Yunze Wang

ITS 370

4/23/2020

 

CH11

 

Exercises

4.     Search the Web for at least five job postings for a security analyst. What qualifications do the listings have in common.

Answer:

Security analyst

Career rung: A possible first job for those with a specialist qualification.

Job description: Security analysts monitor and advise on all aspects of computer and network security, including firewall administration, encryption technologies and network protocols. Analysts need strong communication skills and are able to multitask and work well under pressure. Keeping abreast of industry trends, security developments, and government regulation is a given.

Qualifications and experience: A degree in cyber security could parachute you straight into this role. Otherwise, employers generally seek a bachelor’s degree in a computer-related field along with three to five or more years of practical data security experience. Professional certification such as the Certified Information Systems Security Professional (CISSP) qualification also is an asset.

Job prospects: As cloud computing gains ground, there will be increased demand for these professionals as many companies are concerned about their security and data confidentiality.

 

Ethical hacker

Career rung: Another recent option for graduates, following the arrival of cyber security degrees. Otherwise, it’s a role to suit someone with a minimum of five years’ experience of managing computer networks.

Job description: They have a specific task: to seek down and remedy vulnerabilities in computer networks. More often you will work for an external client although some large corporations may employ in-house teams. Also known as penetration testers, ethical hackers need analytical and problem-solving skills, as well as excellent judgment and self-motivation.

Qualifications and experience: A high IQ, an enquiring mind, persistence and integrity are as vital as any formal qualification. A track record of solving security problems is also a pre-requisite. More industry qualifications are emerging in this fast-growing profession. A week’s course you can acquire the certified ethical hacker (CEH) badge. However the emerging gold plate of ethical hacking is the Council of Registered Ethical Security Testers (CREST), which is allied to the government-approved CHECK scheme.

Job prospects: There’s a shortage of cyber security skills in the UK, according to the national sector council, e-skills. The future is very bright for this specialist breed, especially in financial services, energy and government sectors.

 

Security Analyst

Company Name: Hill Dickinson LLP Company Location Liverpool, GB

Title: Security Analyst

Primary location: Liverpool

Reports to: Security Architect

Scope of role: Firmwide

Contract type: Permanent

Role Summary

This position, based in the Liverpool head office, is responsible for monitoring and reporting on security-related activity in the company’s technical environment. This involves the use of commercial and open source tools and scripts as appropriate. The Security Analyst is involved in the planning, implementation and subsequent monitoring of global technology projects

Essential Skills & Experience

Comfortable with data analysis

Meticulous, with keen attention to detail

Good diagramming, charting & documentation skills

Tenacious

Committed to excellence

Good communication skills with stakeholders at different levels

The highest standards of integrity

Knowledge of at least some network protocols, such as DHCP, DNS, HTTP, HTTPS, LDAP, RADIUS, SMTP, SNMP, TCP/IP, etc.

Knowledge of physical & logical network structure and the purpose of network devices such as switches, routers, bridges, access points, load balancers, proxies, etc.

Familiar with principles of patch/update management

Desirable Skills & Experience

Experience of implementing or maintaining at least one security compliance framework (e.g. PCI DSS, Cyber Essentials Plus, COBIT, NIST CSF, CIS Controls, ISO 27001, etc.)

Experience of centralized log management systems, such as Graylag, Splunk and/or ELK

Able to identify security access levels appropriate to roles (or some experience of role modelling)

Proficient use of Excel

Experience of incident recovery and/or business continuity processes

Experience of identity management systems and/or single sign-on

Experience of risk management frameworks such as FAIR, ISO 27005, NIST SP 800-30, OCTAVE and/or COBIT 5 for Risk

Experience managing and administering a SIEM solution such as LogRhythm, Bro, AlienVault USM/OSSIM, ArcSight ESM, Radar and/or SIE Monster

Experience of Group Policy, SCCM, Rudder or other configuration/compliance management solutions

Experience of a working environment where confidentiality is paramount

Experience writing or editing policies

Experience designing and/or implementing access control lists

Experience managing supplier relationships

ITIL Foundation certificate

Security certification such as SSCP, Security+, CISA, CRISC, OSCP, etc.

Experience with data loss prevention tools

Experience with privileged account/access management

Use and administration of multiple platforms such as Windows, Linux, Android & iOS

Scripting (e.g. Bash, PowerShell, Python, etc.)

Key Responsibilities

 

Investigate alerts from security tools

Manage vulnerability scanning and analyze results

Administer anti-malware/endpoint security management tools

Collaborate on information security risk assessments

Maintain an awareness of the threat landscape

Produce monthly reports including KPIs and/or KRIs

Investigate security-related support tickets

Review security-impacting changes requests and ensure they conform to internal policies and compliance obligations

Assist in developing security monitoring and alerting based on logging systems

Maintain security documentation

As business needs and requirements change over time, this non-exhaustive list will be reviewed and updated periodically to reflect those changes.

 

Vision and Values

Trust: We understand that trust is fundamental to how we do business, it empowers our colleagues, builds loyalty and inspires creativity

Respect: We will maintain the highest standards of professionalism and integrity so that we foster a climate of mutual trust and confidence amongst our colleagues

Innovation: We will embrace change, utilize our technologies and modernize our approach to business and people management

Collaboration: We will work together and integrate across teams and in doing so share our expertise and knowledge for the benefit of the firm and our clients

 

Key Lines of Communication and Relationships

Reporting to the Security Architect

Liaison with infrastructure engineers and support analysts

Liaison with third party security suppliers

 

Security Operations Analyst (AWS required)

Company Name Argus Media Company Location Houston, TX, US

 

Description

Argus is a fast-growing global B2B media company providing essential information on commodity markets. As a business, we continue to grow and evolve, adding new markets, new services, new delivery options, and improved analytical tools.

 

Job Purpose

We make extensive use of modern technology and are heavily invested in the cloud. Our in-house development team develops and supports several client-facing web and mobile platforms built as greenfield projects with leading-edge technology.

A part of our continuous improvement program we see seek to expand our Security Operations team, working closely with other regions within a support model that is moving towards a 24/7 service. This is an excellent opportunity for someone to gain invaluable experience in a fast pace, rapidly growing business environment.

The Security Operations Analyst will be a critical player supporting a growing application, network and server infrastructure. The role encompasses a wide range of technologies, including AWS, Windows, Linux and networking, and the candidate would be comfortable with the occasional desktop issue.

 

Key Responsibilities

We are looking for an exceptional candidate to work with the global team to affect change and improve current processes and procedures.

Active monitoring and responding to security events and incidents escalating as required for remediation.

Contribute to improving the security monitoring systems and tools to reduce false-positives and more accurately and quickly identifying security events and remediating them.

Maintain AWS security governance policies, including custom IAM policies, security groups, NACLs, and S3 bucket policies.

Security hardening servers, desktops and network devices.

Assisting the Security team with compliance audit activities.

Training and coaching of security policies, processes, procedures, best practices, awareness, and other such training to the technology support teams.

Keeping abreast with the latest vulnerabilities, attacks, and security tools to stay current with security trends and risks.

Participate in OS patch management and coordination using patch management tools such as Bitdefender Gravity Zone.

Test Windows and Linux security patch packages.

Troubleshoot Windows and Linux OS and application security patch installations.

Monitor and report on the implementation of intrusion detection, firewall policies and malware software.

Participate in ongoing operations projects.

Participate in technical on-call rotation.

Skills and Experience

Experience with active monitoring and providing feedback about security trends and risks as they relate to business systems, policies, processes, and infrastructure.

Proven experience with security threat remediation, patch management compliance, and reporting.

Operational experience with security controls, driving remediation required, performing root cause analysis and implementing continuous improvement process opportunities.

Intermediate-level knowledge in one or more specific technical areas, network/cloud security, malware detection/analysis, threat intelligence, cryptography, vulnerability management, incident response, forensics, social engineering, or hacking techniques.

Implementing and managing endpoint security controls and best practices in an enterprise environment.

Implementing security policies and practices in AWS.

Scripting / Development experience is desirable

Ability to read, interpret, write and correct AWS IAM and other security-related policies

Experience developing on native AWS capabilities, including serverless architectures to deploy and manage security solutions

Hands-on experience with automated log review, alerting and data analytics.

Experience within a 24x7 production environment, preferably across multiple datacenters and 3rd party cloud environments

About Argus Media

Argus is a leading energy and commodity price reporting agency providing data, news and insight as well as conference and consulting services. Companies in more than 140 countries around the world use Argus prices to index physical trade and as benchmarks in financial derivative markets as well as for analysis and planning purposes.

Half of Argus' 900 employees are commodity journalists who specialize in reporting news and price information relating to physical energy and related commodity markets. They operate according to a rigorous Editorial Code of Conduct and a Compliance and Ethics Policy that align with best journalistic practice, including the avoidance of conflicts of interest.

Argus was founded in 1970 and is a privately held UK-registered company. It is owned by staff shareholders and global growth equity firm General Atlantic.

 

Chief information security officer

Career rung: This is the endgame, the pinnacle of achievement for some.

Job description: The modern CISO is business savvy and the job enormously varied – ultimately it is about making good calls on all security-related matters. An ability to think methodically, attention to detail and a healthy paranoia are vital attributes.

Qualifications and experience: Security knowledge is gained from on-the-job experience and university degrees in information security, plus training leading to qualifications such as CISSP and CISM. Accreditation is crucial in order to acquire the necessary breadth of knowledge and accompanying peer recognition.

Job prospects: It’s a relatively new market and will enjoy a steep growth curve as companies wake up to the extent of cyber threats. Government assets are the most highly prized in society and so, unusually, government offers the top jobs.

Here are some important areas of expertise that today’s security analysts should possess and why:

Ethical hacking aims to expose weak points and identify potential threats so that the organization can protect itself from malicious hackers. This includes penetration testing during which an analyst will test networks, computers, web-based applications, and other systems to detect exploitable vulnerabilities.

Intrusion prevention involves monitoring network traffic to detect potential threats and then responding to these threats promptly.

Incident response manages the negative effects of an attack or breach, from minimizing the impact to altering security controls for future prevention.

Computer forensics aids in the prevention of crime through the collection, analysis, and reporting of data. It also enables an analyst to create evidence in the event of a breach.

Reverse engineering allows an analyst to comprehend why a piece of software does what it does so that he/she can patch a bug or analyze malware.

In addition, security analysts are expected to have expertise in cyber security, firewalls, network security, information assurance, Linux, UNIX, security information and event management (SIEM), application security, security engineering, and security architecture. They must also keep up with the latest trends in cyber security.

 

The most successful analysts are detail-oriented and have an analytical mindset. For the most part, security analysts work with scenarios – and this could mean poring over thousands and thousands of pages of data to look for anomalies. Interpersonal skills are also crucial; analysts need to train company staff on better security protocols and regularly communicate with executive leadership.

 

Required common qualification

1. Certified Information Systems Security Professional (CISSP)

2. certified ethical hacker (CEH) badge

3. CISM

These 3 certifications are enough to acquire all the common knowledge related to the field. Specialization of each company could be different. But yeah, these could help.

 

5.    Search the Web for three different employees hiring and termination policies. Review each and look carefully for inconsistencies. Do each of the policies have sections that address information security requirements? What clauses should a termination policy contain to prevent disclosure of an organization’s information? Create your own version of either a hiring policy or a termination policy.

Answer:

Information Security Manager or project manager

Termination policies:

Voluntary Termination

Voluntary terminations are one of the termination process and that happens when an employee retires or resigns. Generally, these are not linked with the negative emotions. In voluntary termination process, the employer has the necessary benefits like retirement benefits.

Reduction in Force

Reduction in force occurs due to the potential cost and other negative impacts. In this case employers should ready before deciding to implement a RIF. If RIF is necessary, then the employer should adopt objective criteria in implementing the RIF. RIF has impact on a protected class of employees may be unlawful. It is advised to consult experienced employment.

Disciplinary Termination

In this case, employers have general rights to discharge an employee for any reason which is not prohibited by law. Even if it is unreasonable, the reason may be some other unlawful motive follow the discharge.

Hiring policies:

Job postings:

Organizations posts all regular job openings on intranet and flexies for employees to review. These Jobs will remain posted until the position is filled. This process is held at regular intervals.

Internal transfers

Per suppose if in an organization, Employees in their current position for at least one year may also apply for internal job openings to change modules and streams. This requirement fulfilled with the recommendation of the employee's manager and the HR department. For this Employees must complete the Internal Job Opening Form.

Job offers

Finally, if the HR department receives positive results from the reference checks, criminal background check then they will notify the candidate job offer.

 

 

 

Case Exercises:

Discussion Questions

1.   What questions should Iris ask Charlie about the new job, Kelvin’s team, and the future of the company?

Answer:

Iris asks the questions to Charlie. Those are

How the information security functions are managing within the organization?

While contracting with non-employee what are the special securities precautions are necessary to take?

How to understand the issues and concerns that are associate staffing the information security function?

How to recognize the credentials and recognition of the professionals in the information security field?

How to identify the need of separation for duties?

2.     What questions should Iris ask Kelvin about the new job?

Answer:

Iris asks the questions to Kelvin. Those are as follows:

How are the information security functions such as firewalls, data encryption and other security measures managing within the organization?

How to recommend security enhancements and purchase in the information security?

How to create, test and implement the network disaster recovery plans in the information security field

How to provide training to information security staff?

  

Ethical Decision Making

1.     Should Iris inform Charlie about her relationship with Kelvin if she does not plan to apply for the transfer?

Answer:

The relationship may not be an issue for the company as most of the companies are fine with married couples working in the same organization. But while if they are being in a direct reporting relationship then there will be a conflict of interest. There are high chances of being more emotional than rational and taking things personal (which may be positive or negative, favorable on non-favorable).

2.  If she does apply for the job, but has no current plans for marriage, should she inform Charlie of her relationship?

                  Answer:

                  Thus, it is a case of emotional quotient and professionalism Company should align them on different verticals or having different reporting system which can avoid all the possible bias without affecting their professional interest.