Difference bw IT security and Information Security!!!

mukuljackmukuljack Member Posts: 25 ■□□□□□□□□□
in SSCP
Today I had an interview with one of the companies,but failed icon_cry.gif .

They asked me difference bw IT security and Information Security and what is information security all about..

Any thoughts on above two questions?
Mukul
· Share on FacebookShare on Twitter

Comments

  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    IT security is usually regarded as only considering technical (logical) security issues. Information Security is a much broader concept that encompasses all forms of information protection and control, not just those involving computers and networks. This might have been the kind of short answer they were looking for.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • shednikshednik Member Posts: 2,005
    I'd have to agree with JD but I think that question is complete BS, the company should spend the interview time asking more intuitive questions then something like that IMO.
    · Share on FacebookShare on Twitter
  • LarryDaManLarryDaMan Member Posts: 797
    shednik wrote:
    I'd have to agree with JD but I think that question is complete BS, the company should spend the interview time asking more intuitive questions then something like that IMO.

    I agree, sounds like some HR idiots got a hold of a CISSP book and decided to get creative in the interview...
    · Share on FacebookShare on Twitter
  • mukuljackmukuljack Member Posts: 25 ■□□□□□□□□□
    icon_cool.gif bt I lost the job icon_sad.gif ...okie one more thing"what is the role of QA in Info Security" and JD please tell me what is the scope of CISA with info security
    Mukul
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    mukuljack wrote:
    "what is the role of QA in Info Security" and JD please tell me what is the scope of CISA with info security
    It sounds like you were asked basic questions right out of the CISSP, CISM, and CISA material.

    QA (Quailty Assuance) is used to provide assurance (i.e., testing and a guarantee) that a system (e.g., product, process, or service) is designed, implemented, and operates within the standards and specifications prescribed for that system. QA in InfoSec usually means that an information system (hardware or software or both) conforms to a specific security model(s) and is capable of executing specific security policies. QA is also used to try and "hack" software to find vulnerabilities that might be exploited to circumvent the security controls of an information system. (Don't you just love all this fancy InfoSec talk? ;) )

    The ISACA CISA Certification is related to InfoSec QA for auditing, control, and assurance professionals. The CISA exam is based on six InfoSec job practices (IS audit, IT governance, IT services, BCP/DRP, systems lifecycle, and asset protection) and can be thought of as covering most non-technical aspects of InfoSec.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
  • MartinalixMartinalix Member Posts: 1 ■□□□□□□□□□
    JD i will go interview with one of company you i read your Q you clear my mind you solve my big problem thanks wht i should do for you ?
    Database Scanning
    · Share on FacebookShare on Twitter
  • sexion8sexion8 Member Posts: 242
    shednik wrote:
    I'd have to agree with JD but I think that question is complete BS, the company should spend the interview time asking more intuitive questions then something like that IMO.

    They could have asked in anticipation of determining whether he was a fit. For instance, if they were looking for the auditor type (CISA), someone who is very sharp with reviewing policies, understanding roles, etc., in the security arena, its a far cry from looking for someone who is sharp on the technical side of things. Many who tinker with security come in focusing on tools, technologies, protocols often forgetting about the business aspects of it all. At a company's bottom line are terms like ROI, BIA, Change Management, DRM, etc., and its important to understand and distinguish between the two. I've disliked these portions since I prefer the technical side of things however, as time progresses I've found I've had no choice but to learn them.

    It doesn't hurt to read up and learn on different standards, rules, regulations and methodologies of other certifying bodies (CISA, CISM, CISSP {ISSEM,ISSAM,ISSAP}, ITIL) even if you don't intend on taking those certs or even going the management route. At the end you grasp a better comprehension of what's involved on a larger scale. On the technical side of things, we (as engineers/admins) tend to look at our own processes, roles, duties forgetting there is a chain of command. Equipment has to be purchased... Why does it have to be purchased. How much does it cost. How much will it cost throughout its lifecycle. How does it benefit us. Will it protect us, will it meet regulatory compliance (if needed). What are the best practices at deploying it. Who else has deployed it. What were their results. What are the risks/pitfalls associated with it. And the list goes on. We on the technical side call this paperwork. Paperwork we often don't like to do or think about.

    Any question a potential employer can ask you is a valid one if it pertains to a position you're applying for. Its best to read about the company, understand its functions, goals, business before going in. Using the information you learn, its easier to situate yourself and assess your knowledge beforehand. For example, if the ad for the job consisted of terms like BIA, DRM then I know its not going to be a technical (what kind of system/hardware) interview.
    "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius
    · Share on FacebookShare on Twitter
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    shednik wrote:
    I'd have to agree with JD but I think that question is complete BS, the company should spend the interview time asking more intuitive questions then something like that IMO.



    +1
    LarryDaMan wrote:
    I agree, sounds like some HR idiots got a hold of a CISSP book and decided to get creative in the interview...

    +1
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

    · Share on FacebookShare on Twitter
  • jeffreyfrogjeffreyfrog Member Posts: 1 ■□□□□□□□□□
    IT security is usually regarded as only considering technical (logical) security issues.

    Information security on the other hand, is a somewhat more general concept of being sure information systems have confidentiality, integrity, and availability. This can include network security as well as cryptography, access control (not only who has access but what they can do), physical security, and more. It covers everything from the earliest encryption codes to how computers are locked down.
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Coming from the opposite angle, the one lowest common denominator of both ITSec and InfoSec is that they both deal fundamentally with risk management. If there were no risks, there would be no need for security.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
Sign In or Register to comment.