IT Security: Concept and Certification Options

Information technology professionals face a constant battle to secure systems and networks from a variety of threats.

IT Security, as a concept, is often synonymous with Computer Security, Information Security, Information Assurance, or Cyber Security.

Each of these security concepts have slight differences in meaning, but primarily focus on the protection of information or data, not computer systems.

If information is so important, then what is it?

Information could simply be data flowing through a computer network, or the key elements of a computer operating system, or even a simple electronic document stored on a hard drive.

Information can be stolen, modified, corrupted and even used as a weapon to deny access to information stored on other computer systems or networks.

Today, we will look at the principle goals in the overall concept of IT security and take a look at some of the various certifications available to IT security professionals.

 

Protecting Information:
IT Security’s Prime Directive

As an IT professional, security should be a principle ingredient in the design and maintenance plan of any computer system, network, or electronic work environment.

Several security and standards organizations state various goals and principles for IT security professionals to follow to protect information stored on computer systems, in a computer network, or resting on a piece of disk or tape storage media. The National Institute of Standards and Technology (NIST) lists over thirty defined principles and has developed several lengthy documents of best practices.

But as an overall concept, IT Security has three primary goals for protection of information:

• confidentiality,
• integrity,
• and availability.

 

  •   Confidentiality

Let us look at the first security goal, confidentiality.

Confidentiality formally defined is “ensuring that information is accessible only to those authorized to have access.” Confidentiality is commonly seen in practice with user permissions on files on a server, but it is the defining principle for cryptography or data encryption.

Encryption today is very prevalent in computer networks, but even more so for laptop hard drives and even archive tape storage.

 

  •   Data Integrity

Data integrity is another important security concern.

Integrity is defined as “maintaining structure during any type of operation.” This means that data should maintain its total structure during a data transfer from one system to another, while it is written to a storage media, or retrieved and displayed.

Many data transfer mechanisms contain a data integrity check to verify that the data sent is the same as when it was received.

The antithesis of data integrity, data corruption, is often seen as a result of viruses or malicious software that attack and alter the structure of information. Data objects, such as databases, rely heavily on data integrity assurance processes to accurate reflect any updates to its information and avoid corruption.

 

  •   Availability

The last of these three important goals is availability.

Availability is “the degree to which data or a system is in an operable condition.” Confused? Well, plainly stated, availability is all about the amount of access time to a computer system, network, and information.

Networks and computer systems need to allow access for users to reach data. Denial of service attacks, viruses that alter communications, and theft or deletion of information by an external hacker are all examples of security issues that threaten availability.

 

IT Security Certifications

Now that you have an overview of some of the key IT security goals, let us take a look at some of the certifications that IT professionals can acquire.

Several organizations and private companies offer certifications related to IT security and the protection of information. Listed below is a short list of certifications seen in the workforce today:

• Security+ — CompTIA’s comprehensive security certification
• GIAC — SANS Global Information Assurance Certification
• CISM — Certified Information Security Manager (targeted for accreditation officials or facility security officers)
• CISSP — Certified Information Systems Security Professional
• SSCP — Systems Security Certified Practitioner
• CEH — Certified Ethical Hacker (yes, it seems that some hackers can turn to the good side)

Some of the private companies that offer security certifications for their technologies include: Microsoft, Cisco, RSA, and Symantec.

Interested candidates will find security certification topics in related areas of business continuity/disaster recovery, auditing, and risk management.

 

More to Come …

These brief descriptions of the security goals only scratch the surface of the overall IT security concept. In future articles, we will investigate many of the principles and practices that IT security professionals must utilize to protect and maintain networks, computer systems, and the information they contain.

In addition, specialized articles will target many of the prominent security certifications and focus on updates and key topics needed to acquire them.

 


 

 

Related Posts:

• CompTIA Security+ (Exam SY0-201) Certification Guide
• Linux Certification Options
• Red Hat Certification Options
• Novell’s SUSE Linux Certification Options
• Cisco Certified Security Professional (CCSP) Certification Overview
• My First IT Certification! Part 10: CompTIA A+
• Top 10 Security Threats Every IT Pro Should Know

Leave A Comment:

Name (required) Mail (will not be published) (required) Website