware and vSphere can bring to your business and help make it more efficient.

All of this means that 2016 is an excellent time for you to introduce vSphere to your business with the skills the VMware® vSphere: Fast Track [V6] certification can give you. Or if you’re already implementing vSphere, learning to use vCenter Server, manage host storage, configure virtual networks, create a vApp and how to install vSphere components will be valuable in improving how you currently manage the technology.

10. Microsoft MCSA: Windows Server 2016


The launch of Microsoft’s Windows Server 2016 platform has been highly anticipated. Since early 2015 Microsoft has been drip-feeding snippets of information about their new offering and while the technology is still yet to be officially launched, Microsoft did recently announce the launch of the MCSA: Windows Server 2016 certification. Firebrand also had the fantastic opportunity to have a sneak-peek at Windows Server 2016 back in August which further built anticipation.


The exact curriculum still remains unannounced, but the course will teach you to implement and manage Windows Server 2016, as well as covering server security, storage and architecture management. It will be exciting to see what developments Microsoft has for their new Windows Server platform in 2016, as well as the MCSA that will accompany it. 

Many people are already eager to get skilled on the latest Microsoft technology and as the certification officially launches, it will be one of the hottest new certifications to hit the market in 2016.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 7 December 2015

Which IT security certification should you choose in 2016?


Security is the hottest topic in IT at the moment. Numerous high-profile IT security breaches mean  businesses are upping their game to ensure they’re not the next company in the headlines. British Airways, TalkTalk, Uber, T-Mobile, Sony and Staples are just some of the companies that have had records breached since the beginning of 2015.

This means the demand for IT security skills has never been higher. For example, the government announced it’s doubling the cyber security budget to £1.9 billion over the next five years. This is to protect government assets and information, UK businesses and citizens. Also, ComputerWeekly.com state that 14% of all UK IT jobs are now cyber security related, with 42 universities now offering cyber security related degrees. Take advantage of this demand by improving your security skills through certifications, helping you to protect your business or move up the ladder of IT security roles.



Solid Foundations


If you’re not yet involved in IT security, now is a great time to start. A solid starting point to build your foundation knowledge is CompTIA’s A+ and Network+ certifications. To sit the courses, you only need 6-12 months of hand’s-on experience and familiarity of Windows operating systems. Achieving the A+ would help you get an IT Support Technician role with an average salary of £24,000. (*All average salaries from itjobswatch.co.uk).

The Network+ could get you a Network Support Technician with an average salary of £30,000. These CompTIA certifications give you skills in network architecture, operations, security and troubleshooting. These will give you strong foundations from which to grow your skills in future.

Image courtesy of Yuri Samoilov/flickr.com

After 2 years’ experience and further understanding of operating systems, you’ll be ready to take a more advanced certification. You can take CompTIA’s Security+. It’s a deeper look at IT security from CompTIA, teaching you skills in compliance and operational security, threats and vulnerabilities, access control and identity management and cryptography. This certification can help you achieve a role like Security Engineer with an average salary of £52,500.

An alternative to the Security+ that’ll teach you different skills, is Cisco’s CCNA Security. You’ll learn to apply security through the in-built features of Cisco’s Internetwork Operating System. Focused more towards the management side of IT security, you’ll learn how to develop security infrastructures, recognise threats and vulnerabilities to networks and mitigate security threats. However, the CCENT or CCNA Routing & Switching certification is required before you can attempt the CCNA Security.

Building your skills


When you’ve gained a year or more’s experience in the IT security industry, you’ll be looking to get skills that’ll help you stand out and push you up the career ladder. (ISC)2’s SSCP is a great certification to help you do that. It teaches you security skills in areas like access controls, malicious code, networks and telecommunications and security policy administration. Also, there are seven reputable domains created from (ISC)2’s SSCP CBK (common body of knowledge). With skills like these, you could get a role like Security Engineer with an average salary of £52,500. Achieving a certification like the SSCP will help separate you from other mid-level IT security professionals and help your transition into elite level IT security roles.

An alternative is ISACA’s Certified Cybersecurity Practitioner CSX, which is broken down into three levels. Level one teaches you how to identify weaknesses and protect your network. Level two covers detecting cyber-security incidents and attack analysis. And in the third level you’ll learn how to respond to and recover from cyber-attacks. These are broken down into five domains of Identification, Protection, Detection, Respond and Recover, contained within ISACA’s new security program, the Cybersecurity Nexus. This certification introduces you to the Cybersecurity field and can help you become a Cybersecurity Specialist with an average salary of  £59,000. If you wanted to focus on the technical side of IT security, the CSX Practitioner program would be a great place to start as it builds practical skills relevant to real world situations.

Specialising in security management


Generally speaking, management and technical are the two major directions of specialisation in which you can take your IT security career. A great certification to train your management skills is ISACA’s Certified Information Systems Auditor. You need a minimum of five years’ experience in the information systems auditing, control or security. In the CISA, you’ll learn how to audit, manage, maintain and support information systems. The skills will help you protect the information assets of your company. This certification can help you become a IT Security Officer with an average salary of £55,000.

You can take your management skills further by taking ISACA’s Certified Information Security Manager. The CISM requires a similar amount of experience to the CISA, but you are able to sacrifice experience for a degree or other certifications. You’ll learn to establish and manage a security governance framework and how to align it with your company’s goals and objectives. Your CISM certification can help you become an IT Audit Manager, with an average salary of £70,000.

Specialising in technical security


When you’ve established your career, if you’d like to take it down the more technical route there are several ways in which you can do this. Cisco’s CCNP Security helps you develop your network security skills to defend your systems. You’ll learn how to use Cisco Switches, Cisco ASA and the router security appliance feature. The CCNP Security will help you become a Network Security Engineer (average salary of £50,000). This is because on the CCNP Security you’ll learn to deploy perimeter security and VPNs, monitor and detect security events and manage network security to improve productivity.

GIAC’s Penetration Tester (GPEN) teaches you the skills to find and nullify security vulnerabilities. You’ll learn to protect your business and stop weaknesses from being exploited. You’ll develop skills in areas like exploitation fundamentals, vulnerability scanning, password attacks, reconnaissance, scanning for targets and the pen-testing process. The GPEN is one of the most recognised penetration testing certifications and can help you get a penetration testing role with an average salary of £60,000.

Image courtesy of hin255/freedigitalphotos.net
You can also specialise to become an Ethical Hacker. EC-Council’s Certified Ethical Hacker is the best certification to help you do this. It contains 18 established domains that cover topics like malware threats, social engineering, session hijacking, hacking web servers and cloud computing. These skills will help you protect your business by identifying weaknesses that are susceptible to cyber-attacks and preventing them from being exploited by genuine security threats. The average salary for an Ethical Hacker is £75,000.




Mastering IT security


(ISC)2’s CISSP is often considered the gold standard certification for IT security professionals. It is comprehensive in its coverage of both the managerial and technical sides of IT security. You’re eligible for the CISSP after five years’ experience. The CISSP CBK (common body of knowledge) contains eight domains covering topics like security engineering, communication and network security, software development security and security testing. The CISSP can set you on your way to getting a Chief Information Security Officer job, with a salary in excess of £100,000.

An alternative to the CISSP, is the CCSP which will give you skills in cloud computing security. This contains topics like cloud data security, cloud application security and architectural concepts and design requirements. As more businesses move to cloud technology, it’s becoming a bigger target for hackers. This means data stored in the cloud needs a new approach by security teams to properly protect it. This certification will give you the skills to master the security within cloud systems.

If you’re in a top IT security role, you can add extensions to your CISSP. The CISSP-ISSMP will further develop your security management skills. It tackles legal issues, plus project and risk management within IT security. The CISSP-ISSAP is the technical equivalent and teaches you advanced skills in areas like access control systems, communications and network security  and security architecture analysis.


IT security has so many areas that you have the luxury of being able to pick and choose the direction you career can take within it using certifications. This allows you to protect your business in each area by improving your skills exactly how you want.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 9 February 2015

Security Impact of People-centric IT

By Debra Littlejohn Shinder

When I first ran across the phrase people-centric IT, it sounded like just another industry buzzword that some marketing department had come up with. Technology companies seem to suffer from a compulsion to rename everything every couple of years. Heck, we’ve even renamed renaming; now it’s called rebranding.

Sometimes the motivation behind the change is clear: If a product or service doesn’t catch on, maybe labeling it with a catchier moniker will make it popular. It worked for the service formerly known as ASP, and then SaaS, which suddenly caught on when it became “cloud.” Other times, there’s a legal impetus; thus the transformations of Metro into Modern UI and SkyDrive into OneDrive. Other times, there seems to be no rhyme or reason. Microsoft changed the name of ISA (Internet Security and Acceleration) Server, its firewall that was gradually gaining a loyal following, to TMG (Threat Management Gateway) and then, a few years later, killed it.


People-centric IT is the new BYOD


So I was skeptical when I heard that BYOD was out and “people-centric IT” was in. Sure, it sounds friendlier, but what does it really mean? As I delved into it a little deeper and really thought about it, though, I realized that not only do these two names not mean the same thing – they can be construed as basically opposite in meaning. And the move to substitute the latter name just might signal a big philosophical transformation in our approach to IT.


photo by Joyce Hostyn, licensed under Creative Commons

BYOD = Bring Your Own Device. The focus is on the device, and that’s nothing new. The focus of IT has been on the computers since the beginning of business networking. And the focus of security has been about hardening our operating systems, tightening our perimeter controls, locking down our devices. Oh, we’ve given lip service to the users’ role in security, with mandatory security awareness programs and the like – but even there, it’s been more about how the users should configure their computers and devices than about the people themselves.


It's all about the User


Today, though, the hardware is becoming irrelevant. With cloud computing, in a mobile world, we can access our applications, web sites and data with any old device – company machines, personally owned desktops and laptops, tablets, smart phones, public computers – and it doesn’t really matter. The experience is converging into one and the same. Even the software matters less and less. We can do most of the same things on an Android phone or an iPad that we do on a Windows PC.
photo by Jeremy Keith, licensed under Creative Commons

This trend shows no sign of slowing down in the future. A security strategy that’s focused on the system or the OS will become increasingly difficult to manage, as more and more different brands and models running different versions of different software come into use in our “bring your own” world. And the old ways of implementing security aren’t going to work anymore in a business model where keeping end users happy (and thus more productive) take precedence over bending to the IT department’s wishes.


Security focus must change


Once upon a time, IT could hand down mandates and (most) users accepted them. That was then and this is now. A new generation of users grew up with keyboards at their fingertips and screens in front of their faces. They’re digital natives, and they aren’t willing to blindly accept the dictates of IT about how to use their devices – especially when they’re paying for those devices out of their own pockets. BYOD saves companies a good deal of money on the capital expenditures end, but it can cost a lot in security if you don’t seriously assess the implications of this new world order and adjust your security plan to adapt to it.

Technological controls are still possible and useful in a BYOD world, but they have to be implemented with more diplomacy, and perhaps with a certain amount of compromise. IT isn’t going to gain back the ironclad control that we once had; that horse is out of the barn. We can’t control people in the same way we controlled devices in the old days; we can’t treat them as company property. Today and for the foreseeable future, IT is all about the people – and ultimately, after all, protecting the people is what security is all about, too.

To find out more about mobile device security go here to read more about security in the cloud go to the  Security Section on CloudComputingAdmin.om



Author Profile

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and WindowSecurity.com, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine.






Tuesday, 18 November 2014

Big Data: A big security challenge



By Debra Littlejohn Shinder

Big Data – the collection of large and complex sets of data that include both structure and unstructured information – is widely touted as one of the most important current trends in computing, along with Bring Your Own Device/mobility and of course, the cloud. In fact, the convergence of these technologies is seen by many as the top IT challenges of this decade. 

Much has been said and written about the security implications of BYOD, mobile devices and cloud services, but the security aspects of big data don’t seem to get quite as much attention. This is true even though companies are accumulating and analyzing huge amounts of information – not just terabytes, but petabytes – and some of it could cause big problems if it fell into the wrong hands. 

Image courtesy of Renjith Krishnan at FreeDigitalPhotos.net
After all, the real point of collecting such massive amounts of data is not just to be a data hoarder; the objective is to subject it to analytics that can provide the company’s decision-makers with insights into aspects of their business that can have an impact on the organization’s efficiency, reputation and bottom line. But we all know that information that can be used for good can also be used for nefarious purposes, and if those business insights became public and/or were revealed to competitors, the impact on the company could be very negative indeed.

The security challenge of big data is complicated by another of those hot trends we mentioned above; many companies don’t have the storage capacity on premises to handle the amounts of data involved, so they store all that data in the cloud. Some do so in the mistaken believe that turning their data over to a cloud storage provider means they also get to hand off all of the responsibility for securing that data. 

For some companies, this might even be a reason for the decision to store the data in the cloud in the first place. You could argue that large cloud providers have far more resources to put into securing the data than your organization does. Cloud data centers are heavily guarded fortresses that employ high dollar physical and technological security mechanisms. 

Image courtesy of Stuart Miles at FreeDigitalPhotos.net
This line of reasoning makes sense – but the cloud shouldn’t be an excuse to abdicate your ultimate responsibility for the protection of your sensitive information. If there is a breach, your customers will blame you, not the cloud provider, because you are the one to whom they entrusted their information. This does double if you’re doing business in a regulated industry – financial, healthcare, a publicly traded corporation, a retail business that processes payment cards, etc. You won’t be able to pass the buck if you’re found to be out of compliance or in violation of standards. 

As with information security in general, the key to securing big data is to take a multi-layered approach. One important element in protecting the huge quantity of data that often contains bits and pieces of personal information about many individuals is de-identification – the separation of identifying information from the rest of the information pertaining to a person. Unfortunately, the counterpart to de-identification is re-identification, the art and science of putting all those pieces back together to discern identities from the de-identified data. 

In a report last summer, Gartner concluded that over 80 percent of organizations don’t have a consolidated data security policy across silos, and that in order to prevent breaches, they need to take a more data-centric approach to security. 

Of course, many of the security concerns and solutions that apply to big data are the same ones that apply to protecting any sensitive data. However, one thing that makes big data especially challenging is that it often passes through many more different systems and applications in the process of turning all that unstructured mess into useful information. 

Companies may use applications and storage methods for which security was not a design priority, so that they have to tack on security solutions after the fact. Since much of big data is unstructured, it’s often stored in non-relational databases such as NoSQL, which were not built with security in mind. Traditional firewalls and other security solutions weren’t designed to handle distributed computing that is at the heart of big data. Automated moving of data between tiers in a multi-tiered storage system can make it difficult to keep track of where the data is physically located, which poses a security issue.

Close attention to “middleware” security mechanisms, extensive and accurate logging of data tracking, and real-time monitoring are essential components of a security strategy that encompasses the challenges of big data.

You can find more information about securing data in the cloud here.  

Author Profile

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and WindowSecurity.com, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine.

Monday, 23 June 2014

Safe cloud computing is great cloud computing – secure it with these certs


By 

Earlier this month Tech Times and Top Tech News published two articles regarding some newly surfacing concerns about security in the cloud. Do businesses have to be worried about storing their data in those remotely located servers? Is the cloud more risky than storing your data locally? This article will discover how cloud computing can be made safer with the help of the relevant certifications.

Data breach: could the cloud triple the odds?

The latest study (Data Breach: The Cloud Multiplier Effect) by the Ponemon Institute revealed that IT security professionals expect that moving their data to the cloud will increase the chances of getting hit by a data breach. In fact, the 613 surveyed pros agreed that an increased use of cloud computing could potentially triple the risks of a data breach.

Rajat Bhargava, co-founder of JumpCloud, said "When you don't own the network, it's open to the rest of the world, and you don't control the layers of the stack, the cloud - by definition - is more insecure than storing data on premises." This surely sounds alarming coming from a cloud security professional, but don’t go switching that local server in your basement back on just yet, because Chris Wysopal begs to differ.

Secure the “third-party element”

Chris Wysopal, co-founder and CTO of Veracode thinks: “Risky software, regardless of deployment method, is what is adding unnecessary risk to organisations.”

“Enterprises are right to be wary of third-party cloud applications. However, this should have nothing to do with whether they are in the cloud or not. Instead it is because they are produced by third-parties, and thus enterprises have less insight into the security that went into the development. If an enterprise wants to reduce unnecessary risk at their company, avoiding the cloud isn’t going to protect them – but taking a hard look at their software procurement policies and processes will.”

Image courtesy of ddpavumba/FreeDigitalPhotos.net

Get familiar with cloud security

As you can see, it is misleading to state and conclude that cloud computing – by default – brings greater risks to your business; you just need to thoroughly check your provider’s security standards and measures. But are you familiar with security in the cloud?

Learn all about security concepts, encryption technologies and access control methods on our cloud computing courses. Pick from the likes of CompTIA’s Cloud+ and Cloud Essentials or Microsoft’s MCSE: Private Cloud and you’ll learn everything you need to know about secure cloud computing. 

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 4 June 2014

Avoid an infosec catastrophe – three certifications that help


By 

Cyber-crime divisions of law enforcement agencies around the world took a great step towards defeating hackers responsible for malware such as Gameover Zeus and Cryptolocker, a ransomware that encrypts its victim’s information and demands money in exchange for the decryption key.

The authorities had recently seized control of two computer networks, specifically used for distributing malware to steal sensitive personal information, including banking credentials and passwords.

However, this is only a short-term victory and the UK’s National Crime Agency (NCA) warned people to take action now, in order to protect themselves against possible future attacks. 

Image courtesy of chanpipat/FreeDigitalPhotos.net

Help your organisation stay protected against cyber-criminals; here are three IT security certifications that will help you:

(ISC)2 – CISSP

Due to the increasing complexity of cyber-attacks, the CISSP certification has become one of the most sought after IT security certifications.
As an advanced level certification, the CISSP was designed for experienced infosec professionals. As a CISSP-certified pro, you’ll be an expert in developing and managing security standards, policies, and procedures within your organisation.
To get this certification, you’ll need minimum 5-years of experience in at least two of the following vital topics:
  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security

EC-Council – CEH

The Certified Ethical Hacker (CEH) certification is a relatively new credential in the industry, but its importance and influence have increased significantly since its inception. CEH introduces you to the so-called dark side of IT, i.e. the tools and techniques hackers use to attack systems.

With the CEH under your belt, you’ll know how hackers think to find and exploit vulnerabilities. Therefore you’ll also know how to take a more proactive approach and protect against threats by seeing beyond current security tools and policies.

On this course you’ll learn about a wide range of security topics, including but not limited to:
  • Scanning Networks
  • System Hacking
  • Trojans and Backdoors
  • Viruses and Worms
  • Social Engineering
  • Hacking Webservers
  • Hacking Web Applications
  • SQL Injection

ISACA – CISM

CISM, developed by ISACA, is a top IT security credential focusing on managing, developing and supervising information security systems and developing security best practices.
This certification addresses the needs of security professionals with enterprise level security management responsibilities. As a CISM certified pro, you’ll have advanced skills in:
  • Security Risk Management
  • Program Development and Management
  • Responding to Incidents
  • Governance, and Incident Management
If you haven't yet taken the necessary countermeasures to protect against cyber-criminals, do it now to make sure your money and data stay safe and intact.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.