|
Download Extern Job Request Form
Externships
CSSIA is actively pursuing business partnerships with Chicago and Midwest organizations. CSSIA is a non-profit organization formed to enhance System Security and Information Assurance. If you organization is interested in learning more about partnering with CSSIA please contact Ed Kelly.
These are areas that our staff can work with your organization in forming a partnership that will benefit both organizations and enhance our communities Information Technology Infrastructure. CSSIA has received federal funding to pay our faculty members to assist your organization in implementing IT security and Information assurance needs. These experiences not only provide you with academic expertise, but these experiences also enable our faculty to gain greater real world application of their knowledge and skills.
Security Policies ? our faculty can participate in your organization's design and implementation of security policies. From acceptable use to encryption, we have faculty members that we will pay to assist your organization create the foundation of your security program. The quality of security controls can significantly influence all categories of risk. We will also have a luncheon in which you may attend that addresses this topic.
Technology ? Our faculty can also work with your IT staff in the selection, purchase and installation of IT security technologies from firewalls, proxy servers, IDS systems, honey pots, biometrics and other technological solutions for your company's security needs. Our faculty members can work with you to evaluate and configure the appropriate solution to meet your particular requirements.
Risk Assessment ? The current flurry of federal and state statutes has increased the responsibilities, legal liabilities and need to examine your organization's risk related to information security and data assurance. CSSIA faculty can work with your organization to plan and execute a comprehensive risk assessment audit. Traditionally, examiners and bankers recognize the direct impact on operational/transaction risk from incidents related to fraud, theft, or accidental damage. Many security weaknesses, however, can directly increase exposure in other risk areas. For example, the GLBA introduced additional legal/compliance risk due to the potential for regulatory noncompliance in safeguarding customer information. The potential for legal liability related to customer privacy breaches may present additional risk in the future. Effective application access controls can reduce credit and market risk by imposing risk limits on loan officers or traders. If a trader were to exceed the intended trade authority, the institution may unknowingly assume additional market risk exposure.
Incident Handling - A well-defined security incident handling plan is vital to the effective operation of an information system, which in turn affects the operation of an organization as a whole. It helps your organization to systematically tackle problems arising from a security incident, minimize losses and resolve the problem in a more effective manner.
If a security incident occurs, e.g. your company's website is defaced, a series of remedy actions are required to bring the site back to normal, while at the same time you need to preserve evidence for further investigations. On the other hand, you may need to report to appropriate authorities such as local Police or FBI Computer Crimes Division, as well as to escalate to your senior management. Our faculty can help you to systematically document these procedures in order to make timely decisions and expedite problem resolution. The more the process is delayed, the more difficult the problem is to resolve, thus creating more losses to your business.
Evaluate Individual's Professional Credentials - Many factors contribute to a professional?s reputation, including education, previous employment, accomplishments and awards. A key tool in establishing expertise and value is holding a certification that is recognized in legal challenges and court litigation. Industry credentials demonstrate that the professional has the knowledge, commitment and discipline to achieve specially defined standards and keep their expertise up-to-date. Some of the leading international IT designations include the Information Systems Audit and Control Association?s (ISACA) Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications, Cisco Certified Security Professional (CCSP), SANS? Global Information Assurance Certification (GIAC), CompTIA?s Security+, the Microsoft Security Systems Engineer (MCSE), and the International Information Systems Security Certification Consortium?s (ISC)2 - Certified Information Systems Security Professional (CISSP). We can not only help your organization identify the appropriate credentials but also provide training at one of our seven academic institutions.
Business Continuity Plan - In the wake of September 11th, companies have been scrambling to review and update their disaster recovery and business continuity plans. In this discovery phase most firms are recognizing that their current disaster recovery programs are not adequate to prepare for the magnitude of disaster that struck the companies located in the World Trade Center towers and surrounding buildings. The conventional wisdom is that this inadequacy is due to an underestimation of the worst-case scenario. Our faculty can work with you and other community authorities to establish the type of Business Continuity Plan that can enable your organization to maintain operations even in the face of disasters.
Penetration Test - Penetration testing provides a number of benefits to the security effort, many of which could not be realized through other methods. Penetration testing, whether of internally developed or commercial solutions, helps to confirm the effectiveness of your organization's security countermeasures and safeguards. Approaching the problem of security from the perspective of an attacker who needs to find only one weakness to be successful, can often address many problems otherwise invisible to the defender (who has to defend many different points of attack). Also, the penetration tester has the freedom to act outside the paradigm, or context, of the system and its purpose. This paradigm shift can uncover problems that designers may never have considered. Finally, the penetration tester can work around perimeter defenses, such as firewalls, by exploiting ?allowed paths.? Allowed paths, or those services that a system provides, intentionally and by design, can often be manipulated to compromise security. Our faculty can help you plan and execute these tests. | 
