Changing Security Theory to Security Practice
Given the events of 911 and the ongoing threats to our way of life being thwarted every day, the Information Assurance part of physical security cannot be over emphasized in either the public or public sectors of our society. Policies need to be set and practices need to be developed to protect technology networks, systems and databases. The gap that historically existed between security theory and practice can and must be closed, and one important way that Information Security professionals will be able to meet this challenge is through a lifetime commitment to professional development and re-development that incorporates the latest best practices.
Career Opportunities in Information SecurityJobs in the security information profession are proliferating, and this field now employs people around the world in dozens of new careers. In an interview in August 2009, David Foote, one of the nation’s leading industry analysts, said, “The economy has been down, but job opportunities are up for information security professionals with the right skills.”
• Ethical Hackers (Penetration tester): assesses a system's potential vulnerabilities, known and/or software flaws, or operational weaknesses
• Incident Handlers: familiar with attack methodology and incident response, performs analysis and response tasks for various sample incidents
• Forensics Analyst: focuses on the rigorous, scientific and thorough forensic analysis of computing systems for evidence and impact of system compromise and digital support of legal, HR, and ethics investigations”
• Information Assurance Analyst: ensures compliance with information assurance program. Maintains and improves the IT program.
• Integrity and Risk Manager: creates, builds and operates the company’s main IT system. Implements effective incident response and information security solutions.
• Entry-Level IT Security Consultant: performs security consulting, testing and evaluation of software and hardware products.
• Information Security Crime Investigator/Forensics Expert: identifies systems/networks that have been compromised and investigates clues and traces left by complicated attacks.