Security Analyst

Many disruptive trends are exponentially changing the IT-ITeS landscape. This industry is constantly evolving and expanding to leverage and manage the change. In response, manpower requirements are becoming more specialized and the economic demand differentiated levels of skills. This is forcing businesses, government and related stakeholders to increasingly invest in the future of education and build resources for the same. India has a large talent base that can be skilled to take up jobs with the industry. This can be achieved by reducing the skills gap that exists between industry requirements and academic outcomes. Industry, on its part has been training people to address their requirements, but orientation to skill development needs to be addressed at the college and school level as well. In order to meet the growing demand for skilled people, NASSCOM and its members in  association with IT-ITeS Sector Skills Council NASSCOM (SSC NASSCOM), have undertaken multiple initiatives. Towards this end the courseware for ‘Security Analyst’ in the Data Security occupation, in the IT Services sub-sector is key.The ‘Security Analyst’ courseware (Facilitator Guide and Student Handbook) outlines the pedagogical approach and learning methodologies that aims to empower students with the requisite competencies in this Qualification Pack(QP) / job role. 


  • Information Security Management (Security Analyst - I)

    An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident. Information systems audit is a large, broad term that encompasses demarcation of responsibilities, server and equipment management, problem and incident management, network division, safety, security and privacy assurance etc. Information security audit is only focused on security of data and information (electronic and print) when it is in the process of storage and transmission. Both audits have many overlapping areas.Security assessments utilize professional opinion and expertise, but they also analyse the output for relevancy and criticality to the organization.

     

  • Information Security Assessment and Audits(Security Analyst - II)

    An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident. Information systems audit is a large, broad term that encompasses demarcation of responsibilities, server and equipment management, problem and incident management, network division, safety, security and privacy assurance etc. Information security audit is only focused on security of data and information (electronic and print) when it is in the process of storage and transmission. Both audits have many overlapping areas.

  • Incident Response and Management(Security Analyst - III)
    Incident Response Process
     
    In incident handling, detection may be the most difficult task. Incident response teams in an organization are 
     
    equipped to handle security incidents using well-defined response strategie,Preparing a list most common attack 
     
    vectors such as external/removable media, web, email, impersonation, improper use by authorized users etc. can 
     
    narrow down to the most competent incident handling procedure. Therefore, it is important to validate each incident 
     
    using defined standard procedures and document each step taken accurately.
     
    Common issues and incidents of information security that may require action and whom to report can be identified as 
     
    an indicator may not always translate into a security incident given the possibility of technical faults due to 
     
    human error in cases such as server crash or modification of critical files.Incident handlers need to report the 
     
    matter to highly experienced and proficient staff members who can analyze the precursors and indicators effectively 
     
    and take appropriate actions. Mentioned below are some of the means to conduct initial analysis for validation:
     
    Profiling Networks and Systems in order to measure the characteristics of expected activity so that changeS can be 
     
    more easily identified and used.
     
    Studying networks, systems and applications to understand what their normal behavior is,so that abnormal behavior 
     
    can be recognized more easily.
     
    Creating and implementing a log retention policy that specifies how long log data should be maintained may be 
     
    extremely helpful in analysis because older log entries may show previous instances of similar attacks. Any 
     
    occurrences must be recorded and the incident response team should update the status of incidents along with other 
     
    pertinent information. Observations and facts of the incident may be stored in logbook, laptops, audio recorders 
     
    and digital cameras etc. Documenting observed changes in files can lead to a more efficient, more systematic and 
     
    error-free handling of the problem. Using an application or a database helps ensure that incidents are handled and 
     
    resolved in a timely manner.
     
    Commence initial response to an incident based on the type of incident, the criticality of the resources and data 
     
    that are affected, the severity of the incident, existing Service Level Agreements (SLA) for affected resources, 
     
    the time and day of the week, and other incidents that the team is handling.
     
    Generally, the highest priority is handling incidents that are likely to cause the most damage.
     
    The incident should be communicated in appropriate procedures through the organization’s points of contact (POC) 
     
    for reporting incidents internally.It is important for an organization to structure their incident response 
     
    capability so that all incidents are reported directly to the incident response team. Organizations should 
     
    establish an escalation process when the team does not respond to an incident within the designated time. This can 
     
    happen for many reasons. For example, cell phones may fail or people may have personal emergencies. The escalation 
     
    process should state how long a person should wait for a response and what to do if no response occurs. if failed 
     
    to respond in time,then the incident should be escalated to a higher level. This process should be repeated until 
     
    the incident is successfully handled.  Containment is important before an incident overwhelms resources or 
     

    Incident Response Process In incident handling, detection may be the most difficult task. Incident response teams in an organization are equipped to handle security incidents using well-defined response strategie,Preparing a list most common attack vectors such as external/removable media, web, email, impersonation, improper use by authorized users etc. can narrow down to the most competent incident handling procedure. Therefore, it is important to validate each incident using defined standard procedures and document each step taken accurately.


 

Disclaimer / Acknowledgement

The information contained herein has been obtained from sources reliable to NASSCOM, JNTUH and open content available on various websites. JNTUH disclaims all warranties as to the accuracy, completeness or adequacy of such information. JNTUH - Skill and Development shall have no liability for errors, omissions, or inadequacies, in the information contained herein, or for interpretations thereof.

The sole purpose of development and preserving the content in this portal is exclusive of free distribution to the students under teaching - learning process for their benefits who are training under special training program initiated by the tri-party MOU between JNTU, NASSCOM and TASK. No part of this content developed in this portal has been used for any commercial purpose. JNTUH would be grateful for any omissions brought to their notice for acknowledgements in updating and content of the portal.

 

No entity in JNTUH shall be responsible for any loss whatsoever, sustained by any person who relies on this material. No parts of content of this portal can be reproduced either on paper or electronic media, unless authorized by JNTUH.