More Subjects
Poistion Paper
Poistion Paper
The growth of Internet has allowed people, organizations and nations to connect in ways previously unimagined. This interconnectivity has opened new ways for growth, partnership and collaboration to reach unprecedented levels. However, along with its benefits, there alot of dangers that are associated with this technology. Information systems can easily be hacked and these types of cybercrimes are very difficult to fight against. In 2015, the United States Office of Personnel Management information system was hacked and this resulted in the leakage of sensitive information of 20 million government employees. Moreover, confidential information of intelligence community officials was also leaked. The objective of these hackers is to steal the secrets of the government and cripple the communication system and infrastructure ADDIN EN.CITE <EndNote><Cite><Author>Finklea</Author><Year>2015</Year><RecNum>139</RecNum><DisplayText>(Finklea, Christensen, Fischer, Lawrence, & Theohary, 2015)</DisplayText><record><rec-number>139</rec-number><foreign-keys><key app="EN" db-id="2s2s0zrapsf0pbe5efuvv20f9rszvx0sd2fe" timestamp="1571286756">139</key></foreign-keys><ref-type name="Journal Article">17</ref-type><contributors><authors><author>Finklea, Kristin</author><author>Christensen, Michelle D</author><author>Fischer, Eric A</author><author>Lawrence, Susan V</author><author>Theohary, Catherine A</author></authors></contributors><titles><title>Cyber intrusion into US office of personnel management: In brief</title></titles><dates><year>2015</year></dates><urls></urls></record></Cite></EndNote>(Finklea, Christensen, Fischer, Lawrence, & Theohary, 2015). If nothing is done on country level to combat this scourge, then nothing will be considered safe. This is an issue that needs to be properly addressed.
Although every organization usually deploys ‘baseline' cyber security measures, the number of cyber security incidents has continued to increase. According to studies, it is reported that more than 60 % of the firms employ security countermeasures for technical information. However, despite all these efforts, organizations continuously experience targeted cyber-attacks. Furthermore, the same studies also show that these risks of security are increasing due to the increased external and internal threats and subsequently, it is getting harder to manage security ADDIN EN.CITE <EndNote><Cite><Author>Siponen</Author><Year>2009</Year><RecNum>138</RecNum><DisplayText>(Siponen & Willison, 2009)</DisplayText><record><rec-number>138</rec-number><foreign-keys><key app="EN" db-id="2s2s0zrapsf0pbe5efuvv20f9rszvx0sd2fe" timestamp="1571286674">138</key></foreign-keys><ref-type name="Journal Article">17</ref-type><contributors><authors><author>Siponen, Mikko</author><author>Willison, Robert</author></authors></contributors><titles><title>Information security management standards: Problems and solutions</title><secondary-title>Information & Management</secondary-title></titles><periodical><full-title>Information & Management</full-title></periodical><pages>267-270</pages><volume>46</volume><number>5</number><dates><year>2009</year></dates><isbn>0378-7206</isbn><urls></urls></record></Cite></EndNote>(Siponen & Willison, 2009). In a public trading firm, information system security specialists should complete a specified educational course of study to efficiently manage sensitive information of a firm.
In every industry, the certification has found its way for many reasons such as helping advance the profession, analyze performance, motivate employees and evaluate employees to enhance their knowledge and skills. Certification gives recognition of competency and also shows professional commitment. Professional certification also helps the person to gain required practical skills for the job and provide the organization with assured excellence from these expert professionals. In today's world of technology, information security specialists can play a very important role in preventing digital data and computers from being infiltrated, stolen or corrupted ADDIN EN.CITE <EndNote><Cite><Author>Dlamini</Author><Year>2009</Year><RecNum>142</RecNum><DisplayText>(Dlamini, Eloff, & Eloff, 2009)</DisplayText><record><rec-number>142</rec-number><foreign-keys><key app="EN" db-id="2s2s0zrapsf0pbe5efuvv20f9rszvx0sd2fe" timestamp="1571286987">142</key></foreign-keys><ref-type name="Journal Article">17</ref-type><contributors><authors><author>Dlamini, Mloses T</author><author>Eloff, Jan HP</author><author>Eloff, Mariki M</author></authors></contributors><titles><title>Information security: The moving target</title><secondary-title>computers & security</secondary-title></titles><periodical><full-title>computers & security</full-title></periodical><pages>189-198</pages><volume>28</volume><number>3-4</number><dates><year>2009</year></dates><isbn>0167-4048</isbn><urls></urls></record></Cite></EndNote>(Dlamini, Eloff, & Eloff, 2009). Data security is a great issue and due to this, information security certifications are vital and help prove the professional as a network specialist in the world of cyberspace. It must be mandatory for all information security specialists to get certification to get the required intelligence and skills to design a high-level security strategy.
Certification in this profession will boost up the career of the professionals by helping them build problem-solving skills, analytical and creative thinking, excellent communication skills and to stay updated with the latest technology trends. An information security specialist, being updated with the security news event, also has to access security trade tools and remain in touch with how cybercrime happens. Certification helps in building a greater understanding regarding the relationship between an organization's goals and information security program. It distinguishes them from other professionals by having extra information on the management and development of information security programs.
An information security specialist needs to get a certification as it helps in developing additional skills that are required to handle digital data. In the last few years, increaseed risk of cybercrime has occurred and it is very important that organizations, especially the public sector, adequately handle all the data. Certification forms the basis of information security system education. It needs to be regularly updated to ensure that it stays with the fast pace of changing technology and the number of ways that can help the criminals to find different ways to hack data. The certification usually focuses on generally accepted techniques, concepts, approaches to design and implement and maintain a strong and effective information security system. The certification will enable the information security specialist to create effective policies, procedures, and practices that can help in maintaining an effective system of information security.
These certifications will allow a specialist to know more information about crime legislation, and also investigative techniques and measures that will help in the effective analysis and management of information. This will also help the specialist to get familiar with the relevant laws and regulations of information security to handle information efficiently. Those who have this certification will be more aware of the integrity of confidentiality and authentication of information. and will be able to perform the security reviews of the email system and network attacks. An information security specialist, who is also certified, can establish a foundation of a broad security plan to ensure the protection of information of an organization. He will effectively communicate the risk associated with the security control and can provide ways to minimize them.
I strongly suggest the requirement of certification for information security specialists as it will help in doing risk assessment which will identify the threats and vulnerabilities and can help to implement necessary measures. In large organizations, especially in the public sector, it is very important to identify, monitor and authorize what and who is accessing organization assets as this is important information that is required to protect the assets of the organization from the threat. The necessity of certification has become a fact of life for the professionals of information technology as they can be a trusted organization advisor and find different ways to help the organization to achieve the objectives. Information security specialist with certification has an opportunity to help the members of the team to understand the cyber risk. The certification of information security makes an employee more attractive and shows that the employee takes pride in the profession.
Information security means to protect vital information from hacking ADDIN EN.CITE <EndNote><Cite><Author>Humphreys</Author><Year>2008</Year><RecNum>140</RecNum><DisplayText>(Humphreys, 2008)</DisplayText><record><rec-number>140</rec-number><foreign-keys><key app="EN" db-id="2s2s0zrapsf0pbe5efuvv20f9rszvx0sd2fe" timestamp="1571286861">140</key></foreign-keys><ref-type name="Journal Article">17</ref-type><contributors><authors><author>Humphreys, Edward</author></authors></contributors><titles><title>Information security management standards: Compliance, governance and risk management</title><secondary-title>information security technical report</secondary-title></titles><periodical><full-title>information security technical report</full-title></periodical><pages>247-255</pages><volume>13</volume><number>4</number><dates><year>2008</year></dates><isbn>1363-4127</isbn><urls></urls></record></Cite></EndNote>(Humphreys, 2008). Hacking leads to unauthorized use, access, destruction, and disruption, of organization information ADDIN EN.CITE <EndNote><Cite><Author>Uma</Author><Year>2013</Year><RecNum>141</RecNum><DisplayText>(Uma & Padmavathi, 2013)</DisplayText><record><rec-number>141</rec-number><foreign-keys><key app="EN" db-id="2s2s0zrapsf0pbe5efuvv20f9rszvx0sd2fe" timestamp="1571286924">141</key></foreign-keys><ref-type name="Journal Article">17</ref-type><contributors><authors><author>Uma, M</author><author>Padmavathi, Ganapathi</author></authors></contributors><titles><title>A Survey on Various Cyber Attacks and their Classification</title><secondary-title>IJ Network Security</secondary-title></titles><periodical><full-title>IJ Network Security</full-title></periodical><pages>390-396</pages><volume>15</volume><number>5</number><dates><year>2013</year></dates><urls></urls></record></Cite></EndNote>(Uma & Padmavathi, 2013). Depending on the organization, important information can be comprised of the employer, data of the employee, organization secrets, etc. To protect information from leak it requires an efficient mechanism of information security to be put in place. A thorough and well-defined information security plan can help to protect the important information from hacking and going into the wrong hand. To formulate and implement an information security plan it is very important to have certified information security specialists in a public organization. The certified professional will be responsible for accessing and security of information and information systems as these professionals possess great technical and investigational skills.
Information security specialists should be certified as they can work as trusted advisors with a great understanding of the security plan and objectives of the organization, who have received appropriate training and comply with a code of ethics and subject to external quality reviews. It will help the organization to improve its productivity. Most of the data in the public sector are sensitive and it is very important, for an organization to have those professionals who are familiar with the various security standards, therefore, certification in information security must be mandatory. The organization with the certified professionals will be very helpful in enhancing the image of the organization. The employees with these certifications are considered as an asset to an organization and awarded with the more challenging task of securing the information system of organizations as this certification makes the employee expert.
The organization can get benefit by hiring the certified information security specialist as these professional will have in-depth knowledge of the cyber security function and technical skills. This will build cyber security plans and frameworks effectively in a short period and will, in turn, reduce the danger that the organization face daily. Certified information security specialist provides depth and breadth in the full range of technology that is needed to perform the specific job function. Because these certifications are focused on the safety of information security and after getting certified employees to get a full range of expertise to successfully protect the sensitive information of the organization. Another reason why the certification in information security is important is that it differentiates the certified professional from others and confirm that a person is a leader in his field. Certification also helps in validating the knowledge that the person has gained through all years of hard work and also gain the power and networking system to face security threats of the future. Certified information system specialist possesses great knowledge of cyber security technologies, threats, and countermeasures to ensure secure computer systems. They are usually associated with tasks such as educating other employees on data security, configuring and installing security software to prevent cyber-attacks, protecting and monitoring against network breaches, and responding to attacks with the proper countermeasures.
Certified information security specialists will efficiently and effectively develop plans to protect the information against unauthorized disclosure, modification, and destruction. They will properly select, implement, upgrade and monitor malware protection systems and antivirus in the computer, will erect firewalls and encrypt the transmission of data to keep it protected from unauthorized users, they will modify security files to correct errors, and incorporate new software's. They will effectively perform tests and risk assessments on running data and security measures. They will educate the team about the information security system and will gather evidence for the prosecution of cybercrimes. This certification improves the autonomy of an organization. It also enhances compliance and if data is not properly handled then it can lead to significant challenges regarding the organization's credibility. Certified professionals will increase prevention, deterrence, deception, detection, surveillance and responsive. There are many certifications for information security specialists such as Certified Information Systems Security Professional. Those who have CISSP certifications can get many additional certifications in different areas of specialties e.g.: Information Systems Security Architecture Professional is an advanced information security certification and it focuses on information security architecture aspects. Information Systems Security Engineering Professional which has a main focus on the engineering aspects of information security. Information Systems Security Management Professional focuses on the management aspect. Therefore, getting certification in the required area of expertise will help in the effective management of sensitive information in public firms. Information and cyber security specialist professionals having the globally accepted and recognized certification that is aligned with international framework of standard plays an important role in the security and strength of the United States, both as a nation and economy, therefore, it must be compulsory for the professional to get certified and success lies in the hardening and strengthening of information security system.
As technology evolves, so do its needs. There will always a need to hire top-quality and highly-skilled professionals. Secondly, it is also very important that employees retain and grow in their chosen fields of interest. Certification is a simple solution which addresses the needs of an organization and credential and certifications serve as a critical component in the learning pathways.
References
ADDIN EN.REFLIST Dlamini, M. T., Eloff, J. H., & Eloff, M. M. (2009). Information security: The moving target. computers & security, 28(3-4), 189-198.
Finklea, K., Christensen, M. D., Fischer, E. A., Lawrence, S. V., & Theohary, C. A. (2015). Cyber intrusion into US office of personnel management: In brief.
Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. information security technical report, 13(4), 247-255.
Siponen, M., & Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5), 267-270.
Uma, M., & Padmavathi, G. (2013). A Survey on Various Cyber Attacks and their Classification. IJ Network Security, 15(5), 390-396.
More Subjects
Join our mailing list
© All Rights Reserved 2023