Information security specialist
Come up with one, trying to use the other. And have to protect the fruits of their own intelligence. So there was one of the most valuable professions – a specialist in information protection. Today, of course, is inextricably linked to computers.
Initially, the information security system was developed for the needs of the military. The strategic data on defence capability were so important that their leakage could lead to huge human losses. Accordingly, computer security turned to the experience of cryptography, that is, encryption. Cryptographic scripts and special programs appeared, allowing to automate the process of encryption and decryption.
Later, when the need to protect information spread to other areas, it became clear that sometimes encryption greatly complicates and slows down the transmission and use of data. And with the development of computer networks and systems began to appear other tasks.
Over time, there was a classification of secrets that need to be protected. They were divided into six categories: state secret, commercial, banking, professional, official and personal data. It is clear that for different industries and types of enterprises, one or two categories are priority. For science-related production, for example, it is essential to prevent leakage of plans, new developments and tests.
Experts believe that today, in contrast to the past decades, more attention is paid to two things: the availability and integrity of information. Accessibility means that each user can request the necessary service at any time and work in it without complications. On the other hand , during storage and transmission information must remain complete. This is especially true, for example, for banks, where it is important to prevent changes in details, attribution of extra zeros. At the same time, providers or operators absolutely need to maintain the availability and reliability of information systems (server, communication node), because this is the basis of success.
From whom to protect?
So, modern information security is the search for the optimal balance between availability and security. Or, in other words, it is a constant struggle with the stupidity of users and the intelligence of hackers.
There are several myths about who most encroaches on someone else’s information. For example, some exaggerate the chances of hackers. They say that they are such agile guys who only do that steal money from Bank accounts and destroy national security systems. From them and is strongly protected. In fact, hackers take not a number, but a skill. And statistics say that 70-80% of computer crimes are committed by working or fired employees, that is, within companies. Sometimes people with greater authority, passwords, and access to information cannot resist the temptation to take advantage of these benefits. And those who were fired, thus revenge firm, Department or personally dismissed the chief.
As for hackers, today many of them are legally engaged in testing new security programs. Actually, testing is that the program is trying to crack and watch its “reaction”. This is what gives rise to the most serious difficulties in relations with the state in the West.
The fact that in 1998 in the United States was adopted one of the most controversial laws – DCMA (Digital Millennium Copyright Act) – “Copyright act in the digital age.” It prohibited circumventing copy protection and distributing devices that could be used to infringe copyright. Moreover, the punishment under this law should be even in the case when the burglar did nothing but the hacking itself, did not cause material damage. After a specialist checks the reliability of software protection and publishes information about its weaknesses, he can be held liable for violation of the law.
How to protect?
It is clear that today to penetrate the information field of any enterprise or person it is not necessary to break the door or install “bugs”. Experts say: “a Fully protected computer is one that is locked in a safe in an armored room and is not even included in the outlet.” Thieves use programs such as “Trojan horse” (installed on your computer, the simplest just steal all passwords, advanced – allow you to view the contents of the screen, to intercept all the keys entered from the keyboard, change files, etc.). Attacks called “denial of service”, which disable network nodes, have also become fashionable. In this case, the operation of the node becomes impossible for several minutes or even hours. It is clear that such stops bring huge losses.
Criminal practice dictates the principles of the information security specialist. Less and less he is engaged in physical security (access control, video surveillance, etc.) and more – network and computer. There is a schematic diagram, which builds the work of such a specialist.
First, it conducts an information survey and analysis. This is the most important stage, as a result of which there is a so-called “model of the offender”: who, why and how can violate security. To competently conduct a survey, a professional should know the main directions of economic and social development of the industry, prospects, specialization and features of the enterprise, the specifics of competitors, the details of passing information on the units, know the personnel problems and be aware of the “undercurrents” in the team.
At the second stage, internal organizational and legal documents are developed, which maximally streamline information flows. It is clear that additional knowledge is needed here: legislation and law, the basics of organization, planning and management of the enterprise, office work, etc.
Next, an information security specialist manages the acquisition, installation and configuration of security tools and mechanisms. And here he can not do without serious training: information technology and programming, quantum and optical electronics, electronics, cryptographic protection methods, life safety.
Finally, at the next stage it is necessary to maintain, update and modernize the created security system. The largest banks, for example, change the software responsible for protection approximately every six months. In the departments that deal with security, work, as a rule, the most experienced programmers who are constantly trained and receive additional qualifications.
Let me learn
The demand for information security professionals is growing slowly but surely. If a few years ago, the heads of many small firms were puzzled mainly by physical security, every year increases the need for technically competent, fully trained professionals in the field of computer protection.
Accordingly, the competition for faculties that produce such specialists increases, the salary increases (the head of the information protection Department of a small Bank receives an average of $1-1.5 thousand) and the work becomes more complicated.