(ISC)² Blog

08 October 2019

Cybersecurity Infrastructure Viewed as a ‘Tangible Asset’ in M&A

When M&A auditors look at a target company’s tangible assets, in the vast majority of cases that includes cybersecurity. In a new (ISC)² study about the impact of cybersecurity in M&A, 95% of respondents say they consider cybersecurity infrastructure “a tangible part” of the value calculation. The stronger the infrastructure, including soft assets such as risk management policies and security awareness training programs, the higher a target company’s value will be, according to 82% of respondents. If an audit reveals weak security practices, 52% of respondents would view the cybersecurity program as a liability. What this means for organizations considering... Read more →

Posted by (ISC)² Management on 08 October 2019 at 10:40 AM in Cybersecurity Workforce | Permalink | Comments (0)

Tags: (ISC)² research, cybersecurity business, cybersecurity research, cybersecurity ROI, mergers and acquisitions

07 October 2019

How gamification can improve employee cybersecurity compliance

As published in the July/August edition of InfoSecurity Professional Magazine By Crystal Bedell As a former cyber analyst for the government, Masha Sedova has seen firsthand what a Russian state-sponsored attacker is capable of. So, when she was charged with building a security culture at Salesforce in 2012, she knew an employee newsletter and animated videos wouldn’t prepare end users in the event of a targeted corporate attack. “I thought, ‘There’s no way this will work. It’s a waste of time,’” says Sedova, co-founder of Elevate Security in Berkeley, Calif. “In order for an organization to withstand an attack like... Read more →

Posted by (ISC)² Management on 07 October 2019 at 08:45 AM in Cybersecurity Training | Permalink | Comments (0)

Tags: cybersecurity awareness, cybersecurity compliance, cybersecurity gamification, employee gamification, gamification

04 October 2019

What Are You Doing for Cybersecurity Awareness Month?

As published in the July/August edition of InfoSecurity Professional Magazine By Pat Craven, Director of the Center for Cyber Safety and Education As cybersecurity and cyber safety continue to become a growing global conversation, there are an increasing number of themed days and events to help promote the industry and highlight the need to educate people on how to be safe online. One of the biggest promotions of the year is Cybersecurity Awareness Month in October. October is a busy time of year for your Center for Cyber Safety and Education. We plan all year for Cybersecurity Awareness Month, and... Read more →

Posted by (ISC)² Management on 04 October 2019 at 09:00 AM in Center for Cyber Safety and Education | Permalink | Comments (0)

Tags: center for cyber safety and education, cyber safety, cyber safety month, cybersecurity, cybersecurity awareness month, cybersecurity month

30 September 2019

Cybersecurity Audits Are Now Standard Practice in M&A

Cybersecurity threats are a major concern for businesses of all sizes, and that challenge can have repercussions when a company puts itself on the selling block. One of the things buyers will want to know is whether the company has had a breach and, if so, how it was handled. If the business can show it addressed the breach in a satisfactory way and learned from the experience by fixing its security vulnerabilities, its sale value increases, according to 88% of respondents in a new (ISC)² study titled Cybersecurity Assessments in Mergers and Acquisitions. The study reveals that cybersecurity audits... Read more →

Posted by (ISC)² Management on 30 September 2019 at 09:56 AM in Cybersecurity Workforce, IT Security | Permalink | Comments (0)

Tags: cybersecurity assessments in mergers and acquisitions, cybersecurity programs, cybersecurity research, cybersecurity threats, cybersecurity workforce, M&A, mergers and acquisitions

24 September 2019

Attackers Are Targeting IT Service Providers

IT service providers have recently become a common target of cyber attacks and 11 of them have been compromised since July 2018. Attackers target providers in attempts to gain access to their customers, according to a blog post by Symantec. What makes this especially ironic is that IT service providers often are the same companies that businesses hire to protect them against cyber threats. It’s not exactly a new tactic by cybercriminals, who in the past have even attacked security vendors. Perpetrators also have been known to target some companies purely to get to their business partners. This practice was... Read more →

Posted by (ISC)² Management on 24 September 2019 at 10:05 AM in IT Security | Permalink | Comments (0)

Tags: (ISC)² research, cybersecurity attacks, cybersecurity hygiene, cybersecurity research, IT security, IT security vulnerability, IT service provider, securing the partner ecosystem

19 September 2019

Update: New (ISC)² Official Training Provider S4 Inc.

Earlier this week, S4 Inc. announced that it has been added to (ISC)²’s roster of Official Training Providers. Based in Colorado Springs, S4 is celebrating its 20th anniversary and has supported US Government, DoD and DHS agencies since 1999. S4 is now offering its first official (ISC)² Training Seminar for the CISSP certification beginning on September 30th, 2019. Other instructor-led training seminars will also be available later this year for the CCSP, CSSLP and CAP certifications. If you’re in the local area, you can register here. S4 will also host an open house this Friday, September 20, at its 8800... Read more →

Posted by (ISC)² Management on 19 September 2019 at 11:14 AM in Cybersecurity Certifications, Cybersecurity Training | Permalink | Comments (0)

Tags: (ISC)² training, CISSP training, cybersecurity training, official (ISC)² training, official training provider

05 September 2019

Looking to Break into Cybersecurity Without Direct Experience? Find Out How

The cybersecurity skills gap means companies are scrambling to fill security positions, and that presents an opportunity for you to find security work – even without direct experience. Faced with a critical shortage of qualified candidates, organizations are increasingly taking chances on nontraditional applicants and training them for security roles. One way to bridge a cybersecurity experience gap and get started? Make the case for your transferable skills. Success in security requires a mix of technical and soft skills. These can potentially come from ANY previous job. Analytical skills, enthusiasm for exploring technical questions and issues, and diagnostic experience will... Read more →

Posted by (ISC)² Management on 05 September 2019 at 09:15 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink | Comments (0)

Tags: breaking into cybersecurity, cybersecurity career change, cybersecurity entry-level, how to start a career in cybersecurity

04 September 2019

The Many Facets of the Mentoring Experience

by Dr. Chris Veltsos, CISSP, member of (ISC)² Advisory Council of North America Hardly a day goes by that I don’t hear or read about the benefits of mentoring. Can a good mentoring experience fix what ails organizations today? I’m not a mentoring guru so I can’t answer that particular question, but what dawned on me is how many people seem to think of mentoring as a narrowly defined relationship where the mentor gives — time and advice — and the mentee receives that information. While the relationship has value, in this article, I wanted to share other forms of... Read more →

Posted by (ISC)² Management on 04 September 2019 at 09:30 AM in Cybersecurity Workforce | Permalink | Comments (0)

Tags: cybersecurity career, cybersecurity leadership, cybersecurity mentoring, cybersecurity mentorship

03 September 2019

CISSPs: We Need Your Insight

Thank you for your feedback! We have concluded the process of receiving feedback as of October 4, 2019. (ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for CISSP will be reviewed in early 2020. In preparation for the upcoming... Read more →

Posted by (ISC)² Management on 03 September 2019 at 09:00 AM in Cybersecurity Certifications | Permalink | Comments (5)

Tags: CISSP, CISSP certification, cybersecurity certification

30 August 2019

Getting Started on the California Consumer Privacy Act

by Paul Lanois, SSCP, CIPP, CIPT, CIPM, Member of the (ISC)² Advisory Council of North America Privacy Working Group If you have spent any amount of time online recently, then it is extremely likely that you have already heard about the General Data Protection Regulation (the "GDPR"), the European regulation which came into effect on May 25, 2018 and which governs data protection or individuals which have their personal data processed or stored by an organization within the European Economic Area (EEA). Meanwhile, information management professionals are likely to remain very busy in the coming months with the upcoming California... Read more →

Posted by (ISC)² Management on 30 August 2019 at 07:30 AM in Cybersecurity Workforce, Government , Privacy | Permalink | Comments (1)

Tags: advisory council, CCPA, cybersecurity laws, cybersecurity legislation, cybersecurity regulations, GDPR, privacy, privacy laws, privacy regulations