This is Moderator's Typepad Profile.
Join Typepad and start following Moderator's activity
Join Now!
Already a member? Sign In
Inspiring a Safe and Secure Cyber World
Recent Activity
Cybersecurity professionals are in high demand and it’s projected to stay that way for the foreseeable future. Part of the mission of the Center for Cyber Safety and Education, (formerly the (ISC)² Foundation), is to provide scholarships to undergraduate and graduate students who are pursuing careers in the field of information security. In 2016, the Center awarded scholarships to 44 students worldwide. The undergraduate recipients were invited to apply for the Harold F. Tipton Memorial Scholarship, which is awarded to an aspiring information security student, to help provide a pathway to the profession. The prestigious scholarship was named after the... Continue reading
Posted Jan 20, 2017 at (ISC)2 Blog
(ISC)² is excited to announce the results of the election for its 2017 Board of Directors. The board is composed of 13 members who provide strategy, governance and oversight to our organization, grant certifications to qualifying candidates, and enforces adherence to the (ISC)² Code of Ethics. The following individuals will begin their voluntary service on the (ISC)² Board of Directors, effective January 1, 2017: Arthur Friedman, CISSP (U.S.A.) Sai Honig, CISSP, CCSP (New Zealand) Jennifer Minella, CISSP (U.S.A.) Greg Thompson, CISSP (Canada) Zachary Tudor, CISSP (U.S.A.) Directors are elected by the members to serve three-year terms, which are staggered so... Continue reading
Posted Dec 6, 2016 at (ISC)2 Blog
This special program, "From the Nation's Capital: Addressing the critical demand for cyber pros," presented by (ISC)² focuses on the many challenges facing the cyber community. Francis Rose explores these issues with Dan Waddell, the managing director for North America for (ISC)². Continue reading
Posted Nov 4, 2016 at (ISC)2 Blog
Rabei Hassan, CISSP-ISSAP, CCSP, shares his tips that can help you prepare for the (ISC)² exams, particularly the CISSP. Hassan is a senior cybersecurity consultant at EY, based in Sydney, Australia. With more than 18 years of experience in various IT fields, he has managed end-to-end implementations for ISMS based on ISO 27001. Hassan has developed information security risk management frameworks for various entities, and has extensive experience with project and program management. 1. Don’t jump to conclusions. Read each question carefully. Think about it, analyse it, and finally, answer it. Even, if it seems to be a simple or... Continue reading
Posted Nov 3, 2016 at (ISC)2 Blog
A view from the Conference Chair, Dr. Adrian Davis, CISSP, Managing Director (EMEA) (ISC)² From an examination of how augmented humans will live, work and play, to policy commitments from the Irish government, (ISC)²’s Third Annual Congress EMEA delegates gained a comprehensive view of the changing world to be faced by cybersecurity professionals. The international community of 250 members and information security professionals started to gather the evening before the event for our member reception and Town Hall Q&A. These events presented a well appreciated opportunity to hear from four serving members of our Board of Directors from outside the... Continue reading
Posted Oct 24, 2016 at (ISC)2 Blog
A recent DDoS attack on a well-known industry journalist heralds a new age in cyber warfare, mainly because the bots involved originated not from other computers, but from devices attached to the Internet of Things (IoT). This has security experts concerned, and some of our own CCSPs weigh in with their thoughts here. Continue reading
Posted Oct 18, 2016 at (ISC)2 Blog
The action-packed 2016 (ISC)² Security Congress ended with a paradigm changing keynote from Stan Dolberg and Phil Gardner of IANS on the model for security leadership. In keeping with the conference theme of “Advancing Security Leaders,” Stan and Phil unveiled a research-backed model that shows how high-performing security teams consistently demonstrate competence in both technical excellence and proactive organizational engagement areas. They call their model “CISO Impact™” and the room, filled with security professionals, eagerly took notes as the elements of the model were revealed. Gardner explained that as security professionals, we have made a promise. That promise is to... Continue reading
Posted Oct 10, 2016 at (ISC)2 Blog
The fifth annual (ISC)² Security Congress, proudly co-located with the 61st annual ASIS International Annual Seminar and Exhibits, is scheduled for September 28 through October 1 in Anaheim, California, U.S.A. We expect more than 19,000 information security and operational security professionals to join us, making this one of the largest and most unique conferences you will experience. In honor of the fifth annual (ISC)² Security Congress, here are five reasons this year's Security Congress is the (ISC)² member event of the year. Largest CPE Opportunity of the Year With so much to see and do at (ISC)² Security Congress, there... Continue reading
Posted Jul 13, 2015 at (ISC)2 Blog
I spent 25 years in the Washington, DC area, and during that time I became a National Public Radio junkie. I guess I still am. I recently listened to a report on a comprehensive study about how people in the workplace react to the news about a coworker that’s been diagnosed with breast cancer.[i] The results of the study shocked me. The worse the diagnoses and the closer employees physically worked to the diagnosed coworker, the less likely those working in close proximity were to seek cancer screening. Similarly, as the conversation about the complexities, costs, and potential breaches is... Continue reading
Posted Sep 10, 2014 at (ISC)2 Blog
By W. Hord Tipton, CISSP, Executive Director, (ISC)² and Michael Stack, Chief Executive Officer, ASIS International The mass migration of everyday objects becoming interconnected, or the “Internet of Things (IoT)” as the industry has coined it, exemplifies the merger between traditional and logical security. With the IoT, we must ask ourselves where traditional security begins and logical security ends. From security cameras to cars to medical devices and now even home appliances like refrigerators, what, if anything, can be identified as only traditional or logical security anymore? “When a device accesses the Internet, it’s given a unique IP address,” said... Continue reading
Posted Sep 2, 2014 at (ISC)2 Blog
Continuous monitoring is the key to thwarting these types of breaches. With cyberattacks becoming commonplace in every sector, companies must continuously protect their most valuable information. Cyber guns fire at us all the time, but the notion of catching and stopping every cybercriminal simply isn’t realistic in today’s burgeoning threat environment. I liken it to aspiring to completely eliminate common street crime. It’s just not realistic. Flaws will always exist, even within the most ideal protective structures. Every company should assume they’ll be breached, and focus efforts on minimizing damage once cybercriminals get in. The need for qualified cybersecurity professionals... Continue reading
Posted Aug 28, 2014 at (ISC)2 Blog
One of the latest breaches to hit the news took place at Community Health Systems (CHS), affecting an estimated 4.5 million patients. According to principal security consultant and founder of TrustedSec, David Kennedy, the initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability that led to the compromise of the information. What is especially noteworthy about this particular attack is its impact on the healthcare community. Major data breaches such as the one at Target last year put the spotlight on how retailers need to do a better job at guarding our sensitive financial information from cyber criminals. However,... Continue reading
Posted Aug 22, 2014 at (ISC)2 Blog
Moderator has shared their blog (ISC)2 Blog
Jun 3, 2014
This year will be my 7th Infosecurity Europe as an (ISC)2 staff member. For those who are not familiar, Infosecurity Europe (we call it “infosec”) is the largest tradeshow for security professionals where 13,000 people meet over 3 days. What is so special about Infosec and why would an (ISC)2 member care? Infosec attracts the largest number of (ISC)2 members from Europe - more than 600 over 3 days. This is a good opportunity for each member to learn something new: whether it is CPEs related, (ISC)2 programmes, at the free extensive education sessions, products showcased in the exhibition hall…... Continue reading
Posted Apr 24, 2014 at (ISC)2 Blog
As (ISC)2 celebrates its 25th anniversary, we continue to branch out to offer new ways to help meet the demand for more skilled cybersecurity professionals through community support programs. To help provide cybersecurity resources and support to the global academic community, I am proud to announce the launch of the (ISC)2 Global Academic Program (GAP)! My name is Dr. Jo Portillo and I am in charge of managing the development and implementation of this program. As an educator and advocate for academic-industry collaboration, I am thrilled to introduce this initiative, which has been part of the (ISC)2 vision for nearly... Continue reading
Posted Apr 17, 2014 at (ISC)2 Blog
I have been intrigued by the recent dialogue surrounding how to keep security professionals up to date with the latest information. More specifically, identifying the skills that are critical for individuals to have as defined by their leadership to protect the business from future disaster. Everything from in-depth security best practices to software development skills to industry specific protocol and regional variations has been noted as important. My question to leadership is this: How have you assessed your security professionals’ decision-making abilities are based on these skills? How have you assessed that decisions will be made in line with security... Continue reading
Posted Mar 28, 2014 at (ISC)2 Blog
One of our core processes for maintaining (ISC)2’s reputation for gold standard information security certifications involves frequent, rigorous evaluation of current certification exam questions and subsequent updates. As a result of the last evaluation of the Certified Information Systems Security Professional (CISSP®) exam, the format of the questions has been enhanced to include innovative item formats, including interactive drag & drop and hotspot questions. These question types can measure a broader base of knowledge, skills, and higher cognitive levels to represent the real-world environment using pictures instead of words. The drag & drop feature requires exam takers to drag one... Continue reading
Posted Feb 6, 2014 at (ISC)2 Blog
After many major breaches this year, it’s time to rethink 2014’s cyber defense with an eye on people, not products By W. Hord Tipton, CISSP, Executive Director (ISC)2 As security professionals, we look back at 2013 with a sense of frustration that we are still losing ground to the bad guys. But while there were plenty of battles lost this year on the technical side, there is good reason to hope that the war can still be won in the long term – with promising developments on the human side. There were many frustrations for the defense in 2013. Adobe... Continue reading
Posted Dec 20, 2013 at (ISC)2 Blog
When I entered the workforce after college, my first job was with the Department of Defense working in IT for a military hospital. I was quickly inundated with compliance requirements that spanned multiple industries and had varying levels of importance. I quickly learned about NIST special publications, how they related to FISMA compliance, and how JACHO and HIPAA both had regulatory standards but were not the same. I was thrown into an environment that involved quite a learning curve, but it turned out to be a great starting point for my career in healthcare compliance. Throughout my career, I have... Continue reading
Posted Dec 10, 2013 at (ISC)2 Blog
It can be easy for an Information Security professional to watch the ongoing debate over Europe’s pending Data Protection Regulation with a skeptical eye. While parliamentarians dicker over the Right to Erasure (formerly known as the Right to Be Forgotten) and Privacy by Design, you’re worried about practical matters like managing BYOD or preventing the next DDoS attack. Continue reading
Posted Nov 26, 2013 at (ISC)2 Blog
Our cyber world is so rife with threats and breaches that most information security professionals have realized that a compromise is fairly certain at some point. Rather than focus on this bleak reality, the important questions to ask are: After you’ve been breached, what steps will you take to mitigate the damage? And, what will you do to minimize or eliminate the effects of a breach next time around? In the field of cyber forensics in particular, these concepts are vital to preserving evidence for investigations and prosecutions of criminal cases in a court of law. Digital evidence is entrusted... Continue reading
Posted Jun 10, 2013 at (ISC)2 Blog
by Mano Paul, CISSP, CSSLP, MCSD, MCAD, CompTIA Network+, ECSA As highlighted in the recently released 2013 Global Information Security Workforce Study (GISWS) – the largest vendor-neutral study of its kind conducted by (ISC)2 and analyst firm Frost & Sullivan – the largest gap between information security risk awareness and response exists in the secure software development discipline. In fact, respondents ranked application vulnerabilities as their top concern, making application security and secure software development the highest ranking security concern for the information security profession today. As the first software security certification, the groundbreaking Certified Secure Software Lifecycle Professionals (CSSLP®s)... Continue reading
Posted Apr 15, 2013 at (ISC)2 Blog
By: Hord Tipton One chooses their career path for different reasons – whether it be following in a parent’s footsteps or an innate desire to help others. I was inspired by a chemistry teacher to pursue a career in chemical engineering and found success in engineering nuclear weapons for Atomic Energy Commission, securing SCADA systems that controlled vital resources such as the Hoover Dam, and enhancing information and software security standards through credentials and education. Throughout my vast career, I’ve seen computers shrink from room-sized to pocket-sized with more power in one device today than throughout an entire operating system... Continue reading
Posted Apr 9, 2013 at (ISC)2 Blog
Parents, have you heard of Snapchat? It was the first messaging applications, referred to as ephemeral technology, that allows one to send an image or video to one person or a group of people. This doesn't sound either new or novel. Right? Well, the spin with these apps that by definition, lasting a very short time, the sender sets the period the image or video is available to view, from one up to ten seconds. Now you see where I'm going. The appeal is that the image or video in essence expires or disappears within seconds. But where do they... Continue reading
Posted Mar 12, 2013 at (ISC)2 Blog
By Julie Peeler A Safe and Secure Online volunteer was asked by a child, “If I tell someone, will it stop?” Just imagine the impact you can have in shaping a child’s life by having the skills to answer a simple question. Through the (ISC)2 Foundation, (ISC)2 members in Switzerland now have the resources and support to help by providing free cyber security education to children, parents, and teachers in their local communities (plus earn CPEs for presenting). To commemorate Safer Internet Day today, 35 Swiss (ISC)2 members have mobilized to launch Safe and Secure Online in Switzerland. The program’s... Continue reading
Posted Feb 5, 2013 at (ISC)2 Blog