Information Security Professional
-
Upload
ammar-wk -
Category
Technology
-
view
1.785 -
download
9
description
Transcript of Information Security Professional
![Page 1: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/1.jpg)
Information SecurityProfessional
UIN - 16 Nov 2011 - @y3dips
Wednesday, November 16, 11
![Page 2: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/2.jpg)
• Freelance IT Security Consultant
• More than 9 years in IT Security
• Founder of “ECHO” one of Indonesian Hacker Community, established 2003
• Founder of IDSECCONF - Indonesia Security Conference
@y3dips
y3dips
Wednesday, November 16, 11
![Page 3: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/3.jpg)
InfoSec
Means protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification, perusal, inspection,
recording or destruction [1]
[1] h&p://wikipedia.org
Wednesday, November 16, 11
![Page 4: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/4.jpg)
Information Security• Information : Set or collection of data that has meaning
• Level [2]
• Non-Classified
• Public Information
• Personal Information
• Routine Business Information
• Classified
• Confidential
• Secret
• Top Secret
[2] h&p://wikipedia.org
Wednesday, November 16, 11
![Page 5: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/5.jpg)
InfoSec Pro
People Working in Information security
Wednesday, November 16, 11
![Page 6: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/6.jpg)
InfoSec Pro
Background• Natural Born Hacker
• Formal Education
Wednesday, November 16, 11
![Page 7: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/7.jpg)
HackersNatural Born Hacker, Gain their InfoSec Knowledge by Hacking; Hack to Learn not
Wednesday, November 16, 11
![Page 8: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/8.jpg)
Hacker
• Newbie
• Script Kiddie
• Develop Kiddie
• Hacker
• 1337
Wednesday, November 16, 11
![Page 9: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/9.jpg)
Newbie
A wanna be hacker
Wednesday, November 16, 11
![Page 10: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/10.jpg)
Script Kiddies
Know the Tools, Able to use the tools;
But, Not how the tool “really” works
Wednesday, November 16, 11
![Page 11: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/11.jpg)
Develop Kiddies
Able to Create a Tools,
Know how the tool “really” works
But Still lack with attitude
Wednesday, November 16, 11
![Page 12: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/12.jpg)
Hacker
Know Exactly What they’re Doin and
How to Do it
Wednesday, November 16, 11
![Page 13: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/13.jpg)
1337
Nobody Know what They are Doing
Wednesday, November 16, 11
![Page 14: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/14.jpg)
Hacker
[+]
• Proven Skill and Exprerience
• Able to do a proof of concept
[-]
• Lack of Metodhologies
• Lack or Organizations/Managerial
Wednesday, November 16, 11
![Page 15: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/15.jpg)
!Professional
• Bug Hunter
• OS/App Developer
• Botnet owner (DDOSer)
• Fraudster
Wednesday, November 16, 11
![Page 16: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/16.jpg)
Wednesday, November 16, 11
![Page 17: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/17.jpg)
Wednesday, November 16, 11
![Page 18: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/18.jpg)
InfoSec StudentGain Information Security Knowledge from formal Education, Course, Certification
Wednesday, November 16, 11
![Page 19: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/19.jpg)
InfoSec Student
[+]
• Strong in Concept and Metodhologies
[-]
• Lack of Skill and Experience
• Unable to do Proof Of concept
Wednesday, November 16, 11
![Page 20: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/20.jpg)
InfoSec Pro
• IT Security Officer
• IT Security Analyst
• IT Security Auditor
• IT Security Engineer
Wednesday, November 16, 11
![Page 21: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/21.jpg)
Security Officer
• Security Contact Point for Organization
• Principle Advisor for IT Security
• Ensure Security Program Running ( Security Awareness course, etc)
• Creating Security Policy, Procedures, Hardening guide
Wednesday, November 16, 11
![Page 22: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/22.jpg)
Security Analyst
• Monitor all type of access to protect confidentiality and integrity
• Provides Direct Support and Advise to the IT Security Manager
• System Security Analyst, Network Security Analyst
Wednesday, November 16, 11
![Page 23: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/23.jpg)
Security Auditor
• Auditing an Organizations Technology processess and security.
• IT General Controls Reviews
• Application Controls Reviews
• Security Auditor, Penetration Tester
Wednesday, November 16, 11
![Page 24: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/24.jpg)
Security Engineer
• Maintenance Computer Hardware and Software that comprises a computer Network
• Doing a Security hardening and Configuration
• System Security Engineer, Network Security Engineer
Wednesday, November 16, 11
![Page 25: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/25.jpg)
Requirements
• Skill
• Experience
• Attitude
• Able to work independent/group
• Certification?
Wednesday, November 16, 11
![Page 26: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/26.jpg)
Skill
• In depth knowledge of Operating System
• In depth knowledge of Networking
• In depth knowledge of Application
• In defpth knowledge of Programming
• Much more :)
Wednesday, November 16, 11
![Page 27: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/27.jpg)
Experience
• How long you’ve been in that field
• + the Security afterward.
Wednesday, November 16, 11
![Page 28: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/28.jpg)
Attitude
With Great Power Comes Great Responsibilities
Wednesday, November 16, 11
![Page 29: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/29.jpg)
Work
• Able to work Alone (individualist),
• or a Team Player
Wednesday, November 16, 11
![Page 30: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/30.jpg)
Certification
• In someway, its a [+]
• Is it badly needed?
Wednesday, November 16, 11
![Page 31: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/31.jpg)
Limitation
• Government Rule : UU ITE
• Organization/company Rule: NDA
Wednesday, November 16, 11
![Page 32: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/32.jpg)
Failed
• Always Take not Give
• Lack of Attitude
• Kiddies Minded
• Lazy to Improve
Wednesday, November 16, 11
![Page 33: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/33.jpg)
Wednesday, November 16, 11
![Page 34: Information Security Professional](https://reader033.fdocuments.us/reader033/viewer/2022052505/5556d943d8b42a0f028b4822/html5/thumbnails/34.jpg)
Information SecurityProfessional
UIN - 16 Nov 2011 - @y3dips
Wednesday, November 16, 11