Organizational Systems Security Analyst information
The Organizational Systems Security Analyst (OSSA) is a technical vendor-neutral Information Security certification programme which is being offered in Asia. It is developed by ThinkSECURE Pte Ltd, an information-security certification body and consultancy. The programme consists of a specialized technical information security training and certification course and practical examination which technical Information Technology professionals can attend in order to become skilled and effective technical Information Security professionals and to prove their level of competence and skill by undergoing the examination.
Technical staff enrolling in the programme are taught and trained how to address the technical security issues they encounter in daily operations and how to methodically establish, operate and maintain security for their organization's computer network and computer systems infrastructure.
The OSSA programme does not focus on hackers' software as these quickly become obsolete as software patches are released. It first looks at security from a methodological thinking perspective and draws lessons from Sun Tzu's "The Art of War" to generate a security framework and then introduces example resources and tools by which the various security aims and objectives, such as "how to defend your server against a hacker's attacks" can be met.
Sun Tzu's 'Art of War' treatise is used to provide a guiding philosophy throughout the programme, addressing both offensive threats and the defensive measures needed to overcome them. The philosophy also extends to the sections on incident response methodology (i.e. how to respond to security breaches), computer forensics and the impact of law on security-related activities such as the recovery of information from a computer crime suspect's hard drive. Under the programme, students are given coursework and experience how to set up and maintain a complete enterprise-class security monitoring and defence infrastructure which includes firewalls, network intrusion detection systems, file-integrity checkers, honeypots and encryption. A unique attacker's methodology is also introduced to assist the technical staff with identifying the modus operandi of an attacker and his arsenal and to conduct auditing against computer systems by using that methodology.
The generic title sections under the programme appear to comprise the following:
What is Information Security
Network 101
Defending your Turf & Security Policy Formulation
Defensive Tools & Lockdown
The 5E Attacker Methodology: Attacker Methods & Exploits
Wireless (In)Security
Incident Response & Computer Forensics
The Impact Of Law
Under each section are many modules, for example the defensive section covers the setting up of firewalls, NIDS, HIDS, honeypots, cryptographic software, etc.
The OSSA programme consists of both practical hands-on lab-based coursework and a practical hands-on lab-based certification examination. According to the ThinkSECURE website, the rationale for this is that only those who prove they can apply their skills and knowledge to a completely new and unknown exam setup will get certified and those who only know how to do exam-cramming by memorizing facts and figures and visiting brain dump sites will not be able to get certified.
Compared to non-practical multiple-choice-question exam formats, this method of examination is beneficial for the Information Security industry and employers as a whole because it provides the following benefits:
makes sure only candidates who can prove ability to apply skills in a practical examination are certified.
stops brain-dumpers from attaining and devaluing the certification as a basis of competency evaluation.
protects people's and companies' money and time investment in getting certified.
helps employers identify technical staff who are more skilled.
provides the industry with a pool of competent, qualified technical staff.
and 29 Related for: Organizational Systems Security Analyst information
The OrganizationalSystemsSecurityAnalyst (OSSA) is a technical vendor-neutral Information Security certification programme which is being offered in...
Adviser on Africa, a United Nations initiative OrganizationalSystemsSecurityAnalyst, an information security certification Star of South Africa, Officer...
themselves as part of the organization Information Security "effort" and often take actions that ignore organizational information security best interests. Research...
Computer security, cybersecurity, digital security, or information technology security (IT security) is the protection of computer systems and networks...
System administrators, in larger organizations, tend not to be systems architects, systems engineers, or systems designers. In smaller organizations,...
so has the event and log generation on these systems. In comparison, the logging of system, security, and application logs is not the only way to perform...
A security operations center (SOC) is responsible for protecting an organization against cyber threats. SOC analysts perform round-the-clock monitoring...
National SecuritySystems (CNSS) is a United States intergovernmental organization that sets policies for the security of the US securitysystems. The CIA...
technologies used by Middleware analysts sit "in-the-middle", between two or more systems; the purpose being to enable two systems to communicate and share information...
aware of current events which may affect information systems. A security engineer or securityanalyst may have several computer monitors on their desk. Processes...
supervision are directed toward the achievement of organizational aims. Organizational structure affects organizational action and provides the foundation on which...
In software engineering and systems engineering, a functional requirement defines a function of a system or its component, where a function is described...
Geographic information systems (GIS) play a constantly evolving role in geospatial intelligence (GEOINT) and United States national security. These technologies...
An information system (IS) is a formal, sociotechnical, organizationalsystem designed to collect, process, store, and distribute information. From a sociotechnical...
heterogeneous teams of information security managers, directors of information security, securityanalysts, security engineers and technology risk managers...
Threat hunting has traditionally been a manual process, in which a securityanalyst sifts through various data information using their own knowledge and...
Safety Management System. UNDSS reports directly to the Secretary-General. The UNDSS manages a network of security advisers, analysts, officers and coordinators...
the chiefs of six departments: Economic Security Department, Counterintelligence Department, Organizational and Personnel Service, Department of activity...
Center for Intelligence and Security Studies – trains new analysts in intelligence analysis Intelligence analysis organizations Hayes, Joseph (2007), "Analytic...
correlating that data, and then exporting it into an organization’s existing securitysystems or ticketing systems, a TIP automates proactive threat management...
support of organizational strategic goals. IT Managers need to know predominantly Technical and Managerial skills such as analyst of computer systems , information...
Digital Identity and Security Embedded Systems and Power In January 2008, its featured collaboration was with Streambase Systems, makers of a "high-performance...
within an organization is called a business analyst or BA. Business analysts are not found solely within projects for developing software systems. They may...
Technology and Systems Directorate, which develops new technologies for SIGINT collection and processing. The Information SystemsSecurity Directorate,...
legacy systems in space exploration at the Technical University of Munich. According to Hein, legacy systems are attractive for reuse if an organization has...
Global Information