Ravi Kumar wrote:
I was asked to prepare syllabus for security
management,incident handling,forensics analysis, intrusion
detection etc., Th intention is train an engineer to become a
SECURITY engineer.
we know there are several certifications which are
designed for this purpose. I want from you with your security
experience tell us what should an BASIC course for security
really requires.
<snip>
IMHO, I don't believe you can actually teach infosec. The field is so broad
and so deep it requires many years of experience in the field before you can
learn and understand enough to call yourself an infosec engineer. I am and
I have the grey hair to prove it ;)
You must be able to do everything from build a tcp packet from scratch to
hardening a Linux SQL Server cluster to auditing a network to designing and
deploying a wireless WAN. Any one of those can be taught but you don't have
enough time to teach everything.
Therefore, you will want to teach concepts, like least privilege and
security policies, along with a modicum of hands-on technical examples like
building a Snort server and running Nessus. As for how academia looks at
this, I will soon know when I begin my masters program in infosec at Capella
next week. If anyone is interested, I will report back to the list after I
get a feel for it.
Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions
-----------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
