Mark Amory | 7 July 2015
IT security is by any standard, a very wide topic to look at, and so it would be accurate to say that an ideal Information Security Analyst has to have a good, broad understanding of all things IT related.
Well, yes that’s perfectly correct, but there is more to it than that…
Firstly, let’s take a quick look at what security entails.
One of the key principles taught in security is that you have to try to maintain a level of Confidentiality, Integrity & Accessibility around the asset you wish to defend. This is known as the CIA triad.
Maintaining the CIA triad should involve implementing controls that cover dealing with People, Process, Technology and Physical security.
So when you look at these four elements, you can see an IT security job isn’t just about IT; so to become an ideal IT security analyst, you need to understand how these four elements work and interact, and how they can be/are abused.
Dealing with People
People are quite possibly the biggest security risk in an IT environment because people are well…people!
- People create weak passwords, re-use passwords, and write them down even when they are told not to
- People don’t read warning messages when they pop-up
- People don’t watch what they click on
- People get confused easily where IT is concerned
- People don’t like to follow rules set by the management
An ideal IT Security Analyst should know how people tick and how to spot security issues brought about by people.
The IT Security Analyst should certainly understand how Social Engineering is used to elicit sensitive data from people and how to take steps to stop this happening.
Dealing with Process
Business processes should be designed to allow the business to perform its function. When processes are implemented, they are usually designed to be efficient and make the most of existing assets.
As a business grows and evolves, it unusual for many business to re-visit processes to see if they are still efficient and making the most of the assets available.
“We’ve always done it that way” is a very common phrase heard in businesses all across the land.
A good IT Security Analyst should be able to look at business process to see if there are any weak areas that could be fixed by changing process. As such, the analyst should help to devise, implement, and maintain corporate policies to ensure that security stays high on the list of priorities.
Dealing with Technology
The biggest part of the IT Security Analysts’ day will be spent with technology, and so a good security analyst should have a well-rounded understanding of Hardware, Software, and Networking systems.
He/she needs to stay abreast of the latest developments with industry standards and security tools to ensure that corporate security controls not only stay up to date, but also remain capable of keeping up with ever-changing business requirements.
As such, the analyst should take part in the development, implementation, and upkeep of security controls that are in compliance with corporate strategies. By knowing exactly how the corporate security model works, they will be best placed for conducting vulnerability assessments, dealing with change requests, and handling security incidents.
The ideal IT Security Analyst will need to know how to interpret the output from systems such as IDS/IPS, router & server logs, Antivirus/Antimalware tools and react to them accordingly.
By understanding the security model to a high degree, the ideal analyst will be able to play a role as part of a corporate security response unit, and as such, provide expert counsel on how to solve issues relating to security alerts, incidents, and disasters.
Dealing with Physical Security
If a criminal gets direct access to an IT device, they will normally be able to carry out more devastating attacks than if they were only remotely accessing the device. As such, the ideal IT Security Analyst should have a good understanding of the physical security that should be in place when IT is either on premises or abroad in unknown environments.
“It takes a thief to catch a thief”
As the phrase above suggests; to be an ideal IT Security Analyst you quite often need to think like an attacker to see how they might get round your security controls.
Thinking about how People, Process, Technology and Physical controls could be attacked goes a long way to becoming an ideal security analyst. Reading about the latest attacks will help the analyst make strategic decisions to ensure the attacks cannot affect their systems and having test systems to carry out demo attacks will help the analyst understand the effect of an attack.
For more information visit qa.com/cybersecurity