7 Cyber-Security Skills In High Demand - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Security & Risk Strategy
News
8/8/2016
07:06 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail

7 Cyber-Security Skills In High Demand

Businesses around the world report a shortage in cyber-security talent. Here are the skills IT managers should be seeking to keep their data secure.
4 of 8

Risk Mitigation
Risk mitigation involves tracking identified risks, discovering new risks, and keeping track of risk throughout a project. Developing a risk mitigation plan involves creating a process of actions that will reduce threats to a project, according to a Systems Engineering Guide on the Mitre website.
First, it's necessary to understand that data needs to be protected and why. Businesses must identify their most valuable assets and the threats putting them at risk. Knowing how the information is stored, who has access, and how the data is protected are three critical questions to ask for optimal data protection.
It's also important to brainstorm what might happen in the event of a breach. Your business must be ready to address a cyber-security attack immediately with a plan to minimize the damage. A risk mitigation professional could prove critical in formulating one of these plans.
In the report published by Intel Security, risk mitigation is one of the skills companies are considering outsourcing as security technology advances in the years to come.
(Image: BeeBright/iStockphoto)

Risk Mitigation

Risk mitigation involves tracking identified risks, discovering new risks, and keeping track of risk throughout a project. Developing a risk mitigation plan involves creating a process of actions that will reduce threats to a project, according to a Systems Engineering Guide on the Mitre website.

First, it's necessary to understand that data needs to be protected and why. Businesses must identify their most valuable assets and the threats putting them at risk. Knowing how the information is stored, who has access, and how the data is protected are three critical questions to ask for optimal data protection.

It's also important to brainstorm what might happen in the event of a breach. Your business must be ready to address a cyber-security attack immediately with a plan to minimize the damage. A risk mitigation professional could prove critical in formulating one of these plans.

In the report published by Intel Security, risk mitigation is one of the skills companies are considering outsourcing as security technology advances in the years to come.

(Image: BeeBright/iStockphoto)

4 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Ludivina
50%
50%
Ludivina,
User Rank: Apprentice
4/7/2017 | 8:19:13 PM
Instagram followers
Yea, it is just wonderful to see how the security changes can make a huge impact on the cyber-net.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/17/2016 | 2:41:45 PM
Re: efekt synergiczny gdańsk
I am glad that you shared this helpful information with us.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/12/2016 | 9:54:04 AM
Re: pisanie tekstów dodatkowy zarobek
Thank you, I've been seeking for info about this subject matter for ages and yours is the best I have discovered so far.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/3/2016 | 9:18:56 AM
Re: Quotes : Happy Birthday

It's actually a cool and useful piece of information. I am glad that you shared this helpful information with us.
DonT183
50%
50%
DonT183,
User Rank: Apprentice
9/7/2016 | 1:06:51 AM
Re: Just be the point of reference
Except Social Engineering is exactly how we defeated multi-factor authentication at Banks and Classified Engineering facilities.  How else will the smoker let you in the badge access door if your hands are not busy?  How else will the nice lady put her thumb on the biometric sensor to let us in to meet the CISO?  Who else would assume because you cannot get throught the door without a badge that it is OK if the screen saver lockout does not engage?  Two factor as a mitigation for Social Engineering?  That really is funny.

Now turning our antics into training video for staff on what not to do when a stranger penetrates the building security -- that is both lesson learned and enjoyed.  A whole firm got video clips, popcorn and fun jokes and never forgot it.  The picture of my InfoSec team member in an Electrician's suit who has no idea what half the tools in his belt are for is a priceless picture.  
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
8/16/2016 | 8:17:27 PM
Re: Just be the point of reference

@Markjfowler    Thank you for your advice and insight.   I appreciate your examples of carrying out Two Factor authentication, something I will experiment with in the future. 

And I agree, company backing is paramount, since there has to be some sort of repercussion for careless practice.

Markjfowler
50%
50%
Markjfowler,
User Rank: Apprentice
8/16/2016 | 11:42:42 AM
Re: Just be the point of reference
The social engineering threat can be mitigated by Two Factor authentication.  These can be device identity certs or better would be RSA Tokens (either from a dongle or a smart-phone app.)  Combine that with standard login security and a corporate policy that includes termination for passing off the security token.  If you don't protect all parts of the 2-factor, it becomes useless.  If somebody leaves their token plugged into their computer and then lets another person log in, that could be termination or at the least a Human Resources file memorandum.  There has to be a stick to smack fingers with, or two-factor is another expensive speedbump with a hole in the middle.
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
8/15/2016 | 6:48:51 PM
Re: Just be the point of reference

@vnewman2     That is great that everyone gets to get their hand in the Security Pie.   And I like your message to endusers.   As a sys admin ( and the only IT ) for an SMB, I feel weighed down by security even though I understand it's importance of course.

I just recently had a security audit on my network, so I am interested in learning the results thereof, I am relatively confident that structurally our security is fine, however I have a social engineering threat alive and well within the company and I am trying to patiently coach them, even though I would think anything I am conveying is actually common sense.  

Oh Well, not everyone thinks about this stuff.

umutarcn
50%
50%
umutarcn,
User Rank: Apprentice
8/12/2016 | 7:39:47 PM
Quotes : Happy Birthday
Merely having someone who's job it is to be on top of that stuff is more than most organisations seem to do right now, so it's a good starting point.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/12/2016 | 5:19:13 PM
Re: Just be the point of reference
@Technocrati - Agree and think there will always be some sort of human intervention needed but obviously the level of involvement will change.  I work for a global company our "security team" is a hodge podge of network engineers, enterprise architechts, data comm, various admins, the Exchange team, etc.  Actually we tell all of our IT people that we are on the "security team."  When we've done presentations to the masses, we tell them as an end-user, they are too (to the degree that they can not do anything to inadvertantly set up an attack.)
Page 1 / 2   >   >>
News
How COVID is Changing Technology Futures
Jessica Davis, Senior Editor, Enterprise Apps,  7/23/2020
Slideshows
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
Commentary
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
Slideshows
Flash Poll