Security Analyst
Many disruptive trends are exponentially changing the IT-ITeS landscape. This industry is constantly evolving and expanding to leverage and manage the change. In response, manpower requirements are becoming more specialized and the economic demand differentiated levels of skills. This is forcing businesses, government and related stakeholders to increasingly invest in the future of education and build resources for the same. India has a large talent base that can be skilled to take up jobs with the industry. This can be achieved by reducing the skills gap that exists between industry requirements and academic outcomes. Industry, on its part has been training people to address their requirements, but orientation to skill development needs to be addressed at the college and school level as well. In order to meet the growing demand for skilled people, NASSCOM and its members in association with IT-ITeS Sector Skills Council NASSCOM (SSC NASSCOM), have undertaken multiple initiatives. Towards this end the courseware for ‘Security Analyst’ in the Data Security occupation, in the IT Services sub-sector is key.The ‘Security Analyst’ courseware (Facilitator Guide and Student Handbook) outlines the pedagogical approach and learning methodologies that aims to empower students with the requisite competencies in this Qualification Pack(QP) / job role.
- Information Security Management (Security Analyst - I)
An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident. Information systems audit is a large, broad term that encompasses demarcation of responsibilities, server and equipment management, problem and incident management, network division, safety, security and privacy assurance etc. Information security audit is only focused on security of data and information (electronic and print) when it is in the process of storage and transmission. Both audits have many overlapping areas.Security assessments utilize professional opinion and expertise, but they also analyse the output for relevancy and criticality to the organization.
- Information Security Assessment and Audits(Security Analyst - II)
An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident. Information systems audit is a large, broad term that encompasses demarcation of responsibilities, server and equipment management, problem and incident management, network division, safety, security and privacy assurance etc. Information security audit is only focused on security of data and information (electronic and print) when it is in the process of storage and transmission. Both audits have many overlapping areas.
- Incident Response and Management(Security Analyst - III)
Incident Response ProcessIn incident handling, detection may be the most difficult task. Incident response teams in an organization areequipped to handle security incidents using well-defined response strategie,Preparing a list most common attackvectors such as external/removable media, web, email, impersonation, improper use by authorized users etc. cannarrow down to the most competent incident handling procedure. Therefore, it is important to validate each incidentusing defined standard procedures and document each step taken accurately.Common issues and incidents of information security that may require action and whom to report can be identified asan indicator may not always translate into a security incident given the possibility of technical faults due tohuman error in cases such as server crash or modification of critical files.Incident handlers need to report thematter to highly experienced and proficient staff members who can analyze the precursors and indicators effectivelyand take appropriate actions. Mentioned below are some of the means to conduct initial analysis for validation:Profiling Networks and Systems in order to measure the characteristics of expected activity so that changeS can bemore easily identified and used.Studying networks, systems and applications to understand what their normal behavior is,so that abnormal behaviorcan be recognized more easily.Creating and implementing a log retention policy that specifies how long log data should be maintained may beextremely helpful in analysis because older log entries may show previous instances of similar attacks. Anyoccurrences must be recorded and the incident response team should update the status of incidents along with otherpertinent information. Observations and facts of the incident may be stored in logbook, laptops, audio recordersand digital cameras etc. Documenting observed changes in files can lead to a more efficient, more systematic anderror-free handling of the problem. Using an application or a database helps ensure that incidents are handled andresolved in a timely manner.Commence initial response to an incident based on the type of incident, the criticality of the resources and datathat are affected, the severity of the incident, existing Service Level Agreements (SLA) for affected resources,the time and day of the week, and other incidents that the team is handling.Generally, the highest priority is handling incidents that are likely to cause the most damage.The incident should be communicated in appropriate procedures through the organization’s points of contact (POC)for reporting incidents internally.It is important for an organization to structure their incident responsecapability so that all incidents are reported directly to the incident response team. Organizations shouldestablish an escalation process when the team does not respond to an incident within the designated time. This canhappen for many reasons. For example, cell phones may fail or people may have personal emergencies. The escalationprocess should state how long a person should wait for a response and what to do if no response occurs. if failedto respond in time,then the incident should be escalated to a higher level. This process should be repeated untilthe incident is successfully handled. Containment is important before an incident overwhelms resources or
Incident Response Process In incident handling, detection may be the most difficult task. Incident response teams in an organization are equipped to handle security incidents using well-defined response strategie,Preparing a list most common attack vectors such as external/removable media, web, email, impersonation, improper use by authorized users etc. can narrow down to the most competent incident handling procedure. Therefore, it is important to validate each incident using defined standard procedures and document each step taken accurately.
Disclaimer / Acknowledgement
The information contained herein has been obtained from sources reliable to NASSCOM, JNTUH and open content available on various websites. JNTUH disclaims all warranties as to the accuracy, completeness or adequacy of such information. JNTUH - Skill and Development shall have no liability for errors, omissions, or inadequacies, in the information contained herein, or for interpretations thereof.
The sole purpose of development and preserving the content in this portal is exclusive of free distribution to the students under teaching - learning process for their benefits who are training under special training program initiated by the tri-party MOU between JNTU, NASSCOM and TASK. No part of this content developed in this portal has been used for any commercial purpose. JNTUH would be grateful for any omissions brought to their notice for acknowledgements in updating and content of the portal.
No entity in JNTUH shall be responsible for any loss whatsoever, sustained by any person who relies on this material. No parts of content of this portal can be reproduced either on paper or electronic media, unless authorized by JNTUH.