The Organizational Systems Security Analyst (OSSA) is a technical

vendor In a supply chain, a vendor, supplier, provider or a seller, is an enterprise that contributes goods or services. Generally, a supply chain vendor manufactures inventory/stock items and sells them to the next link in the chain. Today, these terms ...

-neutral

Information Security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

certification programme which is being offered in

Asia Asia (, ) is one of the world's most notable geographical regions, which is either considered a continent in its own right or a subcontinent of Eurasia, which shares the continental landmass of Afro-Eurasia with Africa. Asia covers an are ...

. It is developed b
ThinkSECURE Pte Ltd
an information-security certification body and consultancy. The programme consists of a specialized

technical Technical may refer to: * Technical (vehicle), an improvised fighting vehicle * Technical analysis, a discipline for forecasting the future direction of prices through the study of past market data * Technical drawing, showing how something is co ...

information security training and certification course and practical examination which technical

Information Technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of Data (computing), data . and information. IT forms part of information and communications technology (ICT). An information te ...

professionals can attend in order to become skilled and effective technical Information Security professionals and to prove their level of competence and skill by undergoing the examination. Technical staff enrolling in the programme are taught and trained how to address the technical security issues they encounter in daily operations and how to methodically establish, operate and maintain security for their organization's

computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ...

and

computer systems A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These program ...

infrastructure. The OSSA programme does not focus on

hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...

as these quickly become obsolete as software patches are released. It first looks at security from a methodological thinking perspective and draws lessons from

Sun Tzu Sun Tzu ( ; zh, t=孫子, s=孙子, first= t, p=Sūnzǐ) was a Chinese military general, strategist, philosopher, and writer who lived during the Eastern Zhou period of 771 to 256 BCE. Sun Tzu is traditionally credited as the author of '' The ...

's "

The Art of War ''The Art of War'' () is an ancient Chinese military treatise dating from the Late Spring and Autumn Period (roughly 5th century BC). The work, which is attributed to the ancient Chinese military strategist Sun Tzu ("Master Sun"), is com ...

" to generate a security framework and then introduces example resources and tools by which the various security aims and objectives, such as "how to defend your

server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...

against a hacker's attacks" can be met. Sun Tzu's 'Art of War'

treatise A treatise is a formal and systematic written discourse on some subject, generally longer and treating it in greater depth than an essay, and more concerned with investigating or exposing the principles of the subject and its conclusions." Tre ...

is used to provide a guiding philosophy throughout the programme, addressing both offensive threats and the defensive measures needed to overcome them. The philosophy also extends to the sections on incident response methodology (i.e. how to respond to security breaches), computer forensics and the impact of

law Law is a set of rules that are created and are enforceable by social or governmental institutions to regulate behavior,Robertson, ''Crimes against humanity'', 90. with its precise definition a matter of longstanding debate. It has been vario ...

on security-related activities such as the recovery of information from a computer crime suspect's hard drive. Under the programme, students are given coursework and experience how to set up and maintain a complete

enterprise Enterprise (or the archaic spelling Enterprize) may refer to: Business and economics Brands and enterprises * Enterprise GP Holdings, an energy holding company * Enterprise plc, a UK civil engineering and maintenance company * Enterpris ...

-class security monitoring and defence infrastructure which includes firewalls,

network intrusion detection system An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...

s, file-integrity checkers, honeypots and

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can de ...

. A unique attacker's

methodology In its most common sense, methodology is the study of research methods. However, the term can also refer to the methods themselves or to the philosophical discussion of associated background assumptions. A method is a structured procedure for br ...

is also introduced to assist the technical staff with identifying the modus operandi of an attacker and his arsenal and to conduct auditing against computer systems by using that methodology. The generic title sections under the programme appear to comprise the following: *What is

Network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...

101 *Defending your Turf &

Security Policy Security policy is a definition of what it means to ''be secure'' for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms ...

Formulation *Defensive Tools & Lockdown *The 5E Attacker Methodology: Attacker Methods &

Exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...

s *Wireless (In)Security *Incident Response & Computer Forensics *The Impact Of

Law Law is a set of rules that are created and are enforceable by social or governmental institutions to regulate behavior,Robertson, ''Crimes against humanity'', 90. with its precise definition a matter of longstanding debate. It has been vario ...

Under each section are many modules, for example the defensive section covers the setting up of firewalls, NIDS, HIDS, honeypots, cryptographic

, etc. The OSSA programme consists of both practical hands-on lab-based coursework and a practical hands-on lab-based certification examination. According to th
ThinkSECURE website
the rationale for this is that only those who prove they can apply their skills and knowledge to a completely new and unknown exam setup will get certified and those who only know how to do exam-cramming by memorizing facts and figures and visiting brain dump sites will not be able to get certified. Compared to non-practical multiple-choice-question exam formats, this method of examination is beneficial for the Information Security industry and employers as a whole because it provides the following benefits: *makes sure only candidates who can prove ability to apply skills in a practical examination are certified. *stops brain-dumpers from attaining and devaluing the certification as a basis of competency evaluation. *protects people's and companies' money and time investment in getting certified. *helps employers identify technical staff who are more skilled. *provides the industry with a pool of competent, qualified technical staff.

External links

Definition of OSSA acronym

OSSA Programme Outline

ThinkSECURE

ISO 9001 Certification Toolkit

Information technology qualifications Professional titles and certifications