|
Cyber Security Compliance and IT Jobs
|
Type
|
Qualification
|
Description
|
Competency
|
Experience
|
Candidate Experience
|
Last Used
|
Skills
|
CISSP
|
Expert
|
5-6 yrs
|
|||
Skills
|
Communication skills both verbal and written
|
|||||
Skills
|
Information Security
|
Expert
|
5-6 yrs
|
|||
Skills
|
MicrosoftOffice
|
|||||
Skills
|
Presentation skills
|
|||||
Skills
|
Service oriented architecture (SOA)
|
Information Assurance in the Air Force is probably the most comprehensive of any branch of the US Armed Services. Air Force Instructions (AFI) 33-210, Air Force Certification & Accreditation (C&A) Program (AFCAP) is the USAF framework for implementing DIACAP. This includes all information Assurance of the Air Force and has started to incorporated NIST risk management.
The Air Force expects Information Assurance Managers (aka Information System Security Managers) and Information Assurance Officers (aka Information System Security Officers) to maintain situation awareness restore IA posture and conduct internal Information Assurance assessments testing information assurance controls when necessary.
AFI 33-2xx Information Assurance Air Force
The AFI’s are the manuals that cover all rules and regulations of the Air Force. The AFI 33-xxx series covered all Information Technology rules (I use past tense because the Air Force may change this any day now.. they change everything all the time). AFI 33-2xx covered Information Assurance, Information Security, and anything dealing with security practices on IT.
AFI 33-210, AFCAP references DoD 8570.01-M and eventually DoD 8140 to describe the certification and skill sets necessary for security practitioners conducting Information Assurance in the Air Force. AFI 33-2xx are based on:
For more info: http://www.e-publishing.af.mil/
http://www.youtube.com/watch?v=cwqn7Ebq94w
X
In the defense industry operational risk is a big deal. Operation risk is that risk associated with an organizations activities. That is a broad term that applies to any organization, but in the defense industry operational risk can also be the risk of human life so its a HUGE part of DIARMF & risk management framework.
Confidentiality, Integrity and Availability in Operational Risk
A big part of operational risk is trusting you people to safeguard the confidentiality, integrity and availability of operational information.
When I was in the military, it meant keeping our mouth shut about missions. In high profile cases, the media was a huge operational risk because they would try to give away the positions of US Armed services in the middle of a war. For them its important journalism, for the guy on the ground that kind of operational information is life or death. In defense, to mitigate operational risk they practice they give the people the least amount of information and privileges they need to do there job. Because if ONE person knows everything there is a great risk that they will intentionally or accidentally release information that can damage or destroy the operations of the organization by leaking it. Information leakage is very popular these days, as there is less and less loyalty and more and more access to all information.
Operational risk is much harder to manage these days. People are more likely to keep the secrets of something they are stakeholders in than a pumped up since of pride. I think its because information is so freely available its improbable to promote a one sided view of any conflict or historical perspective.. but perhaps we are getting to sociological and political.
Stakeholders are more interested in hard facts than feel good perspectives of one beliefs. I think that is why companies like Apple and Google are better at operational risk management than the US government. But I am sure its also because the US government has an exponentially larger and more critical mission where lives, livelihoods and lifestyle are at stake. So maybe that is a poor comparison.
Operation Risk vs Profit
Since operational risk does not MAKE profit it is often overlook and ignored by private organizations. Larger organizations with LOTS of critical data understand the importance of operational risk especially once they see that critical data walk out the door. When a private organization sees their competition using their exact information due to leaks in confidentiality they realize they must do a little data loss prevention (DLP) which is directly related to Operational risk management.
There are system that are designed to automatically detect data loss such as McAfee Total Protection for Data Loss Prevention.
Information Security Specialist is one of the broadest, catch all terms within system security. Information security specialist is usually the title organizations use when there are so many hats to wear that its a hat store.
The Information Security Specialist Position reminds me of that old In Living Colour Skit “Hey Mon”
And Information Security Specialist is an intrusion analyst, a security analyst, a system analyst, a system security analyst, an information assurance analyst and you document findings! It seems like a way to get you to do anything they tell you without pinning the position down.
If you want to get an idea of what this job entails you REALLY, REALLY have to read the job description. The best I can do is tell you what I have done and what I have seen others do while holing this title.
When I was in the USAF I was given title information security specialist and I was an assistant firewall administrator, configured and maintained the base intrusion detection system, wrote the base policy and was acting information system security officer. So basically, I did everything.
As a contractor, they had me doing system security engineering, information system security officer and Army Information Management Officer (unit help desk guy).
Computer Network Defense is listed in the DoDD 8140, Cyberspace workforce has as a task among the Protect & Defend Category.
Job Description of Computer Network Defense
The actual work of Computer Network Defense covers Protect & defend and Analyze and possibly other categories. A system security analyst doing CND work is expect to monitor, detect and respond to security incidents on the network. They need to be familiar with not only information system security tools to monitor network traffic but they must also be able to know what the actual packets look like with certain patterns emerge on the network. They must be familiar with certain patterns to detect network attacks and be familiar with incident handling.
Tools of Computer Network Defense
System security analyst performing CND work should be able to use a packet sniffer (protocol analyzer) such as wireshark and etherape. The are also expected to be knowledgeable of certain Intrusion Detection System (such as Snort). Or they can also have working experience with Intrusion Prevention Systems. Since there are so many products that do very similar work of IPS, IDS, or packet analyzer knowing one really good and having a little hands on with others is usually ok. What is important is knowing signature system attacks well enough to detect them when they occur, understanding ports, protocols and services and being intimately familiar with network packets.
Computer Network Defense Certification
GIAC Certified Intrusion Analysts (GCIAs) – The top of the food chain for security analysts doing pure analyst work. Highly, highly respect intrusion cert.
GIAC Certified Incident Handler (GCIH) – Help certification to establish yourself.
CISSP – not really relevant or specialized for incident analysis but accepted like a VISA card.
Security+…not so much.. its like bringing a knife to a gun fight.