cyber security

information security analyst job description

information security job description

information security job description
image from nextgov.com

The position information security analyst is a great opportunity for a security professionals to expand their skill set.

There are many types of information security analysts.  Some information security analysts examine the security features of a system, while others might be responsible for analyzing the security features of an entire organizations infrastructure.

Analysts are usually professionals with enough security to provide guidance on security incidents, security features and/or risks in a given information systems environment.

That being said, the term information security analyst is used in many different ways by many different organizations.  For example, sometimes organizations call their security professionals “analysts” when they actually do “engineering”.  And sometimes they will call security analysts engineers.  So take the description below with a grain of salt.

Essentially, an Analyst studies, monitors, computes, considers, contemplates and provides reports, incident handling, responses on existing systems.  Or they check on designs proposed developed by others.  While engineers, create, design, manipulate install, configure existing and/or proposed systems.  There is a lot of overlap so you should always examine the description of the specific job you plan on doing.

Analysts analyze.  Engineers build stuff.  But of course there can be lots of overlap.

Prerequisites for Typical Information Security Analyst:

If you have a solid understanding of networking, TCP/IP, subnetting, a little bit of server administration, malware identification and lots of system security experience than Information Security Analyst is for you.  Organization dealing with the federal government usually desire a BS degree or specific IT certifications.

Basic Job Description of Typical Information Security Analyst:

The Information Security Analyst responsibilities can sometimes include ensuring that system Information Security requirements are reached.  Another task might be to provide support for systems engineering life cycle from the specification through the design  oof hardware or software, procurement, development, to integration, test, operations and maintenance.  Provide analysis, definition, and the recommendation of information assurance and security requirements for advancing Information Security technologies of computing and network infrastructure. 

Responsibilities may include but are not limited to:
• Ensure compliance with Configuration Management (CM), Information Security governance, policy, directives, and guidance are followed.

Ensure compliance with certain security policies / standards such as:

  • Federal Information Security Management Act (FISMA)
  • NIST Special Publications (SP) 800 Series
  • Security Technical Implementation Guides (STIGs)
  • PCI
  • Sarbanes-Oxely Act
  • Risk Management Framework for DoD IT
  • ISO/IEC 27000
  • Health Insurance Portability and Accountability Act (HIPA)

• Conduct Information System Security Engineering activities at the subsystem and system level of design

• Complete Vulnerability scans, Information System Security audits, analysis, risk assessments, vulnerability assessments, intrusion detection/prevention and log monitoring of computing resources

• Computer Network Defense:

  • Analyze TCP/IP traffic
  • Continuous monitoring of information system security
  • Incident handling
  • SIEM Analyst
  • Data Loss prevention .
  • Coordination with computer emergency response team (CERT)

• Certification & Accreditation / Risk Management Framework analysis
• Support C&A Security Test and Evaluation processes

 

gmail security

gmail security

gmail security

Gmail is one of my favorite email products.  Its free, its extremely good at collecting and organizing data (in-line with google’s vision of world information organization domination) and its so intuitive.

The gmail security features are kind of tucked away to bring the organization and search functions to the foreground.  But once you know where they are, its easy.

1. First, browse into your email and sign in.

 

2. Inside your email under your name, click privacy.

3. Under Account Privacy, hit Security and add alternate recovery email and mobile number.   This will allow gmail security to alert you of any suspicious activity such as someone attempting to access your account.

gmail security

gmail security

diacap diarmf

diacap to diarmf: intro

DIACAP to DIARMF: Intro

diacap diarmf

image of diacap to rmf

DoD Chief Information Officer (formerly Assistant Security Defense), in collaboration with the Department of the Navy CIO, has developed a DoDI 8500.2 to NIST SP 800-53 IA control mapping (2010). More DIACAP Knowledge Service.

DIACAP Knowledge Service

On the DIACAP Knowledge Service goto “C&A Transformation”. This page introduces some of the coming changes from Certification & Accreditation changes to the Risk Management Framework seen in NIST SP 800-37.

DIACAP has “Risk Management Framework Transformation Initiative” underway that provides information on use of NIST SP 800-53, NIST SP 800-37, CNSS Instruction 1253.

The site introduces changes being made to DoDD 8500.01, DoDI 8500.2, DoDI 8510.01 and other documents that will be aligned with NIST 800 and FISMA 2013. They will feature an attempt to keep up with new arising cyberthreats, vulnerabilites and security incidence using real-time, “continuous monitoring” technologies such as HP ArcSight, McAfee ESM, ePO, NSP, Retina, Nessuss and other near real-time active monitoring systems.

diacap to diarmf

road to diarmf

Why DIACAP to DIARMF?

Federal government has gotten more serious about security.  They realize that enterprise level security and process is a continuous and expensive business.  The old certification & accreditation process is not only long and expensive but so slow that it cannot keep up with the constant changes of information technology.

Risk based/cost effective security means creating security systems and policies that focus on “adequate security”.  The Executive Branch Office of Management and Budget (OMB) defines as adequate security, or security commensurate with risk, to include the magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information.  The feds are also attempting to make the process of implementing and evaluating security controls by creating as much paper-less automation as possible.

note IMHO: Since technology is changing at a rate of what Ray Kurzweil calls “accelerating returns” I think for governments and organizations stuck in “static policy” based systems there is no way they can ever keep up with information technology without revolutionary shift in thinking.  Google is probably the closest to understanding what is actually happening.  The best any of us can do is observe.

 Source documents for all U.S. Federal information security:

OMB A-130 – Management of Federal Information Resources

FISMA – Federal Information Security Management Act of 2002

Federal Information Security Management Act of 2002 (FISMA, 44 U.S.C. § 3541) enacted as Title III of the E-Government Act of 2002 (Public Law 107-347)

Required for all government agencies  to develop, document, and implement an agency-wide information security program to provide information security for the information and systems that support the operations and assets of the agency Applies to contractors and other sources.

The federal government has created various acts/laws to implement to changes to the C&A process to a more risk management approach and emphasize a risk-based policy for cost-effective security. These acts include (but are not limited to):

  •  Federal Information Security Management Act of 2002 (amended as of 2013 April)
  • The Paperwork Reduction Act of 1995
  • The Information Technology Management Reform Act of 1996 (Clinger-Cohen Act) supported by Office of Management and Budget (OMB) through Circular A-130, Appendix III, Security of Federal Automated Information Resources

 

who-created-manages-nist-800

Who Created/Manages NIST 800?

Who Creates and/or Manages the NIST 800?

This NIST 800 is a well thought out set of federal security standards that DoD and the Intel world is moving too.  It aligns with International Organization for Standardization (ISO) and International Electotechnical Commissions (IEC) 27001:2005,  Information Security Management System (ISMS).

who-created-manages-nist-800

who-created-manages-nist-800

NIST 800 is updated and revised by the following organizations:
Joint Task Force Transformation Initiative Interagency  (JTFTI) Working Group National Institute of Standards and Technology (NIST)
JTFTI is made up of from the Civil, Defense, and Intelligence Communities.  This working group reviews and updates the following documents

  •      NIST Special Publication 800-37, Revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
  •     NIST Special Publication 800-39, Enterprise-Wide Risk Management: Organization, Mission, and Information Systems View
  •     NIST Special Publication 800-53, Revision 3 Recommended Security Controls for Federal Information Systems and Organizations
  •     NIST Special Publication 800-53A, Revision 1 Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans

These core documents are a standard on how to implement FISMA. The organization has done a good job of keeping NIST 800 inline with international standards of ISO 27001.  The JTFTI is made up of ODNI, DoD, CNSS.  This document is also publicly vetted.

Office of the Director of National Intelligence (ODNI)
The DNI is a position required by Intelligence Reform and Terrorism Prevention Act of 2004.  This office serves as adviser to the president, Homeland Security and National Security Counsil as well and director of National Intelligence.

Department of Defense (DoD)
DoD is composed of (but not limited to) the USAF, US Army, DON and Marines.  It is the most powerful military organization in recorded history.

Committee on National Security Systems (CNSS)
This committee was created to satisfy National Security Directive 42, “National Policy for the Security of National Security Telecommunications and Information Systems“,
the group has represtatives from NSA, CIA, FBI, DOD, DOJ, DIA and is focused on protecting the US crititcal infrastructure.

Sources: http://en.wikipedia.org/wiki/Committee_on_National_Security_Systems

Public (review and vetting) – the draft is posted online on NIST.gov

http://csrc.nist.gov/publications/PubsDrafts.html

 

sources:

FISMA JTFI

http://www.fismapedia.org/index.php?title=Joint_Task_Force_Transformation_Initiative

Scadahacker – mappings NIST to International

http://scadahacker.com/library/Documents/Standards/mappings/Mapping%20NIST%20800-53.pdf

 

reset-password

Windows Password Recovery: ONTPRE

Offline NT Password & Registry Editor (ONTP&RE)

Did you lock yourself out of your Windows system?  Forgot your Windows password?  What is the best Windows password recovery?

The best way is to have a Windows Recovery disc ready.  But this is something you must do BEFORE you get locked out.

reset-password

reset-password

There are tools you can use to get into your system, but the first think you should try is to use “Administrator” as the user with no password.  “Administrator” is a default account on Windows systems.  On Windows 7 it is disabled by default but if someone has used the account you may be able to use it as backdoor into the system.

If their is not Administrator account and no Windows Recovery disc you will have to use a Windows password recovery tool.  ONTP&RE is a password recovery tool that allows quick access to windows systems.

Reset Password : Windows 7

1.  Download ONTP&E: First, download the Windows password recovery software from pogostick.net . pogostick.net/~pnh/ntpasswd/cd110511.zip

2.  Unzip ONTP&E:  Files are compressed into 1 folder named ( cd110511.zip).  Unzip the file.

3.  Create CD with ISO:  Set the cd disc creator into ‘image to  disc’’. Burn the image to the cd.  Each CD burner software is different, so you will have to figure out how to create a CD from the ISO.  Sometimes its as easy as double clicking the ISO but it depends on the type of software.

4.  Reboot & Insert:  Actually, you need to make sure your Windows system is able to boot from the CD.  Once its done , insert the cd back to the CD ROM  and reboot your computer.

5.   Computer Boot from CD:  As your computer reboots, keep hitting F2 to go through the BIOS.  Select “Boot Options”.  Some versions of BIOS call this “Boot”.  But the idea is the same.  Go into the BIOS and make sure CDROM is on the top of the list for boot options.  This means that the computer first looks at the CD before going to the Hard Drive.  Instructions on modifying BIOS settings will be listed on the page.

6.  Boot into ONTRE:  Once the BIOS boot option is set, save and exit.  Your system will boot into your ONTRE disc.  Software will start running. Just follow the steps.  “Press enter” to boot into the “Offline NT Password & Registry Editor” CD.

windows password recovery

screen shot of Offline NT Password & Registry Editor

7.  Select an Account:  It will ask you to select an account.  If you hit “Enter” it will automatically boot into the [Administrator] account.

*note: Anything in [brackets] is the default value, so if you hit “Enter” it will auto-magically choose that [bracket] value.. its a linux thing.. you wouldn’t understand.

If you choose the “Administrator” account, you may need to Enable the account since the built-in Administrator account is  disabled by default in certain versions of Windows.

8.  Enable Built-in Administrator Account:  The Windows account  needs to be enabled.  Select 4  and enter ‘to Unlock and enable user Account’.

windows ontpre menu enable

windows ontpre menu

9.  Clear (blank) User Password:  After selecting 4-Unlock and Enable user account, you will be sent back to the User Edit Menu. If you want to clear the Administrator password (if it has one) then hit enter or type Administrator and Select 1 and “Enter” – to clear the user password.

10.  Save Changes:  Once you have made all the changes you want (enabled the Administrator account & cleared any passwords), you are ready for the next step.  Hit  ‘!’ and enter.

Windows Password save changes

Windows ONTP&RE password save change

On the screen it asks ‘What to do’?  hit q to quit. You will see:

Step FOUR:  Writing back changes

“About to write file(s) back.  Do it ?’’

Hit   Y  and enter to save changes.

11.  Last Step:  Hit “Ctrl-Alt-Del” to reboot and eject the cd quickly.  This will allow the system to boot into Windows on the Hard drive.

You can now login as “Administrator” with NO password.

Once you are in as Administrator you can change passwords of any local accounts in Control Panel | Users.

ia awareness training

Information Assurance Awareness Training


NIST Special Publication 800-50, is a regulation dedicated to IA Awareness Training



NIST SP 800-5, Building an Information Technology Security Awareness & Training Program


The 800-50 includes guidance on development and sustainment of an awareness & training IT Security (aka information assurance training) program for all users, employees and supervisors within an organization. Having a training program is mandated by the Federal Information Security Act of 2002.

IA Awareness Training – Roles & Responsibilities

Agency heads – must ensure that high priority is given to effective security awareness and training for employees. Appoint a CIO
CIO Establish overall strategy, funding, tracking and report is in place for the IT security awareness and training program
IT Security Program Manager tactical deployment, development and maintenance of the IT security & awareness program.
Managers responsible for complying with IT security awareness program. Work with CIO and IT Security Program Managers to share responsibility. Ensure all users are trained to fulfill their security roles before access is giving. Promote professional development and certification of the IT staff.
Users largest audience in any organization and are the single most important group of people who can help to reduce unintentional errors.


800-50 calls learning a continuum. The continuum of learning starts awareness and builds into education.
Awareness awareness is not training. Awareness focuses on security concerns to ensure users are mindful of basic rules and issues in a given environment.


Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. – 800-50

Training is a formal focused method to develop a skill for job performance.
Training strives to produce relevant and needed security skills and competencies 800-50


Education combines multidisciplinary areas into a common body of knowledge.



Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge . . . and strives to produce IT security specialists and professionals capable of vision and pro-active response. –800-50

What is Autorun.inf?

What is AutoRun.inf?
What exactly is an autorun.inf? Is it a virus or just a file that needed by other application in our computer to run? Have you ever gotten alerted by your system anti-virus application that autorun.inf was detected as a threat to your computer?

AutoRun.inf is a primary instruction file associated with Autorun function. Autorun.inf is just a simple text-based configuration file that tells the operating system which executable to start or which icon to use. In other words, Autorun.inf simply tells the operating system how to deal on the programs or executable files and how the operating will treat the contents of a CD or any removable disks that is plug to your computer.

Autorun.inf is not a malware, but a virus might use autorun.inf to get access to your computer programs and files. Common virus like bacalid, ravmon.exe and even Trojan virus hides in autorun.inf to easily spread to your computer. These viruses save themselves in the root directory of the infected hard disks and will run themselves every time you double click the drive. Usually if a USB stick or a CD was infected by a virus, once it was plugged to your computer the device automatically runs itself especially with the device where autorun was enabled.

If autorun.inf was detected by your anti-virus as a threat to your computer but not yet tried to make an action then here are some tips to remove autorun.inf which are infected by virus.

You can disable autorun.inf for all drives by configuring the registry of your computer. First you need to open the registry by typing regedit.exe to the command prompt or you may execute it in run. Then look for this registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the NoDriveAutorun does not exists, you can create it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe.

Another procedure to disable or delete autorun.inf that has been infected by virus is by using the command prompt, type cd\ then press enter. You may type the letter of your USB drive or CD drive, for example F: then press enter. Type this attrib h r s autorun.inf then press enter, type del autorun.inf.Thats the easiest way to avoid spreading virus from your computer especially using sutorun.inf. If you have any questions, you can comment on this post, thank you!

SAP security audit programs

SAP- Increasing Demand by Increasing Efficiency

Systems, applications, Products (SAP) is a security auditing program that checks a computer systems data integrity and overall security. This application is accompanied by a user interface that is highly flexible. SAP security audit programs were introduced in the 1980s and provides the best audit resources for major companies and industry leaders.

In SAP, audit security is the foremost requirement enabling access control and separation of duties. These two areas are very important for the integration of control mechanisms. A company must plan prior to implementing SAP to obtain better access and a clear understanding of the system. This includes proper design of profile and removal of surplus IDs. Security audit programs includes many audit procedures that are designed to efficiently access a variety of transactions.

The main administrative function of SAP security Audit Programs includes automatic scheduling of jobs according to different user IDs, monitoring errors, administering backdrop session and access to proper management functionality. As far as security settings are concerned, SAP system audit program helps to execute online programs using different procedures and maintenance of different tables. This allows access to maintain different profile parameters including password and security of default user IDs. SAP system audit programs also allow locking of sensitive codes of transactions and execution of OS commands externally.

The SAP system audit program contains different audit procedures showing steps to extract useful information from a system. Some system audit program resources are highly beneficial and include audit programs for financial accounting, audit programs for basic security, audit programs for Fixed Asset, audit programs for expenditures, audit programs for treasury, audit programs for inventory management, audit programs for HR & payroll and audit programs for revenue. Companies using SAP applications can create different software packages to meet their key objectives. This application is assembled in such a way that allows each department of an organization to get integrated.

google’s Safe Browsing Alerts

The all seeing eye of Google is upon Safe browsing and and alerts for your network. I think this is proof that Google is not “evil” as some say. Some believe that Google is “evil” just because they want to organize all of the worlds data. To this I say, “stop, hatin’!”

Google has taken steps toward protecting is users from malware and phishing attacks by alerting webmasters of malicious content and bad URLs.

Now Google offers a service for Network Administartors that allows system owners to receive early notifications for malicious content on their network. Its called “Google Safe Browsing Alerts“. As an example of how powerful this can be, imagine an Internet Service Provider have such a service.

I can already hear the “nayers of google” crying, “what about the privacy of the networks and your users?” To this I say, “SHUT THE HELL UP!” Google loves you. Google died for your sins. Repent, for the kingdom of Google is at hand.
http://safebrowsingalerts.googlelabs.com/

That is all.

http://googleonlinesecurity.blogspot.com/2010/09/safe-browsing-alerts-for-network.html

Facebook Imposter Scam

The first time I saw the “impostor scam” was on myspace. One after another about 6 or 7 of my friends myspace accounts were hijacked. What followed was my friends sending me messages about viagra and bogus malware sites. It was obvious that they’d been hacked, but they usually catch it a few days later and send out a message to apologize to everyone. It seems not social network is exempt from the imposter scam.

Enter the Facebook Imposter Scam:
The Facebook Imposter Scam is the same exploit that hit myspace. Users accounts are hacked using phishing techniques. Basically, users are lured into clicking on what looks like a legitimate link, they are scammed into giving out their username and password (sometimes with a phishing site that looks like “facebook” a “facebook imposter”). Once the user enters the username password, the criminal has there information and can do whatever they want. What they typically do is use the account to advertise a product, service or scam to EVERY friend on the victims list. The facebook imposter will even use the victim’s account to scam others.

This scam earned its way on the Internet Crime Complaint Center.

The best way to avoid falling prey to this imposter scam, is to watch out for outbound links. Always hover over alink and look at the bottom right-hand corner of the browser to see where it is actually going. Type in the supposed link into the address bar rather than clicking on outboud links. Pay attention to phishing warnings that myspace, search engines, browsers and facebook give you.

1 2 3 9