Information Security

Principles and Practices, 2nd Edition

by Mark Merkow and Jim Breithaupt

Chapter 1: Why Study Information Security?

Objectives

Recognize the growing importance of

information security specialists
Develop a strategy for pursuit of a career in
information security
Comprehend information security in the
context of the mission of a business

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

Introduction

To protect computers, networks, and the

information they store, organizations are
increasingly turning to information security
specialists
An information security specialist is more
than a technician who prevents hackers
from attacking a web site

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

Introduction (cont.)

We begin by trying to answer the first

question most students starting out in the
field ask: Why study information security?
In this book, well examine both practical
and theoretical skills security specialists
use to protect information systems

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

The Growing Importance of IT Security

and New Career Opportunities

Increased services to both vendors and employees

create worlds of possibilities in satisfying customer
needs, but
They also create risks to the confidentiality,
integrity, and availability of confidential or
sensitive data

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

Increasing Demand by Government

and Private Industry

The number of information security specialist is

expected to grow 36% from 2012 to 2022
Higher demand for expertly trained individuals

U.S. Bureau of Labor Statistics

The security of computer networks will continue to increase in

importance as more business is conducted over the Internet
There will be a high demand of managers proficient in computer
security issues
Source: www.collegegrad.com/careers/manage30.shtml

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

Becoming an Information Security

Specialist

Getting a degree in information security will involve

taking classes in security architecture, laws and ethics,
access control, disaster recovery and planning
Get the right certification

Certified Information Systems Security Professional (CISSP)

System Security Certified Practitioner (SSCP)
Global Information Assurance Certification (GIAC):www.giac.org

Consider earning a graduate degree in INFOSEC

Increase your disaster recovery and risk management
skills
Build a home laboratory
Pearson Education 2014, Information
Security: Principles and Practices, 2nd Edition

Becoming an Information Security

Specialist (cont.)

Give something back to the INFOSEC community

Get on a project working with strategic partners
Consider an internship in IS
Take a second look at government jobs

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

Schools Are Responding to Demands

Hundreds of community colleges, 4-year

universities, and post-graduate programs are
offering degrees and certificates in emergency
preparedness, counterterrorism, and security

Department of Homeland Security supports the Naval

Postgraduate School for Homeland Defense and Security

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

Multidisciplinary Approach

Security professionals must think like business

leaders
Exposure to nontechnical areas gives INFOSEC
professionals a greater ability to address and
resolve complex problems

Including probability and statistics, psychology, English,

foreign languages, philosophy, ethics, history, and so on

A wide range of educational experiences is a good

foundation for an INFOSEC career

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

10

Contextualizing Information Security

Information security draws upon the best practices and

experiences from multiple domains including

Compliance, policies, and standards

Administration, auditing, access controls, and permission controls
Intrusion detection and prevention and incident response
Software development security
Physical security
Operations control
Public key infrastructure and key management
Disaster recovery
Security testing
Software development security
Antivirus solutions
Training and awareness
Pearson Education 2014, Information
Security: Principles and Practices, 2nd Edition

11

Information Security Careers Meet

the Needs of Business

To support business operations a number of

common positions and career opportunities
are needed

Security administrators
Access coordinators
Security architects and network engineers
Security consultants

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

12

Information Security Careers Meet

the Needs of Business (cont.)

Security testers
Policymakers and standards developers
Compliance officers
Incident response team members
Governance and vendor managers

Pearson Education 2014, Information

Security: Principles and Practices, 2nd Edition

13

Summary

Networked systems remain vulnerable to

attacks from within and outside an organization
The explosive growth of e-commerce and the
pervasive personal and business uses of the
Internet have created a growing demand for
information security professionals
The principles, approaches, and concepts in
INFOSEC should work together to provide the
harmonious mix of risk and reward that modern
business demands
Pearson Education 2014, Information
Security: Principles and Practices, 2nd Edition

14