IT Security Certifications
IT Security Certifications are becoming more and more popular and necessary as the job economy becomes tougher. IT Security Professionals are trying to distant themselves from their competition while companies are looking for the best and brightest in the field. Below are some of the certifications I am researching for a bigger IT Security Certifications project.
CCSA — Certification in Control Self-Assessment
The CCSA demonstrates knowledge of internal control self-assessment procedures, primarily aimed at financial and records controls. This cert is of primary interest to those professionals who must evaluate IT infrastructures for possible threats to financial integrity, legal requirements for confidentiality and regulatory requirements for privacy.
Source: Institute of Internal Auditors
CFE — Certified Fraud Examiner
The CFE demonstrates ability to detect financial fraud and other white-collar crimes. This cert is of primary interest to full-time security professionals in law, law enforcement or those who work in organization with legal mandates to audit for possible fraudulent or illegal transactions and activities (such as banking, securities trading or classified operations).
Source: Association of Certified Fraud Examiners
CFSA — Certified Financial Services Auditor
The CFSA identifies professional auditors with thorough knowledge of auditing principles and practices in the banking, insurance and securities financial services industries. Candidates must have a four-year degree or a two-year degree with three years of experience in a financial services environment, submit a character reference and show proof of at least two years of appropriate auditing experience. To obtain this certification, candidates must pass one exam.
Source: The Institute of Internal Auditors
CGAP — Certified Government Auditing Professional
The CGAP identifies public-sector internal auditors who focus on fund accounting, grants, legislative oversight and confidentiality rights, among other facets of internal auditing. Candidates must have an appropriate four-year degree or a two-year degree with five years of experience in a public-sector environment, submit a character reference and show proof of at least two years of direct government auditing experience. To obtain this certification, candidates must pass one exam.
Source: The Institute of Internal Auditors
CIA — Certified Internal Auditor
The CIA cert demonstrates knowledge of professional financial auditing practices. The cert is of primary interest to financial professionals responsible for auditing IT practices and procedures, as well as standard accounting practices and procedures to insure the integrity and correctness of financial records, transaction logs and other records relevant to commercial activities.
Source: Institute of Internal Auditors
CISA — Certified Information Systems Auditor
The CISA demonstrates knowledge of IS auditing for control and security purposes. This cert is of primary interest to IT security professionals responsible for auditing IT systems, practices and procedures to make sure organizational security policies meet governmental and regulatory requirements, conform to best security practices and principles, and meet or exceed requirements stated in an organization’s security policy.
Source: Information Systems Audit and Control Association
ECSP — EC-Council Certified Secure Programmer
The ECSP identifies programmers who can design and build relatively bug-free, stable Windows- and Web-based applications with the .NET/Java Framework, greatly reducing exploitation by hackers and the incorporation of malicious code. Candidates must attend a Writing Secure Code training course and pass a single exam.
Source: EC-Council
Security5
Security5 certification identifies non-IT office workers and home users who understand Internet security terminology, know how to use defense programs such as antivirus and antispyware applications, can implement basic operating system security and follow safe Web and e-mail practices. Candidates must attend a two-day course and pass one exam.
Source: EC-Council
Insider Threat Still a Big Issue to Network Security
Internal users continue to be the torn in system and security administrator’s side. This is the case for many reasons. One, they have knowledge of the networking recourses. Two, they have credentials to access various systems on the network and third, most security controls defend against external entities as compared to internal users. According to the Computer Security Institute (CSI), approximately 80 percent of network misuse incidents originate from inside the network.
Security Administrators should apply the “Defense in Depth” security model when it comes to protecting the network. This mean network firewalls, IDS, HIDS, host-based firewalls, patch management, security policies and vulnerability scanning.
The CSIS Commission on Cybersecurity for the 44th Presidency has been Released
The CSIS Commission on Cybersecurity for the 44th Presidency has released its final report, “Securing Cyberspace for the 44th Presidency.” The Commission’s three major findings are:
- Cybersecurity is now one of the major national security problems facing the United States;
- Decisions and actions must respect American values related to privacy and civil liberties; and
- Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation.
You can get a PDF copy of the report here or you can visit the CSIS website.
85% of All Crimes Leaves a Digital Fingerprint
It has been stated that 85% of all crime leaves a digital fingerprint in electronic devices. This may occur from an Internet intrusion, identity theft and traditional crime like murder. Computer forensics has aided in the investigation of these crimes. Computer Forensics is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel. The challenges facing many computer forensics examiners are an abundant of data that must be analyzed to produce a story or show correlation. Hard disk space is enormous and continues to grow. Hard disk space is inexpensive thus allow for more. In conjunction, RAID systems also provide additional challenges for the investigator. A simple case on a 200 GB hard drive can take weeks to review alone before any real assessment can occur. Issues such as terrorism and murder cases can prove to be fatal. By including Social network analysis (SNA), the time to locate correlation will be reduced. This will assist the examiner to focus his analysis on key area from the SNA results.
VMWare Fusion on Mac OS X: How to shutdown Windows when it is hung
I have been running VMWare Fusion with Windows XP as my guest OS for some time on my MacBook Pro. The other day, Windows XP while shutting, just hung as it seems to do from time to time on regular PC-based installed. I spent 2-days, waiting for it to complete. I even used the:
VMware Fusion menu bar > Virtual Machine > select Power Off
But it seem by using:
VMware Fusion menu bar > Virtual Machine > press the option key and select Power Off
It is the equivalent of pulling the plug out of the wall and it worked. Hope this will help someone out as it did me.
Kellep
Cyber ShockWave Explained and Results
A simulated exercise titled “Cyber ShockWave” held by the Bipartisan Policy Center took place yesterday, February 16 at the Mandarin Oriental Hotel in Washington, D.C. The exercise was a simulated cyber-attack on the United States to see how well members of the government would respond to a large-scale cyber-attack on the nation’s critical infrastructure. The participants were a group of former national security and administration officials from both the Democratic and Republican Party.
