Risk

CYBER SECURITY CERTIFICATIONS FOR BEGINNERS

Information Technology has become an integral part of every business now a days irrespective of its nature and size. Information Technology brings a lot of ease of doing business at the same time it increases risk as well. Businesses are taking cyber security risks seriously which has made Cyber Security is a good career option now a days. There are multiple certification available in the market which can help anyone to get into cyber security. These certifications are blend of existing technologies and security. To become a successful Cyber Security professional one has to be good inboth networks and application. Below are few training and certification courses which any beginner can pursue to start his or her career in cyber security.

CCNA(R & S) (ROUTING AND SWITCHING)

CCNA(R&S) or Cisco Certified Network Associate is the most popular certification to start a career in IT and cyber security. This certification has global value.

Perquisites: There is no perquisite for CCNA certification. Candidates should have interest in networks and IT infrastructure

What the participants will learn?

CCNA certification training gives a deep insight of networking .It helps students to develop a complete understanding of IT networking and different kind of network topologies in order to form efficient and secure networks. It also provides deep level understanding of different routing protocols as well.

 

What are the Career option after this certification?

After successful completion of CCNA training and certification program one can start his or her career as

  • Network Associate,
  • Network Administrator
  • System administrator
  • Network Engineer
  • Technical Support Engineer

CCNA (SECURITY):

Cisco Certified Network Associate(Security)is an entry level globally recognized certification for the aspirants who are planning to build their career in Network Security and cyber security

Perquisites: CCNA(Routing and Switching)

What the participants will learn?

CCNA Security certification training helps candidates to learn secure network architecture. After training participants will be able to install, monitor and configure various network security devices like Firewall, VPN, Routers and switches, IDS, IPS

What are the Career option after this certification?

After successful completion of CCNA Security certification and training candidates can pursue their career as:

  • Network Security Engineer
  • Network Support Engineer
  • Network Security Specialist
  • Network Security Administrator
  • Network Security Analyst
  • MCSA

Microsoft Certified Solutions Associateis a globally recognised certification from Microsoft which provides great career opportunities in the field of network system and technical support. This is one of the most sought after certification in Information Technology infrastructure.

Perquisites:  There are no perquisites, however a good knowledge of network fundamental and databases will be helpful

What the participants will learn?

MCSA training and certification will help the candidates to learn installation and configuration of Windows Server 2016. Candidates will also learn Windows administration .MCSA training and certification will generate the skillsetthat focus on designing and producing technological solutions

 

What are the Career option after this certification?

  • Network Administrator
  • Database Administrator
  • Technical Support Specialist
  • Systems Administrator
  • Computer Network Specialist

 

RHCSA

Red Hat Certified System Administrator is a certification for developing skillsets in working Red Hat Enterprise Linux environment. This is also a very popular and globally recognised certification.

PerquisitesThere is no prerequisites for the certification.

What the participants will learn?

This training and certification will help the candidates to understand Linux command line environment, file and directory structures. Creation and Configuration of files and file systems using command line. Manage user and groups. Management of basic security configurations like firewalls etc.

What are the Career option after this certification?

Few of the career options are:

  • Linux System Administrator
  • System Analyst
  • System Engineer
  • Server Administrator
  • CEH

Certified Ethical Hacker is a certification from E C Council which provides an offensive approach of Cyber security i.e. how the networks and application can be hacked. This is a very popular and globally recognized certification.

Perquisites: Candidates appearing for this certification should have basic understanding of networks, servers and databases.

What the participants will learn?

Participants attending CEH training will learn about different phases of hacking like information gathering, network scanning, enumeration, attacking and how to delete footprints after successful attack. This training and certification gives you a hacker’s perspective while attack.

This program also gives a deep understanding how networks, application Wi Fi, IoT devices can be attacked by using loopholes and vulnerabilities in the existing systems.

This certification develop a basic and initial skillset of hacking(security testing) among the participants.

What are the Career option after this certification?

There are multiple career options after successful completion of CEH training and certification course. One can pursue career as:

  • Network Security Engineer
  • Security Engineer
  • Vulnerability Assessor
  • Information Security Analyst
  • Information Security Consultants
  • Cyber Security Consultant
  • Web Application Penetration Tester
  • Network Penetration Tester
  • ISO/IEC 27001 LEAD AUDITOR

ISO/IEC 27001 Lead Auditor is a globally recognised certification in the field of cyber security and information security. A certified Lead Auditor understands the mandatory requirements of information security and is well versed with the process of auditing.

Perquisites: To become ISO/IEC 27001 Lead Auditor candidates should have 2 years of Information Security Auditing experience.

What the participants will learn?

After successful completion of ISO/IEC 27001 LA program candidates will able to perform information security audits in any organisation. Candidates will learn the Information Security Management System as per ISO 27001 & all its controls and how to plan, conduct and close an audit according to ISO 19011.

What are the Career option after this certification?

Career options after this certification are:

  • Information Security Internal Auditor
  • Risk Assessor
  • Lead Auditor
  • Risk Manager
  • Information Security Consultant

 

Cyber Security scenario is rapidly changing, new technologies are coming in the market and old technologies are getting obsolete. One needs to know the basics irrespective of the technology domain in which he or she is working. One can choose the complete suite of certifications or a few certifications as per their interest. Cyber security is also about innovation where one can make their own customised solutions according to the organisations need against the current and upcoming risks.

# Keywords:  Cyber security, Information security, CEH,CCNA, ISO 27001 LA, risk, threat,MCSA, RHCSA, certification

 

# Tags:  career, jobs, cyber security, Information technology, beginner, certification.

WHY BUSINESS CONTINUITY MANAGEMENT IS SO IMPORTANT FOR IT SERVICE PROVIDERS

Whenever there is disruption in business, it can cost money, damage in reputation or sometimes customer loss. Insurance companies does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan is must for any IT service provider for sustaining such catastrophic conditions.

Business Continuity process identifies the likelihood and impact of the risks on the business and then produces a contingency plan to deal with any kind of eventualities, like IT system failure, terrorism, natural calamities like earthquake and flood, unavailability of staff etc.

Business Continuity is one of the most critical aspect of any business.

WHAT IS BUSINESS CONTINUITY MANAGEMENT (BCM)?

Business continuity management (BCM) is a framework for identifying an organization’s risk, its exposure to external and internal threats pertaining to service availability and hence formulating a plan to mitigate the risk. Business Continuity Management involves development of plan to prevent any disaster and assist in recovery in case of crisis. The motive of Business Continuity management is to develop and implement ability to effectively respond to threats such as data breaches or natural disasters and protect the business interests of the organization. BCM includes crisis management, disaster recovery, business recovery, incident management, emergency management and contingency planning.

What Is Business Continuity Planning (BCP)?

Business continuity planning (BCP) is the step by step process of creating a robust preventive system and a mechanism of quick recovery from the potential risks to a company. BCP ensures that personnel and assets are protected, and are able to function quickly in the event of a disaster. Business Continuity Planning is conceived in advance and involves input from key stakeholders and personnel.

Business continuity Planning is the assessment of both internal and external risks and its impact on the business and then implementing preventive, detective and corrective  measures.

BCP involves defining any and all risks that can affect the organisation’s objectives and operations, making it an important part of the organization’s risk management strategy

Basic areas in which Business Continuity Planning needs to be considered:

  • IT Service Continuity
  • Disaster Recovery (DR)
  • Pandemic Planning:
  • Life-Safety
  • People Continuity

 

HOW TO DEVELOP BUSINESS CONTINUITY PLAN?

Development of business Continuity plan includes following steps:

STEP 1 First of all, perform need analysis and define strategy objectives and an implementation framework should be created

STEP 2 Next, business value of organisational applications should be identified and RTO (Recovery Time Objectives) and RPO (Recovery Point Objectives) through data risk should be determined

STEP 3 Next, match technologies for safeguarding data, including backup, disaster recovery, vaulting, snapshot and replication, based upon business value

STEP 4 Next, infrastructure and personnel plans, including organizational and communications processes should be defined. A business continuity team should be formulated and business continuity plan should be complied to manage a business disruption.

STEP 5 Next, required technologies should be implemented and training and awareness to critical personnel as to which business processes are impacted

STEP 6 Table Top exercise and BCP drills of the documented plan should be conducted, in different scenario. Outcomes should be documented.

STEP 7 Next, Measure and validate test results relative to the plan overall objectives

STEP 8 Further, required enhancements that have been prioritized as a result of continuous testing and evaluation should be implemented

STEP 9 Next, continuously review, enhance and improve the business continuity plan with respect to organizational changes, fluctuating business conditions and the addition of new technologies

STEP 10 Finally, remember to repeat the entire process continuously.

BUSINESS CONTINUITY PLAN CONTAINS:

  • Purpose and scope of BCP
  • Initial data, including important contact information of all important stakeholders, located at the beginning of the plan
  • Change management procedures
  • Business Impact Analysis(BIA) and Risk Assessment(RA)
  • How to use the business continuity plan, including guidelines as to when the BCP will be initiated
  • Business Continuity Policy
  • Emergency response and management
  • Step-by-step procedures for Data Recovery
  • Checklists and data flow diagrams
  • Review ,test and update schedule for BCP

WHY BUSINESS CONTINUITY MANAGEMENT IS IMPORTANT FOR IT SERVICE PROVIDERS

Since most of our businesses are digitizes and IT is playing an important role everywhere like ERP, CRM, databases etc. So it’s mandatory for the IT service providers to consider Business continuity in order to keep business up and running in case of disaster. Features of BCP:

 

  • Business Continuity Planning helps to identify all the critical processes and assets of the organisation and all the risk associated with them.
  • Business Continuity planning is helpful in continuing the operations case of disasters like fire, cyber-attacks, natural calamities, civil unrest etc.
  • Business Continuity Planning prepares the organisation for any kind of disruption and thus minimise the effect of a disruption on an organisation.
  • It reduces the risk of financial loss in the organisation.
  • This helps the organisation to meet legal and statutory requirements.
  • RTO and RPO enables recovery of critical systems within an agreed timeframe.
  • This helps in retaining organisation’s brand and image and give employees, clients and suppliers confidence in the organisation’s services.
  • Frequent BCP drills help the organisation to react and re-establish the services quickly in case of disaster.
  • BCP involves documentation of all the activities which should be performed in case of disruption and a well-tested & document process help to revive the business easily.
  • BCP provides an advantage of working from remote location in case of disaster, thus no interruption in operations.
  • A well planned BCP helps reducing downtime in case of disruption.
  • Taking backups is an integral part of BCP, so organisations can recover data without much loss and can resume their business.

Business Continuity and disaster Recovery cannot be achieved by a single employee or person, it’s a team effort. A single person or an untrained staff cannot deal with disastrous situations. And, like most of the team activities, it requires practice and adequate competence in order to perform effectively in adverse situations like disaster. A proper planning is required.

Proper planning means that a thorough assessment and relevant controls shall be implemented and tested. A proper planning will tell who shall do what and how it shall be performed provides a set of well tested instructions in case of contingency.

If the stakeholders are not informed and not practiced in their roles, they cannot perform well.In that regard, business continuity planning is a sign of inclusion and commitment for a company to have a real plan.

 INFORMATION TECHNOLOGY (IT) RISK MANAGEMENT

 What is Risk?

Risk is any unwanted event which impact organisation’s objectives to attain business goal.

There are various type of business risk exists in any organisation

  • Strategic Risk
  • Operational Risk
  • Financial Risk
  • Compliance Risk

Risk Management is a process of Identifying, analysis and evaluating the organisations risks and then providing appropriate controls in order to mitigate the risk.

 

What is IT Risk?

In this digital age most of the businesses are using Information Technology. Hence IT is playing very pivotal role in many businesses.

If any organisation use IT to manage their business, it is very important to understand and identify risk related to their information systems and data, then to manage and reduce the risk, and develop a response plan in the case of any IT crisis.

Nowadays business have regulatory and legal compliance obligations in relation to data privacy, electronics transitions and staff training which are the factors which can influence IT Risk Management strategies.

Main IT risks include software and hardware failure, malicious and virus attacks, humanerrors, misconfigurations as well as natural disaster like flood,fire earthquake and cyclones.

General IT Risk

These Risk can be subcategorised further:

  • Hardware and software failure – Abuse of rights and Corruption of data ,Electromagnetic radiation ,loss of power supply
  • Malware – malicious software designed to disrupt computer operation
  • Viruses – computer code that can copy itself and spread from one computer to another, often disrupting computer operations
  • Spam, scams and phishing – unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goods
  • Human error–error in data processing, data disposal errors, or accidental opening of infected email attachments.

 Natural Disasters such as fire, earthquake, cyclone and floods also acts as risk to IT infrastructure. In absence of business continuity plan, it may lead to data loss, corruption in data records and unavailability of IT services to the customers.

How to Manage Information Security Risk?

Management of IT risk involves a series of activities in this chronological order:

  • Risk Identification
  • Risk Assessment
  • Risk Mitigation
  • Development of Response Plan
  • Review of Risk Management procedures

How to reduce Information Technology Risk?

There are lots of risks and threats on business which can impact IT Operations. Applying appropriate measures will protect the IT system through unauthorised access.

Few steps to improve IT Security

  1. Proper access control to computer, servers, networks and Wi-Fi.
  2. Using strong password
  3. Encryption of critical data
  4. Using firewall. IDS ,IPS on the network
  5. Update software and antivirus with latest patches.
  6. Data backup for all the critical data
  7. Information security training and awareness to the staff
  8. Using secure software developments processes.
  9. Implementing SSL for secure online communication.
  10. Last but not the least having Cyber Security Insurance.

 Few famous standards and frameworks which can help organisations to mitigate IT risks are:

  • ISO 31000
  • COBIT
  • COSO
  • NIST Risk Management Framework
  • ISO 27001
  • ISO 27005

For any organisation risk identification is the first step for risk mitigation. An undetected risk is the most dangerous thing, a treatment methodology can be only be implemented once the risk is identified. Organisation need a right approach and skilled workforce to this job.Step by Step risk management process will help organisation’s to mitigate IT related risk and get an effective and efficient IT system to achieve business goals.

Visit Us On FacebookVisit Us On TwitterCheck Our FeedVisit Us On Linkedin