How to write an information security architect job description

How to write an information security architect job description.
Any good job description will spell out the role’s duties and priorities.
The job description might also provide the role’s requirements, which could include certifications, skills, experience and education.
They include: Design, build and implement enterprise-class security systems for a production environment Align standards, frameworks and security with overall business and technology strategy Identify and communicate current and emerging security threats Design security architecture elements to mitigate threats as they emerge Create solutions that balance business requirements with information and cyber security requirements Identify security design gaps in existing and proposed architectures and recommend changes or enhancements Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications Train users in implementation or conversion of systems [Related: What it takes to be a security architect] Skills and competencies This section outlines the technical and general skills required, as well as any certificates or degrees that a company might expect an information security architect to have.
Key technical skills include: Five or more years’ experience in: Security architecture, demonstrating solutions delivery, principles and emerging technologies – Designing and implementing security solutions.
This includes continuous monitoring and making improvements to those solutions, working with an information security team.
“Typically at least CISSP is required,” he says, “but if your background clearly shows a significant amount of experience in building security solutions – as mine did – you may be able to make a compelling case with experience and education alone.” Industry-specific requirements Certain industries might have unique requirements that need to be addressed in the information security architect job description.
That is especially true in healthcare, which requires in-depth knowledge of Electronic Health Records (EHR) systems and protecting patient information in compliance with the Health Insurance Portability and Accountability Act (HIPAA).
Axel Wirth, healthcare solutions architect at Symantec, says the “complexity of the ecosystem” means a security architect needs a very broad range of skills.
He says in healthcare, the mission is important as well.

On voter privacy, we’ve taken one step forward and two steps back

The recent controversy over a White House commission request for voter data shows many state officials support protecting the privacy of this information.
However, too many states also favor new ways to violate the privacy of supporters of charities, advocacy groups, and trade associations by requiring these groups to reveal information about the names, home addresses, employers, and donation amounts of their members.
These officials support individual privacy in the act of voting, just not when citizens come together to speak about voting.
The information requested?
Just the names, home addresses, birthdates, political party affiliations, and voting history of Americans since 2006.
So far, two lawsuits have been filed, and the Electronic Privacy Information Center requested that a U.S. district judge block the commission’s request.
In New Mexico, Secretary of State Toulouse Oliver has proposed a new rule invading the privacy of supporters of groups, including charities.
She wants to publicly reveal the names and home addresses of supporters of such groups for merely mentioning candidates or even publishing nonpartisan information.
Further, this right does not go away the moment we step out of the voting booth.
Americans should not fear associating with groups of like-minded citizens to voice their opinions.

Most Guns Sold on the Dark Web Originate From the United States, Study Finds, Surprising No One

Most Guns Sold on the Dark Web Originate From the United States, Study Finds, Surprising No One.
Roughly three-fifths of the weapons sold on a selection of dark web marketplaces originate from the United States, according to a new study examining the scope of the internet’s black market arms trade.
The first of its kind, a report from RAND Corporation details the ever-expanding role of the dark web in facilitating the sale of firearms, ammunition, and explosives.
“While the use of these platforms as facilitators for illicit drug trade has increasingly been the subject of research by a number of academics, little has been done to conduct a systematic investigation of the role of the dark web in relation to the illegal arms trade, drawing on the insights offered by primary data,” the report says.
Of the 811 listings, 41 percent were for firearms; 27 percent were for arms-related digital products; and 22 percent were for ammunition.
The ‘ship from’ country on other listings by the same vendor.
The ‘ship from’ country of a vendor on other cryptomarkets.
The data shows that up to 59.9 percent of the firearms sold across the 12 examined cryptomarkets originate from the US—the world’s largest exporter of conventional weapons.
“The dark web is both an enabler for the trade of illegal weapons already on the black market and a potential source of diversion for weapons legally owned,” said Giacomo Persi Paoli, a research leader at RAND Europe and the report’s lead author.
A few people using illegally purchased weapons from the dark web can have severe consequences.”

Here’s how the US can retaliate against Russian hacking and ‘kick them in the balls’

Here’s how the US can retaliate against Russian hacking and ‘kick them in the balls’.
But attributing and responding to cyber crimes can be difficult, as it can take “months, if not years” before even discovering the attack according Ken Geers, a cybersecurity expert for Comodo with experience in the NSA.
Even after finding and attributing an attack, experts may disagree over how best to deter Russia from conducting more attacks.
But should President Donald Trump “make that call” that Russia is to blame and must be retaliated against, Geers told Business Insider an out-of-the-box idea for how to retaliate.
Thomson Reuters The move would be attractive because it is “asymmetric,” meaning that Russia could not retaliate in turn, according to Geers.
In the US, the government does not control communications, and Americans are already free to say whatever they want about the government. “What if we flooded the Russian market with unbreakable encryption tools for free downloads?,” Geers continued.
It would put the question back to them, ‘what are you going to do about it?'”
The NSA would study the challenges Russia has with censorship, how it polices and monitor communications, and then develop a “fool-proof” tool with user manuals in Russian and drop it into the Russian market with free downloads as a “big surprise,” he added.
The ball would be in Russia’s court, so to speak, and they might think twice about hacking the US election next time.

News Wrap: U.S. and Russia discussing cybersecurity collaboration, says Russian news agency

JUDY WOODRUFF: In the day’s other news: Russia’s official RIA news agency reported the U.S. and Russia are talking about creating a cyber-security working group.
President Trump had raised a similar idea during the G20 summit, but backed off under heavy criticism.
The Congressional Budget Office says that a revised Senate Republican health care bill leaves as many people uninsured as a previous version.
The CBO reported today that, under the bill, another 22 million Americans would lose coverage by 2026.
The health of Senator John McCain dominated this day at the U.S. Capitol.
The disease has killed 35 million people over the past four decades.
Today, in a live-streamed hearing, Simpson, now 70 years old, pleaded his case to the state parole board.
SIMPSON: I have done my time.
JUDY WOODRUFF: Simpson’s defenders said that his 33-year sentence was overly harsh, and that he was really being punished for the murders of his ex-wife and her friend in 1994.
ExxonMobil was fined $2 million today for violating U.S. sanctions on Russia in 2014.

Cybercriminals can take a class on stealing credit cards

Your credit card information is valuable, and for criminals who want to learn how to find and use it — there’s a class for that.
Security firm Digital Shadows discovered the cybercrime class taught by five instructors and sold on a deep web forum.
Digital Shadows estimates $24 billion will be lost to credit card fraud next year.
Criminals can also take emails and passwords leaked from other data breaches, and test them on banking websites.
According to Digital Shadows, the course recommends visiting one of six different sites to get credit card data.
On two of those forums, more than 1.2 million card numbers were advertised for sale — nearly half of them in the U.S. CNN Tech is not publishing the names of the sites on the deep web where criminals can buy credit cards.
Barbosa helped prosecute Roman Valerevich Seleznev, one of the world’s most notorious carders.
Seleznev stole millions of credit card numbers and sold them to other criminals.
Seleznev trained fraudsters on how to use stolen credit cards to increase demand for the product he stole.
His training, though more rudimentary than the lectures discovered by Digital Shadows, helped boost his own business.

Students get schooled in cybersecurity

Students get schooled in cybersecurity.
But for 40 local high school students, the second annual GenCyber Jersey Blues program is about playing mind games.
Brookdale Community College hosted the cybersecurity camp for students who have an interest in protecting the nation, individuals and companies against computer-related attacks, on the college’s Lincroft campus.
I want to work for the government, protecting against hackers and all that,” says Josh Gates, a senior from Raritan High School.
“So, I found this camp online and I thought it would be a great experience.” At the camp, students learn about password protections and how to defend against hackers.
Even at a young age, some have been exposed to the dark side of the internet.
So that just interested me in how vulnerable everything is on the internet,” says Julia Hollosi, a junior from Westfield.
Interest in cybersecurity has received a boost from the news about Russian hacking and recent spy movies, including “The Imitation Game,” which is about cracking German codes in World War II.
“The ‘Caesar code’ is a wheel and it has all the letters and then it has an out wheel so if you have a letter ‘a’ you can turn it so ‘a’ equals ‘q,’” Livingstone explains.
They also played games solving puzzles — tools used in the recruitment of future code-breakers.

Cybercriminals can take a class on stealing credit cards

Security firm Digital Shadows discovered the cybercrime class taught by five instructors and sold on a deep web forum.
The class was revealed in research published Wednesday investigating credit card fraud and a criminal activity called “carding,” or stealing and using payment card data.
Digital Shadows estimates $24 billion will be lost to credit card fraud next year.
Criminals can also take emails and passwords leaked from other data breaches, and test them on banking websites.
According to Digital Shadows, the course recommends visiting one of six different sites to get credit card data.
On two of those forums, more than 1.2 million card numbers were advertised for sale — nearly half of them in the U.S. CNN Tech is not publishing the names of the sites on the deep web where criminals can buy credit cards.
Barbosa helped prosecute Roman Valerevich Seleznev, one of the world’s most notorious carders.
Seleznev stole millions of credit card numbers and sold them to other criminals.
Seleznev trained fraudsters on how to use stolen credit cards to increase demand for the product he stole.
His training, though more rudimentary than the lectures discovered by Digital Shadows, helped boost his own business.

CSO mobile phone plan ‘surveillance at its worst’ – privacy expert

CSO mobile phone plan ‘surveillance at its worst’ – privacy expert.
Former Ontario privacy commissioner would not want her data accessed this way A project by the Central Statistics Office proposing to track tourists and Irish residents travelling abroad using mobile phone roaming data has been described as “surveillance at its worst” by a world-renowned privacy expert.
It has been in a stand-off with the Data Protection Commissioner for almost nine years on the legality of the proposal, but said last week it had found an “innovative technical solution” to anonymise the phone records.
The commissioner’s office has described the project as “disproportionate” and “extraordinary”.
“They don’t seem to realise that both direct and indirect identifiers may be used to track the activities of individuals, in this case via their cell phones, which can then be linked to personal identifiers, creating a detailed picture of one’s activities and whereabouts,” Dr Cavoukian told The Irish Times by email.
“Privacy is all about control: personal control over the uses of one’s data, and I certainly wouldn’t want my cell phone accessed in this manner if I was visiting Ireland.
“None of this is free for the telcos, who are all operating in financially constrained markets.
So either the State pays for it and indemnifies the telco or the customer pays for it,” Mr O’Brien said.
Confidentiality of communications was a fundamental element of EU law, he added.
“There’s nothing inherently wrong with doing any of this stuff if it’s done the right way, but this is not the right way.

5 lessons small business should learn from recent cyber attacks

5 lessons small business should learn from recent cyber attacks.
1.Attacks are random and unpredictable Cyber-attacks cannot really be predicted, unless we are talking about very specific targets which constantly come under fire.
When attacks are this random, they should always be expected.
If you are a small business, you also have the responsibility of protecting your users.
Perhaps the most common mistake by small businesses in regards to cyber security is that they assume they will not be attacked.
In fact, plenty of hackers specifically target small businesses exactly because they are small.
Of course, all of these can be expensive processes, so you will need to balance your budget against potential threats.
Some of the computers infected with WannaCry were still running Windows XP, for example, despite the fact that extended support for the OS ended more than three years ago.
Even those who were running newer operating systems such as Windows 7 had neglected security for one reason or the other, resulting in unpatched systems which were obviously vulnerable to the cyber-attack.
In fact, you may even be held responsible if information is leaked.