Information assurance professionals are the frontline in protecting the information in computer and information systems from prying eyes. Information assurance includes all disciplines needed to maintain computer and network security, including:
- Computer emergency response team operations
- Cyber crime and digital forensic investigations
- Defensive information operations and offensive computer security
- Information assurance systems and product acquisition
- Information assurance training education and management
- Systems security engineering
- Systems/network administration and operation
- Threat and vulnerability assessment
- Web security
Information Security Analysts
Information security analysts design, develop, and integrate security solutions to keep an organization’s information safe from cyberattacks. Specific job responsibilities may include:
- Develop security standards, recommend security enhancements, and help plan and implement an organization’s security procedures
- Help computer users install or learn about new security products and procedures
- Install and use security software, such as firewalls and data encryption programs
- Monitor networks for security breaches and investigate breaches
- Stay up-to-date with latest information technology security trends and threats to stay ahead of cyberattackers
- Create a disaster recovery plan
Becoming an information security analyst (also called an information assurance analyst) generally requires at least a bachelor’s degree in information assurance, computer science, or a related field. Positions beyond entry-level often require a security certification, such as CISSP or Security+.
The Bureau of Labor Statistics groups information security analysts with web developers and computer network architects and reports that their mean annual salary as of May 2011 was $81,670, with 50 percent earning between $58,300 and $101,570.
Other Information Assurance Jobs
Depending on the size of an organization and the extent of its computer systems, the organization may employ a number of people to help protect information assets and systems, make strategic decisions about information security issues (such as identity theft, computer viruses, and electronic fraud), and lead strategic security efforts. Some of these positions include:
- Computer Network Exploitation Analyst
- Information Assurance Manager
- Information Security Officer
- Information Security Incident Response Director
- Information Systems Security Analyst
- IT Security Consultant
- Network Security Specialist, Administrator, or Architect
- Regional Information Security Incident Response Manager
- Security Engineer or Information Assurance Engineer
- Security and Policy Awareness Analyst
- Security Strategist
How to Become an Information Assurance Professional
A direct route to becoming an information assurance professional is an associate’s degree, bachelor’s degree, graduate certificate, master’s degree, or doctorate degree in in information assurance. However, degrees in related areas, such as computer science, computer engineering, or information systems, can also lead to a career in information assurance. The level of required education depends on the level and responsibilities of the job.
The National Security Agency (NSA) and Department of Homeland Security (DHS) sponsor three National Centers of Academic Excellence programs to recognize institutions that offer top-notch information assurance education:
- CAE/2Y for two-year educational programs
- CAE/IAE for bachelor-degree and graduate-level educational programs
- CAE/R for research departments/institutions
The NSA offers a Summer Intern Program for Information Assurance.
Certification is important in the information assurance field, and many certifications are available. One of the most respected is Certified Information Systems Security Professional (CISSP) from the International Information Systems Security Certification Consortium, Inc., (ISC)². To take the CISSP exam, candidates need at least five years of experience, including experience in at least two of the ten domains of knowledge tested on the exam. Recertification is every three years, requiring 120 Continuing Professional Education credits.
Another common certification is CompTIA Security+. This certification demonstrates competency in access control and identity management; application, compliance, data, host, network, and operational security; cryptography; and threats and vulnerabilities. Certification requires passing a 100-question exam. Recommended experience before taking the exam is two years in technical networking with a security emphasis.
Other certification options include Certified Ethical Hacker through the EC-Council, four certifications from the Information Systems Audit and Control Association (ISACA), and a number of certifications in security administration, forensics, security management, and software security through Global Information Assurance Certification.
Information Assurance Salaries
The 2013 Robert Half Salary Guide for Technology Professionals reports the following average national salary ranges (salary ranges vary by geographic location):
- Systems Security Administrator $89,500 to $123,750
- Network Security Administrator $89,750 to $123,500
- Network Security Engineer $93,500 to $123,250
- Data Security Analyst $95,000 to $129,750
- Information Systems Security Manager $108,000 to $149,750
- Chief Security Officer $119,750 to $179,250
Robert Half also reports that skills that increase salaries are Check Point Firewall administration (7 percent increase), Linux/Unix administration (8 percent increase), and Cisco network administration (9 percent increase).
- Cybersecurity (from the Department of Homeland Security)
- Cybersecurity (from the Center for Strategic and International Studies)