Archive for Risk Assessment

I’m Going to Community SANS!

I am going for training finally.  I have only been in my current position for a year and a half now slugging my way through, figuring everything out on my own for the most part before finally getting approved for training.  To say that I am excited really is an understatement.

I did think that my first training would be Microsoft Certification training of some sort, but it turns out it will be SANS Institute training, and I am sooooo jazzed about it.

I will be attending the SEC401: SANS Security Essentials Bootcamp Style, which looks pretty intense, but does cover a bunch of topics that I have been trying to study and work on for the past year and a half.  I am going to be a facilitator at this event, which is really exciting and is honestly the only way my small company can afford to send me.  I will help the instructor and the people at SANS for a reduced tuition price.


Security Certifications Are the Way to Go

I read an interesting article this morning over at NetworkWorld.  It seems that while the value of many certifications is dropping, security certification value is on the rise.  For that matter, it seems demand for security related skills in general are on the rise.  For most of us in IT, that is no big surprise.  It seems there is a new data breach scandal weekly, and most of our managers are clammoring for risk assessments.

There are some specific certifications mentioned, like the Certified Information Security Manager and the GIAC Security Expert, both of which I have been thinking about myself, since my boss wants me to delve into the risk assessment process here.  I will be looking into both of these in the coming days.  I believe I have to get in a couple of years of practical experience before I really tackle either of these certs, but it is still something I can set as goal.

Risk Assessment

Out of the blue this week our GM asked me to begin doing a thorough Risk Assessment of our network and out data. Being fairly new to the whole Network Admin role, I quaked in my shoes a bit, and then started with Google. 

What I am finding is that this is a HUGE responsibility that could easily take up most of my time. I also found that I rather enjoy reading about this topic and planning for how we will do this at our small company. I also recognize that this could lead to a much deeper understanding not only of our network but how our company runs.

I started with a well written document from Network Computing called Risk-Assessment Strategies.  Now, I realize that this article is 8 years old, but if I remember correctly from college, methodology doesn’t change much.  Also, this document has been very helpful in giving me a birds-eye view of what I need to do for each area of concern. This turned out to be a great starting place for me, and I will continue to seek out other such help as I begin this immense task.

I also found, through refereneces in the above article, some helpful websites. The SANS Institute has a class that I am very interested in, and while I may not be able to convince the GM to spend this kind of money for training, the outline of what is taught gives me some ideas for what I need to be studying. I am specifically looking at the Security 401: SANS Security Essentials Bootcamp Style class, as it seems like a pretty comprehensive one and one that would be good for someone like me.

I also found that there are cheaper routes to go to get started with Risk Assessment instruction.  For example, here in the Chicago area they are offering a class called “How to Complete a Risk Assessment In 5 Days or Less” at the Secureworld Expo hosted by Microsoft.  This is three sessions of instruction that promise to provide methods and tools to use “an industry standard process in just five days.” 

As I learn and find more information, I will post it here, and please feel free to send along any links that you have used or have heard are helpful.