Hi readers
hope you like this blog because this will give you a very clear view of Information Security domain....enjoy reading.
What is Information Security = I am sure that most of you must have a idea about it.....but for beginners
I would say in simple word that information security is a vast field which covers whole organization unlike IT Security which only covers hardware, software & network protection from external attacks (hackers) or disasters....where as information Security covers organization as a whole eg. electronic data, trade secrets, know-how, intellectual property rights, historical data, information on data access, policies and procedures laid down, compliance & standards established within the organization, plans and budgets, financial & management data, brochures, images, logo and designs, employee information and so on. it looks at protecting / safeguarding information and information systems from anyone including employees, consultants, suppliers, customers and of course, malicious hackers.
Information Security is divided in 2 fields:-
VAPT (vulnerability Assessment & Penetration Testing)
Security professionals in this field are more practical in their approach, their main work is to test the network, applications and device configurations and find any loop holes or vulnerability in it. for this they have to master security assessment tools like NESSUS, GFI, NMAP, SUPERSCAN, GREDEl, APPSCAN, ACCUNETIX etc. for reference visit http://www.sectools.org/ just being master in running these tools won’t work in real scenarios because security professionals also need to know that how to combine the results of these tools to prepare a report for management and convince them for security budget. they also need to test their network for any kind of intrusion or attack might happen in future by doing penetration testing which require complete understanding of networking, script writing for automation and good grip on Pen testing tools. eg. LIVE SECURITY DISTROS, Metasploit, Core Impact etc.
ISMS (Information Security Management System)
Security auditors in this field have complete understanding of implementing, maintaining & reviewing ISO standards for Information security like 27001, 17799 etc.
Generally security auditors of a company implement ISO 27001by following the guidelines which are mentioned in the standard. And when they have prepared documents and implemented security controls according to standard (27001) then they ask external bodies like BSI in INDIA to check or audit there organization for ISO 27001 requirements and certify them if they are actually following it. Sometimes organizations take help from third parties like STQC to check the ISO 27001 requirements in their company and help them understand any weakness before they ask for audit from external bodies like BSI.
Information Security Job titles:-
Security Auditor
Security Specialist
Security Consultant
Security Administrator
Security Analyst/Engineer
Security Manager
Salaries: -
At the entry-level, a network analyst/auditor would start with Rs 15,000 to Rs 20,000 per month. And for Information Security Managers, it ranges from Rs 35,000 to Rs 40,000 per month and may go higher depending on the company. As you gain more experience and rise up the ladder Sky's the limit!
A Director of Information Security (CISO) takes home more than Rs. 1 lakh per month as a salary.
If you are looking for international jobs then:-
view this survey to have a clear picture www.sans.org/salary2005/ there are many of these kind of surveys which conduct yearly. So I advise you to look for these survey's and know your worth.
I hope this information will add something to your existing knowledge, as information security is a vast topic my effort is to make it small and simple for beginners to understand it and of course those of you who have complete knowledge of this domain please add your comments
Warm Regards
Praveen Joshi
if you have any sought of query then kindly mail it to askjoshi86@gmail.com
Have fun!!!
Posts
No comments:
Post a Comment