Chapter 2: Cyber Security and Digital Forensics Careers (1/5)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Cyber Security and Digital Forensics Careers

In the middle of difculty lies opportunity.

—Albert Einstein

2.1 Introduction

Julie Amero, a substitute teacher in Connecticut, lost her career and had

her life turned upside down due to a malicious spyware application and

the incompetence of security “professionals.” The spyware was running on

the classroom computer causing pornographic images to be shown. Julie

innocently checked her personal e-mail using that classroom computer, left

the room briey, and upon her return saw, as did a few students, the por-

nography on the computer screen. The pornography pop-ups

were caused

by spyware inadvertently installed when another user of that classroom

computer downloaded a Halloween screen saver. Because of the school’s

amateur IT administrator, overreaction from a school principal, faulty

forensic examination of the physical evidence, and false testimony from a

computer forensics “expert,” she was prosecuted and convicted (later over-

turned) of risk of injury to a minor.

†

What we can take away from this case is the importance of having a quali-

ed computer forensics

‡

examiner acquiring and analyzing evidence in addi-

tion to having a qualied information security professional protecting the

critical assets of the enterprise. This includes training the employees on the

proper use of the company computers as well as what to do when an incident

occurs. We will address all of these topics later in this book, but for now we

will discuss the numerous career opportunities in the eld of information

and cyber security as well as describe how to become a qualied profes-

sional in this exploding eld.

A pop-up is a browser window that appears out of nowhere when a web page is visited.

Sometimes the pop-ups are advertisements and sometimes they are malicious programs that

will install the undesirable content to the machine upon clicking.

†

The technical details of this case can be found in Eckelberry et al. (2007).

‡

Computer forensics is also known as digital forensics. The terms are used interchangeably in

this book.

16 What Every Engineer Should Know About Cyber Security

2.2 Career Opportunities

We are very fortunate that we can easily search for job opportunities on the

Internet. I remember a time, not too long ago, where we only had access to

the newspaper “want ads” when we were looking for a job. The downside

of using the Internet to search for a job, however, is sorting through all of

the information. It can be an overwhelming process—especially in the cyber

security arena, due to relative newness of the profession and its many certi-

cations and job titles for very similar positions. Here are a few pointers that

will save you time when job searching in this eld:

1. Make your search general enough to include many opportunities: There

are many different job titles for the same job.

2. Be familiar with many certications: A certication is obviously a plus;

accordingly, some of the positions that require certications may

allow you to earn the certication within the rst year of employ-

ment rather than having it at the start. Therefore, you could start

looking for a job at the same time that you are working on the certi-

cation. If you already have a certication, note that the certications

advertised may be similar to the one you have. This will become

clearer after you review the certication options later in this chapter.

In addition, if you earned a degree that covers the tasks or knowledge

domains listed in the job posting, the employer may not require a

certication.

3. Some positions require security clearances, ngerprinting, and/or poly-

graph tests: They will note that requirement in the job descrip-

tion and would most likely provide the means to accomplish that

requirement.

As I am sure you are aware and probably one of the reasons you picked up

this book, there are a vast amount of opportunities available in this eld. It

is safe to say that the work is endless. The rst thing you need to determine

is your general interests and then the qualications required to get your foot

in the door. The information in this chapter will facilitate that process by

providing an overview of the tasks, training, and the necessary knowledge

to acquire these positions. This chapter is by no means an exhaustive review,

but it is an excellent starting point to make sense of the immense amount

of information out there regarding the cyber security and digital forensics

professions.

The rst challenge you will encounter is sorting through the many job

titles of these positions. When I graduated with a BS in electrical engineering,

there were two job titles: electronics engineer and electrical engineer. The job

descriptions varied, but you did not nd that out until you were at the inter-

view! There really is no standard job title in this eld, so I would not focus on

17Cyber Security and Digital Forensics Careers

it much. Here are some of the MANY job titles you will come across during

your search in the security eld:

• Information security job titles: information security risk specialist,

information security ofcer, information security specialist, informa-

tion security analyst, data security specialist, information security

architect, information security engineer, rewall engineer, malware

analyst, network security engineer, director of security, security

operations analyst, vulnerability researcher/exploit developer,

security auditor, disaster recovery/business continuity analysis

manager, data warehouse security architect, and penetration testing

consultant

• Digital forensic job titles: emergency response managing consultant,

computer forensics analyst, digital forensics technical lead, digital

forensics engineer, cell phone forensics analyst, IT systems foren-

sic manager, information security crime investigator/forensics

expert, incident responder, computer crime investigator, intrusion

analyst, and system, network, web, and application penetration

tester

The purpose of each career outline coming up is to give you an idea of

what that professional may be asked to do or know. There is denite over-

lap in some of the tasks for the jobs listed. For example, you will note that

the information security eld includes an understanding of computer foren-

sics knowledge. This is because the information security professional has

designed and implemented the infrastructure that the computer forensics

professional is investigating when an incident occurs. The information

security professional needs to understand that it is not only important to

implement a secure environment but also to implement effective monitor-

ing, logging, and surveillance so that when (not if) the inevitable incident

occurs, the computer forensics professional(s) will be able to analyze the sys-

tem data to determine what happened to facilitate the prevention of the next

occurrence. Thus, the computer forensics professional will have theneces-

sary skill set to determine what has been compromised and, more important,

be able to identify, recover, analyze, and preserve evidence in a forensically

sound manner so that it will be admissible in court if the incident turns out

to be a criminal offense. This may not be determined until all the data are

analyzed.

2.2.1 A Summarized List of “Information Security” Job Tasks

1. Develop and maintain the company security policy: Create an

acceptable use policy (AUP) to reduce the potential for legal action

from the users of the system. The AUP is a set of rules applied

18 What Every Engineer Should Know About Cyber Security

that restrict the way the network may be used and monitored. For

example, part of the AUP will address general use and ownership and

will contain a statement similar to the following:

While XYZ’s network administration desires to provide a reasonable level

of privacy, users should be aware that the data they create on the corporate

systems remain the property of XYZ. Because of the need to protect XYZ’s

network, management cannot guarantee the condentiality of informa-

tion stored on any network device belonging to XYZ (SANS Institute).

2. Monitor compliance with information security goals, regula-

tions, policy, and procedures: This requires knowledge of indus-

try standards: Health Insurance Portability and Accountability Act

(HIPAA), Payment Card Industry Data Security Standard (PCI-DSS),

Federal Information Security Management Act (FISMA), and North

American Electric Reliability Corporation-Critical Infrastructure

Protection (NERC-CIP). For example, if you are working for an organi-

zation that deals with electronic health information (e.g., health plans,

healthcare providers etc.), then this National Institute of Standards

andTechnology (NIST) publication on HIPAA should be followed: “An

Introductory Resource Guide for Implementing the Health Insurance

Portability and Accountability Act (HIPAA) Security Rule.” The HIPAA

Security Rule focuses on safeguarding electronically protected health

records. Thus, all healthcare and partnering organizations and anyone

creating, storing, and transmitting protected health information elec-

tronically need to comply. The 117-page document focuses on improv-

ing the understanding of HIPAA overall, understanding the security

concepts, and refers readers to other relevant NIST publications to

assist in the compliance effort (Scholl etal. 2008).

Other regulations necessary to understand are Sarbanes-Oxley

(SOX) Act of 2002 (for public companies to secure the public

against corporate fraud and misrepresentation) and the Gramm-

Leach-Bliley (GLB) Act, which protects the privacy of consumer

information held by nancial institutions. Also see “monitor

compliance” in the digital forensics task list later in this chapter.

3. Security solutions development: Design, deploy, and support the

logical and physical security infrastructure for the network to safe-

guard intellectual property and condential data. The starting point

for the design and development can be accomplished by develop-

ing a security reference architecture that is essentially a template or

blueprint to guide the security needs of the organization, including

the major actors and activities. For example, the reference archi-

tecture could provide a consistent vocabulary of terms, acronyms,

and denitions. This provides a common frame of reference during

19Cyber Security and Digital Forensics Careers

communication, thus facilitating the understanding of requirements

among stakeholders. Figure2.1 shows an example of a conceptual

reference model for cloud computing.

4. Investigate the security design and features of relevant infor-

mation and security products necessary to deploy the security

solution: This includes supporting technologies such as intrusion

detection systems (IDS), intrusion prevention systems (IPS), security

logging, public-key infrastructure (PKI), data loss prevention (DLP),

rewalls, remote access, proxies, and vulnerability management.

5. Maintain information and security products: This task would

include optimization, software upgrades, software patch installa-

tions, hardware upgrades, and diagnosis and resolution of software

and hardware issues.

6. Monitor and optimize system logs: Review usage levels and per-

formance; report misuse and security breaches. Provide weekly,

monthly, and quarterly reports.

7. Perform risk assessment: This task addresses potential vulnerabilities

and anticipates threats. The vulnerability assessment may be accom-

plished via a penetration test (aka pen-test) and/or a security audit.

Apen-test is a way of testing the security of your system by simulating

an attack. A security audit includes looking at all assets such as laptops,

printers, routers, etc. and performing, for example, vulnerability scans

Cloud Provider

Cloud Carrier

Cloud

Consumer

Cloud

Auditor:

Security

Privacy

Cloud Broker:

Service

Orchestration

Cloud Service

Management:

Security Audit

Privacy Audit

Performance

Audit

Service

Intermediation

Service

Aggregation

Service

Arbitrage

Business

Support

Provisioning/

Conﬁguration

Portability/

Interoperability

Service Layers:

SaaS, PaaS, IaaS

Resource

Abstraction and

Control Layer

Physical

Resource Layer:

Hardware

Facility

FIGURE 2.1

A conceptual reference model. (Modied from Liu, F. etal., 2007, NIST publication 500-292,

http://www.nist.gov/customcf/get_pdf.cfm?pub_id = 909505)

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 2: Cyber Security and Digital Forensics Careers (1/5)

Create new playlist

Sign In

Sign Up

Table of Contents for
Chapter 2: Cyber Security and Digital Forensics Careers (1/5)