With expenditures over the Web predicted to exceed $200 billion his year, and more than 515 million computers and devices accessing the Web by the year 2002 (IDC Research), it is no wonder that data security is a hot issue. As long as the explosive growth of data sharing and online transactions continues, there will continue to be a demand for professionals with data security skills. For recruiters, this means we must have a solid understanding of those skills in order to find the right person for the position. To understand and identify professionals in this area, it’s necessary to first understand security. Security Professionals, sometimes called “Information Assurance Engineers” or “Data Engineers,” are responsible for ensuring that data stored in a computer cannot be read or compromised, and that data being transmitted cannot be intercepted and read. Security is achieved through two means: firewalls and encryption. The firewall is one type of security. Organizations use firewalls to prevent unwanted or unauthorized access to their private network. Whenever messages enter or leave the organization’s intranet, they pass through the firewall. All traffic is forced to enter the firewall, which filters the messages and allows access only to data that meets specific security criteria. For greater security, some corporations use encryption. Encryption essentially means translating data into a secret code. To read an encrypted file, you must have the key, or password, that enables you to decipher the secret code. There are two types of encryptions: asymmetrical (or public key) and symmetric encryption. In public key encryption, a public key, available to everyone, is used to encrypt the message. Once the encrypted message is sent, it can only be decrypted by the private key owned by the recipient. The two keys are closely related, so that only the public key can encrypt, or code, and only the private key can decrypt, or decode. It is virtually impossible to determine a private key just by knowing the public key. The de facto standard for public key encryption is RSA. RSA is an industrial strength method for encrypting messages, used widely for Internet transactions In symmetric encryption, the same key is used to encrypt and decrypt the message. Finally, when conducting transactions over the Web, there are four major “security protocols” that encrypt and decrypt messages: SSL, HTTPS, PCT and IPSec . SSL, Secured Socket Layer establishes a secure connection between two computers. HTTPS sends individual messages securely. These protocols are supported by a type of Web server called a “secure server.” When talking with technical professional asking the following questions will help evaluate their skills:
- What security methods have you employed to ensure data security in the environment?
- Have you used firewall techniques? Which types?
- What type of encryption have you implemented? Why?
- Have you worked with security protocols? Which ones?
- How large was the enterprise your security safeguarded?
Finally, CISSP, or Certification for Information System Security Professional, is the professional certification for practitioners. The certification consists of an exam with 250 multiple choice questions covering a wide variety of topics. To find these individuals, check out Cissps.com, a target career site for CISSP designees, or look at the International Information Systems Security Consortium to locate passive candidates. As Internet usage growth remains explosive, and transaction and data collection become more abundant, the need to secure that information continues to grow. As a result, although data security is an area of specialization, technologists in all areas must understand the fundamentals. While here we have covered the most basic information surrounding security issues, a technical recruiter will need to be very knowledgeable in these areas in order to compete for the best talent. <*SPONSORMESSAGE*>