Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant
Brief introduction My career path Information Security: a growing expert area Defined? Domains Indicative Skillset Career Paths Certifications & Certification Bodies 2
Academic Path BSc. Computer Science Informatics & Telecommunications Department University of Athens Last semester: Cryptography, Computer Security Thesis: subject of Network Security MSc. Information Security Information Security Group (ISG) Royal Holloway University of London Security Management, Cryptography, Network Security, Computer Security, Software Security, Computer Crime, Smart Cards/Tokens & Security Dissertation: Fraud in electronic cards & countermeasures 3
Professional Path Information Security Consultant ITSRC BU Syntax IT Group (Greece & UAE) Penetration testing IT Governance, Risk & Compliance projects Solutions Enablement (various vendors) Business Unit Manager ITSRC BU Syntax IT Group (Greece & UAE) Information Security Officer & Security Consultant Uni Systems (Greece, Western & S-eastern Europe) Information Security Frameworks ISO 27001 & 22301 Risk Assessments Security Metrics Business Continuity Frameworks 4
Confidentiality Integrity Availability Information Security 5
Preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved. ~ ISO 27000:2014 Ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and non access when required (availability) ~ ISACA Glossary of Terms "Information security is the protection of information and minimizes the risk of exposing information to unauthorized parties." ~Venter and Eloff, 2003 6
Attributed: JohnManuel, Wikipedia 7
Security & Risk Management Security, Risk, Compliance, Law, Regulations, Business Continuity Asset Security Classification, Retention, Data Security Security Engineering Engineering & Management of Security Communication & Network Security Design & protection of Network Security 8
Identity & Access Management Controlling Access & Managing Identity Security Assessment & Testing Design, perform & analyze security testing Security Operations Foundational Concepts, Investigations, Incident Management & Disaster Recovery Software Development Security Understand, apply and enforce software security 9
Application Security Data Loss Prevention Ethical Hacking (web, network, systems) Digital Forensics Governance Compliance Audit (Policies, Procedures, Management Systems) Incident Detection & Response Secure Code Development PKI Identity Management Business Continuity Security Operation Center Security Information & Event Management 10
Information Security Consultant Information Security Analyst Information Security Manager/ Officer Security Architect Security Administrator IT Risk & Compliance Manager Data Security Specialist Cloud Security Engineer (System, Network, Web) Penetration Tester Digital Forensics Analyst Incident Responder Malware Analyst Disaster Recovery/ Business Continuity Manager Security Operation Center (SOC) Analyst 11
CISSP Security Professionals CCSP Cloud HCISPP Healthcare & Regulations (ISC)² - International Information Systems Security Certification Consortium CSSLP Secure sw Developments SSCP Security Engineers CCFP Digital Forensics 12
CISA Auditors CRISC Risk & Information Systems Control ISACA - Information Systems Audit and Control Association CISM Security Managers CGEIT Governance 13
Security Administration GSE (expert) Forensics Legal GIAC Global Information Assurance Certification (powered by SANS) Management Software Security Audit 14
Ethical Hackers CISO Digital Forensics EC Council Disaster Recovery Professionals Security Analysts Incident Handlers 15
Offensive Security Offensive Security Certified Professional (OSCP) CompTIA Security+ CASP ISO certifications ISMS ISO 27001 LA & I BCMS ISO 22301 LA & I Cloud Security ISO 27017 (draft) 16
Uni Systems Copyright 2015 17
Andreas Athanasoulias AthanasouliasA@unisystems.gr Twitter: @andresitoath LinkedIn: https://gr.linkedin.com/pub/andreas-athanasoulias/41/7b4/552