Information Security Study Roadmap

Articles
Fabio Sobiecki

Fabio Sobiecki is a systems analyst, graduated from Unopar and a specialist in Information Security from Senac, with an MBA from FGV. He has worked with Information Security since 2004, and between 1998 and 2004, he worked with information technology, in the area of ​​infrastructure and computer networks. Fabio Sobiecki has been certified by (ISC) 2 as CISSP and CCSP, since 2008 and 2017, respectively. He is currently president of the São Paulo (ISC) 2 chapter and is a solutions engineer at RSA.

Read more of my posts.

by Fabio Sobiecki

In the following topics, learn about some areas of information security and the things you need to know to start a career in information security.

Areas of Study

Security Governance

It’s the team that governs or plans security actions for the company. It’s a bit confused with security management, but it takes care of the plans, the projects, chooses tools, defines controls, organizes the team.

  • Confidentiality, Integrity and Availability
  • Definition of metrics
  • Roadmap definition
  • Business Requirements Survey
  • Privacy

Risk Management

It assesses the risks that the company has, fraud risk, fire risk, market risk… And then, with Governance, it will implement controls to reduce or eliminate the risk.

  • Risk assessment
  • Definition of a mitigation plan
  • Application of risk controls

Compliance

Every company has laws it must follow. For example, every company has to issue invoices. In security, some companies have security obligations, which are laid down in law. The Privacy Act and Marco Civil da Internet are good examples of such laws.

  • Safety regulations
  • Security Guides
  • Laws applied to Security
  • Audits

Data Security

Define data processes and policies. How it will be stored, how it will be controlled, how it will be backed up, how to prevent data leaks.

  • Data Classification
  • Integrity
  • Cryptography and Confidentiality
  • Digital Signature
  • Digital Certificate and Public Key Infrastructure
  • Backup
  • Secure Data Disposal

Access Control

It manages the access of employees, customers and partners to the company’s systems and consequently to data. It defines, for example, the password policy and which authentication methods should be used.

  • Access Control
  • Audit and Access Federation
  • Access Provisioning
  • Privileged Users

Network and Telecom Security

It is responsible for assessing security risks in wired, wireless, VPN, datacenter communications, the Internet and also telephony.

  • Network and Infrastructure Security
  • Network Protection Features
  • Technology Infrastructure Security
  • Network Services

Software Security

It evaluates software developed in-house and software purchased on the market. It also manages software updates to avoid known vulnerabilities.

  • Software Security
  • Software Developed
  • Data Security in Software and Testing
  • Patch management

Endpoint Security

They are responsible for the security of user devices, desktops, laptops, cell phones, tablets and any other high-end equipment. Some take care of printers, scanners and IOT devices. Internet of Things.

  • Endpoint Security
  • Mobile Device Management
  • Software and firmware updates
  • Desktop Security

Physical Security

It manages the risks of physical environments. Fires, electrical damage, flooding, theft, break-ins, vandalism and everything associated with company information in these environments.

  • Physical Security
  • Datacenter security
  • Physical risks
  • Physical Data Security
  • Physical Security Monitoring

Cloud Security

It will manage all the applications that run in the public cloud, such as Office 365, Salesforce and systems that run in clouds such as AWS, Google, Azure.

  • Cloud Security
  • Controlling access in Cloud Security
  • Differences between Cloud Security
  • Cloud Security Protections and Compliance

Security Intelligence

At this point, some people confuse artificial intelligence with security. This is not the case here. Security intelligence is the monitoring of environments and the handling of security events. This is where ethical hackers, social engineers and computer forensics work, for example.

  • Intelligence and Security Operations
  • Preparing for and Detecting Attacks
  • Anatomy of Attacks
  • Operational Security Controls

Incident response

This is the area that will take care of emergency plans in the event of a security event. For example, a fire in the datacenter. How you should handle this emergency. Everything has a plan, rehearsals, tests….

  • Incident Response
  • Other Response Plans
  • Other Support Tools
  • Safety Tests and Trials
  • Recycling Plans

Professional Ethics

Well, it’s not just hackers who have to be ethical. There are certain rules in our profession that must be followed. For example, here you need to know what a Confidentiality document is, how you should treat sensitive information.

Get to know the Blue Team Academy

A complete training course with videos, tutorials, exercises and tests to take you from zero to information security professional. This training also includes mentoring and support from Fabio Sobiecki.

https://go.hotmart.com/P54074238S?dp=1

Download

In the link below, you’ll find a study roadmap to prepare yourself for the Information Security Market.

roadmap-studies-securityDownload
Articles