As enterprise information technology systems have become the repository for critical proprietary business intelligence and corporate espionage methods have become more sophisticated, IT security systems have grown in complexity. Information security analysts must possess a thorough understanding of all network components and recognize any characteristics that may undermine security integrity. In order to anticipate and recognize potential threats to the system, analysts must remain up to date on the latest security threats, software and network vulnerabilities, and the latest tools and methods that unscrupulous actors may use to gain access.
The primary role of information security analysts is to prevent unauthorized access to information stored on computing devices and networks. They also serve as damage control professionals that identify security weaknesses and create robust defenses if security is compromised.
As an expert in information and network security, information security analyst jobs involve anticipating external and internal threats, developing comprehensive security strategies, and collaborating with software and equipment manufacturers to identify and neutralize system weaknesses.
An information security analyst’s job also involves conducting cyber forensic investigations to produce summary reports for management and law enforcement agencies.
Information Security Analyst Job Functions
In order to defend an IT network from attack, an information security analyst must perform an array of functions as part of the job:
- Remain informed about personnel access, equipment and software specifications, network implementation, and industry security best practices.
- Research available information about security threats including malware, viruses, and other forms of cyber-attack.
- Develop monitoring programs that record use of network and information.
- Implement training programs that instruct users on methods of data access that minimize security impairment.
- Analyze possible threats and provide accurate estimates of system vulnerability.
- Generate simulations of a cyber-attack to identify system weaknesses.
- Create plans that protect data from intentional or accidental unauthorized access, modification or destruction.
- Develop encrypted communications systems that allow the transmission of sensitive information to external parties.
- Communicate with equipment and software vendors about product vulnerabilities and defensive upgrades.
- Collaborate with management, legal divisions, and law enforcement agencies to mitigate security weaknesses.
- Implement software and hardware safeguards.
- Conduct forensic investigations of any security breaches and submit reports to relevant personnel and agencies.
How to Become an Information Security Analyst:
Education and Degree Options
Most professionals in this field complete their undergraduate education with a degree in one of the following:
- Computer Science
- Computer and Information Systems Security/ Information Assurance
- Computer Systems Networking and Telecommunications
- Cyber/Computer Forensics and Counterterrorism
- Information Technology Project Management
While courses taken should provide a rigorous curriculum in the theory and application of IT networks it is also recommended to gain some knowledge of
- Computer architecture
- Law and regulations
- Risk assessment and policy analysis
While 65% of information security analysts possess only a bachelor’s degree, 23% possess a master’s. The added job security and advancement potential of a master’s degree provides significant advantages to those who complete graduate programs.
Professional Certifications for Information Security Analysts
Many information security analysts add to their expertise with on the job experience. This experience can be formally recognized by a number of widely recognized professional certifications.
- International Information Systems Security Certification Consortion, Inc. (ISC2) offers various levels of certification.
- Certified Information Systems Security Professional (CISSP) requires at least five years of experience with information security and successful completion of a comprehensive exam.
- Certified Secure Software Lifecycle Professional (CSSLP) requires at least four years of experience in software lifecycle and successful completion of an exam.
- Certified Authorization Professional (CAP) requires exam completion and at least two years of general systems experience, as well as one to two years of database/systems/ network experience.
- Cisco allows recipients of its various levels of certification to specialize in network security
- Cisco Certified Network Professional (CCNP) Security requires completion of a series of topical exams and recertification is required every three years.
- Cisco Certified Internetwork Expert (CCIE) Security requires completion of a written exam and a hands-on lab exam, with three to five years in this field strongly encouraged.
Salary and Employment Projections for Information Security Analysts
The U.S. Bureau of Labor Statistics reports that the median annual salary for information security analysts in 2010 was $75,660 or $36.37 an hour. This profession is projected to outpace job growth in most other industries, with a projected 22% increase in the number of jobs becoming available during the current decade ending 2020. The industries that employ the largest numbers of information security analysts and their annual average salary for 2011 are as follows:
- Management of Companies and Enterprises – $82,750
- Wired Telecommunications Carriers – $87,800
- Management, Scientific, and Technical Consulting Services – $86,610
- Data Processing, Hosting and Related Services – $82,620
The highest paying industries for information security analysts:
- Securities and Commodity Contracts Intermediation and Brokerage – $109,480
- Bakeries and Tortilla Manufacturing – $103,530
- Rail Transportation – $101,080
- Household Appliance Manufacturing – $101,070
- Semiconductor and Other Electronic Component Manufacturing – $100,660
Resources and Professional Associations for Information
- International Information Systems Security Certification Consortion, Inc. (ISC2)
- The American Society for Information Science & Technology
- Information Resources Management Association (IRMA)
- Information Systems Security Association (ISSA)