Showing posts with label security management. Show all posts
Showing posts with label security management. Show all posts

Monday, 7 December 2015

Which IT security certification should you choose in 2016?


Security is the hottest topic in IT at the moment. Numerous high-profile IT security breaches mean  businesses are upping their game to ensure they’re not the next company in the headlines. British Airways, TalkTalk, Uber, T-Mobile, Sony and Staples are just some of the companies that have had records breached since the beginning of 2015.

This means the demand for IT security skills has never been higher. For example, the government announced it’s doubling the cyber security budget to £1.9 billion over the next five years. This is to protect government assets and information, UK businesses and citizens. Also, ComputerWeekly.com state that 14% of all UK IT jobs are now cyber security related, with 42 universities now offering cyber security related degrees. Take advantage of this demand by improving your security skills through certifications, helping you to protect your business or move up the ladder of IT security roles.



Solid Foundations


If you’re not yet involved in IT security, now is a great time to start. A solid starting point to build your foundation knowledge is CompTIA’s A+ and Network+ certifications. To sit the courses, you only need 6-12 months of hand’s-on experience and familiarity of Windows operating systems. Achieving the A+ would help you get an IT Support Technician role with an average salary of £24,000. (*All average salaries from itjobswatch.co.uk).

The Network+ could get you a Network Support Technician with an average salary of £30,000. These CompTIA certifications give you skills in network architecture, operations, security and troubleshooting. These will give you strong foundations from which to grow your skills in future.

Image courtesy of Yuri Samoilov/flickr.com

After 2 years’ experience and further understanding of operating systems, you’ll be ready to take a more advanced certification. You can take CompTIA’s Security+. It’s a deeper look at IT security from CompTIA, teaching you skills in compliance and operational security, threats and vulnerabilities, access control and identity management and cryptography. This certification can help you achieve a role like Security Engineer with an average salary of £52,500.

An alternative to the Security+ that’ll teach you different skills, is Cisco’s CCNA Security. You’ll learn to apply security through the in-built features of Cisco’s Internetwork Operating System. Focused more towards the management side of IT security, you’ll learn how to develop security infrastructures, recognise threats and vulnerabilities to networks and mitigate security threats. However, the CCENT or CCNA Routing & Switching certification is required before you can attempt the CCNA Security.

Building your skills


When you’ve gained a year or more’s experience in the IT security industry, you’ll be looking to get skills that’ll help you stand out and push you up the career ladder. (ISC)2’s SSCP is a great certification to help you do that. It teaches you security skills in areas like access controls, malicious code, networks and telecommunications and security policy administration. Also, there are seven reputable domains created from (ISC)2’s SSCP CBK (common body of knowledge). With skills like these, you could get a role like Security Engineer with an average salary of £52,500. Achieving a certification like the SSCP will help separate you from other mid-level IT security professionals and help your transition into elite level IT security roles.

An alternative is ISACA’s Certified Cybersecurity Practitioner CSX, which is broken down into three levels. Level one teaches you how to identify weaknesses and protect your network. Level two covers detecting cyber-security incidents and attack analysis. And in the third level you’ll learn how to respond to and recover from cyber-attacks. These are broken down into five domains of Identification, Protection, Detection, Respond and Recover, contained within ISACA’s new security program, the Cybersecurity Nexus. This certification introduces you to the Cybersecurity field and can help you become a Cybersecurity Specialist with an average salary of  £59,000. If you wanted to focus on the technical side of IT security, the CSX Practitioner program would be a great place to start as it builds practical skills relevant to real world situations.

Specialising in security management


Generally speaking, management and technical are the two major directions of specialisation in which you can take your IT security career. A great certification to train your management skills is ISACA’s Certified Information Systems Auditor. You need a minimum of five years’ experience in the information systems auditing, control or security. In the CISA, you’ll learn how to audit, manage, maintain and support information systems. The skills will help you protect the information assets of your company. This certification can help you become a IT Security Officer with an average salary of £55,000.

You can take your management skills further by taking ISACA’s Certified Information Security Manager. The CISM requires a similar amount of experience to the CISA, but you are able to sacrifice experience for a degree or other certifications. You’ll learn to establish and manage a security governance framework and how to align it with your company’s goals and objectives. Your CISM certification can help you become an IT Audit Manager, with an average salary of £70,000.

Specialising in technical security


When you’ve established your career, if you’d like to take it down the more technical route there are several ways in which you can do this. Cisco’s CCNP Security helps you develop your network security skills to defend your systems. You’ll learn how to use Cisco Switches, Cisco ASA and the router security appliance feature. The CCNP Security will help you become a Network Security Engineer (average salary of £50,000). This is because on the CCNP Security you’ll learn to deploy perimeter security and VPNs, monitor and detect security events and manage network security to improve productivity.

GIAC’s Penetration Tester (GPEN) teaches you the skills to find and nullify security vulnerabilities. You’ll learn to protect your business and stop weaknesses from being exploited. You’ll develop skills in areas like exploitation fundamentals, vulnerability scanning, password attacks, reconnaissance, scanning for targets and the pen-testing process. The GPEN is one of the most recognised penetration testing certifications and can help you get a penetration testing role with an average salary of £60,000.

Image courtesy of hin255/freedigitalphotos.net
You can also specialise to become an Ethical Hacker. EC-Council’s Certified Ethical Hacker is the best certification to help you do this. It contains 18 established domains that cover topics like malware threats, social engineering, session hijacking, hacking web servers and cloud computing. These skills will help you protect your business by identifying weaknesses that are susceptible to cyber-attacks and preventing them from being exploited by genuine security threats. The average salary for an Ethical Hacker is £75,000.




Mastering IT security


(ISC)2’s CISSP is often considered the gold standard certification for IT security professionals. It is comprehensive in its coverage of both the managerial and technical sides of IT security. You’re eligible for the CISSP after five years’ experience. The CISSP CBK (common body of knowledge) contains eight domains covering topics like security engineering, communication and network security, software development security and security testing. The CISSP can set you on your way to getting a Chief Information Security Officer job, with a salary in excess of £100,000.

An alternative to the CISSP, is the CCSP which will give you skills in cloud computing security. This contains topics like cloud data security, cloud application security and architectural concepts and design requirements. As more businesses move to cloud technology, it’s becoming a bigger target for hackers. This means data stored in the cloud needs a new approach by security teams to properly protect it. This certification will give you the skills to master the security within cloud systems.

If you’re in a top IT security role, you can add extensions to your CISSP. The CISSP-ISSMP will further develop your security management skills. It tackles legal issues, plus project and risk management within IT security. The CISSP-ISSAP is the technical equivalent and teaches you advanced skills in areas like access control systems, communications and network security  and security architecture analysis.


IT security has so many areas that you have the luxury of being able to pick and choose the direction you career can take within it using certifications. This allows you to protect your business in each area by improving your skills exactly how you want.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 16 June 2014

4 Vital reasons why you need the ISO27001 standard

Information security management systems provide the basis for policies and procedures covering all legal, physical and technical aspects of an organisations information security. Information is an extremely valuable asset. It is therefore crucial that an organization design implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets.

ISO27001 is the internationally recognised standard for information security management systems. It’s one of the most highly regarded security specifications and is considered the best practice for IT security management. But why should you comply with it?

1. Control risk within the organisation

It’s hard to quantify your organisations security risk and even harder to validate it. Frank Ohlhorst, a regular contributor to TechRepublic describes how, “…the primary risk of risk management comes in the form of bad data, or more specifically, data resulting from incorrect intelligence.” Bad data can lead to bad decisions. But ‘bad’ doesn’t even begin to describe the consequences that these decisions can have on your organisation.

The ISO27001 standard ensures that you can identify and manage risk in a structured, methodical and ultimately effective manner.




'"Keep your information secure with ISO27001"
Image courtesy of  jscreationzs / FreeDigitalPhotos.net


2. Avoid security catastrophes

According to the Online Trust Alliance, over 740 million online records were exposed in 2013, identifying it as the worst year ever for data breaches. Just a quick glance at this infographic from Information is Beautiful quickly illustrates the explosion in data breaches over the last decade. And whilst the proliferation of electronically stored data has a part to play in this, it is abundantly clear that even the world’s largest (and most technologically able) companies aren’t doing enough.

Information security breaches can shatter customer trust and devalue your business. ISO27001 operation helps your organisation to prevent incidents occurring as well as providing strategies to manage incidents if they do occur.

3. Get the competitive edge

You’re always going to have to compete with other organisations for business. Get the edge over them by proving that you comply with ISO27001; you’ll differentiate yourself from the competition. Prospective clients and customers will recognise this and often choose a supplier that holds an ISO27001 certificate over one that doesn’t.  

4. Grow your business

ISO27001 compliant recommends organisations maintain supply chain relationships with equally compliant suppliers. If you want to create and build long-lasting trade relationships with larger ISO27001 certified enterprises, you’ll need to comply with the standard too.  


"A webinar from Vigilant Software CEO - Alan Calder"

Get ISO27001 Certified

It takes skilled and experienced professionals to ensure that organisations meet the demanding ISO27001 requirements. Demonstrate leadership in your field by learning to plan, implement and monitor an ISO27001 standard, within your organisation or for others, with the ISO27001 Lead Implementer certification

Having an ISO27001 certified implementer within your organisation is a brilliant way to achieve that ISO27001 standard and ensure your ISMS remains secure.

If you’re already an experienced auditor, now might be a great time to make the leap and get the ISO27001 Lead Auditor cert . In only 3 days, you’ll gain the skills needed to plan and perform audits in compliance with the ISO27001 standard.