Haven’t had a chance to nominate a colleague, peer or mentor yet for the Global Achievement Awards? Great news, the deadline has been extended to April 23! There are a few updates to the awards this year. With so many awards to choose from, let’s take a look at a few of them. These awards are similar in that they recognize individuals who have made a significant impact on the security industry during the past year. (ISC)² Government Professional Award This award recognizes regional government information security leaders who have made significant security developments at the federal, state or local... Continue reading

Is There Ever Too Much Data? As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase “Big Data” was a new, innovative way to gain a business advantage. Now, big data is the norm. When we think of all the data that has been gathered, we must stop and wonder about what is contained in that data. Many important, and often private details are stored about the clients of a particular business. Over time, it became clear that this data, if obtained by criminals, could be damaging to an... Continue reading

Clar Rosso, (ISC)² CEO and Casey Marks, Chief Product Office and VP, (ISC)² recently hosted the latest in our new Inside (ISC)² webinar series, a quarterly series designed to give members a glimpse of the latest developments from inside the association, as well as an opportunity to ask questions. The March 23 session included milestones from the first quarter, as well as a deep dive into (ISC)’s process for developing exams and certifications Q1 Recap Rosso kicked off the discussion with a recap of the association’s response to the pandemic, and its transition to online learning. Recognizing that 2021 still... Continue reading

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)2 has launched a series of interviews to explore where CISSP certification has led security professionals. Last time we spoke to Chris Clinton. This installment features Mari Aoba, a security analyst at Japan Security Operation Center. What job do you do today? I... Continue reading

So Many Awards, So Little Time Left to Nominate. Complete Your Global Achievement Award Nomination Today! Do you have a colleague or perhaps a mentor who has accomplished something exceptional and worthy of recognition? Nominate them for the Global Achievement Awards before the deadline of April 9! Winners of these awards receive recognition throughout the (ISC)² Security Congress event and recognition during the exclusive VIP awards reception and the attendee networking night, as well as in the InfoSecurity Professional magazine. Each award winner and their nominator will receive a complimentary pass to attend Security Congress. A few reminders as you... Continue reading

Since the first seed was sown back in 2016, work has been underway to create an independent body to support growth and professionalism within the U.K.’s cybersecurity education, training and skills activities. Now, that body has come into being in the form of the U.K. Cyber Security Council. (ISC)² staff and members have been involved in this project since 2018 and have been diligently working alongside volunteers from other organizations on the Council Formation Project, which concludes today following more than 18 months of work. What does this mean for members, associates or those yet to begin their cybersecurity career... Continue reading

In 2020, as the world grappled with a fast-spreading global pandemic, the FBI received more than 2,000 complaints each day, totaling 791,790 for the year. This represents a 69% increase from the previous year and a total of U.S. $4.2 billion in losses, according to data collected by the FBI’s The Internet Complaint Center (IC3). Cybercriminals employed all manner of schemes to target businesses and individuals, including phishing, spoofing and tech support fraud, the FBI reported. The costliest cybercrimes were against businesses, involving Business E-mail Compromise (BEC) schemes that added up to U.S. $1.8 billion in losses from 19,369 reported... Continue reading

Few cybersecurity breaches have caused more consternation among industry experts than the far-reaching 2020 attack against SolarWinds. In fact, concern has built up throughout the cybersecurity community as new details come to light. In an (ISC)2 survey of 303 cybersecurity professionals fielded from February 10-28, 2021, a solid majority of respondents (86%) said they would have rated the breach “very” or “extremely severe” when they first learned about it. However, roughly six weeks after the incident was reported, as more details emerged, the number of respondents who indicated that the breach was “severe” increased from 51% to 55%. On a... Continue reading

The First Thing We Do, Let's Kill All the Lawyers The phrase “let’s kill all the lawyers” comes from William Shakespeare’s play, King Henry VI, Part 2. This is one of the most misinterpreted lines in all of Shakespeare’s works, and it is often used inaccurately, expressing a dislike for attorneys. This is not the way that Shakespeare intended it. Shakespeare was not one to suggest the slaying of lawyers as a way to cure society’s problems. As an information security professional, have you often found yourself frustrated by the growing collection of cyber-based rules, guidance, regulations, and contemplations that... Continue reading

The cybersecurity team can be a challenging one for organizations to keep engaged and happy. Talent is scarce, turnover and burnout rates are high. That’s why employers have to keep existing teams engaged in their profession, and current on the latest threats and defenses. To accomplish this, every organization needs a formal, standards-based cybersecurity training and education program for the employees responsible for securing their critical assets. What are the key components of a training program? Whatever an organization’s unique circumstances, three major tenets must guide any training effort: Security is an obligation, not an option. Evolving technology and constantly... Continue reading

On March 8, 2021, in celebration of International Women’s Day, five accomplished female security professionals met for a wide-ranging and spirited panel discussion on how to encourage more women to join the cybersecurity field, and provided highlights from their own journeys in the profession. The panel was moderated by Sharon Smith, CISSP, cybersecurity strategy and advisory consultant, and included the following security industry leaders: Clar Rosso, CEO, (ISC)² Aanchal Gupta, CISSP, vice president of Azure Security, Microsoft Lori Ross O’Neil, CISSP, senior ICS cyber security researcher & project manager, Pacific Northwest National Laboratory, vice chairperson, (ISC)² Board of Directors Megan... Continue reading

A Day in the Life Cybersecurity remains one of the most exciting technology jobs and one of the top sought-after positions by many technology professionals. It is also one of the most difficult positions for an employer to fill. Why is this the case? When you think about cybersecurity, the mind often drifts towards the good versus evil of technology. Cybercriminals are seemingly everywhere, seeking to make a digital dollar off of the vulnerabilities of unsuspecting individuals and organizations. The security practitioner, on the other hand, is the sleuth who hunts down and neutralizes the threats, remediating the vulnerabilities. All... Continue reading

Organizations in all industries and sectors are becoming less confident in their cloud security posture because of the complexity involved with multiple cloud environments and the expanded threat landscape. As a result, they seek accredited cloud security professionals to address these challenges. The (ISC)2 2020 Cybersecurity Workforce Study indicates 40% of industry professionals plan to pursue cloud security training within the next 2 years. Are you among them? Explore how cloud security training and certification can give your career a buzz – and arm you for an intergalactic emergency. Read the Blog Continue reading

The measures put in place by governments globally to limit the spread of COVID-19 will leave a variety of permanent marks on the current generation of school children across the world. History will document the negative disruption to education, including the attempts in many countries to replace classrooms with remote learning, the cancelation of exams and assessments and the use of flawed algorithms to calculate probable results in place of conventional exams. However, the pandemic has had other, arguably positive side effects on the perception of education, in particular STEM subjects. The U.K. has had a challenging time trying to... Continue reading

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP John Martin, CISSP-ISSAP, CISM Richard Nealon, CISSP-ISSMP, SSCP, SCF In part one of this blog, we discussed privacy, remote access aka work from home (WFH), insider threats, data leakage, zero trust architecture (ZTA) and security architecture. In part two of the blog, we discussed Edge Computing, 5G, IoMT/IoT, AI, and ransomware. Now into the third month of 2021, we foresee issues related to supply chain (both consumer goods and security vendors), digital transformation and digital health vaccine passports Supply Chain (Consumer Products) As 2020 progressed along with the COVID-19 pandemic, we began to... Continue reading

While the world tried to cope with the COVID-19 pandemic in 2020, behind the scenes cybercriminals were taking advantage of “fear, concern and curiosity” to perpetrate a record-setting increase in social engineering attacks, according to a new report from CrowdStrike. A solid majority of cyberattacks (79%) resulted from hands-on-keyboard techniques, which means a human being was involved, according to the 2021 CrowdStrike Global Threat Report. Such attacks, the report says, have increased fourfold in the past four years. Healthcare continues to be a favorite target, even after some threat actors vowed to stay away from patient-treatment facilities during the pandemic.... Continue reading

The fast and innovative nature of modern business requires enterprises to become competitive and disrupt their markets. The best way to do that is to incorporate agile methodologies into operational processes. Software development is a business function transformed by agile methodologies. Agile Software Development Benefits Businesses Agile software development is the method of developing high-quality software solutions, web applications and mobile applications, where the requirements and implementations evolve through the collaborative effort of cross-functional teams and their customers. Agile software development focuses on continuous software delivery and requires change even in late development stages. Businesses benefit from agile software development... Continue reading

Today is International Women’s Day and what better way to celebrate it than with a glimpse into the careers of four successful women in cybersecurity. At 11 a.m. ET, (ISC)2 will host “Celebrating International Women’s Day: Carving a Cybersecurity Career Path.” This group of accomplished security professionals will come together to discuss why women should be interested in joining the cybersecurity field and ways to encourage this. They will also share highlights in their own journeys in the profession that led them to the leadership positions they now hold. You can attend the event live or watch the replay by... Continue reading