So you envision a career that takes you into a niche area in the burgeoning space of information systems security, having just completed regular schooling or graduate studies? Well, here is an expansive world of opportunities that can settle your quests on the one hand and secure the ambitions of numerous others from a slew of threats and inherent vulnerabilities, writes Dr. John Patrick Ojwando.
The use of computers, across diverse spheres, has unlocked scores of employment openings, barring of course the recession, witnessed in the not so distant past. From those ushered by the ubiquitous ATM cards, credit and debit cards to others thrust upon us through online engagements namely banking, bus, flight and train bookings, online purchases and filing of tax returns. As well, you get the performance of personal and official tasks through E-mail and the inundating forms of communication fuelled by social networking websites.
That we find ourselves in the midst of a spiraling information transformation does not therefore come as a surprise. Sadly, just like other revolutions, there is the danger that we have left ourselves vulnerable to security issues especially when it comes to information security. Can we ignore the risks posed by such advancements? While threats such as malware, phishing, pharming, botnets and rootkits, are all too familiar, cyber crimes, identity theft and attacks on critical infrastructure, surely merit more attention.
From these threats that stand to expose users of online services to unsavoury assaults, stem the need for a new breed of professionals whose stock seems to be rising with every single click of the mouse. Often carrying different nomenclatures, information systems security specialists are much sought after by recruiters seeking to help firms coordinate and execute security policies and controls as well as assess vulnerabilities. The tasks they perform revolve around data and network security processing, security systems management and security violation investigations, to mention but three broad areas. Aside investigation and processing, they are expected to shelter the backup and security systems, engage in employee training, ensure that security-planning measures are in place, and be able to steer the recovery of data in disaster situations.
Succinctly defined, information systems security and its management encompass ‘a collection of technologies, standards, policies, and management practices that are applied to information to keep it secure’.
A representative day in the life of these professionals would invariably span across performing tasks such as security audits, risk assessment and analysis, application-level vulnerability testing besides security code-reviews on a wide range of systems and products. The work schedule can be punishing at times, calling them to stretch beyond normal working hours, especially during emergencies, a key feature of this profession.
Training in Information Security, the Jain University Way
For a complete exploration into the realm of Cyber Security, the Master of Science in Information Security Management Services of Jain University (MISMS) comes as a boon.
The unique two year full time postgraduate programme aims at providing a thorough grounding in cyber security, inculcate in-depth understanding in managing technology risk and protecting critical information and infrastructure, and helps shape a healthy network with other professionals across the globe.
The learners have access to adequate resources to hone and expand their technical expertise while keeping abreast with latest trends in the industry as well as the significant developments in the ever -chugging technology sector of information systems security.
The expectation at the end of this programme is that IS security graduates will be able to demonstrate diverse skills. Some of these include preventive and ethical hacking, application of preventive and forensic skills, amongst others. Also, they should possess relevant skills gained through ‘the hands on’ exposure the course accords to implement various information security tools.
Salient features of the course:
- Computer System Organisation
- Designing Enterprise Network
- Application Programming
- Data Centre Architecture and Storage
- Management Fundamentals
- Server Operating System
- Learning Labs
- Programming and Operating Systems Lab
- Mini Project
- Information Security
- Applied Cryptography
- Data Base Security Fundamentals
- Ethical Hacking
- Advance Mobile, Wireless and VOIP/ Cobit for Mobile Devices/ Hactivism, Cyber Warfare and Cyber Terrorism
- Learning Labs
- Ethical Hacking-Lab
- Virtualisation and Cloud Security
- Advanced Computer Forensics
- Disaster Recovery and Business Continuity Management
- Cobit, ValIT and RiskIT
- IT Governance, Risk and Information Security Audit/ Application, Web Security & SDLC/Principles of Remote Infrastructure Management
- Learning Labs
- Applications & Web Security -Lab
- Advanced Computer Forensics -Lab
- Project and Internship
How to get in
A good Bachelor’s degree in Computer Science, Information Technology or Computer Applications, Engineering or Technology, from a recognised University with a minimum of 50 per cent aggregate in marks obtained in the qualifying examinations should help one sit in the MISMS degree classes.
Certifications from professional bodies such as CIRSP, CAP, CISM and the likes, or sufficient background to obtain higher credentials after employment, may be an advantage for those seeking to scale higher echelons of the IS security ladder.
So do I really have the skill-sets or aptitude?
While many people may get drawn to IS security jobs on offer because of the promise of high salaries, it is necessary that they recognise their limitations well before hand. Since employers are more than willing to keep them on high pay, it is only natural that the work expected of the employees comes devoid of any glitches.
The ability to think logically is an absolute must because the very nature of IS security tasks is about keeping best security practices in mind.
Capability to maintain proprietary and confidentiality data, software systems, and infrastructure are absolute musts. The key IS security role is to design, develop and recommend integrated security systems solutions. Thus stated, as a professional with skills in information security technologies, you will be expected to proffer advice on a wide range of IT related issues. The willingness to travel offsite, the ability to sit for significant hours at odd times, especially at the start of employment, remains desirable traits. This implies that information security workplaces may not be the ideal hangouts for extroverts.
Some of the desirable traits of security professionals include:
IS security professionals should be able to assess and find solutions to complex problems. Such professionals are involved in study computer systems and networks for any security breaches and investigate irregularities to determine if there is any violation or to uncover networks that have been compromised by hackers.
IS security professionals owe explanations to other team members that work with them.
Detail – oriented:
The duties of IS security professionals revolve around cyber security. Attention to details and the need to be careful while investigating computer systems are requisites because changes, however minor, can have far-reaching consequences.
IS security professionals plan and help carry out various assignments such as ways in which a firm or organization handle security, develop security standards, implement best practices, and recommend security enhancements to bolster against inherent attacks
Problem – solving skills:
IS security professionals are able assess needs, define problems, review and evaluate goals even as they seek to find and fix flaws in computer systems and networks
A nascent field with shortage of skilled professionals to fill out the numerous vacancies, Information Systems Security has always been seen as the job- description of a single designation. Yet in recent years, the vocation has spread its wings to embrace the need for those with skills in its various domains growing by the day.
As some of the most sought after professionals in the IT industry, IS security holders have an upper hand. As analysts, they ply their trade to computer companies, consulting firms, business and financial companies and enterprise, and work in teams that often comprise network administrators or computer system analysts.
In some of the firms or agencies, the entire IT department may be placed under the watch of a director or executive overseeing its functioning including information security. However, in bigger setups, information security has an independent charge.
In the face of hi-tech cyber-security threats, careers in IS security can be very lucrative for those with the requisite qualifications, training and industry-acquired certifications. In most of the firms or agencies, the IT and IS security professionals get annual bonuses and generous benefits that are tagged to their base salaries. Many of them, when they rise to management and consulting positions, stand to earn more in private firms than government agencies. In the later, however, they have security of tenure built in the positions.