IT-ITES Sector
Skill India Sector Blogs

Information Security Analyst

Introduction

Data is the lifeblood of business. With networked computing becoming common in even the smallest of organizations and the advent of the internet and cloud solutions, access to sophisticated data to solve complex business challenges has never been so universal. Because data can be leveraged to gain competitive advantage, it has developed into its currency; there is a very real value to raw data and the systems used to collect, curate, and process it.

As data systems become ubiquitous, data has become less secure for the simplest of reasons – as more organizations manage large stores of information, there are more and easier targets for high-tech criminals. Once found only in government agencies and the largest of blue-chip firms, Big Data is now handled by small- to medium-sized businesses. Often, these smaller companies do not have the IT resources or experience to keep data safe.

As a result, the role of Security Analyst has grown to become a sought-after position across industries and company sizes. Those interested in pursuing this career path can expect to enjoy highly rewarding careers if they build the right skills and abilities.

In this guide or blog post, we address some common topics asked by those who desire to pursue a career and job of Security Analyst, such as:

What is information security and its types?
What are the 3 core principles of information security?
What’s the dissimilarity between cyber security and information security?
Why is information security in organizations so vital?
How do you become a security analyst?

This is what we’ll look into in this article. So, let’s get started…

What is Information Security and its Types?

Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.

Information Security is not only about securing information from unauthorized access. Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be physical or electronic one. Information can be anything like your details or we can say your profile on social media, your data in mobile phone, your biometrics etc.

Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc. While the primary focus of any information security program is protecting the confidentiality, integrity and availability (the CIA triad) of information, maintaining organizational productivity is often an important consideration. This has led the information security industry to offer guidance, information security policies, and industry standards on passwords, antivirus software, firewalls, encryption software, legal liability and security awareness, to share best practices.

Information security is achieved through a structured risk management process that:

Types of InfoSec

1.Application security

Application security is a broad topic that covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). These vulnerabilities may be found in authentication or authorization of users, integrity of code and configurations, and mature policies and procedures. Application vulnerabilities can create entry points for significant InfoSec breaches. Application security is an important part of perimeter defence for InfoSec.

2.Cloud security

Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications. “Cloud” simply means that the application is running in a shared environment. Businesses must make sure that there is adequate isolation between different processes in shared environments.

3.Cryptography

Encrypting data in transit and data at rest helps ensure data confidentiality and integrity. Digital signatures are commonly used in cryptography to validate the authenticity of data. Cryptography and encryption has become increasingly important. A good example of cryptography use is the Advanced Encryption Standard (AES). The AES is a symmetric key algorithm used to protect classified government information.

4.Infrastructure security

Infrastructure security deals with the protection of internal and extranet networks, labs, data centers, servers, desktops, and mobile devices.

5.Incident response

Incident response is the function that monitors for and investigates potentially malicious behavior.

In preparation for breaches, IT staff should have an incident response plan for containing the threat and restoring the network. In addition, the plan should create a system to preserve evidence for forensic analysis and potential prosecution. This data can help prevent further breaches and help staff discover the attacker.

6.Vulnerability management

Vulnerability management is the process of scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk.

In many networks, businesses are constantly adding applications, users, infrastructure, and so on. For this reason, it is important to constantly scan the network for potential vulnerabilities. Finding vulnerability in advance can save your businesses the catastrophic costs of a breach.

Now that you know what InfoSec refers to and what its various types are, let’s learn about the three key objectives that Information Security programs are built around

3 Core Principles Of Information Security

The overall goal of InfoSec is to let the good guys in, while keeping the bad guys out. The three primary tenants to support this are confidentiality, integrity and availability. This is called the CIA triad, or the three pillars or principles of information security.

That said, there is a debate about whether or not the CIA triad sufficiently addresses the rapidly changing technology and business requirements, as well as the relationship between security and privacy. Other principles such as accountability have been proposed and non-repudiation does not fit in well with the three core concepts.

To understand in a better way, let’s see below what each one of them accomplishes:

1.Confidentiality

Confidentiality is about not making information disclosed to unauthorized individuals, entities and process. For example if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account. In that case my password has been compromised and Confidentiality has been breached. While similar to privacy the words should not be used interchangeably. Confidentiality is a component of privacy that implements security measures to protect against unauthorized viewers.

2.Integrity

Integrity or data integrity is concerned with the maintenance, assurance, accuracy and completeness of data over its entire lifecycle. This means data cannot be edited in an unauthorized way. For example if an employee leaves an organization then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data.

3.Availability

Availability is about making information available when needed. This means computer systems that store and process information, the security controls that protect it, and the communication channels that access it must function on demand. For example if one needs to access information of a particular employee to check whether employee has outstanded the number of leaves, in that case it requires collaboration from different organizational teams like network operations, development operations, incident response and policy/change management. Availability is often viewed as the most important part of a successful information security program as it’s ultimately the end-users who need to be able to use the information

4.Non repudiation

means one party cannot deny receiving a message or a transaction nor can the other party deny sending a message or a transaction. For example in cryptography it is sufficient to show that message matches the digital signature signed with sender’s private key and that sender could have a sent a message and nobody else could have altered it in transit.

Data Integrity and Authenticity are pre-requisites for Non repudiation.

5.Accountability

means that it should be possible to trace actions of an entity uniquely to that entity. For example as we discussed in Integrity section, not every employee should be allowed to do changes in other employee’s data. For this there is a separate department in an organization that is responsible for making such changes and when they receive request for a change then that letter must be signed by higher authority for example Director of college and person that is allotted that change will be able to do change after verifying his bio metrics, thus timestamp with the user (doing changes) details get recorded. Thus we can say if a change goes like this then it will be possible to trace the actions uniquely to an entity.

With that said, let’s get familiar with the common misunderstanding each and every one has between both information security and cyber security.

Cyber Security and Information Security

Cyber security and information security are often thought of as the same thing. Understandably, this creates confusion in the security world. With so many terms floating around and new technologies being introduced virtually every day, it’s no surprise that there’s cyber security vs. information security debate.

So, is information security the same as cyber security? Let’s find out!

Difference #1: Security

Both the terms are synonymous with each other, but the difference between them is subtle. Cyber security is all about safeguarding your cyberspace from unauthorized digital access. So it’s all about protecting data that is in electronic form. Information security is all about protecting your information assets from unauthorized access.

Difference #2: Value of Data

In both cases, the most critical component is the value of data. In cyber security, the main concern is safeguarding your company’s information and security technologies (ICT) from unauthorized digital access. It includes everything that can be accessed through cyberspace. Information security means protecting your company’s information assets from any type of threat

Difference #3: Security Professional

Security professionals with cyber security deals with advanced persistent threat. This means the threat is imminent and is very much capable of breaking into your cyberspace and extracting information. Information security, on the other hand, is the foundation of data security and the security professionals associated with it prioritize resources first before dealing with threats.

Difference #4: Function

Cyber security deals with threats that may or may not exist in the cyber realm such as protecting your social media accounts, personal information, etc. Information security mainly deals with information assets and their integrity, confidentiality, and availability. These are the three security goals of information security.

Having said that, now let’s find out why Information Security is crucial in Organizations.

Importance of Information Security

Information security is crucial in organization. All information stored in the organization should be kept secure. The information security is important in the organization because it can protect the confidential information, enable the organization function, also enable the safe operation of application implemented on the organization’s Information Technology system, and safeguard the technology assets in use at the organization.

However, ever thought why the information is important in organization, it’s because there are several challenges to protect and manage the information as well. One of challenges faced in an organization is the lack of understanding on importance of information security. When employees lack the information security knowledge in terms of keeping their information safe, the organization easily becomes prone to attacks by hackers or other threats that try to steal or get the organization confidential information.

So it is crucial and important for all the staff in an organization to have knowledge and understanding about the importance of information security practice in an organization to protect the confidential data.

How do you become a Security Analyst?

To become certified as an Information Security Analyst in a top organization you’ll need to master the role, key duties, responsibilities, skills, and certifications that are required by a security analyst job description.

Information Security Analyst Job Description

An information security analyst protects a company’s systems and networks by planning and carrying out measures of security. They create innovative solutions to prevent critical information from being stolen, damaged, or compromised. Their primary responsibility is to keep a business or organizations data, clients, employees, and any virtual stored information safe from cyber-attacks or hacking of any sort. They promote security awareness to the company employee or help implement company policy regarding cyber security. They improve networks, and help with server efficiencies.

Information Security Analyst Duties And Responsibilities

Monitor computer networks for security issues.
Investigate security breaches and other cybersecurity incidents
Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
Document security breaches and assess the damage they cause.
Work with the security team to perform tests and uncover network vulnerabilities.
Fix detected vulnerabilities to maintain a high-security standard.
Stay current on IT security trends and news.
Develop company-wide best practices for IT security.
Perform penetration testing.
Help colleagues install security software and understand information security management.
Research security enhancements and make recommendations to management.
Stay up-to-date on information technology trends and security standards.

Information Security Analyst Skills

Depending on our research, we determined the subsequent core skills one should own to acquire a job as a Certified Security Analyst. These include:

Analytical ability
Administering Information Security Software and Controls
Analyzing Security System Logs, Security Tools, and Data
Communicating Up, Down, and Across All Levels of the Organization
Communication
Creating, Modifying, and Updating Intrusion Detection Systems (IDS)
Creating, Modifying, and Updating Security Information Event Management (SIEM)
Creativity
Defining Process for Managing Network Security
Detail Oriented
Discovering Vulnerabilities in Information Systems
Evaluating and Deconstructing Malware Software
Familiarity with Security Regulations and Standards
Implement and Maintain Security Frameworks for Existing and New Systems
Information Technology Knowledge
Improving Security Efficiency
Installing Firewall and Data Encryption Programs
Maintaining Security Records of Monitoring and Incident Response Activities
Monitoring Compliance with Information Security Policies and Procedures
Remediating Security Issues
Responding to Requests for Specialized Cyber Threat Reports
Performing Cyber and Technical Threat Analyses
Performing Security Monitoring
Preventing Hacker Intrusion
Producing Situational and Incident-Related Reports
Problem-Solving
Providing Host-Based Forensics
Providing Timely and Relevant Security Reports
Responding to Security Events
Self-Motivation
Staying One Step Ahead of Cyber Attacks
Strong Technical Background in Data Loss Prevention
Supporting and Managing Security Services
Team Player
Training Organization on Security Measures
Up-To-Date on Relevant Technologies

Required Education Qualification, Training and Work Experience

In order to acquire the Role Of Security Analyst, one should first earn:

A Bachelor's degree in computer science/Technology/Computers or related field
Proficient with MAC and OS
Excellent written and oral communication skills
Experienced with penetration testing and techniques
Ability to identify and mitigate network vulnerabilities
Experienced in installing security software and documenting security issues
Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact.

IT-ITES SectorSkill India Sector Blogs