Beyond the Book
In additional to the material in the print or ebook you’re reading, this product also comes with more online goodies:
✓ Cheat sheet: The cheat sheet offers tips on interviewing for an information security job and building your personal brand. You can find the cheat sheet at www.dummies.com/cheatsheet/gettinganinformationsecurityjob.
✓ Web extras: You’ll find some great references that you can use, including a resume template, a sample resume, and a list of websites of value to information security professionals. Go to www.dummies.com/extras/gettinganinformationsecurityjob.
✓ Updates to this book, if we have any, are at www.dummies.com/go/gettinganinformationsecurityjobudupdates.
Where to Go from Here
If you're wondering what the information security profession is all about, go to Part I. If you want to dive into the education, training, and knowledge required in information security, start with Part II. If you’re wondering what life is like in different types of organizations, Part III was written just for you. If you’re ready to get out there in the InfoSec job market, go right to Part IV. If you love lists, head for Part V.
And for those who want to take an even deeper dive into the knowledge expected of information security professionals, get a copy of CISSP For Dummies, by Lawrence Miller and Peter H. Gregory.
Part I
So You Want to Be an InfoSec Professional
In this part…
✓ Find out how industry conditions have led to today’s high demand for skilled information security professionals.
✓ Understand typical job titles and their duties.
✓ Discover the security problems that governments and industries face today.
Chapter 1
Securing Your Future in Information Security
In This Chapter
▶ Understanding the need for information security professionals
▶ Reviewing a history of cybercrime
According to the Cisco 2014 Annual Security Report, the worldwide shortage of information security professionals exceeds one million workers. You have chosen a great time to learn more about this exciting and rapidly changing field!
This chapter takes a closer look at the changes in business and technology that have given rise to the high demand for information security workers. You also discover why information security is a great career field.
Why Does Information Security Matter?
Information security, or InfoSec, was once considered a technical discipline with little business relevance. Now, however, it is a topic of heated discussions in corporate boardrooms around the world. Information security matters because information technology matters – and because criminals are finding it easy to steal sensitive and private information from organizations’ information systems.
Increased reliance on information systems
Organizations of every kind, as well as a growing number of private citizens, rely on information systems for conducting daily affairs more than ever before. We buy more and more Internet-connected products, partly for convenience and partly for the cool factor. Before long, it will be easier to count the things that aren’t connected to the Internet.
You might have heard that data and information are the new currency. Although this statement might sound like a cliche, it’s true for several reasons:
✓ Organizations can use software tools to examine electronic business records and gain valuable insights that help them find new opportunities. For instance, a grocery store can add new items to its inventory based on sales trends.
✓ Organizations can use information systems to make business processes more efficient. For example, if an organization puts sales details in an information system, the customer service department could electronically access those records and be far more efficient.
✓ For banks and other financial institutions, data actually is money, or at least the closest representation of money. For instance, transferring funds or paying bills online is mostly about making a number bigger in one place and smaller in another.
This increased reliance on Internet-connected systems and devices makes our businesses more efficient and our lives easier, but there is a dark side: Criminals are also turning to Internet-connected systems to disrupt businesses and steal valuable information.
Growth in cybercrime
Organizations of every kind are increasing their reliance on information systems for storing and processing valuable information. Meanwhile, cybercriminal organizations have grown, organized, and made vast improvements in the skills and tools they use to find and steal this information.
“Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion,” according to Valerie McNiven, who advises the U.S. Treasury on cybercrime. “Cybercrime is moving at such a high speed that law enforcement cannot catch up with it.” Ms. McNiven made this claim in 2005; in the past ten years, cybercriminal organizations have made impressive gains in their capability to steal valuable data.
According to idtheftcenter.org, some of the largest security breaches in 2014 were as follows:
✓ Sony Pictures: 33 thousand documents and several unreleased films
✓ U.S. Weather System: breach to NOAA weather satellite network
✓ JP Morgan Chase: 76 million records
✓ Home Depot: 56 million records
✓ Community Health Systems/Tennova: 4.5 million records
✓ Michaels Stores: 2.6 million records
✓ Texas Health and Human Services: 2 million records
✓ Internal Revenue Service: 1.4 million records
✓ Staples: more than 1.1 million records
✓ Neiman Marcus: 1.1 million records
✓ State of Montana: more than 1 million records
✓ Viator: 880 thousand records
✓ Goodwill Industries: