Information Security reduces the risks inherent to the business and provides peace of mind for companies that operate under protection. For a professional to start his career in the area, he needs to have clear knowledge of what I call the Information Security backbone.
Important concepts
The backbone is formed by the CID 'tripod', which stands for Confidentiality, Integrity and Availability of information. These concepts guarantee that data is not altered, is complete and only accessed by authorised persons.
And for there to be consistency in the application of the protection of this data, it needs to be classified.
According to NIST, ISO27001 and market best practices, we can highlight the following information classification levels that are most usual in the day to day of the cyber security professional:
- Confidential (the highest level of confidentiality);
- Restricted (medium level of confidentiality);
- Internal use (the lowest level of confidentiality);
- Public (everyone can see the information).
It is also important for those planning to enter the cyber security market to understand the definition and creation of measures that reduce the risks of improper access to information and ensure CID. These measures are called Controls.
Controls are, in essence, a set of processes and procedures, automatic or manual, that map, segregate and restrict access to certain information, defining in detail what can be accessed, who can access it and how.
Just like information, assets also need to be classified and this classification is done through the asset inventory that I call controls and that CIS Controls classifies as Basic Controls 1 and 2.
If you want to be a successful professional in Information Security, know this backbone of concepts well. This will make it easier to know which tool or technology to use in each security process.
You may have noticed that up to this point we have not explored the tools and technologies. Learning about them is important, but it will only make sense if you have the concepts first. Tools are just accessories to put that knowledge into practice. So before you learn more about them, master the concept.
Don't forget, academic background and English are fundamental.
In addition, a good IS Foundation Certifications plan covers acting knowledge in security areas such as Security Operation Center - SOC and Blue Team.
Conclusion
To conclude, I see professionals in the field who are very knowledgeable about techniques and tools, but neglect the basics. There is no magic formula. However, with discipline, a study plan of the steps above and networking, you will certainly conquer your space in the Information Security market.