Inadequate cybersecurity staffing is the second-largest barrier faced by state governments in their attempts to overcome cybersecurity challenges, according to a newly released Deloitte study. Insufficient budget was the biggest barrier reported, and interestingly, the lack of availability of cybersecurity professionals was cited as the fifth largest barrier. Inadequate staffing has been a prevalent issue for years. (ISC)2’s 2019 Cybersecurity Workforce Study estimates the shortage of needed skilled professionals is more than 4 million worldwide. This creates challenges for CISOs as they focus on protecting their organizations. The Deloitte study, which is based on responses from 51 U.S. states and... Continue reading

Beginning on October 24, 2020 there is an update to the (ISC)² exam retake policy which applies to the CISSP, as well as all other (ISC)² exams. For each of the CISSP, CAP, CCSP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and SSCP certification examinations, there are two independent rules that govern exam retake attempts. If you don’t pass the exam on your first attempt, you may retest after 30 test-free days. If you don’t pass the exam on your second attempt, you may retest after 60 test-free days from your most recent exam attempt. And finally, if you don’t pass the... Continue reading

(ISC)² regularly updates all exams to ensure that our certifications remain current and relevant in a rapidly changing profession. We can’t do that without you, the members who have earned the certifications. Throughout the year, we hold examination development workshops to update and refresh exam content. Currently, these workshops are virtual, usually last 2-3 days and are eligible for as many as 21 CPE credits. We are particularly in need of members to help us with the following certifications: CISSP-ISSAP CISSP-ISSEP CISSP-ISSMP CAP CSSLP HCISPP SSCP You must hold the certification in question in order to participate in the workshop... Continue reading

A Playing Field Without Any Boundaries Have you ever been assigned the task of asset security in an organization? At first glance, asset security seems pretty simple, almost boring. After all, what’s the big deal tracking some laptops and mobile phones. However, once you dive into the details of what an asset is, you may quickly find yourself with the feeling that the entire earth has become overtaken by quicksand. The asset security responsibilities of an information security professional can be so vast, as to leave one feeling that they have no firm footing. Assets are anything that imparts value... Continue reading

By David Bisson All IT professionals who want a lucrative career should consider expanding their skill set to include security. Now is an opportune time to do so, because security is continuing to grow in importance for businesses and organizations. As noted in “Why Add Security to Your Skill Set and How to Do It,” about 44% of corporate boards participate in their organization’s digital security strategy. An even greater proportion (58%) receive security briefings on at least a quarterly basis. Boards are paying greater attention to security so that they can help keep their organizations out of the headlines.... Continue reading

We’re sure you have heard this before: the rate of technological change is accelerating. It is unpredictable and unprecedented. As the World Economic Forum acknowledges, the fourth industrial revolution brings “developments in previously disjointed fields such as artificial intelligence and machine learning, robotics, nanotechnology, 3D printing and genetics and biotechnology [that] are all building on and amplifying one another.” This unprecedented disruption of society by technology introduces many changes in the workforce as well. In the words of the World Economic Forum “more than a third of the desired core skill sets of most occupations will be comprised of skills... Continue reading

Updating the CISSP exam – and all (ISC)² exams for that matter – is a vital part of the certification lifecycle. It ensures that our certifications remain current and relevant in a rapidly changing profession. This, along with our CPE requirements, helps ensure that CISSPs demonstrate their expertise across the latest cybersecurity processes and best practices no matter when they earned their certification. The administration and rigorous controls to manage the entire lifecycle of our certification exams within (ISC)² are considerable. We have a teams of content developers all holding CISSPs, psychometricians and an array of leading partners to methodically... Continue reading

Dear (ISC)² Members and Associates: I hope you, your families and your colleagues are well. Back in August, (ISC)² Board of Directors Chairperson Dr. Kevin Charest, CISSP, shared the news with you that I was selected as our association’s new CEO. I am honored by this opportunity. I stand in admiration of the enormity of the responsibility each of you have every day to secure organizations around the world, and I am excited about what we will accomplish together. I have spent the majority of my career helping professional associations deliver on their value-promise to members. I look forward to... Continue reading

One weak link in a chain is all that’s needed to topple a cyberdefense. Sometimes this comes down to an errant line of code in a hastily developed API, inadequate penetration testing, or old, unpatched, exploitable code hidden deep within a legacy system. But more often than not, it’s because of the actions of an individual – a single person who clicks on a malware payload within a phishing email, or who allows someone to physically access a workplace unchallenged, or whose work-from-home office features a Wi-Fi router that was never properly secured. Effective cybersecurity demands a zero trust platform.... Continue reading

Last month, (ISC)² held its annual election for new members to join its Board of Directors. Four candidates won and have accepted seats on the board effective January 1, 2021. The new board members will be: Eiji Kuwana, CISSP (Japan) Samara Moore, CISSP (United States) Jill Slay, CISSP (Australia) Lisa Young, CISSP (United States) The 13-member board is comprised of (ISC)² members – all volunteers – who provide strategy, governance and oversight for the organization, grant certifications to qualifying candidates and enforce adherence to the (ISC)² Code of Ethics. The newly elected board members will join the ranks of other... Continue reading

by Anastasios Arampatzis During the COVID-19 public health crisis, cyber criminals took advantage of people’s growing need for information about the pandemic to launch an increased number of attacks against healthcare providers. The exponential growth of these cyberattacks is posing a considerable threat to civil society, government institutions, and most particularly, the healthcare sector. Despite a wake-up call following the WannaCry crisis, healthcare cybersecurity still lags. As a result, in this time of emergency, cyberattacks may not only have an economic and reputational cost, they may also have an impact on human life. To help healthcare organizations focus on the... Continue reading

As the charitable arm of (ISC)², the Center for Cyber Safety and Education relies heavily on the support of volunteers and business partners to continue its mission of making it a safer cyber world for everyone. As a global foundation, these external forces, help the Center grow its message and impact worldwide. Without their commitment and passion, the Center wouldn’t be where it is today. To acknowledge the efforts of those who have gone above and beyond, each year the Center chooses an individual for its Julie Peeler Franz “Do It For The Children” Volunteer Award and a company for... Continue reading

The cybersecurity profession is suffering from a peculiarly positive perception problem: People outside the industry view the job with such high regard that it seems beyond their reach as a viable career option for themselves. The newly released 2020 (ISC)² Cybersecurity Perception Study, which polled 2,500 people across the U.S. and the U.K. who are not working in the cybersecurity field, found that the traditional image of cybersecurity professionals as mysterious characters working in the shadows has been replaced by one of smart, talented people and the “good guys fighting cybercrime.” It’s a welcome change for those in the industry... Continue reading

Remote working is here to stay The COVID-19 pandemic has brought many changes to our lives: social distancing, face masks, and WFH (work from home). Based on health scientists’ advice to protect society and driven by the need to maintain business continuity, private and public sector organizations have directed their employees to work from home. The change in work habits is enormous: according to the Bureau of Labor Statistics, only 29 percent of Americans were able to work from home before the COVID-19 era. However, remote working is here to stay. According to a recent Gartner survey, 74% of enterprises... Continue reading

Even though cybersecurity considerations have become part of the mergers and acquisitions (M&A) process, data breaches remain commonplace at acquired companies, raising suspicions that cybersecurity doesn’t get as much attention as it should, according to a recent TechCrunch article. “The fact that data breaches are still increasing and can cause negative financial impact that will be felt long after the deal has closed highlights a greater need for acquirers to continue to improve their approach and address cyber threats,” the article says. The author makes it a point to mention that “past or potential cyber threats are no longer ignored... Continue reading

The nonprofit Center for Cyber Safety and Education (Center) launched a new “Garfield Virtual” internet safety program for distance learning. “Schools worldwide are choosing to continue their classes online. This poses two challenges: looking for quality online educational programs and teaching vital internet safety to students. Garfield for virtual classrooms does both,” says Patrick Craven, Director of the Center. Garfield Virtual allows teachers to introduce digital citizenship education in a fun and engaging environment without having to acquire additional software. The program is based on the Center’s printed award-winning Garfield’s Cyber Safety Adventures Educator Kit targeting children ages 6 to... Continue reading

While election security has been a concern for many countries, the possibility of cybersecurity threat impacting the U.S. presidential election is of top concern. (ISC)² member Dr. Carnell Council, CISSP addresses the multiple steps in the voting process that could face vulnerabilities and how each step can be better secured. With different systems, networks and devices come a different set of vulnerabilities. Dr. Council's full article can be found in Security Magazine. Continue reading