EC-Council Certified Security Officer  | ECSO Certification The EC-Council Certified Security Officer (ECSO) certification is targeted towards people who work in the management industry overlooking security issues. Ideal candidates are Chief Financial Officer, Chief Executive Officer, Chief Information Officer, Chief Technology Officer Etc. |
In-depth Security Analysis
The EC-Council's ECSO certification looks at the network security in in depth analysis and risk assessment view while the CEH certification program looks at the security in ethical hacking offensive mode. The ECSO program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information.
| 
|
| Dealing with security threats
Technologies may rise and fall, systems may be upgraded, and job responsibilities may expand, but there's one thing that remains the same: Dealing with security threats. Whether it is responding to a new virus, upgrading firewalls, or installing antispyware software, there is always some threat that needs to be fixed, patched, or planned for. And while new technologies may retire certain security issues for good, the hackers, spyware companies, script kiddies, spam lords and other bad guys seem to have a never-ending bag of tricks to throw into the mix. The security picture is complicated by limited budgets, bad user habits, and regulations relating to data protection and retention.
|
CIOs have considered security as necessary
CIOs have persisted in focusing on four basic questions that too often stump the most savvy IT professionals:
- What is the security return on investment?
- What is the probability of a catastrophic security failure?
- What is the cost of self-insuring against security risks?
- What are the tangible benefits of being an industry leader for security?
| 
|
| CIO's View on Security
Most CIOs viewed both physical and information security as purely tactical, rather than as a strategic imperative. In their minds, security means either protection of assets or prevention of IT-related risks, such as hacking attacks and other cybercrime. Some CIOs viewed security as an element of a larger business risk-management process. In almost all cases, though, CIOs in the private and public sectors didn't embrace security as something directly related to corporate mission or strategy.
|
In short, the CIO perspective was consistent with what we already knew. That is, they view security as an operating necessity, not as a business opportunity or marketplace advantage. The following are a few of the comments these leaders made when they were asked to explain the value proposition of security, in their own words:
Security is all about preventing bad behavior from affecting our organization.
| 
|
| Security is the prevention or fast detection of a breach or violation
- There is no real value in becoming the industry leader or exemplar for security.
- Too much security and a control orientation will prevent our organization from taking justifiable risks.
- Most security technologies don't work and are a waste of time and resources for our company.
- Security spending is a pure cost of compliance.
- Security is best handled as a middle management responsibility.
- Most security problems occur because of sloppy internal procedures rather than poor IT controls and safeguards.
|
|