Activity 1 Continuation.....

Should an IT Professional either be licensed or certified? Why or why not?

Yes. In my opinion being licensed or certified is a reason to recognize an individual for its excellence/quality of his/her performance. It will serve as evidence that you are proficient and capable enough. It will help everyone to support in a global competitiveness and promote social responsibility. It could support your personal interest and well being.

As an IT graduating students of the College, what Certification or Licensing you are aiming for? Why?

I am aiming for an A+ Certification. For it is professionally run and managed by those reliable characters in the field of IT. It is one way of measuring the intelligence, commitment, and a willingness to seek and share knowledge among different IT Practitioner. One of its benefits is providing professional networking that could that help you of becoming a great tool when you least expect it. The relationships you extend today may yield success in the future.

Considering myself as an IT professional after my graduation
Question: After graduation (1 month), can you consider yourself as an IT professional? and in what grounds?

Honestly speaking, if I’m going to evaluate myself right now, I cannot consider for my part as an IT Professional. It is defined that professional should practice its chosen career or profession, first and foremost since I am a fresh graduate I should first pick of what area of an IT I’m going to take. It is not easy being called a professional. Before you can obtain that type of designation you should have enough expertise, proficiency, comprehension, and aptitude in your chosen course in IT. It takes months, year and decade (most horrible) to be consider as professional. A lot of things you should consider, you must acquire adequate trainings and experiences before allowing yourself to be called as a professional.



Reasons why there's no standard examination in IT

As we all know Information Technology is very dynamic in nature and changes as time passes by. There’s no such thing as permanent in IT. It changes every now and then. Its area of expertise is immeasurable. Thus, IT is very diverse.

Monitoring employee use of Internet: My Own Perspective

The Internet itself is extremely essential in every firm nowadays for it provides an easy operation and communication in dealing with its client and stakeholders. It elevates the quality of service in all aspect of business. Many of the businesses allow their employee to utilize the internet. Thus, many of this firm restricts the usage of internet.
In my own viewpoint employee has to act their duties according to its nature. Employee ought to use internet for dealing in various organizations operation. They should act upon the regulations and guidelines set by the authorities. Hence, employee needs to observe all security practices being imposed to them. They should not use the resources of the firm for its personal concern and to further acts that are unlawful or violates the code of manner of its respective establishment. Furthermore, technologies must be exercise in promoting the goodwill and societal liability of the business. After all, Internet is a great resource of nearly all firms; it is the task of each employee to use this resource correctly and politely.

Activity 1 – Professional Organizations

I. What are some benefits of joining (IT) professional organizations?

Being part of any IT Professional Organization is an honor for the reason that it serves as proper guidance of your skills and competence in your chosen field. Because joining a professional organization is an immense place to network with people in your career path and stay abreast of changes in your field. To some extent it will build up your potential to become an organization leader. Joining any organization is just a basis who wants to expand their understanding of the particular area and to develop innovative skills. Thus it can be beneficial to both personal and profession improvement. This type of group permits every individual to integrate ideas among its co-member.


II. What might be some disadvantages?

Some disadvantages may include: first the pressure is always in your hand, individuals may anticipate too much from you. Second, it could result to overconfidence of an individual. Lastly, expectations are extremely high.

III. In your discussions mention at least three (3) local or regional, two (2) national, and five (5) international IT professional organizations including their brief profile.

1. Society for Information Management

About SIM
Delivering Business Value through IT Leadership

Where Do You Turn?

As a senior-level IT professional, you provide both strategic and tactical direction to your division on a daily basis. Your staff constantly turns to you for advice, answers and guidance on the various issues plaguing IT departments. What about you? Where do you turn for that knowledge exchange and sharing of best practices that stimulate the mind of a CIO? Turn to the Society for Information Management (SIM). Since 1968, SIM has inspired the minds of the most prestigious IT leaders in the industry. Highly regarded as the premier network for IT leadership, SIM is a community of thought leaders who share experiences and rich intellectual capital, and who explore future IT direction.


What Does SIM Offer?

Recognizing the unique needs of the industry, SIM collects the intellectual capital of IT leaders nationwide and offers the resources you need to do business better, including:
Face-to-Face meetings/networking – SIMposium, Advance Practices Council (APC) meetings, Regional Leadership Forums (RLF), chapter meetings, and CIO roundtables bring you face-to-face with other key industry executives to share knowledge and network about topics pertinent to IT leaders
Online tools – On-demand Webinars and archived Webcasts, an online library featuring nearly 50 whitepapers, working group deliverables, past conference presentations and much more to bring best practices of other IT leaders straight to your desktop.
Publications – SIM News, a compilation of association news, articles of interest, interviews, and industry insights and MIS Quarterly Executive (MISQE), a quarterly online publication dedicated to publishing high quality articles, case studies and research reports.
More Resources/Programs – SIM offers a wealth of knowledge with these resources and more. Click on the Programs tab to view all the ways SIM can help you raise the bar.

Our Vision:

To be recognized as the community that is most preferred by IT leaders for delivering vital knowledge that creates business value and enables personal development.

Our Mission:

SIM is an association of senior IT executives, prominent academicians, selected consultants, and other IT thought leaders built on the foundation of local chapters, who come together to share and enhance their rich intellectual capital for the benefit of its members and their organizations.SIM members strongly believe in and champion:

The alignment of IT and business as a valued partnership;
The creation and sharing of best practices;
The effective, efficient and innovative business use of information technology to continuously bring to market valuable products and services;
IT management and leadership skills development that enables our members growth at each stage of their career;
The replenishment and education of future IT leaders including a strong role in influencing university curriculums and continuing education;
Working with the IT industry to shape its direction; and
Policies and legislation that stimulate innovation, economic development, healthy competition and IT job creation.
Serving our communities and the industry through giving and outreach

Inside SIM

Strategic direction for the organization is provided by SIM’s elected Executive Board. SIM’s standing committees are key to developing initiatives that fulfill the strategic goals of the association. Supporting the organization and fulfilling day-to-day management responsibility is SIM’s professional staff.


2. Association of Information Technology Professionals:

Backgrounds:

Vision

AITP is the leading worldwide society of information technology business professionals and the community of knowledge for the current and next generation of leaders. Adopted December, 2008.

Mission

To serve our members by delivering relevant technology and leadership education, research and information on current business and technology issues, and forums for networking and collaboration. Adopted December, 2008.Core Values.

Integrity

We value professionalism and uphold the AITP Code of Ethics and Code of Conduct.

Respect
We build an inclusive environment through mentoring, delivering on commitments, working together with trust, and enjoying the camaraderie of each other.

Innovation

We learn, share insights, and encourage our members to make a difference today and for the future.

Service

We keep current in technology, business, and academia. We contribute to the Association, IT profession, and society utilizing leadership, appropriate solutions, and sound processes.

Guiding Principles

“Character, I learned, is far more important than technical knowledge. You want people who fit in with the culture of the company.-Margot Fraser, founder, Birkenstock
Our Guiding Principles reflect AITP’s beliefs about your role as a member and the impact we want AITP to have in the IT profession.
We aspire to be better leaders, better people.
We excel through honesty.
We treat others with respect.
We demand ethical behavior of ourselves.
We encourage out of the box thinking.
We lead with confidence and inspire team members to achieve success.
We don’t let fear of change paralyze us in reaching our goals.
We are fiscally responsible.
We take ownership in everything we do.
We have fun.


3. Information Technology Foundation of the Philippines (ITFP)

About:

The Information Technology Foundation of the Philippines (ITFP) is a non-stock and non-profit organization. It is the federation of all the Philippine Computer IT organization.

Vision:

"The voice and the medium of the ICT community in the country that supports the ICT programs of the government and private sector."

Mission:

To contribute to the contribute to the economic, social and political development of the country
- by advocating the wise and widespread use of ICT;
- by representing the needs and interest of the ICT industry and community;
- by supporting the ICT-based programs of government and private sector; and
- by strengthening the country's global competitiveness through ICT

Objectives:

• To accelerate the development of the Philippine Information Technology industry and help the profession by conducting and supporting projects and activities that will lead to the attainment of its purposes.
• To support and fund selected IT related activities of its member Associations.
• To contribute towards the social and economic development to the country through the promotion of IT utilization in all sectors of the Philippine society.
• To represent the IT industry in the government in the formulation and implementation of policies, laws, regulations and statues affecting the IT industry.

4. The Information Systems Security Association (ISSA)

The pre-eminent trusted global information security community.

ISSA is dedicated to providing the following services to the information security community. Promote the education and expand the knowledge and skills of its members in the interrelated fields of information systems security and information data processing
Encourage a free exchange of information security techniques, approaches, and problem solving by its members
Provide communication to keep members abreast of current events in information processing and security, providing benefits to them and their employers
Communicate to management, and to systems and information processing professionals the importance of establishing controls necessary to ensure the secure organization and utilization of information processing resources

Overview

The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.

Membership

With active participation from individuals and chapters all over the world, the ISSA is the largest international, not-for-profit association specifically for security professionals. Members include practitioners at all levels of the security field in a broad range of industries, such as communications, education, healthcare, manufacturing, financial and government.

The ISSA international board consists of some of the most influential people in the security industry, with representatives from Dell Computer Corporation, EDS, Forrester Research Inc., Symantec and Washington Mutual. With an international communications network developed throughout the industry, the ISSA is focused on maintaining its position as The Global Voice of Information Security.

Goals

The primary goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved.

Activities

The following list includes some of the important ways that ISSA members work toward achieving the Association's goals:
Organize international conferences, local chapter meetings and seminars that offer educational programs, training and valuable networking opportunities.
Provide access to information through the ISSA website as well as an online newsletter and monthly journal.
Offer support for professional certification and development opportunities for security practitioners.
Create opportunities for members to join committees and boards, which provide significant leadership for the security industry.
Facilitate discussion and feedback on key issues, such as the National Strategy to Secure Cyberspace, in order to create a unified voice for security professionals around the world that can influence public opinion, government regulations, the media and other important audiences.

5. The IEEE Computer Society

About the Computer Society

With nearly 85,000 members, the IEEE Computer Society is the world’s leading organization of computing professionals. Founded in 1946, and the largest of the 38 societies of the Institute of Electrical and Electronics Engineers (IEEE), the CS is dedicated to advancing the theory and application of computer and information-processing technology.
The CS serves the information and career-development needs of today’s computing researchers and practitioners with technical journals, magazines, conferences, books, conference publications, and online courses. Its Certified Software Development Professional (CSDP) program for mid-career professionals and Certified Software Development Associate (CSDA) credential for recent college graduates confirm the skill and knowledge of those working in the field. Known worldwide for its computer-standards activities, the CS promotes an active exchange of ideas and technological innovation among its members.
The IEEE Computer Society Digital Library (CSDL) provides access to more than 310,000 articles and papers from 3,500 conference proceedings and to all available issues of 27 CS periodicals. The CS Conference Publishing Services division produces more than 250 conference publications, authored books, online tutorials, CD-ROMs, multimedia, and additional electronic products each year. CS Press Books also publishes full-length technical books on cutting-edge topics through a partnership with John Wiley and Sons.
With about 40 percent of its members living and working outside the United States, the CS fosters international communication, cooperation, and information exchange. It monitors and evaluates curriculum accreditation guidelines through its ties with the US Computing Sciences Accreditation Board and the Accreditation Board for Engineering and Technology.

References:

http://www.witi.com/center/aboutwiti/
http://www.aitp.org/organization/about/mission/mission.jsp
http://www.aitp-charleston.org/
http://www.simnet.org/AboutSIM/SIMataGlance/tabid/100/Default.aspx
http://www.computer.org/portal/web/about
https://www.issa.org/page/?p=Profile_16

Google @ China: My Own Perspective

It’s been an issue nowadays the decision of the Google Company to withdraw its services from China due to some sensitive concern (cyber attacks or hacking). This issue raised mixed reactions from people. I guess the Chinese Government has to take liability of this matter. Since every trade should cooperate and with local laws and convention in China. In every nation we work in, we always work with local authorities to follow local rules and best practice. By this, the Chinese Government should take some action addressing this problem.
Some of the Chinese people agreed with Google for taking its position not in favor of the communist supervision. Google cyber attacks gave the opportunity for Google to depart the Chinese online market. However, Google has to reflect twice prior of making this conclusion since China has the most number of internet users.

What is Profession?

1) "A profession is a vocation founded upon specialised educational training, the purpose of which is to supply disinterested counsel and service to others, for a direct and definite compensation, wholly apart from expectation of other business gain".

Source:
http://en.wikipedia.org/wiki/Profession

2) A profession is a specialized work function within society, generally performed by a professional.
In a more restrictive sense, profession often refers specifically to fields that require extensive study and mastery of specialized knowledge, such as law, medicine, nursing, the clergy or engineering. In this sense, profession is contrasted with occupation, which refers generally to the nature of a person's employment.

Source:
http://www.knowledgerush.com/kr/encyclopedia/Profession/

What is Professional?

A professional is a member of a vocation founded upon specialised educational training.

The word professional traditionally means a person who has obtained a degree in a professional field. The term professional is used more generally to denote a white collar working person, or a person who performs commercially in a field typically reserved for hobbyists or amateurs.

In western nations, such as the United States, the term commonly describes highly educated, mostly salaried workers, who enjoy considerable work autonomy, a comfortable salary, and are commonly engaged in creative and intellectually challenging work. Less technically, it may also refer to a person having impressive competence in a particular activity.

Because of the personal and confidential nature of many professional services and thus the necessity to place a great deal of trust in them, most professionals are held up to strict ethical and moral regulations.

Source:
http://en.wikipedia.org/wiki/Professional

Computer Security Under Attack
Hacking - Case Study

The Organization

A seller of quality model cars based in the UK.The company involved was small, employing fewer than six people. It originated as a mail order company, and saw upgrading to include Internet-based sales as a natural step. They went into this field early, and used their normal Internet Service Provider to develop their online payment system.

What Happened

The company was infiltrated online by hackers, who altered prices on the site's catalogue. They were able to set any price they wanted for any product - and they did, reducing prices to one tenth of the original.

Impact

The company suffered substantial losses as a direct result of the attack. Fortunately, they recovered from the event quickly and prevented a recurrence by employing a specialist e-commerce oriented consultancy. This involved additional expense, but less than the amount they lost in the hacking attack.Such infiltration can go beyond embarrassment and financial loss. A website can be taken over and used to host illegal sites (including pornographic and warez sites). A warez site is one that provides illegal stolen software. It also provides the means to use copy-protected and similar programmes illegally.

Lessons?

•If you use the Internet for trading, ensure your website is secure.
•If you do not have IT staff 'in house', seek information security advice from a specialist company.

Source:
http://www.berr.gov.uk/whatwedo/sectors/infosec/infosecadvice/unauthorisedaccess/hacking/page33340.html

Types of Attacks

There are too many types, methods and mechanisms of attack to provide a comprehensive description of all of them. New attack techniques and exploits are constantly being developed and discovered.

One of the main advantages of KFSensor is that it assumes all connections made to it are malevolent, as there is no legitimate reason to connect to its simulated servers. Because of this it is effective at detecting unknown attack techniques as it does not rely on signature databases of known attacks.

This section provides an introduction to some of the types and techniques used to attack and compromise a system.

The perpetrators

Ultimately all attacks are originated by people with a motivation to steal, cause vandalism, prove themselves to be elite hackers, or just for the thrill it gives them. Most attacks are actually performed by automated tools that such people release on the Internet.

Virus

Computer viruses have a long history. A virus attempts to install itself on a user's system and to spread directly to other files on that system with the aim that these infected files will be transferred to another machine. The payload of a virus can range from 'comical' pranks to destruction of the system itself.

A virus relies on users to spread by sharing infected files either directly or via email. Once launched, a virus is completely independent of its creator.

Although the most common threat to security, the traditional virus does not attack other systems directly and so is unlikely to be detected by KFSensor.

Worm

A worm is very similar to a virus. The key difference is that a worm attempts to propagate itself without any user involvement. It typically scans other computers for vulnerabilities which it is designed to exploit. When such a machine is identified, the worm will attack that machine, copying over its files and installing itself, so that the process can continue.

KFSensor excels at detecting worms as they scan and attempt to attack very large numbers of systems at random.

Trojan

Trojans take their name from the trojan horse of Greek mythology.
Computer trojans work in the same way. A game, screen saver or cracked piece of commercial software is given to a victim. The software may appear to work as normal, but its real purpose is to deliver a payload, such as a virus or a root kit.

Root Kit

A root kit is a piece of software that once installed on a victim's machine opens up a port to allow a hacker to communicate with it and take full control of the system. Root kits are also known as back doors. Some root kits give a hacker even more control of a machine than a victim may have themselves.

The SubSeven root kit allows an attacker to turn off a victim's monitor, move the mouse and even turn on an installed web cam and watch the victim without their knowledge.

Hybrids

Often malware is a dangerous hybrid that can combine the features of the different classifications described above. The SubSeven root kit is delivered and classified as a trojan.

Scanners

Scanners are tools designed to interrogate machines on the Internet to elicit information about the types and versions of the services that they are running. There are a variety of scanners, some just ping for the presence of a machine, others look for open ports, while others are more specialized in looking for vulnerabilities of a particular type of service, or the presence of a root kit. Scanners are often incorporated into other malware such as worms.

Scanners are a favorite tool of a hacker, but are just as useful to security professionals trying to detect and close down system vulnerabilities. KFSensor detects scanners and is effective at misleading them.

Hacker

Hacker, H4x0r5, crackers and black hats are all terms for those individuals that KFSensor is ultimately designed to detect and offer protection from. The term hacker is used in this manual to cover all such individuals.

Direct, or manual actions, by a hacker are much rarer than the attacks launched by the tools described above. Hackers usually only attack a system directly once a system has been identified as vulnerable or has already been exploited by an automated tool.

Source:
http://www.keyfocus.net/kfsensor/help/Concepts/con_TypesOfAttacks.php