Organizational Systems Security Analyst

Organizational Systems Security Analyst

The Organizational Systems Security Analyst (OSSA) is a technical vendor-neutral Information Security certification programme which is being offered in Asia. This programme consists of a specialized technical information security training and certification course and practical examination which technical Information Technology professionals can attend in order to become skilled and effective technical Information Security professionals and to prove their level of competence and skill by undergoing the examination.

Technical staff enrolling in the programme are taught and trained how to address the technical security issues they encounter in daily operations and how to methodically establish, operate and maintain security for their organization's computer network and computer systems infrastructure. It is developed by ThinkSECURE, an information-security certification body and consultancy. The OSSA programme is listed in the Singapore-based Infocomm Competency Management System which is a government-maintained public database of information technology-related courses.

The OSSA programme does not focus on hackers' software as these quickly become obsolete as software patches are released. It first looks at security from a methodological perspective and draws lessons from Sun Tzu's "The Art of War" to generate a security framework and then populate it with resources and tools by which the various security aims and objectives, such as "how to defend your server against a hacker's attacks" can be met.

Sun Tzu's 'Art of War' treatise is used to provide a guiding philosophy throughout the programme, addressing both offensive threats and the defensive measures needed to overcome them. The philosophy also extends to the sections on incident response methodology (i.e. how to respond to security breaches), computer forensics and the impact of law on security-related activities such as the recovery of information from a computer crime suspect's hard drive. Under the programme, students are given coursework and experience how to set up and maintain a complete enterprise-class security monitoring and defence infrastructure which includes firewalls, network intrusion detection systems, file-integrity checkers, honeypots and encryption. A unique attacker's methodology is also introduced to assist the technical staff with identifying the modus operandi of an attacker and his arsenal and to conduct auditing against computer systems by using that methodology.

The generic title sections under the programme appear to comprise the following:

Under each section are many modules, for example the defensive section covers the setting up of firewalls, NIDS, HIDS, honeypots, cryptographic software, etc.

The OSSA programme consists of both practical hands-on lab-based coursework and a practical hands-on lab-based certification examination. According to the ThinkSECURE website, the rationale for this is that only those who prove they can apply their skills and knowledge to a completely new and unknown exam setup will get certified and those who only know how to do exam-cramming by memorizing facts and figures and visiting brain dump sites will not be able to get certified. Compared to non-practical multiple-choice-question exam formats, this method of examination is beneficial for the Information Security industry and employers as a whole because it provides the following benefits:

  • makes sure only candidates who can prove ability to apply skills in a practical examination are certified.
  • stops brain-dumpers from attaining and devaluing the certification as a basis of competency evaluation.
  • protects people's and companies' money and time investment in getting certified.
  • helps employers identify technical staff who are more skilled.
  • provides the industry with a pool of competent, qualified technical staff.


External Links / Sources


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Organizational structure of the Central Intelligence Agency — A CIA Organizational Chart from May 2009 The Central Intelligence Agency (CIA) is a vast and complicated organization with many divisions and subdivisions, consisting mainly of an executive office, four major directorates, and a variety of… …   Wikipedia

  • Organizational theory in public administration — The thematic evolution of organizational theory is yet another way one might capture the development of the field. Modern public sector organizational theory can be thought of as the product of two fields of study: management and government. Each …   Wikipedia

  • Industrial and organizational psychology — Psychology …   Wikipedia

  • Professional certification (computer technology) — Professional certifications in computer technology are non degree awards made to those who have achieved qualifications specified by a certifying authority. Depending on the particular certification, qualifications may include completing a course …   Wikipedia

  • Professional certification (Computer technology) — A Professional certification in the Computer technology field is a designation earned by a person to assure that he/she is qualified to perform a job or task.Certifications, generally, need to be renewed periodically, or may be valid for a… …   Wikipedia

  • United States Department of Homeland Security — DHS redirects here. For other uses, see DHS (disambiguation). United States Department of Homeland Security Agency overview Formed …   Wikipedia

  • Ossa — may refer to: Lake Ossa, Littoral Province, Cameroon Mount Ossa (Greece), also known as Kissavos Mount Ossa (Tasmania) Tasmania, Australia Mount Ossa National Park Queensland, Australia Organizational Systems Security Analyst (OSSA) OSSA… …   Wikipedia

  • List of United States Marine Corps MOS — The Marine Corps s Military Occupational Specialty (MOS) is a system of categorizing career fields. The standard structure of an MOS identifier is a 4 digit number, with the first two being the category, and the second two being the career within …   Wikipedia

  • Intelligence analysis management — This article deals with the roles of processing/analysis in the real world intelligence cycle as a part of intelligence cycle management. See Intelligence analysis for a discussion of the techniques of analysis. For a hierarchical list of… …   Wikipedia

  • information system — Introduction       an integrated set of components for collecting, storing, processing, and communicating information (information science). Business firms, other organizations, and individuals in contemporary society rely on information systems… …   Universalium

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”