by John Martin, CISSP, Senior Security Architect, IBM New Zealand Are you ready for the New Zealand Privacy Act 2020 to come into effect on 1st December 2020? There’s a lot to consider as the clock ticks down and your organisation’s ability to comply is critical if you want to avoid some of the hefty fines involved. As you align your security strategy with your business, here are some key areas to consider as you prepare: Reporting privacy breaches immediately It will be mandatory for businesses to immediately report serious privacy breaches, particularly where a data breach poses a risk... Read more →
« October 2020 | Main | December 2020 »
Posts from November 2020
29 November 2020
Getting Ready for the New Zealand Privacy Act 2020
Posted by (ISC)² Management on 29 November 2020 at 03:00 AM in Privacy | Permalink
|
Comments (1)
25 November 2020
The Career-Changing Magic of Tidying Up
As published in the September/October 2020 edition of InfoSecurity Professional Magazine By Anita J. Bateman, CISSP We are all plagued by technical debt in the form of legacy systems that can no longer be patched but must be kept up and running. Critical business processes, legacy data retention, lack of system knowledge or “pet” projects might keep us from retiring these difficult-to-maintain systems. From the very first operating system updates on the original IBM 360 to the latest Windows 10 updates today, we still struggle with this common challenge to fully patch and maintain our technical systems. Might there be... Read more →
Posted by (ISC)² Management on 25 November 2020 at 08:05 AM | Permalink
|
Comments (0)
24 November 2020
Study: Certifications Boost Salaries Substantially
While skills shortages remain a major challenge in cybersecurity, those who work in the field have ample opportunities to boost their salaries. And one sure way to get better pay is by earning certifications, according to a new study by training services provider Global Knowledge. “Learning a new skill or earning a certification can result in a raise upwards of $12,000 a year,” according to the Global Knowledge 2020 IT Skills and Salary Report. The figure applies to IT professionals as a whole but is especially relevant to cybersecurity professionals considering that the report says, “cloud computing and cybersecurity certifications... Read more →
Posted by (ISC)² Management on 24 November 2020 at 10:24 AM in Cybersecurity Certifications, Cybersecurity Workforce | Permalink
|
Comments (0)
19 November 2020
#ISC2CONGRESS ‘We Got This:’ Adaptability Is Nothing New to Cybersecurity
During her (ISC)2 Security Congress 2020 keynote speech, Juliette Kayyem used three words that tidily sum up the can-do spirit of the cybersecurity community: “We got this.” Kayyem, a former assistant secretary at the Department of Homeland Security, was speaking within the context of society’s ability to adapt, learn and build resilience during the COVID-19 crisis. Still, her remarks reflect the general ethos of the cybersecurity profession. Cybersecurity professionals recognize that if they can’t say, “we got this,” the alternative is too alarming to fathom. Cybersecurity workers have to adapt – all the time. Just like what society at large... Read more →
Posted by (ISC)² Management on 19 November 2020 at 02:37 PM in (ISC)² Events | Permalink
|
Comments (0)
The Center wants to send you to college. Interested?
Are you pursing a degree (or another) in cyber or information security? Know someone who is? The Center for Cyber Safety and Education can help! The high demand for skilled cybersecurity experts and lack of qualified candidates equals a world of opportunity for students and those looking to change careers. The Center for Cyber Safety and Education is excited to kick off our biggest scholarship year in our 10-year history! Thanks to partners like (ISC)², SAIC, Raytheon and KnowBe4, we will be awarding in 2021 a record $235,000 in financial aid to some 70 students from around the world. Who... Read more →
Posted by (ISC)² Management on 19 November 2020 at 08:30 AM in Center for Cyber Safety and Education | Permalink
|
Comments (0)
18 November 2020
#ISC2CONGRESS: Post-Incident Reviews As Prevention
If there is one thing adversity can teach you, it’s how to avoid bad situations in the future. Or so you would think. But when it comes to incident response, most organizations fail to conduct a post-incident review (PIR) or when they do, it tends to be ineffective, according to Faranak Firozan, who works in Incident Response for NVIDIA. As part of the (ISC)2 Security Congress 2020, Faranak delivered a presentation on PIR components and goals. She stressed the importance of PIRs in determining the causes of a security incident, its effects and the lessons an organization can learn to... Read more →
Posted by (ISC)² Management on 18 November 2020 at 06:00 PM in (ISC)² Events | Permalink
|
Comments (0)
Until Further Notice: #ISC2Congress Keynote Prescribes Adaptive Recovery and Resilience in Cybersecurity to Deal With Ongoing Pandemic
For anyone hoping the COVD-19 crisis will come to a quick end, former Homeland Security Assistant Secretary Juliette Kayyem offered some sobering words today: The virus will be with us for the foreseeable future. “I have to be blunt and tell you this period is going to exist until further notice. We are going to have to learn to live with the virus. Once you get your head around that, then the solution becomes clear,” Kayyem said. She delivered her remarks virtually as the third and final keynote speaker at (ISC)2 Security Congress 2020. Kayyem focused her talk on what... Read more →
Posted by (ISC)² Management on 18 November 2020 at 04:14 PM in (ISC)² Events | Permalink
|
Comments (0)
#ISC2Congress: Recruiter: COVID Had a Minimal Impact on the Cybersecurity Job Market
The COVID-19 pandemic delivered a serious blow to the global economy, but plenty of job opportunities remain in the cybersecurity field, according to Kris Rides, CEO of cybersecurity staffing company Tiro Security. There were cybersecurity layoffs, Rides said, but in much smaller numbers than in industries such as travel and entertainment, which have taken the brunt of the pandemic’s economic impact. Cybersecurity “is one area where companies couldn’t really afford to lay off people,” Rides said, during a virtual presentation as part of the (ISC)2 2020 Security Congress taking place this week. Kris Rides, CEO of Tiro Security The pandemic’s... Read more →
Posted by (ISC)² Management on 18 November 2020 at 10:00 AM in (ISC)² Events, Cybersecurity Workforce | Permalink
|
Comments (0)
What Do You Do When No One Is Watching
The Internal and External Struggles of Ethics and the CISSP Credential As Old As Mythology All students of information security have heard of the Caesar cipher and the Spartan Scytale. These early encryption methods demonstrate the craftiness of the human mind. Encryption has evolved and become more sophisticated. Encryption has been instrumental in the advancement of society. Can you think of another ancient mental construct of humanity that has remained static, yet is no less important to the functioning of society? Let’s consider the topic of ethics. The concept of ethics has existed since ancient times, and the subject is... Read more →
Posted by (ISC)² Management on 18 November 2020 at 08:45 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
#ISC2Congress: Light Bulb Moment: The Job of Cybersecurity Professionals Is About Assessing Risk
Cybersecurity expert Joseph Carson, CISSP, learned a valuable lesson after conducting a penetration test at a power station that took him four months of preparation: How you communicate your findings to an organization’s leadership makes all the difference in how they decide to act on the information. During a virtual presentation as part of the (ISC)2 2020 Security Congress, Carson, who serves as Thycotic’s chief security scientist and advisory CISO, said he was shocked when the power utility’s board essentially shrugged off his findings. After all, he thought the findings were pretty damning. Get this: After spending a morning inside... Read more →
Posted by (ISC)² Management on 18 November 2020 at 08:00 AM in (ISC)² Events | Permalink
|
Comments (0)
17 November 2020
#ISC2CONGRESS – Tuesday Keynote: Protecting Yourself During the Pandemic
Graham Cluley Despite the substantial increase in remote working since the start of the COVID-19 pandemic, security breaches have stayed about the same for the vast majority of people and businesses, according to security expert Graham Cluley, an award-winning blogger who provided the Tuesday keynote speech at this year’s virtual (ISC)2 Security Congress. Only one in 10 businesses say they have experienced a dramatic increase in attacks, Cluley said, before quickly adding that attacks don’t always result in breaches. As a matter of fact, research shows breaches increased by only one percentage point over the past 12 months, to 16%... Read more →
Posted by (ISC)² Management on 17 November 2020 at 12:34 PM in (ISC)² Events | Permalink
|
Comments (0)
16 November 2020
#ISC2Congress Panel: Finding The Balance Between Skill and Usability
When does technology become too easy to use? And when does simplicity start working against you? These were among the many the questions tackled by a group of panelists during a 2020 (ISC)² Security Congress virtual session called “Easily Deployed and Sold Short.” At issue was whether easy-to-use user interfaces on complex security tools make it more difficult for cybersecurity team leaders to figure out what skills their team members have mastered. Timothy Robnett, vCISO at Wavefront Consulting, made no bones about it: “A simple UX makes it harder to promote somebody,” he said. Simplicity of use, he said, doesn’t... Read more →
Posted by (ISC)² Management on 16 November 2020 at 05:15 PM in (ISC)² Events | Permalink
|
Comments (0)
#ISC2CONGRESS 5G Security: Two Sides of One Coin
5G is coming, bringing with it speedier connections and higher bandwidth. But what about security? As with most things related to technology, there’s good and bad, according to Kevin McNamee, director of threat intelligence at Nokia. It’s a two-sided coin. 5G is inherently more secure than previous wireless standards, but also vastly increases the attack surface as Internet of Things (IoT) devices proliferate, McNamee said. Monitoring, automation and secure communications will be essential to securing 5G investments, he added. His remarks came during a breakout session as part of (ISC)2 Security Congress 2020, taking place virtually this week. Kevin McNamee,... Read more →
Posted by (ISC)² Management on 16 November 2020 at 01:52 PM in (ISC)² Events | Permalink
|
Comments (4)
#ISC2CONGRESS Opening Keynote Speaker: Policy and Technology Must Work Together
Bruce Schneier The relationship between technology and public policy is the defining challenge of the current century, according to Bruce Schneier, the keynote speaker at (ISC)2 Security Congress 2020, taking place virtually this week. “Today technology is deeply intertwined with society. It’s literally creating our world. It’s no longer sustainable for technology and policy to be in different worlds,” said Schneier, a security expert, best-selling author and Fellow at Harvard University’s Berkman-Klein Center for Internet & Society. When the internet was first commercialized, governments didn’t want to stifle the development of an important and profitable industry. As a result, the... Read more →
Posted by (ISC)² Management on 16 November 2020 at 12:10 PM in (ISC)² Events | Permalink
|
Comments (1)
It’s Time to Test Your CISSP Knowledge!
Take the CISSP practice quiz to find out if you’re ready for the exam The CISSP certification is the ideal credential for those with the technical and managerial competence, skills, and experience to design, engineer, implement, and manage an overall cybersecurity program. Considered the industry’s premier security credential, the CISSP differentiates leaders giving them the competitive advantage across the industry. The CISSP covers eight broad domains, so it’s no surprise that preparing for the exam can be a daunting task. To help you assess your readiness, we’ve developed the CISSP practice quiz. The free online quiz is designed to test... Read more →
Posted by (ISC)² Management on 16 November 2020 at 07:15 AM in Cybersecurity Certifications | Permalink
|
Comments (0)
13 November 2020
Virtual Engagement Activities at #ISC2Congress
Like most things this year, (ISC)² Security Congress looks a little different. This year’s virtual event might not have you gathering with thousands of colleagues in Orlando, but you can still enjoy many of the fun activities we’ve offered over the years. Be sure to log into https://securitycongress.brighttalk.live/networking-engagement/ using your BrightTALK credentials. Escape Room A crowd pleaser at past Security Congress conferences, Living Security is back this year with their Virtual CyberEscape Room. Play online with colleagues in this team-based, engaging and FUN exercise. Sign your team up. Panoply Another Security Congress classic is the Panoply competition. This network assessment... Read more →
Posted by (ISC)² Management on 13 November 2020 at 07:15 AM in (ISC)² Events, Center for Cyber Safety and Education | Permalink
|
Comments (0)
12 November 2020
2020 (ISC)2 Cybersecurity Workforce Study: Skills Gap Narrows in an Unusual Year
For the first time since (ISC)2 started tracking cybersecurity workforce numbers in 2004, we have seen a decrease in the skills gap, from 4.07 million in 2019 to 3.12 million. According to the 2020 (ISC)2 Cybersecurity Workforce Study, the workforce increased 25% from 2019 to a total of 3.5 million professionals worldwide. The numbers reflect an increase in new entrants to the field – 700,000 of them – but that doesn’t tell the whole story. Another contributing factor is an apparent reduction in demand as a result of the COVID-19 pandemic, which has had significant economic impacts around the world.... Read more →
Posted by (ISC)² Management on 12 November 2020 at 08:05 AM in Cybersecurity Workforce | Permalink
|
Comments (0)
11 November 2020
Virtual Networking Lounges and Engagement Activities at #ISC2Congress
One of the biggest draws to (ISC)² Security Congress is networking and engaging with other experts in the cybersecurity industry. Despite the lack of gathering together in-person, #ISC2Congress 2020 will not be lacking in the opportunities for connecting with others, learning best practices and providing career enhancement in five networking lounges throughout the conference. With more than 4,500 attendees registered, there is something for everyone at all career levels. Each of the five topic-specific lounges will allow attendees to participate in a discussion forum, access resources, view presentations, ask questions and even earn CPEs for attending. Attendees and Members Lounge... Read more →
Posted by (ISC)² Management on 11 November 2020 at 07:00 AM in (ISC)² Chapters, (ISC)² Events, Center for Cyber Safety and Education, Cybersecurity Training | Permalink
|
Comments (0)
10 November 2020
How Do Security Controls Help Implement a Corporate Security Policy?
A corporate security policy is the cornerstone document of a company’s risk management. Does your business have the appropriate security controls in place to implement the policy, or is the policy a forgotten document in a dusty drawer? Although most companies have established security policies at the strategic level these are not always enforced, because they lack foundational support at the tactical level. The key to solving this is knowledgeable and skilled security practitioners who can take the lead and implement security controls aligned to the policy’s goals. Many security incidents may have been avoided if the proper security controls... Read more →
Posted by (ISC)² Management on 10 November 2020 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
05 November 2020
CISSPs from Around the Globe: An Interview with Javvad Malik
The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)2 has launched a series of interviews to explore where CISSP certification has led security professionals. Our first installment features Javvad Malik, a security awareness advocate at KnowBe4, as well as blogger and YouTuber at JavvadMalik.com. He’s also contributes on two podcasts, The... Read more →
Posted by (ISC)² Management on 05 November 2020 at 08:50 AM in Spotlight | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (22)
- (ISC)² Events (159)
- Center for Cyber Safety and Education (52)
- Cloud Security (132)
- Cybersecurity Certifications (376)
- Cybersecurity Training (310)
- Cybersecurity Workforce (243)
- Digital Forensics (29)
- Ethics (52)
- Government (124)
- Insider Risk (56)
- IT Security (373)
- Legal (45)
- Malware (112)
- Network Security (176)
- Operations Security (141)
- Privacy (116)
- Ransomware (84)
- Risk (196)
- Software Development (44)
- Spotlight (71)