As #RansomwareWeek draws to a close here on the (ISC)² blog, we turn our attention to how organizations can defend themselves. Yesterday, we announced that (ISC)² has granted free access to its "Ransomware: Identify, Protect, Detect, Recover" course through the Professional Development Institute to anyone who is interested in learning more about prevention and remediation. That’s because the consequences can be dire for organizations. The days of ransomware attackers demanding a few hundred dollars for a decryption key are long gone. Attacks have gotten more severe, and perpetrators have become bolder, demanding multimillion-dollar payouts from their victims. In March, CNA... Continue reading

In conjunction with #RansomwareWeek, today (ISC)² announced that its popular Professional Development Institute (PDI) course titled “Ransomware: Identify, Protect, Detect, Recover,” is now free to the public through July 31, 2021. (ISC)² recognizes the intense demand for ransomware prevention and mitigation content and has opened registration to anyone who is interested in the topic. The two-hour ransomware course is Quality Matters (QM) approved and upon successful completion, learners earn a certification of completion and digital badge. Successful course completion will also unlock a 25% discount off all PDI courses through July 31, including the All-Access Pass and the Express Bundle.... Continue reading

Welcome back to #RansomwareWeek here on the (ISC)² Blog! Today we’re linking you up with eight episodes from the award-winning (ISC)² webinar program that touch on ransomware and cover the key components surrounding the state of cybersecurity threats. These sessions can help teams to better understand cybersecurity attacks, prepare for defense and plan a response in the event of a security breach. Anatomy of a Targeted Industrial Ransomware Attack Ransomware-New variants and Better Tactics to Defend and Defeat These Threats Darktrace #1: Ransomware in Focus: How AI Stays One Step Ahead of Attackers Ransomware Deep Dive: Examining Disturbing Ransomware Trends... Continue reading

Welcome to #RansomwareWeek on the (ISC)² Blog. Ransomware attacks are receiving increased exposure in global news coverage with recent high-profile incidents at SolarWinds and Colonial Pipeline. These events have prompted many companies who previously may have felt secure in their practices to take a deeper look at their security measures and engage in deeper conversations surrounding threat management, cybercriminals, and cybersecurity training. This week we’ll be providing content resources that may be helpful to you, the reader, as your organization wrestles with ransomware prevention and remediation policies and best practices. As the first item in this week’s coverage, the massive... Continue reading

As a security practitioner, perhaps you have found yourself in meetings about Risk Management. Or, perhaps, you are part of the incident response team, where you are responsible for everything from preparation, through post-incident reporting. The common thread that runs through risk management and incident response are the “what if this happens” scenarios. Whatever your involvement in these preparatory exercises, the overarching concern of all involved is: When will the business be up and running normally again? When confronted with such dire circumstances, the realization of the need for Business Continuity and Disaster Recovery becomes as important as the business... Continue reading

Cloud security skills can be seen as very similar to the security skills for any on-premises data center. But in many instances, organizations are learning that their familiar applications cannot simply be “forklifted” to the cloud. Legacy applications can break when placed in a cloud infrastructure, and the entire security model is impacted as well. The need for a trained cloud security professional has never been more apparent. Explore how certified CCSPs ease the challenges of cloud security and add critical understanding to a largely misunderstood realm. READ THE FULL ARTICLE Continue reading

Way back in 1975, two members of the Institute of Electrical and Electronics Engineers (IEEE) authored a report about how to protect computer systems. One of the recommendations in the report by Saltzer and Schroeder, “The Protection of Information in Computer Systems”, was to include “Fail-safe defaults”. If you work in any area of information security, it is time to consider what failing safely is all about. If you are a candidate who is studying for the CISSP exam, understanding the difference between failing safe, and failing secure, has even broader applications in at least two study domains. In any... Continue reading

Pseudonymization is a de-identification process that has gained traction due to the adoption of GDPR, where it is referenced as a security and data protection by design mechanism. The application of pseudonymization to electronic healthcare records aims at preserving the patient's privacy and data confidentiality. In the US, HIPAA provides guidelines on how healthcare data must be handled, while data de-identification or pseudonymization is considered to simplify HIPAA compliance. According to GDPR, if pseudonymization is properly applied can lead to the relaxation, up to a certain degree, of data controllers’ legal obligations. Even though pseudonymization is a core technique for... Continue reading

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its certification examinations. A JTA is the methodical process used to determine tasks that are performed by certification holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for ISSMP will be reviewed soon. In preparation for the upcoming review, we would like to hear from our ISSMP members who are participating in this forum/community to comment on the... Continue reading

Today’s cybersecurity skills shortage is threatening safe cloud adoption – and cloud security is the No. 1 area most impacted by the shortfall. To help fill the gaps, more professionals are expanding their cloud expertise. Join two cybersecurity specialists as they share their journeys to a mastery of cloud security and how it benefited their careers. READ THEIR STORIES IN THE ARTICLE Continue reading

Are you looking for a space to connect with your peers in the cybersecurity industry? (ISC)² Community connects you to a global network of cybersecurity professionals through an interactive and engaging platform. Community offers members and non-members an opportunity to share insights on the latest cybersecurity trends, ask questions, share knowledge, or voice opinions. Community welcomes all levels of experience to weighing in on the current topics and trending conversations through public discussion or private chats. Users can subscribe to popular threads based on interests such as cloud security, privacy, tech talk, career, and more.  Community Groups encourage engagement through... Continue reading

Tricky Business Software development is a tricky business. When you think of all that can go wrong, the possibilities can be overwhelming. From coding errors, to borrowed libraries, to myriad other causes, the need for testing is fundamental to the development process. Testing can uncover many of the errors or oversights that can occur. Failure to effectively test prior to release can be very costly. Fortunately, the software security lifecycle includes testing methodologies to prevent many of these errors. As a security professional, understanding testing techniques is an extremely important job responsibility. If you are on the technical side of... Continue reading

Faced with significant obstacles to build their cybersecurity teams, organizations increasingly are looking within to find transferrable talent for cybersecurity roles. It’s a practice strongly endorsed by (ISC)² in the recently published Cybersecurity Career Hiring Study and the Cybersecurity Workforce Study. The problem is that a substantial number of organizations aren’t up to the task of developing in-house talent for cybersecurity. Nearly half (45%) of companies in a recent study say they are not capable of doing it. And the problem doesn’t end there. The study, conducted by IT recruiting firm Hays US, also found that only 39% of respondents... Continue reading

The annual (ISC)² Cybersecurity Workforce Survey is now open. Your participation is vital for this influential benchmarking study used by organizations, governments and the media worldwide to advance conversations centered on closing the cybersecurity workforce gap. What differences did this past year make for your experiences in cybersecurity? Cybersecurity professionals overwhelmingly reported last year that team communications remained steady (60%) — or improved (25%) — as a result of remote work. Were your experiences working remotely this year as positive? Last year, most survey respondents reported stable (54%) — or even fewer (12%) — security incidents after moving their cybersecurity... Continue reading

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In this installment, we talk to Laurie Mack. Laurie lives in Canada and is Director for Security and Certifications at Thales. In this interview, Laurie shares with us how she started her career in the Canadian Armed Forces as a radio communicator and how her proudest professional... Continue reading

The Professional Development Institute (PDI) is expanding with three new express learning courses: Risk Fundamentals, Forensic Data Acquisitions and Securing the Remote Work Force. These new offerings are self-paced courses separated into two modules that qualify for two CPE credits. The PDI catalog now features 40on-demand courses free for (ISC)² members and associates and available for purchase as individual courses or bundled course access to anyone who is not an (ISC)² member. Let’s take a look at the new offerings: Risk Fundamentals covers the basics of ever-present risks in business and the field of cybersecurity and prepares you to proactively... Continue reading

Registration for the 11th annual (ISC)² Security Congress is now open! The renowned global three-day conference, focused on continuing education for cybersecurity professionals and information security specialists, will be hosted as a hybrid event for the first time in 2021. Engaging in-person sessions, discussions, and networking events will be held at the Hyatt Regency in Orlando, FL from October 18-20, and will also be accessible online. (ISC)² members are eligible for a special discount of $300 off all pass types. Including an optional two days of pre-conference certification-focused education on October 16-17, (ISC)² members can earn as many as 40... Continue reading

While spending on security technologies continues to increase, organizations are still fighting an uphill battle against cyber attacks. The primary reason is that the personnel needed to defend organizations is extremely scarce. Currently, the cybersecurity workforce gap estimate stands at more than 3.1 million trained professionals worldwide, and it will take time to close that gap. Organizations aren’t likely to solve the problem by focusing their recruitment strategies solely on finding “all star” cybersecurity leaders who just aren’t available. And when they are available, they are quickly snapped up by organizations that can afford the high salaries they command. (ISC)²... Continue reading

On February 28, 2021, (ISC)² concluded a pilot test that assessed the feasibility of online proctoring for exams that are an essential part of our nine certification programs. Online examinations for the CAP, CCSP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and SSCP certifications were administered February 15, 2021 – February 21, 2021. Online CISSP examinations were administered February 22, 2021 – February 28, 2021. For quality control purposes and anticipated candidate support concerns, we elected to offer all exams via online proctor only to candidates physically present within the United States. Since the conclusion of the pilot test, we have been... Continue reading