Commodore PC Still Controls Heat and A/C At 19 Michigan Public Schools

Commodore PC Still Controls Heat and A/C At 19 Michigan Public Schoolsfrom the if-it-ain’t-broke dept.

jmulvey writes:

Think your SCADA systems are outdated? Environmental monitoring at 19 Grand Rapids Public Schools are still controlled by a Commodore Amiga. Programmed by a High School student in the 1980s, the system has been running 24/7 for decades. A replacement has been budgeted by the school system, estimated cost: Between $1.5 and 2 million. How much is your old Commodore Amiga worth?

Posted by Soulskill a day ago

Beware! Your Smart TV May Be Watching & Listening To Everything You Do & Say!

IMG_2595

YOUR SAMSUNG SMARTTV IS SPYING ON YOU

eWeek – Enterprise IT Technology News, Opnion and Reviews

Be careful, you may be watched!

With the advances in technologies, your own purchases may be used against you. Privacy advocates are up in arms!!

Justice Department: Default Encryption Has Created a ‘Zone of Lawlessness’

ORIGINAL ARTICLE

from the what-would-you-call-this-zone-that’s-allegedly-associated-with-danger? dept.
Jason Koebler writes:
Leslie Caldwell, an assistant attorney general at the Justice Department, said Tuesday that the department is “very concerned” by the Google’s and Apple’s decision to automatically encrypt all data on Android and iOS devices.

“We understand the value of encryption and the importance of security,” she said. “But we’re very concerned they not lead to the creation of what I would call a ‘zone of lawlessness,’ where there’s evidence that we could have lawful access through a court order that we’re prohibited from getting because of a company’s technological choices.

Posted by Soulskill 2 days ago

A Cybersecurity Threat That Could Be Lurking On Your Phone

A Cybersecurity Threat That Could Be Lurking On Your Phone

Gary Miliefsky, SnoopWall CEO, and founding member of the US Department of Homeland Security announces a privacy breach posed by smartphone flashlight apps. Miliefsky has advised two White House Administrations on Cybersecurity.

He was scheduled to join us on set for Special Report, but we had to make room for breaking news. We know you were all excited to hear this story and so we brought Gary in just for The Daily Bret. Share your thoughts with us on Twitter @BretBaier or here on the blog– after hearing this story will you delete your flashlight app?

8 Penetration Testing Apps For Android Devices!

8 Penetration Testing Apps For Android Devices!

Perform pen test while you’re on the move with these apps on your Android device!

IMG_1944.JPG

Monday, January 13, 2014: The PC market is declining day by day as the smartphone and tablet market rises. When they say that smartphones and tablets can do almost everything that PCs can they aren’t all that wrong. A very good example of that is the penetration testing capabilities that these devices hold. Here is a list of apps that you can use on your Android-based device in order to Pen Test a network.

1. dSploit: This is a penetration testing suite for Android networks. It has all-in-one network analysis capacities and is available for free. The app is easy to use and quite fast. It runs on Android 2.3 Gingerbread or higher.

2. Network Spoofer: This app can be used in order to change websites on other people’s computers from your Android-based smartphones. Although this is not exactly a penetration testing tool, it can still show you how easy or difficult it is to hack a particular network.

3. Network Discovery: This free app for Android-based devices and doesn’t need the user’s phone to be rooted. It has a simple user interface and is quite easy to use. The app helps you to gather information on the network that you are connected to.

4. Shark for Root: This is a traffic sniffer that is meant for your Android device. It works pretty easily on both WiFi and 3G networks. The app comes with Shark Reader that can be used to view the dump on your smartphone. In addition, there is Wireshark, which allows you to open the dump on your system.

5. Penetrate Pro: This is an Android app that can be used for WiFi devoding functions. The newest version of this app has also added a number of nice features. You can also use the app to calculate WAP/WEP keys for wireless routers. Many antivirus apps flag Penetrate Pro as a virus. The app though doesn’t harm your device.

6. DroidSheep [Root]: This is a session hjacking tool that can be used on Android devices. This penetration testing tool can be used for security analysis in wireless networks. The DroidSheep app can be used in order to hijack most web accounts.

7. DroidSheep Guard: This app has also been developed by the developers of Droidsheep and does not need a device to be rooted. You can use the app to monitor ARP tables of Android-based devices and ARP-spoofing attacks on networks being performed by DroidSheep, FaceNiff and other apps of the kind.

8. WPScan: This is a WordPress vulnerability scanner. The app can be used in order to scan a website created on WordPress and find the security vulnerabilities that it has. The desktop version of the app though is more powerful than the Android version.

Are You A SysAdmin? Keep These 10 Tools At Hand!

Original EFYTIMES article

Being a sysadmin has its share of joys, however, challenges abound in this digital world!

Thursday, April 24, 2014: A sysadmin is entrusted to constantly monitor the system. Sysadmins have to be aware of everything about the system starting from CPU load and network traffic statistics to how much free disk space is available. In addition, things go haywire from time to time, in which case it is better that the sysadmin finds out from the monitoring system than from an user. The following tools come in handy when such a case arrives.

1.Random Password Generator

This form allows you to generate random passwords. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs.

2.Eraser

Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.

3.OWASP Mantra

Mantra is brought to you by OWASP, a free and open software security community focusing on improving the security of software. OWASP Mantra comes with a powerful set of tools. FireCAT integration makes it even more accessible.

4.Retina Network Community

Retina Community gives you powerful vulnerability management across your entire environment. For up to 256 IPs free, Retina Community identifies network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments.

5.OpenStego

OpenStego provides two main functionalities- It can hide any data within a cover file (e.g. images), Watermarking files (e.g. images) with an invisible signature. It can be used to detect unauthorised file copying.

6.Freeraser

Destroy files and eliminate any possibility of their restoration with Portable Freeraser. This free files shredder destroys the data you choose before the deletion by filling the actual content of the file according to the predefined method.

7.OpenPuff

OpenPuff is a professional steganography tool, with unique features you won’t find among any other free or commercial software. OpenPuff is 100 per cent free and suitable for highly sensitive data covert transmission. Data is split among many carriers. Only the correct carrier sequence enables unhiding. Moreover, up to 256Mb can be hidden, if you have enough carriers at disposal. Last carrier will be filled with random bits in order to make it undistinguishable from others.

8.OpenVAS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs).

9.Network Security Toolkit

This bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.

10.Security Onion

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools.

Saurabh Singh, EFYTIMES News Network

Looking To Replace Your XP? Here Are 30 Open Source Alternatives!

20140421-200302.jpg

Original article & links

Monday, April 21, 2014: With all the Windows XP end of life fiasco now well behind us, Linux is the preferred choice for individuals and organisations alike around the world. While Linux Mint has the same look and feel as XP, Ubuntu’s recent LTS release boasts of tremendous functionality and a seamless user interface. Likewise, the world of Linux and Open Source has a lot to offer when it comes to providing you with a good alternative to the famed XP. Here are 30 Linux Operating Systems making headlines.

1.Linux Mint

The purpose of Linux Mint is to produce a modern, elegant and comfortable operating system which is both powerful and easy to use. Started in 2006, Linux Mint is now the 4th most widely used home operating system behind Microsoft Windows, Apple Mac OS and Canonical’s Ubuntu.

2.Ubuntu

Ubuntu is a Debian-based Linux operating system, with Unity as its default desktop environment (GNOME was the previous desktop environment).

3.Zorin OS

Zorin OS is a multi-functional operating system designed specifically newcomers to Linux. It is based on Ubuntu which is the most popular desktop Linux operating system in the world.

4.MEPIS

MEPIS is a set of Linux distributions, distributed as Live CDs that can be installed onto a hard disk drive. The most popular MEPIS distribution is SimplyMEPIS, which is based primarily on Debian stable. It can either be installed onto a hard drive or used as a Live CD, which makes it externally bootable for troubleshooting and repairing many operating systems. It includes the KDE desktop environment.

5.Manjaro

Manjaro is a user-friendly Linux distribution based on the independently developed Arch operating system. Manjaro provides all the benefits of the Arch operating system combined with a focus on user-friendliness and accessibility. Available in both 32 and 64 bit versions, Manjaro is suitable for newcomers as well as experienced Linux users.

6.PCLinuxOS

PCLinuxOS is distributed as a LiveCD, and can also be installed to your computer. The LiveCD mode lets you try PCLInuxOS without making any changes to your computer. If you like it, you can install the operating system to your hard drive. Locally installed versions of PCLinuxOS utilise the Advanced Packaging Tool (or APT), a package management system (originally from the Debian distribution), together with Synaptic, a GUI frontend to APT for easy software installation.

7.Mageia

Mageia is a Linux computer operating system, distributed as free and open source software. It is forked from the Mandriva Linux distribution.

8.OpenMandriva

OpenMandriva Lx is an exciting free Desktop Operating System that aims to cater to and interest first time and advanced users alike. It has the breadth and depth of an advanced system but is designed to be simple and straightforward in use.

9.Kubuntu

Kubuntu is an operating system built by a worldwide team of expert developers. It contains all the applications you need: a web browser, an office suite, media apps, an instant messaging client and many more.

10.Netrunner

Netrunner is a KDE focused, complete OS. It comes in two variants, one is built on Kubuntu/Debian (Main/Standard Release), one is built on Manjaro/Arch (Rolling Release).

11.Point Linux

Point Linux is a GNU/Linux distribution that aims to combine the power of Debian GNU/Linux with the productivity of MATE, the Gnome 2 desktop environment fork. Point Linux provides an easy to set up and use distribution for users, looking for a fast, stable and predictable desktop.

12.Korara

Originally based on Gentoo Linux in 2005, Korora was re-born in 2010 as a Fedora Remix with tweaks and extras to make the system “just work” out of the box.

13.Sabayon

Sabayon Linux or Sabayon (formerly RR4 Linux and RR64 Linux), is a Gentoo-based Linux distribution created by Fabio Erculiani and the Sabayon development team. Sabayon follows the “out of the box” philosophy, aiming to give the user a wide number of applications ready to use and a self-configured operating system.

14.Trisquel

Trisquel (officially known as Trisquel GNU/Linux) is a Linux operating system based on the Ubuntu Linux distribution. The project aims for a fully free software system without proprietary software or firmware and uses Linux-libre – a version of the Linux kernel with the non-free code (binary blobs) removed.

15.KNOPPIX

Knoppix, or KNOPPIX is an operating system based on Debian designed to be run directly from a CD / DVD (Live CD) or a USB flash drive (Live USB), one of the first of its kind for any operating system. Knoppix was developed by Linux consultant Klaus Knopper.

16.Lubuntu

Lubuntu is a fast and lightweight operating system developed by a community of Free and Open Source enthusiasts. The core of the system is based on Linux and Ubuntu . Lubuntu uses the minimal desktop LXDE, and a selection of light applications.

17.Peppermint

Peppermint Linux OS is a cloud-centric OS based on Lubuntu, a derivative of the Ubuntu Linux operating system that uses the LXDE desktop environment.

18.Xubuntu

Xubuntu is an elegant and easy-to-use operating system. Xubuntu comes with Xfce, which is a stable, light and configurable desktop environment.

19.Elementary OS

Elementary OS is a Linux distribution based on Ubuntu. It makes use of a desktop with its own shell named Pantheon, and is deeply integrated with other elementary OS applications like Plank (a dock based on Docky), Midori (the default web browser) and Scratch (a simple text editor).

20.Puppy

Puppy Linux operating system is a lightweight Linux distribution that focuses on ease of use and minimal memory footprint. The entire system can be run from RAM with current versions generally taking up about 130 MB, allowing the boot medium to be removed after the operating system has started.

21.Bodhi Linux

Bodhi Linux is a Linux Distribution leveraging the fast, customisable, and beautiful Enlightenment Desktop. Enlightenment coupled with a minimal set of utilities such as a browser, text editor, and package management tools form the solid foundation of Bodhi Linux.

22.Linux Lite

Linux Lite is free for everyone to use and share, and is suitable for people who are new to Linux or for people who want a lightweight environment that is also fully functional. Linux Lite is also great for reviving that old laptop or desktop you gave up on a few years back.

23.AntiX

AntiX is a fast, lightweight and easy to install linux live CD distribution based on Debian Testing for Intel-AMD x86 compatible systems. It offers users the “antiX Magic” in an environment suitable for old computers.

24.Damn Small Linux (DSL)

DSL was originally developed as an experiment to see how many usable desktop applications can fit inside a 50MB live CD. It was at first just a personal tool/toy. But over time Damn Small Linux grew into a community project with thousands of development hours put into refinements including a fully automated remote and local application installation system and a very versatile backup and restore system which may be used with any writable media including a USB device, floppy disk, or a hard drive.

25.CrunchBang

CrunchBang is a Debian GNU/Linux based distribution offering a great blend of speed, style and substance. Using the nimble Openbox window manager, it is highly customisable and provides a modern, full-featured GNU/Linux system without sacrificing performance.

26.Fedora

Fedora is a Linux-based operating system, a collection of software that makes your computer run. You can use Fedora in addition to, or instead of, other operating systems such as Microsoft Windows or Mac OS X.

27.CentOS

The CentOS Linux distribution is a stable, predictable, manageable and reproduceable platform derived from the sources of Red Hat Enterprise Linux (RHEL).

28.SUSE

SUSE is the original provider of the enterprise Linux distribution and the most interoperable platform for mission-critical computing. It’s the only Linux recommended by VMware, Microsoft and SAP. And it’s supported on more hardware and software than any other enterprise Linux distribution.

29.openSUSE

openSUSE is a general purpose operating system built on top of the Linux kernel, developed by the community-supported openSUSE Project and sponsored by SUSE and a number of other companies.

30.Edubuntu

Edubuntu, also previously known as Ubuntu Education Edition, is an official derivative of the Ubuntu operating system designed for use in classrooms inside schools, homes and communities. Edubuntu has been developed in collaboration with teachers and technologists in multiple countries. Edubuntu is built on top of the Ubuntu base, incorporates the LTSP thin client architecture and several education-specific applications, and is aimed at users aged 6 to 18.

Source: Datamation

Saurabh Singh, EFYTIMES News Network

Coming Soon: A Prosthetic Hand With A Sense Of ‘Touch’!

20140421-194500.jpg

Thursday, February 06, 2014: Scientists have undoubtedly made big breakthroughs in recent years in improving the dexterity of prosthetics, however, allowing the sense of touch remains a challenge, more like a ‘holy grail’ in prosthetics, only until now! European researchers have successfully created a robotic hand that lets an amputee ‘feel’ by providing a sense of touch.

The prototype is of course far from being perfect, but at the moment it is clearly the closest to ‘feeling’ like a normal hand. Under the research, doctors at Rome’s Gemelli Hospital implanted tiny electrodes inside the ulnar and median nerves in the stump of the subject’s arm. When subjected to a weak electrical signal, it was found that the nerves still could relay information. Meanwhile, doctors at Switzerland’s Ecole Polytechnique Federale de Lausanne put sensors on two fingers of a robotic hand, to detect information about what the artificial fingers touched. The experiment continued for a week, wherein the researchers basically created a loop that let the robotic hand rapidly communicate with the subject’s brain. Further, the subject wore a blindfold and headphones just to be sure he actually used touch, and didn’t cheat by looking or hearing.

It will take several years of additional research to create a first-generation artificial hand that can feel, and looks more like a traditional prosthetic, however, results indicate the say might not be far!

At some point in time wouldn’t they need to implant a chip in the brain to attain a better prosthetic?

Saurabh Singh, EFYTIMES News Network

U.S. To Give Up Control Over Internet

U.S. to relinquish remaining control over the Internet

By Craig Timberg, Published: March 14

U.S. officials announced plans Friday to relinquish federal government control over the administration of the Internet, a move that pleased international critics but alarmed some business leaders and others who rely on the smooth functioning of the Web.

Pressure to let go of the final vestiges of U.S. authority over the system of Web addresses and domain names that organize the Internet has been building for more than a decade and was supercharged by the backlash last year to revelations about National Security Agency surveillance.

The change would end the long-running contract between the Commerce Department and the Internet Corporation for Assigned Names and Numbers (ICANN), a California-based nonprofit group. That contract is set to expire next year but could be extended if the transition plan is not complete.

“We look forward to ICANN convening stakeholders across the global Internet community to craft an appropriate transition plan,” Lawrence E. Strickling, assistant secretary of commerce for communications and information, said in a statement.

The announcement received a passionate response, with some groups quickly embracing the change and others blasting it.

In a statement, Senate Commerce Committee Chairman John D. Rockefeller IV (D-W.Va.) called the move “consistent with other efforts the U.S. and our allies are making to promote a free and open Internet, and to preserve and advance the current multi-stakeholder model of global Internet governance.”

But former House speaker Newt Gingrich (R-Ga.) tweeted: “What is the global internet community that Obama wants to turn the internet over to? This risks foreign dictatorships defining the internet.”

The practical consequences of the decision were harder to immediately discern, especially with the details of the transition not yet clear. Politically, the move could alleviate rising global concerns that the United States essentially controls the Web and takes advantage of its oversight position to help spy on the rest of the world.

U.S. officials set several conditions and an indeterminate timeline for the transition from federal government authority, saying a new oversight system must be developed and win the trust of crucial stakeholders around the world. An international meeting to discuss the future of Internet is scheduled to start on March 23 in Singapore.

The move’s critics called the decision hasty and politically tinged, and voiced significant doubts about the fitness of ICANN to operate without U.S. oversight and beyond the bounds of U.S. law.

“This is a purely political bone that the U.S. is throwing,” said Garth Bruen, a security fellow at the Digital Citizens Alliance, a Washington-based advocacy group that combats online crime. “ICANN has made a lot of mistakes, and ICANN has not really been a good steward.”

Business groups and some others have long complained that ICANN’s decision-making was dominated by the interests of the industry that sells domain names and whose fees provide the vast majority of ICANN’s revenue. The U.S. government contract was a modest check against such abuses, critics said.

“It’s inconceivable that ICANN can be accountable to the whole world. That’s the equivalent of being accountable to no one,” said Steve DelBianco, executive director of NetChoice, a trade group representing major Internet commerce businesses.

U.S. officials said their decision had nothing to do with the NSA spying revelations and the worldwide controversy they sparked, saying there had been plans since ICANN’s creation in 1998 to eventually migrate it to international control.

“The timing is now right to start this transition both because ICANN as an organization has matured, and international support continues to grow for the multistakeholder model of Internet governance,” Strickling said in a statement.

Although ICANN is based in Southern California, governments worldwide have a say in the group’s decisions through an oversight body. ICANN in 2009 made an “Affirmation of Commitments” to the Commerce Department that covers several key issues.

Fadi Chehade, president of ICANN, disputed many of the complaints about the transition plan and promised an open, inclusive process to find a new international oversight structure for the group.

“Nothing will be done in any way to jeopardize the security and stability of the Internet,” he said.

The United States has long maintained authority over elements of the Internet, which grew from a Defense Department program that started in the 1960s. The relationship between the United States and ICANN has drawn wider international criticism in recent years, in part because big American companies such as Google, Facebook and Microsoft play such a central role in the Internet’s worldwide functioning. The NSA revelations exacerbated those concerns.

Top 10 Web Threats

20140307-182313.jpg

IT security professionals are on the front lines against web threats. A web threat is anything on the Internet that facilitates cybercrimes, including computer viruses, denial-of-service attacks and malware that target computer networks and devices. Other cybercrimes include cyber stalking, fraud and identity theft, information warfare, and phishing scams, all of which use computer networks and devices to facilitate other crimes. Financial damages, identity theft, loss of confidential information or data, damage to a company’s brand or a person’s reputation, and declining consumer confidence are just some of the risks posed by Web threats.

Web Threats Are Serious Threats

Every individual on every desktop and mobile computing device connected to the Internet is vulnerable to Web threats. Organizations worldwide are more dependent than ever on conducting business through the Internet. That dependence, combined with ever-changing Web threats, means most organizations are at risk every day of losing data, productivity and revenue. The increasing need for protection against the losses caused by Web threats is driving the growth of information systems (IS) security jobs.

Web threats often enter networks without user knowledge. They can also be triggered by clicking on a hyperlink or executable file attachment in a spam email. Once in a system, Web threats spawn variants, creating a chain reaction that spreads through the Web to infect more machines and perform more malicious activities.

Fighting Back Against Cyber Threats With IT Security

IT professionals specializing in IS security work need to stay up-to-date on cyber threats. Typically, they manage known threats from known sources through URL filtering and content inspection solutions. These require frequent updates, but are generally effective. It has become clear in recent years that multi-layered protection is necessary to fully protect consumers and businesses from web threats.

The “layers” referred to include the cloud, the Internet gateway, network servers and individual computers. The multi-layer approach integrates antivirus, anti-phishing, anti-spyware and anti-spam protection with website analysis using multiple techniques, such as source reputation and content clearing.

Top 10 Web Threats

Web threats are more damaging and extensive than ever. Nearly any website can either host malware or send the user to one that does. And infections are more likely to result from a visit to a legitimate website that has been compromised with spyware than from a phony site set up specifically to spread malware.

Last year, IT security firm Symantec released a list of history’s 10 most notorious Web threats:

I Love You (2000): This worm used a friendly phrase to entice users to open it. Ultimately, the Pentagon, CIA and British Parliament’s email systems were shut down in an effort to fight it.
Conficker (2009): Conficker allows its creators to remotely install software on infected machines. Later, it could possibly be used to create a botnet that can be rented out to criminals seeking to steal identities and direct users to online scams and phishing sites.
Melissa (1999): Named for the exotic dancer its creator was obsessed with, this virus kicked off a long period of high-profile threats between 1999 and 2005.
Slammer (2003): A fast-moving, aggressive worm, Slammer brought much of the Internet down in January, 2003.
Nimda (2001): This mass-mailing worm uses multiple methods to spread itself and became the Internet’s most widespread worm in 22 minutes. Its name is “admin” in reverse.
Code Red (2001): Websites with the Code Red worm were defaced by the phrase “Hacked By Chinese!”
Blaster (2003): The Blaster worm launched a denial of service attack against Microsoft’s Windows Update website.
Sasser (2004): Capable of spreading without user intervention, Sasser caused Delta Airlines to cancel some of its flights.
Storm (2007): Another worm directed at Microsoft, it was observed sending almost 1,800 emails from a single machine in a five-minute period.
Morris (1988): An old worm that remains famous and allows current worms to exist, Morris was created innocently in an attempt to gauge the size of the Internet.
Top Trends in Cyber Threats

Hackers and cyber thieves are continuously launching new Web threats – often tied to newsworthy events:
In December, 2010, supporters of the website WikiLeaks protested against MasterCard and Swiss bank PostFinance’s disruption of funding to the site by attacking their websites. The hackers, dubbed Anon_Operation, said they had brought down mastercard.com with denial of service attacks.
In June, 2010, spammers and scammers took advantage of national interest in the FIFA World Cup in South Africa to release spam, scams, advance-fee “419” fraud and malware attacks.
The average rate for malware in email traffic in 2010 was one in 284.2 emails, according to Symantec’s MessageLabs Intelligence2010 Annual Security Report. There was a substantial increase in the number of different malware strains blocked, due largely to the growth in polymorphic malware variants that allow a new version of the code to be generated quickly and easily, according to the report.
Two of the greatest challenges for IT security professionals are protecting an increasingly mobile workforce and the business world’s skyrocketing use of social media tools – which cyber criminals have recognized as a new means to conduct illegal activity and inflict harm.
Increasing broadband availability, combined with more users without computer security awareness gaining Internet access, is leading to high rates of malware infection in additional areas like East Africa.
Symantec predicts that in 2011, botnet controllers will begin hiding commands in plain view – within images or music files shared through file sharing or social networking sites.
IS Security Job Descriptions

The new and unknown Web threats designed to adapt to traditional methods and avoid detection keep IS security professionals on their toes. Their main responsibility is to analyze systems to prevent security breaches, loss of revenue and harm to brands, and protect confidential data.

Overview of IT Security Careers

IS security jobs can be found in organizations in the private, public and government sectors, worldwide. Employers need the skills and knowledge that experienced professionals bring. With advanced training and industry certification, you can pursue a career as an IS security engineer, IT security consultant or IS security manager. Additional experience and training can lead to executive IT security jobs like chief IT officer, director of information technology, senior IS security analyst, chief IS security officer, and IS security director.

IT security professionals are responsible for creating different methods to protect an organization against spyware and malware, while keeping Internet bandwidth available for business needs. They must also guard against employees’ improper Internet use, like visiting infected websites, and prevent loss of confidential information and data.

Different responsibilities come with varying levels of responsibility on the IS security career path. In mid-level positions like IS security engineer and IS security manager, job descriptions typically include duties like performing security design reviews, code audits and black box testing. They may also develop product specifications, plans, schedules and other written correspondence. Higher-level executives such as chief technology officers, IS security directors and chief information officers lead an organization’s IS security strategy, planning and supervisory activities, and directing an information systems security or information technology department.

IT Security Potential Salary

The U.S. Bureau of Labor Statistics (BLS) data from May, 2009 indicate computer and information systems managers earned average salaries of $120,640. Those in the 75th percentile earned around $143,590 per year, while the top 10% earned upwards of $166,400 annually.

Salary.com and PayScale.com records for December 2010 showed that IT and IS security managers, directors and executives had an annual base income in the following ranges:

IS Security Position Median Annual Base Pay. 90th Percentile
IS Security Manager $101,633 $128,405
IT Security Director $111,379 $146,286
Information Security Director $133,790 $161,060
Information Technology Dir. $160,390 $206,452
Chief Information Security Off. $161,961 $224,359
Chief Information Tech Off $227,837 $330,577
IS Security Job Education and Training: Learn to Fight Cyber Threats

IT and finance professionals, project managers and business professionals from a variety of backgrounds are affected by web threats. Those interested in pursuing a career in IS security should consider acquiring the in-demand information security skills and certification that today’s top employers require.

Landing an IS security job typically requires at least a bachelor’s degree, specialized IS security training and recognized credentials such as the Certified Information Systems Security Professional (CISSP ®) or Systems Security Certified Practitioner (SSCP®) certification through (ISC)2® or CompTIA (Computing Technology Industry Association) Security+™ certification. To develop these critical skills and prepare for certification exams, many professionals enroll in continuing professional education – such as the Master Certificate in Information Security programs offered 100% online by Villanova University.

Original article