Online Safety Checklist

Is your personal information secured online and are you taking all the possible measures to ensure that it is safe? There are some simple steps that you can follow to strength your online security!

  1. Password Protection- When it comes to password security, it is better to be safe than sorry. Refrain from sharing your password online. Create passwords that are unique and difficult for a hacker to figure out… don’t make it easy for them! Don’t use your pet’s name, or your birth date- this is information that can be easily discovered. Another problem with passwords is the vast accumulation of them over time. Do not keep your passwords in your phone, or saved on a document on your computer. These files can end up in the hands of hackers, leaving your personal information at risk. Consider using a protected password manager to store your passwords.
  2. Do not open attachments from untrustworthy sources! –Simple as that.
  3. Safe Online Shopping-  shopping online is quick and convenient, but can also put your personal information at risk of being stolen. When you use your credit card online it is susceptible of being hacked. A piece of advice: Only use your credit card on websites with the prefix “https”. The “s” confirms that the site is using a secure protocol to encrypt any communication between you and the website you are shopping on. So when in doubt, play it safe and don’t shop on that site, but if you must…look for the “s”.
  4. Mobile Device Safety- Now-a-days almost all of our personal accounts can be accessed in the palm of our hands. This includes banking accounts, shopping accounts, email, etc. The scary thing is, it is so easy for your mobile device to be misplaced and stolen. So, it is just as important to ensure that your are following the above safety tips with your mobile devices.
    • Set lock codes on your phone
    • Enable Find My iPhone, iPad, and Mac.
    • Set up Do Not Track in your web browser
    • Look for the “https” URL
    • Avoid connecting to public Wi-Fi
    • Manage your privacy settings for your apps

These are just a few simple tips to get you headed on the right path to securing your personal information. It is easy to overlook practices that make us vulnerable to cyber attacks. But, it is important to make ourselves aware. Consider taking TrainACE’s Security+ Training Course to strengthen your knowledge on general security concepts.

The Current State of the Security+ Certification

The majority of IT professionals do not specialize in a computer security career path, but security is undoubtedly an essential aspect of all computer-related careers today. Every business has some type of computer system, and the increasing presence of Wi-Fi and internet access make external threats to business data and operating systems a part of everyday life. Security+ is a vendor-neutral certification that is applicable to any computer system, from any vendor, on any network platform.

The Computing Technology Industry Association, better known as CompTIA, was originally organized in 1982 under the name Association of Better Computer Dealers, Inc. It is a non-profit organization that provides a variety of examination and certification services to the IT industry. Security+ is one of these certifications.

The association was involved in some controversy in 2011 when certification standards were updated. The Security+ certification, along with several others, had always been valid for the lifetime of the holder. Beginning in 2011, however, CompTIA changed the certification terms to expire every three years with no provision to grandfather in current certification holders. Recertification was required of everyone, every three years, through either a paid CEU system or through retesting with an additional fee.

Computer security changes so rapidly that, from an industry viewpoint, the changes were required to ensure that certified people really were on top of current threats. Certification holders objected strenuously, and a compromise was reached within a month. Existing certification holders were exempted from retesting requirements, but continuing education requirements were made mandatory.

Security+ certification, first established in 2002 and updated in 2011, is an internationally recognized program that indicates proficiency in computer system security, network security, compliance and operational security, access control and identity management, threats and vulnerabilities, cryptography, and application, data, and host security. It is recognized and used by all branches of the US military and by large electronics firms such as Hewlett-Packard, IBM, Motorola, Symantec, Hitachi, and Unisys.

The 90-minute examination is available in multiple languages and consists of 100 questions for a total possible score of 900 points. The exam covers system security, network infrastructure, cryptography, assessments, and audits, and a score of 750 or higher is required to pass. CompTIA Security+ certification is accredited by the International Organization for Standardization and by the American National Standards Institute.

The certification may be used as an elective for both the MCSA and MCSE security specializations from Microsoft, and it is one of four available options for the DoD Directive 8570, IAT Level II certification requirement for military contractors engaged in information assurance activities.

Security+ online training has become perhaps the most popular way to prepare for the exam. Many of these online classes feature a live instructor who has been recorded so that you can watch lessons several times. Practice exams are available from many third-party testing sites. Many of these sites advertise very high success rates and offer money back guarantees. Whenever purchasing a study guide or access to a practice site, candidates should ensure that the site contains updated information and offers preparation for the current version of the CompTIA Security+ exam. The exam and certification requirements were updated in 2011.

Computer security is one of the fastest growing fields in the undisputedly fastest growing industry. IT professionals with strong security skills are an asset to employers, and CompTIA Security+ certification is an undeniable way to indicate proficiency in this subject area.

Intrusion Prevention Systems

Intrusion Prevention Systems (IPS) are among the most purchased items in data security. IPS’s provide a network with some level of security and although people with some basic hacking tools and skills and usually quickly break through some of the basic IPS’s out there, they still serve their purpose in most situations. Either way, the IT security professional and system / network admin in today’s world needs to know about Intrusion Prevention Systems. Here is a good video we found to explain:

EC-Council 2010 ATC Awards

As we have discussed in the past, the hottest realm of IT training in the past year or so has been IT security and information assurance (IA Training). Among the popularity leaders in this category are the following certifications: CISSP, CEH. CHFI, ECSA / LPT and the Advanced Penetration Tester (APT). In the forefront of certification agencies on this list is the EC-Council. This organization has grown by leaps and bounds and is seen as the leader in information security courseware and certs.

The EC-Council has just announced the ATC (EC-Council Accredited Training Center) awards for 2010. The world’s #1 company for EC-Council hacking and forensics training is Advanced Security by Academy of Computer Education. Instructor of the Year goes to Advanced Security’s Master Trainer Joe McCray. Joe has had a big year for other reasons, namely he has become one of the foremost pentesting experts in the country and has been a guest speaker at some major conferences and events throughout 2010.

Have a look at the EC-Council 2010 ATC Awards.

Why We Need IT Certifications

In a world of heavy competition in the job market and in our current economic state, it is more imperative than ever to have an edge over other applicants when searching for jobs or changing careers. From office managers to heath care professionals there are professional certificate programs and certifications that can be earned by attending approved training classes that are geared towards giving practical and hands-on skills that should carry on into the workplace. This type of training and certification provides employers a sense of confidence knowing that the certified individual can quickly learn their job function and carry it out with minimal supervision. This is certainly the case with many technical jobs especially in IT.
When it comes to your career in the IT field, whether you have years of experience or you are just starting out, there is tremendous strength and growth potential when you obtain the latest certifications in the area(s) you choose to become an expert at. Let’s face it, how many people do you know that have degrees in Information Systems that are still unable to gain employment? This is largely due to the lack of hands-on and practical training that the degree programs offer and many employers are aware of this.

You can start out by learning the fundamentals of hardware, software, and network support in a program like the A+ Network+. And there are even Vendor specific certifications such as the CCNA by Cisco and the MCITP-SA by Microsoft that once earned, let the employer know that you have expertise in these specific areas. So if you are looking to become a Network Administrator and want to be able to manage and configure the medium of which networks rely on, then the CCNA training and path is what you should look at. If you want to provide support in a server environment and become a System Administrator, the Microsoft certification path is for you. These are just a couple of directions you can go in the IT field. There is also, of course, the high demand for Security professionals in IT. With the threat of cyber attacks and those with malicious intent, companies are seeking the best solutions for identity protection, data loss prevention, and data recovery to ensure their business runs smoothly and with minimal liability. Many doors are opening and new positions are being created to combat these issues making IT Security a truly desirable skill to have. For those looking into the IT Security field or have experience without the certification(s), you may want to look at the Security+, Certified Ethical Hacker(CEH), and Certified Hacking Forensic Investigator(CHFI) certification courses.

The bottom line is there are many possibilities one can have when achieving IT certifications which indeed makes them more important than ever to have. Whether you are starting out or are already in the IT field, certifications can help you reach your potential.

Update on the DoD 8570 Directive

The DoD 8570 directive is something that has been making many IT Security / Information Assurance professionals sweat for the past couple of years. Strangely enough, the deadlines are never met and keep getting pushed back.

The latest addition to the DoD 8570 directive is the Certified Ethical Hacker (CEH) certification.

This certification is a very hands-on, practical, know what you are doing kind of cert, different from some of the others that appear on the 8570. In fact, if you take a CEH class you’ll see what I mean. By nature, they are almost all hacking (using exploits, worms etc.) from start to finish.

So not only does the CEH certification’s addition to the DoD 8570 break form from the norm (see CISSP, Security+ – theory / concept based certs) but in my opinion its a strange recognition by the DoD and the US Government of the latest trend in data security. CEH was made popular by good marketing by the EC-Council coinciding with a growing need (data threats via network penetration). The popularity that has been growing rapidly for the last two to three years is now being recognized by the Gov, which is not something were all too used to seeing.

Watch in years to come for certifications that are more theory based to go by the wayside and certifications that are application based to skyrocket in popularity. Things to watch: CEH, CHFI, ECSA, LPT and the Advanced Penetration Tester (APT).

FUNNY UPDATE: Check out the comment spam we got from Shon Harris’ blog, I actually approved it. Im interested to know what spammy SEO company she has marketing her site, Shon has far too strong a name in the industry for that.

CompTIA Adds New Material to Security+

News in Information Technology Security:

On October 13th CompTIA announced that it is adding new material to the Security+. Much of the Security+ material from the test of the past couple of years will remain. The new 2008 version of the exam adds new questions that are based around knowing how to react to and handle specific security issues and breaches. The previous Security+ exam is more based on simply being able to recognize these issues. The new exam covers six major objective areas: Network Infrastructure, Systems Security, Cryptography, Access Control, Assessments and Audits, and Organizational Security.

This change greatly affects those federal employees and government contractor employees who fall under the requirement of the DoD Directive 8570 who are obligated to achieve the Security+ Certification. Now, those who had prepared for the older version of the test are going to need some additional study time.

*Read CompTIA’s Press Relese Here*