Regulation for Cyber Security Professions

    Regulation for Cyber Security Professions

    Regulation for Cyber Security Professions

    The Israeli regulation for Cyber Security Professionals by the INCB
    The American (NICE) recommandation for Cyber Security Professionals

    Cyber Security Practitioner

    SOC (Security Operation Center) Operator

    The Cyber Security Practitioner is responsible for implementing the organization’s cyber protection, and has the specific perspective of the following aspects:

    • The installation, operation and maintenance of cyber protection products.
    • The implementation of routine security procedures.
    • First level identification and treatment in cyber events based on types of threats and attacks.

    A practitioner may hold International Certification such as CompTIA Security+, or (ISC)2 SSCP.

    Required knowledge

    • Basic knowledge in regulation, government decisions, standards in information security.
    • Familiarity with technological environment.
    • Familiarity with a wide range of product and security methods.
    • Profound knowledge with routine security processes.
    • Basic knowledge in ways of dealing cyber events.
    • Professional ethics.

    A Security Operation Center (SOC) is established to monitor, analyze and respond to security incidents as quickly as possible on a 24×7 basis. SOC operator is responsible for complying with Incident Management process and Escalation procedures as well as effective use of specialized IT tools used by SOC.

    A SOC-IR specialist is responsible for critical core subjects in operating cyber monitoring centers and primary response teams. The SOC Operator performs the preliminary necessary actions when a cyber event is identified.

    The SOC Operator will use various reactive and proactive platforms to monitor all critical and potential hazardous environmental conditions focused on mitigating physical risk and safeguarding people, property, and assets. The SOC Operator will proactively conduct physical security patrols as directed and monitor and report on all security and environmental system conditions and alarms in a 24 x 7 environment and reactively respond to emergency situations as directed. The position further requires identification, notification; escalation and resolution to appropriate internal agencies, and/or escalate technical abnormalities to the appropriate personnel that may arise from time to time that otherwise present a security risk or operational risk.

    Required knowledge:

    • Understanding the organization’s information security architecture
    • Familiarity with various monitoring tools.
    • Basic level investigation and forensics capabilities.

    Cyber Security Technology Professional – Cyber Architect

    Cyber Security Methodology Professional

    A person with an academic background, wide-ranging and profound theoretical knowledge, who is in charge of:

    • Designing technological solutions for cyber protection in the organization combining technologies and security methods.
    • Adjusting cyber protection products and integrating them in the IT infrastructure, including storage and backup.
    • Accompanying the process of handling security events with a technology standpoint, acknowledging the organization activities, needs and objectives.

    The Security Architect may hold International Certification such as CompTIA Security+, or (ISC)2 CISSP.

    This is in recognition of understanding of the activities, needs and corporate objectives.

    A person with an academic background, who is in charge of:

    • Formulate methodologies and concepts to bridge the gaps inside the organization
    • Implementing Israeli and international regulation standards and aspect of protection of privacy.
    • Risk management in cyber protection.
    • Accompanying organizational processes (establishing systems, projects, supply chains and business continuity) along with familiarity and understanding of the activities, needs and corporate objectives.

    The Security Methodology Professional must have a comprehensive understanding of the business needs and restraints.

    The Security Methodology professional may hold International Certification such as CompTIA Security+, (ISC)2 CISSP or ISACA CISM.

    CISO – Chief Information Security Officer

    Penetration Testing Experts

    The issue of Cyber Defense Officer or Chief Information Security Officer was examined and announced as a role and not as a profession. Probably, the CISO role will be recognized as a combination of two roles: Cyber Security Technology Professional and Cyber Security Methodology Professional, in addition to other requirements.

    The Security Methodology Professional must have a comprehensive understanding of the business needs and restraints.  The CISO holds a high level insight of the entire Cyber Security array.

    The CISO may hold International Certification such as (ISC)2 CISSP or ISACA CISM.

    An Expert with wide and up dated knowledge as well as practical abilities in vulnerabilities detection and penetration testing in cyber systems.

    • Knowledge base as a Cyber Security Practitioner.
    • Attack process, Tools & Technologies, Attack Scenarios: Lockheed Martin Kill process, known tools, APT.
    • Vulnerabilities knowledge (OWASP top 10, system vulnerabilities).
    • Tools for penetration testing.
    • Types of penetration testing (Black box \ white box \ grey box).
    • Infrastructure penetration testing (Windows \ Linux, scripting).
    • Application penetration testing (code review, basic programing skills, PHP, ASP).
    • Report Writing.

    A pentester may hold International Certification such as EC-Council CEH.

    Cyber Forensics Expert

    Malware Analyst

    An Expert with wide knowledge and abilities to investigate events (forensics).

    • Knowledge base as Cyber Security Practitioner.
    • Data restoration (Servers, endpoints, mobile devices).
    • Incident Response (Identification, incident restoration, data analysis, data correlation).
    • Reverse Engineering.
    • Evidence gathering and handling.
    • Real-time Vs. post event investigation.
    • Forensics Tools: restoration tools, duplication tools, monitoring tools, password cracking tools etc.
    • Legal aspects: forensics evidence judgement, precedents.
    • Familiarity with local forensics agencies: Police, Military investigative police, Tax authority, etc.
    • Report Writing.

    The forensics expert may hold International Certification such as (ISC)2 CCFP.

    A malware analyst works in the field of computer and network security to examine, identify, and understand the nature of cyber-threats such as viruses, worms, bots, rootkits, and Trojan horses. These types of programs represent malicious code that can infect systems and cause them to behave in unexpected ways. Malware can compromise both the hardware and software integrity of a computer or network as well as steal proprietary data such as a company’s financial records.

    Because malicious code comes in many different forms, a malware analyst must be thoroughly conversant with both interpreted and compiled programming languages and must possess a keen understanding of both reverse-engineering and software development.

    The analyst may be asked to document the specimen’s attack capabilities, understand its propagation characteristics, and define signatures for detecting its presence. A malware analyst is sometimes referred to as a reverse engineer.

    Information Security Auditor

    The Information Security Auditor performs detailed information technology assessments and internal audit reviews to assess the effectiveness of security controls. This employee also acts as an advisor to information security compliance management regarding the impact of changes to information technology on the internal security controls of the business. This position is responsible for performing audits and internal testing of controls around annual FISMA assessments and ISO 27001 audits, PII audits, SOX-ITGC audits, and other areas as needed.

    Among his roles: Establish an enterprise information security auditing separate from annual assessments to include auditing existing computing systems, IT processes, and other areas as required. Use appropriate methods to monitor internal compliance with PII, records management and other policies as assigned.

    He also plans, execute and report information technology, privacy, and operational reviews to identify business, privacy, security, compliance, information technology and regulatory risks.