ISO 27001: ISO 27001 is a standard that is folloVendord for the Information Security Management System (ISMS) of an organization in which, the said company’s compliance status is checked, based on which new policies are created and applied. It’s a mandate in many sectors such as companies involved in the Cyber Security domain.ISMS includes the 3 major elements of cyber security: Confidentiality, Integrity, Availability (CIA).

To ensure compliance to the CIA in terms of ISO 27k1 the companies need to

• Audit
• Assess the risks
• Formulate policies
• Implement policies
• Continuous monitoring & Updates

The departments/processes that go through the above mentioned process are both, IT & Non IT Infrastructure of a company, but the audit of ISO 27k1 is mainly focused on the IT Infrastructure of a company.

ISO 27001 CERTIFICATION:

Being ISO 27001 Certified means, the certification body that you choose for this process (PECB or IRCA), gives you an attested confirmation that your organization is compliant to all the guidelines of ISO 27k1.

Now there are two types of certifications in ISO: Individual / Organization

The process for an Individual certified professional is completely different from that of a Certified Organization, these certified professionals then move on to performing the process of certifying the organization.

INDIVIDUAL

Types of ISO certified Professionals

• Lead Auditor
• Lead Implementer

A lead auditor is the one who is responsible for leading the audit team in an organization. He or she prepares the audit plan, delivers meetings and submits audit report at the end of quarter or year. Conducting audits is the main responsibility of a lead auditor and that needs to be done on a daily basis.

A Lead implementer is the one responsible for bringing the Lead auditor plan into action and makes sure all the policies are implemented and properly controlled.

Process of getting certified

According to PECB, the process for getting ISO 27k1 LA/LI certified is nearly not as lengthy for individuals as it is for the organizations.

Previous experience: minimum 4 years of job experience in IT is crucial, out of which at least 2 years has to be in cyber security.

Training & Examination: After attending 5 days of training in ISO 27k1 LA/LI, in the course outline guided by the certification body of your choice/requirement, you have to submitted a certain examination fee to the certification body, after which, an invoice in your name along with your exam question papers are prepared & sent to the authorized training center for you to attempt the exam.

Certification process: After attempting the certification exam, the candidate fills the certification forms in which they put in the required information, In the back-end the certification body verifies the information given by the candidates and if the compliance is there, the certificate is issued.

HOW CEH Certification can add VALUE to your RESUME

Certified Ethical Hacker (CEH) is a globally recognised qualification, which an individual obtains by proving his or her skillset of assessing the security of IT applications and networks by verifying the vulnerabilities or loopholes of the target systems, using the same methodologies, tools and techniques as a hacker, but in a lawful and legitimate manner with a due permission of IT system owners.

Information technology is an integral part of almost every business nowadays and so do Cyber Security. Using technology gives ease of access and fast processing of data, at the same time is also gives exposure to many risks which could harm the business and even lead to severe impacts sometimes. Information Technology and Cyber security going hand on hand now a days. Certified Ethical Hacker is one of the most popular certification which could help an individual to start or migrate their career in cyber security.

An IT of any organisation comprises of Network and Application, companies need to monitor and  secure both of these in order to safeguard their critical data. CEH gives a comprehensive overview of a Hacker’s mind set and methodology. We can replicate the same steps in our environment and find out loopholes which could attract any malicious user and patch them before they can get exploited.

Security Assessments has following steps:

Reconnaissance: Generally known as Recce or information gathering, of the target network or application.  This phase you collect the targets information from various public and private domains.

Network Scanning: Here we scan the networks or applications to find out the vulnerabilities or weakness in it and remember you need to do this in stealth mode else the target can identify the scan and can block your connection.

Gaining Access. Once we get the vulnerabilities you are good to enter or penetrate into the system by exploiting it and you can have even the Administrator or root access.

Maintaining Access: Here we learn how we can hide ourselves into the system by migrating to system files and then can have access for a longer time.

Covering Tracks: Once all the necessary information is captured now you would like to remove all your footprints or logs from the system so that you cannot get traced back.

Skillset of a CEH certified candidate:

• A Certified Ethical Hacker knows multiple techniques of information gathering through different resources like publically available information, websites, social media and thus identifying the publically available weak link or the basic information of the tools and techniques used by the organisation.
• A CEH knows various techniques to scan the network using customised commands and thus can identify the unnecessary ports or exploitable version of services present on company’s server and network
• A CEH knows how a web application can be exploited for different kinds of vulnerabilities like SQL injection, privilege escalation, command injection, Cross site scripting (XSS), weak passwords, weak sessions etc.
• A CEH knows how to identify vulnerabilities in Wi-Fi network and how to exploit it
• A CEH is aware of different kinds of malwares and working methodologies of malware and also knows how to detect hidden malwares in files or software by performing reverse engineering
• A certified CEH have a good knowledge of Cloud Computing and Internet of Things (IoT) hacking. Since IoT and Cloud Computing both are most used technologies now a days, and a CEH having good knowledge of security assessment of these can identify loopholes in these systems prior to getting exploited by a malicious user.
• A CEH knows the security assessment techniques for mobile applications both android and is.
• A CEH knows how the network devices like firewall, IDS, Honeypots works and how it can be exploited.
• A CEH knows different techniques of sniffing a network and how to capture critical information travelling through networks. In this way he or she can help the organisation to find out vulnerabilities present in the network and the organisation can patch it before getting exploited.
• A Certified Ethical Hacker knows different techniques to identify vulnerabilities which could lead to session hijacking of any web application.
• In addition to all above skillsets a CEH also knows different tools like Nessus, Burp Suite, Wireshark, NMap, ZenMap, Metasploit , Acunetix and many tools which are commonly used in Security assessments

Scope after getting CEH

• You can work as a Security Tester or Security analyst who is performing Vulnerability Analysis and Penetration Testing (VAPT) on web application, mobile application and networks
• One can work as network security analyst in Security Operations Centre(SOC), where the organisations network is constantly being monitored and subsequent actions are taken against any kind of malicious traffic.
• If you have good knack in programming languages, you can work as secure code reviewer, which is again a very demanding job nowadays.
• If you have good knowledge of programming skills with a knowledge of ethical hacking you can work as an exploit writer. Many companies are working on this.
• Last but not the least one can work as a freelancer Bug Bounty Hunter and can get paid well.

Ethical Hackers or Security Testers are the professionals who has very good knowledge of networks and applications, at the same time they know how to maintain security of both so that it can be safeguarded from hackers. Ethical hackers constantly test organisations applications, network devices networks and find out vulnerabilities in it and ask the IT team to patch those vulnerabilities.

Attaining cyber security skillset of along CEH certification is definitely a very good credential for one which can help anyone to lend a good job in any organisation.

Now a days many renowned companies are developing their own Cyber Security team and they also get their Infrastructure tested by third parties just to ensure on their security. While hiring a Third Party organisations are very particular about the individual’s qualification and experience, CEH certification is answer for that because it provide assurance about the candidate’s skillsets. As a whole CEH certification holds a good reputation in the industry,

#Tags:   Jobs, Hacking, Career, CV,Certification

#Keywords: Cyber Security, CEH, Certified Ethical Hacker, Security Testing, information Security, IoTHacking,Mobile Application Hacking, Web Application Hacking