MORE ATTACKS: If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks. (Foto: Istock)

MORE ATTACKS: If a company can't tell which systems were penetrated, then the attackers might still be in the environment, continuing to siphon out data, or getting ready to launch more attacks. (Foto: Istock)

12 things every IT security professional should know

IDG NEWS: Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

Vil du fortsette å lese, velg et av alternativene nedenfor

  • Logg inn!

    Du har abonnement og er registrert som bruker.

  • Har abonnement!

    Du har abonnement, men ikke registrert deg.

  • Bestill abonnement!

    Digital tilgang er inkludert i alle våre abonnement.

Few complex professions change with the velocity of IT security. Practitioners are faced with an average of 5,000 to 7,000 new software vulnerabilities a year. That’s like springing 15 new leaks in your defenses every day. That’s on top of the tens of millions of unique malware programs that threaten your IT environment each year.

fired. threats, unwanted deluge your compromise single of put a jewels in the could hurt people this slip-up an get constant and spotlight, media Amid company revenues, crown and your

to successfully is Of say team it can back. course – your will. can’t and that not fight This

fight. good security computer professional things twelve Here every fight are should the to successfully know

opponents’ motives Your 1.

understanding attacker and do successfully they and after things bad Every why to and they You has you. story they guys are these everything objectives, how who they and own without can’t begin their are fight origin it. two do drive

do categories: you into Today, motives. these of who hackers Most fall the so serious one with threaten


sponsored/cyberwarfare Nation-state

Corporate espionage


theft Resource

multiplayer games in Cheating

way with the attack the it every ‘why’ present. how to today’s do. solving on motive of for to important what an Consider your Even type the you defeat the along guys offer not is your bad networks with Understanding opponent. everything it. clues same. might is key best It also though, is determine target to That else

malware Types of 2.

types malware: major malware one worm. three program of virus, or There Any these trojan an are horse, is of more classifications. amalgam of and computer

to spread. the computer of humans A code of files. it horse is relies storage programs uses a files, it that worm malware not claiming that other is trick help legitimate It be hosts programs, in itself. a program does motion. itself on trojan A into self-replicating a other need it to host setting or malware self-replicate; does in A horse curiosity to virus something is program replicate. to humans inside spread digital program not to A and trojan

your parse when basic important further. systems. find can for most into understand categories understand and you for the will how program’s to help malware origination of it so that you look it about the got do malware program, a will scenario where spread where to This understand these malware likely It’s likely together you

3. exploits cause Root

face malware software stop exploits: hacking twelve the only root the exploits each vulnerabilities and are types Each of millions twelve Here yet root year malware. someone’s those different security new programs, Stop IT into environment. unique allow and professionals and of root cause you’ll exploits of thousands cause of


Unpatched software


Social engineering

Password attacks


Data leaks


service of Denial

Insider/partner/consultant/vendor/third party

User error

access Physical

protection and Cryptography data 4.

symmetric basics and distribution of and should cryptography, hashing, learn against unauthorized encryption, modification. is the including professional making art the security cryptography protection. and access information of IT Digital encryption, key Every secure asymmetric

protection lawfully to modification law and securely you data a collected protection is privacy that Data back ensure the its to used, of against data prevent becoming guard you cryptography. also access, be and that protection up that and lot Complete demands Data availability. by unauthorized requires malicious increasingly it required

and network 5. packet analysis Networking

your they understand between packet addresses, for. network protocols, team and great used all difference level. recognize truly basics able a and layers as security and port of network will at with networks numbers, are various to OSI be model, switch, router the understand You are read to of such on the network the able because are facile a fields packet what professionals IT a the the They

the use and truly network computers analysis understand to understand that networks packet is them. To

Basic 6. defenses common

IT consider of computer “standards” basic include: apply. which computer are defenses, has They security. Almost every These good the common pros and

Management Patch

End-User Training



Secure Configurations



Detection Intrusion


security simply defenses IT But what and security stop fail good using a for are every is IT basic at common do. Understanding knowing too, the and what they at Know, don’t professional. they to must about stopping them.

Authentication 7. basics

any much more process unique, valid namespace label best a such of test. name. providing as two-factor or with is a for than process putting the more – principal the security a logon satisfying begins valid than Authentication of email that The It’s involved ID address, password authentication name, in understand user that. professionals the or identity

of the protected by known known attempted the security authentication, logon more holder resources examined identity authentication Authentication the identity. documented subject’s should his the providing be any correct user valid valid only by access All successful are When authorization. a process Then, database/service. one valid is process after as that that to accesses in or file. of “secrets” owner and this authentication identity the factor(s), authenticated the proves the types manager log attempts is the to holder and is a

Mobile 8. threats

only top humankind’s are The get than on mobile their need security information of IT is most the to through mobile mobile threats, people devices and take mobile professionals threats likely mobile security There a seriously. mobile more people include: now and increase, to device. planet mobile devices, most Because prowess

malware Mobile


theft or credential Data

theft Picture


Phishing attacks

wireless Unsecured

many there Any a threaten to they the there threats, And mobile not much what familiar between somedifferences. a familiar particulars IT difference IT is are. With a it device or job devices mobile become But professional isn’t how great mobile with are those of ASAP. computer. know pro's should

9. Cloud security

security cloud factors Pop networks? make more quiz: complex four What than traditional

IT to test. easily be should able this Every pro pass

is: The answer

control Lack of

the Always available internet on

(shared services/servers) Multi-tenancy


cloud data and administrators means is used infrastructure that computers” all have corporate “other infrastructures… vendor’s to Traditional no longer users doing cloud. sensitive that the the is trust its service (and the job. and Cloud security joke services, people’s risk control and really in store entails. You the that servers, cloud to isn’t) The team

IDG News Service