The Government fiscal year is coming to an end. So its time to explore ways to dump budget excess on meaningful improvements for your team / company. If you are CISO, the upcoming fiscal will present unique challenges, as did the previous year. many discussions in the CISO community surround the topic of which areas should receive budget concentration.
Managing risk is something we all spend our time on pretty frequently. Its what keeps us up at night. We have been over and over examining the budget looking at hardware spend, software spend and team spend. What are some of the points that should receive concentration from your budget in this upcoming fiscal year?
- End User Security Awareness Training – A good end user security awareness training platform is critical, and yet many companies leave this off the budget every year. A progressive and continually updated program that your employees are REQUIRED TO COMPLETE EVERY YEAR is what you need. One option is Cybrary, user login, tracking is included, and the content is continually updated. Don’t leave this one off your list this year.
- Secure Coding – No matter how many coders you speak to, the more you dig into how much they concentrate on security, the more you feel the uncontrollable risk piling up. EC-Council offers a certification course which is an somewhat all encompassing offering for multiple languages, which is good if your team of devs use a multitude of languages.
- Invest in a Mainframe Capable Staff – If you get out in front of this problem, it won’t turn into a huge problem like it is for many. Yes, mainframes are here for a bit longer, and naturally, as with every legacy technology, no one really wants to continue to develop their skills in an aging application. However, since you need them, you might want to consider designating some training towards keeping some younger team members equipped with handling mainframe function and security. If you don’t, you may end up on a hiring spree that is essentially a wild goose chase, and it will probably happen at a time that couldn’t possibly be any worse.
So as you look for budget dumps at the end of this government fiscal year, and you are considering allocations to enhance risk management and prepare for strategy deployment, make sure to add these into the upcoming budget. They WILL make your life easier and more successful in the near term.
The new class by Joe McCray (well, its been out for two years, but its being revised constantly due to changes in exploits etc.) is being called the most advanced hacking class anywhere on the planet right now. And if that comes from a Joe McCray class I believe it. We have seen this guy too many times presenting at some of the best conferences around the globe (BruCon recently), and he is a ninja. Check out his advanced hacking class, Cyber War.
With the onslaught of cyberterrorism, amateur and professional hackers and network attacks, information assurance (IA) is a radically growing profession and there is a high demand for trained information assurance agents. In a largely digitized world, businesses rely heavily on information assurance to ensure that their sensitive information is handled with appropriate care and security. Information assurance agents are needed to work privately with a wide variety businesses and organizations to protect this sensitive information.
The United State’s National Security Agency maintains a list of colleges and universities that are authorized to teach information assurance. Among these designated schools are the University of Denver, Nova Southeast University, Georgia Institute of Technology, DePaul University, Purdue University, Boston University, and Dartmouth College. The full list can be accessed at the NSA’s official website. There are also schools that focus purely on certification training and teach these classes in shorter periods of time. Among the most reputable of these include names like Global Knowledge, Unitek and Advanced Security by Academy of Computer Education. As the demand for information assurance personnel continues to increase, the number of schools offering degrees and certifications is expected to increase along with it. In all likelihood IA training is available close to you at any time of the year.
There are a wide range of programs that are available at the undergraduate, graduate, and doctoral level. Applied theory and learning are combined in master’s level programs by some of the top colleges and universities. The master level degrees are the Master of Science in Information Assurance and Master of Science in Information Security and Assurance.
Probably most popular in today’s society are IA certifications. Certifications are available in a wide variety of focus areas. These certificates indicate specific experiences and specializations and range in ability level from basic implementation to high level management. The list of available certifications changes rapidly due to changes in technology. Some available certifications are Security+, Global Information Assurance Certification (GIAC), Certified Information Security Manager (CISM), Certified Incident Handler (ECIH), Certified Information Security Auditor (CISA), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP) and Systems Security Certified Practitioner (SSCP).
While a university degree is a lifetime credential, this is not the case for information assurance certifications. These certifications must be updated frequently and have strict renewal requirements. Some credentials require occasional retesting and others require continued education. The educational requirements for certifications change rapidly, especially because technology has such a huge bearing on information assurance. This is why most certifications require frequent continued education classes. This allows them to ensure that their clients are receiving the highest quality and most modern information assurance. Usually IA training classes of almost any type will count toward maintaining another certifications continuing education hours.
IA training can be obtained through a variety of venues, including convenient online classes that meet and educate solely through the internet. Group training is also available for companies and agencies that have a need of more than a few people. This is convenient for large organizations or companies that need many employees trained in information assurance within a short time span. These classes are also usually more affordable.
The choice between an information assurance degree or certification should primarily be based on the desired occupation and the individual’s available time. Certifications are a fast and convenient way to begin working in information assurance without waiting four or more years. There are many jobs available to individuals with certifications rather than degrees. Overall, the demand for information assurance is great enough that any level of qualification will likely result in employment.