(ISC)² Blog

To celebrate the 11th annual National Cyber Security Awareness Month (NCSAM), (ISC)² has released its fifth and final set of tips by its Application Security Advisory Council: tips for more secure software. “Make sure your business functionality maps to a security plan (i.e., security is built-in, not bolted-on). Design your software with the future in mind, not just of the now (i.e., it is adaptable to talent-, technological- and threat- changes). Don’t develop your software if your modus operandi is, ‘You start coding, I will go find out what they want.’ This is not agile programming.” -Mano Paul, CISSP, CSSLP,... Read more →

To celebrate the 11th annual National Cyber Security Awareness Month (NCSAM), (ISC)² has released its fourth set of tips by security experts: cybersecurity tips for Chief Executive Officers (CEOs). “Two-factor authentication (something you have, know, or are) has become very important for system access. Passwords alone just do not cut it anymore. This is extremely important as we see the rapid rise in financial transactions, particularly on mobile devices. Ask your bank if two-factor authentication is available and if not, get another bank that does. Credit card companies and online retailers are close behind. They are not going to cover... Read more →

A Message from the Board Communications Committee on Board Elections This year the (ISC)² Board of Directors election process emerges after a massive year-long facelift. Through the recommendations of last year’s Board of Directors and the tenacity of the (ISC)² Management team, this year marks an unprecedented shift as the organization adjusts election processes based on member feedback. We really try to be problem-solvers, and with our emphasis on member service, making sure we aligned the election process to meet the changing demands of our membership was paramount this year. You asked, we listened, and we have some exciting changes... Read more →

By (ISC)² Board Chair Wim Remes and (ISC)² Executive Director Hord Tipton When it comes to information security credentials, (ISC)² believes in the absolute requirement for experience; and this is a factor that leads to our organization often being referred to as the Gold Standard. We are distinguished amongst certifying bodies because we stress the value of collaboration, experience, and continuous learning to both the (ISC)² membership and information security industry at large. And we don’t grandfather. While the value of education is obviously crucial in our field, or really any industry for that matter, only so much information can... Read more →

To celebrate the 11th annual National Cyber Security Awareness Month (NCSAM), (ISC)² has released its third set of tips by security experts: cybersecurity tips for home owners. “Whatever browser you use, make sure you are using the site evaluation tools available to help identify safe/not-so-safe sites. With this, you get a color-coded rating of the site before you visit. You can also establish secure connections on most sites automatically through add-ons and extensions. Don’t advertise your router address name (SSID). Set it to hide. Use WPA2 security protocol. Most all routers now support it. Use a password vault with different... Read more →

In our digitally-driven world, it’s crucial to have a current understanding of the evolving risks and responsibilities that information security professionals face. The (ISC)2 Global Information Security Workforce Study (GISWS) is the only research available that truly offers a detailed picture of how the global cybersecurity professional is changing and driving other business factors. A respected industry benchmark referenced by governments, employers, professionals, and industry stakeholders around the world for more than 10 years, this ongoing research provides much needed insight into current cybersecurity opportunities and trends experienced first-hand. The study covers pay scales, skills and training requirements, hiring practices,... Read more →

“The revelation that hackers were able to use widely-known vulnerabilities to burrow deep inside JP Morgan’s computer systems-compromising some 76 million household accounts and 7 million small firms- shows that software with very basic flaws is still in widespread use at corporations, providing an easy route for experienced and amateur hackers. What is even more disturbing is that, with so many basic flaws in commonly-used software, this attack may just be a ‘reconnaissance mission’ to prepare the ground for much worse future attacks. We now know the hackers gained a comprehensive A-Z of the apps and programmes that run on... Read more →