Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact email@example.com.
What is your view of the role performed by an IA/Security Engineer? Is it focused on securing the network perimeter through the operations of the firewall, virtual private networks (VPNs), intrusion detection system/intrusion prevention system (IDS/IPS), network access control (NAC), data loss prevention (DLP) and enterprise anti-virus solutions? Is it the network specialist responsible for the secure design of the local area network (LAN), virtual LAN (VLAN), wide area network (WAN) and all endpoints? Is it the systems designer or operator responsible for the security of all clients and servers? Is it a software developer specializing in developing and hardening custom applications? Is the IA/Security Engineer someone who is an expert in all these areas? Is the IA/Security Engineer a specialized single technology (i.e. Cisco) expert, or is the position technologically agnostic, working at a higher level where specific detailed technology is irrelevant in the bigger scheme of things?
By: Navaratnasingam Arunanthy (posted on April 27, 2010)
Outsourcing was hyped in the mid 90s as one way to reduce IT cost, as well as to gain expertise for better business operations. Today some or many of the information technology activities in many organizations are outsourced.
IT outsourcing occurs when an organization contracts a service provider to perform an IT function instead of performing the function itself. The service provider could be a third party or another division or subsidiary of a single corporate entity. Increasingly, organizations are looking offshore for the means to minimize IT service costs and related taxes.(CICA, 2003)
Outsourced environments are complex and highly integrated with organizations and operations. As complexity increases managing relationships with service providers becomes challenging.
A survey performed by the IT Governance Institute indicates that problems with outsourcers increased on year 2007 from 74 Compound Problem Index (CPI) on year 2005 to 127 CPI. The CPI is the result of multiplying the outcomes from the several questions about the IT-related problems experienced by the749 respondents.(ITGI, 2008)
This paper describes how managing a cyber security program involves physically protecting your company's investment in computer hardware, ensuring system availability, verifying information integrity, and securing confidential information.
This paper describes some methods to improve security on systems that were originally designed as stand-alone or where security issues were ignored. It points out the weaknesses which have to be addressed before integration. It describes various channels into the system and explores ways on how to protect these pathways from being exploited
I have never seen such high quality training, distilled to a perfected message, and compressed into a timeframe that any organization should willingly commit employee time to taking as a risk reduction strategy. -- Jim Richards III