dcsimg

IT Security Systems Schools

Information security systems analysts: An overview

IT security systems analysts conceptualize, design and implement security attacks against a computer system to identify a system's vulnerabilities and strengthen them. They can also decode and identify malware, computer viruses, and worms. IT security systems analysts need a solid understanding of computer science, information technology and software programming, and the ability to think creatively.

According to the Bureau of Labor Statistics (BLS), information security analysts usually need a bachelor's degree in computer science or a related subject (BLS.gov/ooh, 2012). Security analysts may be required to have earned an MBA in information systems. An MBA generally requires two years of study beyond a bachelor's degree and can prepare analysts for managing other security teams or security departments, as well as preparing the security analyst for working with a company's management.

In addition to earning a degree in a related field, the BLS also notes that information security analysts may be required to have prior work experience in a related occupation or field, such as computer systems analysis, database administration, or software programming.

While the job description of an information security analyst can change from employer to employer, information security analysts can generally expect to do the following:

  • Implement firewalls across an entire network
  • Deconstruct worms and viruses
  • Monitor traffic for malicious activity
  • Create "honeypot" defenses for attackers
  • Perform a penetration test on their own security measures

A number of certifications are available to IT security analysts to display their varied security skills:

  • EC-Council: Ethical Hacker Certification
  • TruSecure: TICSA Certification: Information Security Basics
  • CompTIA: Security+ Certification
  • (ISC)2: Certified Information Systems Security Professional

Many of the certifications for information security analysts are vendor-neutral, meaning they are not offered by a software provider or that they focus on software from a specific vendor, and none of the certifications require state, agency or government approval. Similar to locksmiths and safecrackers, there is no difference in the skills or tools of a professional information security analyst and a criminal hacker, only how they choose to use their skills (Forbes.com, 2012).

Skills of a security systems analyst

Since the job of an IT security systems analyst is to outthink hackers, this can involve anticipating where an attack might come from and how the attack might be carried out. Sometimes this involves breaking into the analyst's own network. As a result, the BLS notes that information security analysts may benefit from the following skills (BLS.gov/ooh, 2012):

  • Ingenuity
  • Good problem-solving skills
  • Creativity
  • Excellent attention to detail
  • Strong organization skills
  • Solid analytical skills
  • Ability to work well as part of a team

Additionally, information security analysts should have the mindset of a hacker, continually testing boundaries and limitations (Forbes.com, 2012). Because those who may attempt to break a network's security will not obey rules and industry norms, analysts who want to protect data should think like someone who wants to steal data.

This might require analysts to dupe their own employees with viruses they created in order to test the firewalls of a network and even leverage social engineering to get their co-workers to break their own security (WSJ.com, 2013). In essence, it is vital for an information security analyst to possess a) the knowledge of how to cheat at IT security, and b) the willingness to do so.

"Hacking is cheating, and it's how we get better at security," wrote security technologist Bruce Shneier (Schneier, 2006). "We need these people in security, and we need them on our side. Criminals are always trying to figure out how to break security systems. Field a new system -- an ATM, an online banking system, a gambling machine -- and criminals will try to make an illegal profit off it. They'll figure it out eventually, because some hackers are also criminals. But if we have hackers working for us, they'll figure it out first -- and then we can defend ourselves."

Tools of the security systems analyst

The tools of an IT security systems analyst are the same as those used by hackers, so it stands to reason that security analysts can expect to use some of the following hacker tools while preparing their company's security:

  • Network vulnerability scanners such as Nmap and GFI LanGuard

o   These software tools look for unrestricted ports, information on usernames, passwords and group info. When used maliciously, these are called "worms."

  • Network analyzer software such as OmniPeek and Aircrack-ng

o   This software allows a security analyst to monitor traffic across an entire network and spot potential denial of service (DoS) attacks or traffic bottlenecks.

  • Exploit software such as Metasploit and Milw0rm

o   Exploit software looks for bugs in the code that could be exploited by an attacker to gain privileged data or facilitate a DoS attack.

  • Database security software such as AppDetectivePro and SQLPing3

o   This software locates any and all databases across an entire network and monitors the activity of each database, similar to a network analyzer, while also checking for potential exploits.

    Information security analysts may also need to understand the types of vulnerabilities and weapons of attack, such as DoS attacks, SQL injections, and man-in-the-middle attacks. Man-in-the-middle attacks breach security on information after it leaves a user's computer and before it reaches the network, often as it passes through an email system or a website. As such, information security analysts may create and disassemble computer viruses, malware, spyware, computer worms, and Trojans. Security analysts may also be expected to know various programming languages such as C, Java, and SQL, among others.

    Employment opportunities for security systems analysts

    IT security analysts can be employed under many job titles, including:

    • Security Managers
    • Information Security Analysts
    • Systems Security Analysts
    • Penetration Testers
    • Code Breakers
    • Data Security Engineer
    • Security Engineer
    • Cyber Security Analysts

    The Bureau of Labor Statistics reports that, as of May 2012, information security analysts earned a national median annual wage of $86,170, with the highest and lowest 10 percent earning $135,600 and $49,960, respectively (BLS.gov/oes, 2013).

    According to the BLS, employment for information security analysts is expected to increase 22 percent from 2010 to 2020 (BLS.gov/ooh, 2012). Because cyber attacks have grown both in frequency and sophistication, as recent data mining attacks on major news outlets and search engines make clear, organizations are expected to increase their staff of security analysts to guard against these new threats. Two primary employers of information security analysts are projected to be the federal government and the health care industry, as analysts will be needed to protect the nation's critical information technology systems and to safeguard patient records (BLS.gov/ooh, 2012).

    Sources:

    EC-Council, Courses: Certified Ethical Hacker, 2013, http://www.eccouncil.org/courses/certified_ethical_hacker.aspx
    Forbes, Exploding The Myth Of The 'Ethical Hacker,'" Conrad Constantine and Dominique Karg, http://www.forbes.com/sites/parmyolson/2012/07/31/exploding-the-myth-of-the-ethical-hacker/
    Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, 2012-13 Edition, Information Security Analysts, Web Developers, and Computer Network Architects, March 29, 2012, http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts-web-developers-and-computer-network-architects.htm
    Bureau of Labor Statistics, U.S. Department of Labor, Occupational Employment Statistics: Occupational Employment and Wages, May 2012, Information Security Analysts, March 29, 2013, http://www.bls.gov/oes/current/oes151122.htm
    The Wall Street Journal, "You Won't Believe How Adorable This Kitty Is! Click for More!," Geoffrey A. Fowler, March 26, 2013, http://online.wsj.com/article/SB10001424127887324373204578373011392662962.html
    Schneier on Security, "What is a Hacker?," Bruce Schneier [blog], September 14, 2006, http://www.schneier.com/blog/archives/2006/09/what_is_a_hacke.html

    Search for Campus and Online Systems Security Schools Below

    Click on a school to request more information.

    Refine School Matches
    Hide filters
    • SUBJECT Clear All

      See More

    • DEGREE

      See More

    • PROGRAM TYPE

    • START TIME

      LOCATION
      Please enter valid US or Canada Zip.

    Searching Searching ...

    Prefer exploring options talking to our staff?
    Call toll free now: 1.855.330.6938
    Matching School Ads
    5 Program(s) Found
    • Programs include Bachelor of Science in Criminal Justice, Master of Science in Criminal Justice, and more.
    • Advanced degrees in criminal justice help working professionals stay up to date on the latest law enforcement practices.
    • Some programs offer the opportunity for hands-on experience working on real criminal cases.
    • Flexible online and campus-based programs available.
    Good for Working Adults
    • Online Courses
    • Flexible Scheduling
    • Financial Aid
    • Transferable Credits
    1 Program(s) Found
    • Has specialized in career training since 1982.
    • Offers beginning to advanced training in computer repair, medical assisting, cosmetology, nursing, and more.
    • Continually maintains programs according to industry needs by working closely with industry experts and employers.
    • Provides well-equipped training facilities to give students the advantage of hands-on training.
    • Its instructors attend seminars and workshops to keep current with new technology and topics.
    Good for Working Adults
    • Accredited
    • Flexible Scheduling
    • Financial Aid
    • Transferable Credits
    4 Program(s) Found
    • Recognized in the first Best for Vets: Business Schools list in Military Times Edge magazine’s 2013 “Best for Vets” edition.
    • Offers MUSE (My Unique Student Experience), a content delivery system that gives students the option to watch, view, read or listen to required course materials.
    • Allows students to complete courses at whatever pace they want.
    • A DANTES-affiliated university and member of the Service Members Opportunity Colleges.
    • Offers IntelliPath, a proprietary learning technology that lets students learn at their own pace.
    Good for Working Adults
    • Online Courses
    • Flexible Scheduling
    • Financial Aid
    • Transferable Credits
    5 Program(s) Found
    • Online MBA program ranked 6th in the USA by CEO magazine.
    • In a university-sponsored survey, 4 out of 5 alumni reported being satisfied with their experience.
    • #1 Online School for military veterans according to Military Times.
    • 75,000+ graduates across all industries offer extensive networking opportunities.
    • My Unique Student Experience (M.U.S.E.) lets students watch, view, read, or hear content.
    • Smartphone app available for on-the-go learning.
    Good for Working Adults
    • Online Courses
    • Flexible Scheduling
    • Accelerated Programs
    • Financial Aid
    • Transferable Credits
    3 Program(s) Found
    • Bachelor’s program options include Cybersecurity, Information Systems Technology, Computer Science, and more.
    • A BAS in Information Systems Technology is also available for students who already hold an A.A.S degree.
    • Regent University’s tech programs are designed to prepare students for careers in Software Development and Engineering, Computer Information Security, Network Administration, and more.
    • Regionally accredited by the Southern Association of Colleges and Schools Commission on Colleges (SACSCOC).
    • Online Courses
    4 Program(s) Found
    • Love solving problems with technology? Make it into a career!
    • Our bachelor's & master's degree programs are designed to prepare you with the skills and experience you need to pursue a career in the tech field!
    • Choose your emphasis - information technology, computer programming, applied business analytics, business information systems & more.
    • Our transfer-friendly bachelor's & master's degree programs are designed for traditional campus and online students.
    • Whether your goal is to gain entry-level skills, switch to a technology career or simply strengthen your portfolio - GCU can help!
    • Speak to an enrollment counselor today and learn about our various technology-focused bachelor's & master's programs.
    Good for Working Adults
    • Accredited
    • Online Courses
    • Flexible Scheduling
    • Accelerated Programs
    • Financial Aid
    • Transferable Credits
    1 Program(s) Found
    • Online bachelor's programs include BBA, Criminal Justice, IT, Healthcare Management, Pscyhology & Public Health
    • Over 115 years of delivering quality education and personalized attention to students
    Good for Working Adults
    • Online Courses
    • Flexible Scheduling
    • Financial Aid
    • Transferable Credits
    • Online bachelor's and associate level Computer Information Science programs are available.
    • Experienced professionals provide hands-on instruction in subjects such as internet security, network administration, and IT support.
    • Courses cover many relevant topics, including computer hardware and software, network operating systems, and more.
    • Students who have graduated high school in or before 2015 are eligible to apply.
    • Online Courses
    2 Program(s) Found
    Keiser University Campus , New Port Richey

    Since 1977, Keiser University has maintained a practical, hands-on approach to career education to help our students achieve their personal and professional goals.  Our student-centered approach remains at the foundation of the Keiser University mission and continues to attract students who prefer a more personal learning experience. 

    5 Program(s) Found
    ABCO Technology , Los Angeles
    • An accredited computer training academy preparing students to enter the IT industry as Network Engineers, Software Engineers, Web Apps Developer, Website Designers, Programmers, Database Administrators since 2000.
    • Holds A+ certification from CompTIA.
    • Located in Los Angeles, approximately 10 minutes away from LAX.
    • Flexible class schedules offered during day times, evenings and weekends.
    • Helping students start a career in technology within 3 - 9 months.
    • Educates with the mission to serve the needs of the local community and graduates by matching opportunities to skills.
    • Military friendly school.
    Show more [+]
    • Financial Aid