Introduction to InfoSec Industry & InfoSec Education

Introduction - Information Security space

Information security is one of the most highly skilled, width and depth areas in IT. It is a fascinating arena, equal in width and depth to business management or computer engineering.

It takes special knowledge and understanding to teach IT security, There is a wide variety of courses, with titles like "Information Security" course.

Unfortunately, there is no single "IT Security" course, as there is no single "Business Management" course. It takes much more than one course, be it the best in the business, to learn this wide area.

See-security leaded an innovative international project, with the American and the Israeli governmental agencies, to map the Information security market into the de-facto divisions and professionals. See Security had mapped a set of sub-professions (or sub-areas) within the "IT Security" area, so it easier to defined the right course for each demand, based on sub-area, pre-requisite knowledge, training goal and the participant's path. Considering the fact that no current technology can "stop the Hacker", part of the high-end courses is techniques-oriented, and not tools-oriented only.

InfoSec Education Programs

Israel is one of the most Attacked countries over the world. Those endless attacks forced the army to train young experts as Information Security and Cyber Defense professionals.

That’s, probably the reason it considered as advanced Cyber Defense technique oriented and technologies manufacturer state.

See Security College operates since 2002 dedicates education tracks, based on the business and the governmental sectors. See it the largest InfoSec and Cyber College in Israel, and more than 30% of its activities refers to the DOD segment. These agencies help the college to be updated and aimed at the edge of technologies, techniques and procedures.

See Security relies on the IFIS (Israeli Information Security Forum) methodology for information security professions and knowledge domains definitions.

Each course was designed according a profession, its prerequisites and required knowledge domains. Moreover, each profession and appropriate course was designed by the appropriate point of view. For example: CISO, Engineer and Technician – they all need knowledge about firewall, but by different point of view, for other purpose.

Based on this method, the college offers 3 certification series:

The first Series (InfoSec Prerequisites Certifications) includes education and certification tracks for the basic professions such as “Windows & Network Administrator” (MCITP) or “Linux & Network Administrator” (LPIC or RedHat).

The second set (Information Security Certifications) intended for people with appropriate background in basic domains of knowledge (Operating systems & Networking, or Code development and networking). This set contains unique tracks for each of the main InfoSec professions: InfoSec Administrator (ISAD), InfoSec Integrator (ISSI), InfoSec Engineer (ISSE), Chief InfoSec Officer (CISO), and InfoSec Auditor (CISA).

The most sophisticated series (Cyber Warfare Attack & Defense) designed for advance Cyber Defense and attack professions and rolls, based on 3 internal degrees: the first level refers to the Cyber entry level, the second level for deep and wide comprehensive education, and the third degree contains various courses, each for different Cyber Defense or Attack specialization.

All of the series were built with attention to the American commercial and popular certificates.

InfoSec Prerequisites Domains of Knowledge

The InfoSec prerequisites rely at least on two of three basic domains: Windows (or Linux) & Networking knowledge or code writing & Networking knowledge.

The college offers 3 education tracks for novices:

1. Windows & Networking Administration track for Microsoft MCITP certification (To the Track Page).
2. Linux & Networking Administration track for LPIC or RedHat certification (To the Track Page).
3. Code Development Track for C, Python & Perl. 

Information Security main professions

Introduction

This certification series were designed for professionals with prerequisites background (System / Networks / Code Development). The set includes separated education tracks for each expertise:

InfoSec Administrator (ISAD).InfoSec Integrator (ISSI)InfoSec Engineer (ISSE).Chief InfoSec Officer (CISO)InfoSec Auditor (CISA) course

InfoSec Administrator (ISAD).

The InfoSec administrator is responsible for approval and control mechanism of access rights to employees in the organization, the management system of the IDM, the access control policy setting to the information Systems in the organization, responsibility for SOX controls related to access rights issue. This role usually requires familiarity with Active Directory environment, knowledge of typical organizational structures, and familiarity with the structure of enterprise applications, servers and operating systems.

InfoSec Integrator (ISSI)

Implements (technician) Responsible for the installing, configuring, maintenance and ongoing operations of information security tools such as firewalls, IDS, IPS, Anti-Virus, Anti-Spam, Anti-Spy and more. Usually this role will be performed through computer technician or network administrator. Large organizations devoted a separate professional position. Background required or desired qualification usually: CheckPoint-CCSA, Cisco-CCNA, or Microsoft-ISA.

InfoSec Engineer (ISSE) combined with Chief InfoSec Officer (CISO) track.

The track combines training for the two rolls due to the broadest common denominator. The architect responsible for the planning and for the construction of defense plans of operating systems, networks, and application code against hackers.

He is also responsible to manage of "defense Battle" during an event. The role will be implemented by instructions to the InfoSec Integrator.

The role of the CISO similar to the role of InfoSec engineer, but includes aspects of management and treatment-related aspects of the business aspect, such as: risk management, handling of law and regulation, and treatment of the inherent contradiction between security tasks and the openness needs of the organization. In many cases - is also responsible for technical and administrative review of the information security team manager. His location: outside the IT Department.

Required domains of knowledge: Infrastructure hardening, applications hardening, InfoSec tools and technologies, understanding of the attack world (hacking). He is required to be familiar with the InfoSec Governance aspects, and to be able to manage of information security department.

The training is carried out by the proper angle, (as opposed to the training provided to the InfoSec Integrator) within the following topics: understanding the implications of hardening of the computing infrastructure and applications, understanding the roles and capabilities of information security technologies and an understanding of the attack world.

InfoSec Auditor (CISA) course

The role of information security Auditor, to perform the inspections and tests required - to ensure integrity of administrative and operational systems of defense and security aspects of procedural, technological and personal, comparing the findings against the obligations of a unit of information security to business objectives, legal and social aspects of the organization.