Skip to main content
SpringerLink
Log in
Book cover

IT Security Management pp 175–203Cite as

Social Networking for IT Security Professionals

  • Chapter
  • First Online:

  • 1332 Accesses

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 61))

Abstract

Once we have introduced the concepts of risk, threat and vulnerability (Chapter 1) and described the profiles that an IT security team requires (Chapter 2), together with a proposal on how a real IT security team could function (Chapter 3), we have presented our ideas on what an IT security team should do (Chapter 4) and how they could do it (Chapter 5). Subsequently, we have gone deeper into team dynamics (Chapter 6) and into possible paths to market IT security (Chapter 7), paying special attention to the need to achieve management support (Chapter 8).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    See Sections 2.6 and 6.9.

  2. 2.

    McClure (2003), p. 154.

  3. 3.

    See Sections 7.8 and 7.9.

  4. 4.

    See Section 7.9 and Gladwell (2000), pp. 38–46.

  5. 5.

    Parkinson et al. (2008), p. 1. See list of publications from Brian Parkinson at his Oxford University web site, available at http://psyweb.psy.ox.ac.uk/social_psych/. Last accessed 15-10-2009.

  6. 6.

    See Sections 2.3 and 4.10 on IT incident handling peculiarities.

  7. 7.

    Parkinson et al. (2008), p. 1.

  8. 8.

    See Section 5.9.

  9. 9.

    See Section 7.8.

  10. 10.

    See Section 8.1.

  11. 11.

    See Sections 7.2 and 7.11.

  12. 12.

    Chapter 6 describes interaction patterns within the IT security team.

  13. 13.

    The existence of different leaders for distinct security aspects is possible, for example, a technical leader and an HR-related leader. Evidently, both leaders need to communicate and cooperate extensively.

  14. 14.

    According to wordreference.com, security consists of “the set of measures taken as a precaution against theft or espionage or sabotage etc.”, whereas safety is “the state of being certain that adverse effects will not be caused by some agent under defined conditions”. Most definitions convey the message that safety deals with accidental events and security treats intentional events. Extracted from http://wiki.answers.com. Last accessed 16-10-2009.

  15. 15.

    More on this topic in Chapter 10.

  16. 16.

    An example of an excellent opportunity for informal networking is the face to face delivery of security tokens used in two-factor authentication to final users, if the IT security team is in charge of their handing over.

  17. 17.

    See Section 7.8.

  18. 18.

    See Section 3.6 and Atkinson (2005), Chapter 11.

  19. 19.

    The “risk house” model, presented in Section 8.6, shows the role of IT systems in organisations today.

  20. 20.

    See Section 9.2.

  21. 21.

    Sometimes networking objectives justify attendance to events with poor technical content.

  22. 22.

    In addition to an NDA signed by professionals in an organisation, some networks of IT security professionals make all their members sign an additional NDA to prevent member data leaks.

  23. 23.

    See Section 8.6.

  24. 24.

    See Section 2.1.

  25. 25.

    Phishing. An example of different industries suffering from the same threat: The three top industries targeted by phishers in 2008 were financial institutions (76% of all phishing lures), Internet Service Providers (ISPs, with 11%) and retailers’ sites (8%), according to the XIV Internet Security Threat report from Symantec. Available at http://www.symantec.com/business/theme.jsp?themeid=threatreport. Last accessed 13-10-2009, pp. 75–77.

  26. 26.

    See Section 2.2.

  27. 27.

    Unless they are seriously thinking to extend their field of expertise into hands-on security testing.

  28. 28.

    This list is not exhaustive. It only provides some initial leads to the reader.

  29. 29.

    ISACA web site available at http://isaca.org. Last accessed 15-10-2009.

  30. 30.

    According to http://www.isaca.org/Content/NavigationMenu/About_ISACA/Overview_and_History/Overview_and_History.htm. Last accessed 15-10-2009.

  31. 31.

    ISC2 web site available at http://isc2.org. Last accessed 15-10-2009.

  32. 32.

    According to http://www.isc2.org/PressReleaseDetails.aspx?id=2706. Last accessed 12-10-2009.

  33. 33.

    ISF web site available at http://www.securityforum.org. Last accessed 12-10-2009.

  34. 34.

    According to https://www.securityforum.org. Last accessed 12-10-2009.

  35. 35.

    OWASP web site available at http://owasp.org. Last accessed 12-10-2009.

  36. 36.

    See Sections 4.4 and 4.9.

  37. 37.

    Information extracted from http://en.wikipedia.org/wiki/OWASP. Last accessed 12-10-2009.

  38. 38.

    SANS web site available at http://www.sans.org. Last accessed 15-10-2009.

  39. 39.

    GIAC is offered by the SANS Institute and it stands for Global Information Assurance Certification.

  40. 40.

    Pauldotcom site is available at http://www.pauldotcom.com. Last accessed 15-10-2009.

  41. 41.

    See Annex 3. IT security starter kit.

  42. 42.

    RSA stands for Ronald Rivest, Adi Shamir, and Leonard Adleman, inventors of the RSA encryption algorithm.

  43. 43.

    See their Internet site at http://www.rsaconference.org. Last accessed 21-10-2009.

  44. 44.

    ISACA is the Information Systems Audit and Control Association.

  45. 45.

    See site available at http://www.defcon.org. Last accessed 12-10-2009.

  46. 46.

    See archives at http://www.blackhat.com/html/bh-media-archives/bh-multimedia-archives-index.html. Last accessed 12-10-2009.

  47. 47.

    More information on http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference. Last accessed 12-10-2009.

  48. 48.

    See site available at http://cansecwest.com. Last accessed 12-10-2009.

  49. 49.

    See examples at http://cansecwest.com/pastevents.html. Last accessed 12-10-2009.

  50. 50.

    See site available at http://www.shmoocon.org. Last accessed 21-10-2009.

  51. 51.

    Attendees are armed with “shmooballs” so that they can assess the quality of the speakers real-time.

  52. 52.

    See site available at http://www.brucon.org. Last accessed 2-11-2009.

  53. 53.

    See Section 3.5.

  54. 54.

    See Section 2.4.

  55. 55.

    ICT-Forward is an example of valuable collaboration among private sector, academia and institutions. See their site at http://ict-forward.org. Last accessed 12-10-2009.

  56. 56.

    See SANS secure development initiative at http://www.sans-ssi.org. Last accessed 21-10-2009.

  57. 57.

    See examples of a cyber exercise provider at http://www.whitewolfsecurity.com. Last accessed 21-10-2009.

  58. 58.

    Technology security consulting is a hot market for small businesses, according to Entrepreneur magazine, “Newest Trends & Hottest Markets”, January 2005. Information retrieved from http://www.score.org/small_biz_stats.html. Last accessed 30-10-2009.

  59. 59.

    See Section 9.10.

  60. 60.

    Presented in Section 8.6.

  61. 61.

    Chapter 10 provides further input about future IT security market trends.

  62. 62.

    Our forecast is that the next IT security profile following this trend will be IT security strategists, those with enough experience and vision to foresee and organise the IT security landscape in organisations in the coming decades.

  63. 63.

    The role of internal IT security teams is evolving into brokers, resource coordinators and valid interlocutors with IT security service providers (independent consultants and providers of managed security services).

  64. 64.

    The Metasploit framework is a tool for developing and executing exploit code against a remote target machine. Input from http://en.wikipedia.org/wiki/Metasploit. Last accessed 22-10-2009.

  65. 65.

    In 2009 marketing a personal IT security brand is an option. In the coming years it will be a hard fact-based requirement.

  66. 66.

    Usually in the form of open source code, free tools, technical howtos, papers, articles, etc.

  67. 67.

    For example, speaker at well known conferences, access to decision making fora or a high number of professional connections.

  68. 68.

    Adapted from Nobokov (1973), p. 3. Foreword.

  69. 69.

    Most of the links provided in Annex 3 give also access to well-known IT security blogs.

  70. 70.

    See Section 3.6.

  71. 71.

    See Annex 3. IT security starter kit.

  72. 72.

    See Section 1.20 and Chapter 8.

  73. 73.

    See Sections 2.6 and 2.7.

  74. 74.

    See Section 9.6 about networking outside the organisation.

  75. 75.

    Adaptation of the “underpromise and overdeliver” principle mentioned in Section 5.4.

  76. 76.

    In case of a layoff, the career incident response podcast series, by Lee Kushner and Mike Murray, is an interesting lead. It is available at http://www.infosecleaders.com/career-incident-response-audio-series. Last accessed 8-11-2009.

  77. 77.

    See Section 6.2 about working with colleagues with alternative views.

  78. 78.

    Even careful scrutiny if the reputation of the professional is excellent.

  79. 79.

    Would a customer trust their commercial secrets to an IT security professional that loses an unencrypted laptop with confidential customer information?

References

  • Atkinson, M.: Lend Me Your Ears: All You Need to Know About Making Speeches and Presentations (Chapter 11). Oxford University Press, New York (2005)

    Google Scholar 

  • Gladwell, M.: The Tipping Point: How Little Things Can Make a Big Difference, p. 132. Little Brown, Boston (2000)

    Google Scholar 

  • Harding, S., Long, T.: MBA Management Models. Gover, England, pp. 84, 181 and 187 for Chapter 1, pp. 105–108 and 109–112 for Chapter 2, pp. 161–163, 197–199, 59–63 and 73–76 for Chapter 4, pp. 17–20 and 21–24 for Chapter 5, pp. 101–103 and 121–124 for Chapter 6, pp. and 191–194 and 95–98 for Chapter 8, pp. 149–153 and 169–172 for Chapter 9 and pp. 211–214 and 173–176 for Chapter 10 (1998)

    Google Scholar 

  • McClure, J.: In: McClure, S. (ed.) How to Find Your Dream Job and Make It a Reality: Solutions for a Meaningful and Rewarding Career, p. 154. Trafford Publishing, British Columbia (2003)

    Google Scholar 

  • Nobokov, V.: Strong Opinions (Foreword), p. 3. McGraw-Hill, New York (1973)

    Google Scholar 

  • Parkinson, B., Marinetti, C., Moore, P., dos Anjos, P.L.: Chapter 1: Emotions in social interactions: unfolding emotional experience. Emotions in Social Interactions: Construction of Emotion Experience. Available at http://cfpm.org/~pablo/anjos,humaine_chapter.pdf (2008)

Download references

Author information

Authors and Affiliations

  1. Technical University of Madrid Universidad Politécnica de Madrid (UPM), Madrid, Spain

    Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA (Information Security Expert)

  2. Grupo de Automatización en Señal y Comunicaciones, Technical University of Madrid Universidad Politécnica de Madrid (UPM), Madrid, Spain

    Diego Andina

Authors
  1. Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Diego Andina
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alberto Partida GIAC, CEH, CISSP, CISA, CGEIT, MBA .

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Netherlands

About this chapter

Cite this chapter

Partida, A., Andina, D. (2010). Social Networking for IT Security Professionals. In: IT Security Management. Lecture Notes in Electrical Engineering, vol 61. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-8882-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-90-481-8882-6_9

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-90-481-8881-9

  • Online ISBN: 978-90-481-8882-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation