Answer the question
In order to leave comments, you need to log in
What is the essence of the work of an information security specialist?
Good afternoon! I meet periodically vacancies of a specialist in information protection, or information security.
In the requirements they write - knowledge of SKI, CIPF, principles of encryption, two-factor authentication, etc.
Maybe there are such specialists on the toaster, please tell us what the job is, how difficult it is, and is it more difficult than the work of a system administrator?
As I understand it, you need a good knowledge of linux systems. Is it true?
And which direction is more promising - system administration (windows, linux, networks) or information protection even with the same salary? There are many more vacancies for system administrators, but there is much more competition than for information security specialists, if I understand correctly.
Thanks to all!
Answer the question
In order to leave comments, you need to log in
An average IT department, they are also security guards, doing regular administrative work.
Setting up and controlling access policies, both in the IT infrastructure and the physical one inside the premises.
Requirements for an information security specialist are different for different organizations.
An information security specialist should be well versed in the operation of operating systems, networks, and their protection tools. Must know possible attack vectors and provide countermeasures to them, know how to quickly protect systems in case of attacks. To do this, it must also register them in a timely manner, organize monitoring and early warning of such facts. Detect, eliminate, document and stop the facts of intrusion, hacking and compromise of systems.
I think this is basic. In the banking sector, something else can be added here, for example, knowledge and adherence to PCI DSS, passing and conducting regular scans, audits of internal and external circuits, patching discovered holes and vulnerabilities.
An IS employee is a "system administrator++", i.e. a person with a fairly deep knowledge of what is under the hood of the OS and how networks work.
Depends on the organization and its requirements, the most popular options are
The most ordinary work, not harder and not easier. If you like this business, then everything will be OK!
If you dig into the essence - then the work consists of:
- ensuring Integrity, Availability and Confidentiality
- or designing the means of Integrity, Availability and Confidentiality.
- or an audit of the means of ensuring Integrity, Availability and Confidentiality
:) understand?
What knowledge is needed:
1. Information security and risk management - Managers
2. Information asset security - this is about the life cycle of data, information and types of access control.
3. Design and development of information security systems - Engineers
4. Communications and network security - System Admins
5. Access and Identity Management - Sys Admins
6. Security Evaluation and Testing Methods - Audit, Sys Admins
7. Security Operations - Sys Admins
8. Development of Trusted/Secure Software from an Information Security Perspective -
Engineers -
www.rohos.ru/2018/10/risk-management-in-cissp-cert...
what is the work after all, how difficult is it - the work is not so difficult as responsible. The degree of responsibility is directly proportional to the status of the conntor where you protect security. In some institutions, any leaks of information in the system under your control, whether it is your direct fault or not, can easily be equated to a criminal offense. Therefore, think 10 times whether you need it or you want a quiet, calm old age)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question