While C-level executives understand the need for cybersecurity as their organizations undergo digital transformation, they aren’t prioritizing it enough, according to a recent Deloitte report based on a survey of 500 executives. The report, “The Future of Cyber Survey 2019,” reveals a disconnect between organizational aspirations for a “cyber everywhere” future and their actual cyber posture. One area where this is evident is in budgeting, with organizations allocating only 14% of their digital transformation budgets to cybersecurity. Further evidence is how often cyber appears on the agendas of company board meetings. Cybersecurity makes it to the agenda of 49% of... Read more →
300 posts categorized "IT Security"
05 June 2019
Cybersecurity Falls Short in Organizations Undergoing Digital Transformation
Posted by (ISC)² Management on 05 June 2019 at 08:45 AM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
01 May 2019
CSSLP Spotlight: John Kent
Name: John Kent Title: Manager IT, DevSecOps Employer: FedEx Location: Irving, Texas Education: BAAS Computer Science, MS Cybersecurity Years in IT: 37 Years in cybersecurity and/or privacy: 13 Cybersecurity certifications: CSSLP, CEH, CHFI How did you decide upon a career in security software development? My passion for software development began in 1981 and launched my career in 1987. It wasn’t until my first exposure to pen test results in 2005 that I understood software design, development, test and operations from a much wider perspective. There was so much more to programming than creating working software — it had to be... Read more →
Posted by (ISC)² Management on 01 May 2019 at 09:10 AM in IT Security, Spotlight | Permalink
|
Comments (0)
29 April 2019
Heavy Industrial Companies Grapple with Cybersecurity Problems
Companies in heavy industrial industries such as mining, oil and gas, electricity and chemicals have become a major target for cybercrime. But securing these companies is complicated as they must not only protect their IT infrastructure but also their OT (operational technology) assets. Cybersecurity solutions and tools that work in IT environments do not transfer well to the OT side, potentially harming industrial devices. “Even merely scanning these devices for vulnerabilities has led to major process disruptions,” according to a recent McKinsey article. But even though the same tools aren’t effective for both environments, links between OT and IT are... Read more →
Posted by (ISC)² Management on 29 April 2019 at 08:55 AM in IT Security | Permalink
|
Comments (1)
01 February 2019
CISSP Spotlight: Renju Damodaran
Name: Renju Damodaran Title: Senior Manager, Cyber Risk Services Employer: Wipro Limited Location: Boston, MA Education: BS, Information Systems from BITS, Pilani. Years in IT: 20 Years in cybersecurity: 16 Cybersecurity certifications: CISSP, CISA, SABSA SCF How did you decide upon a career in cybersecurity? Back in the day (early 2000s), I was involved in setting up IT infrastructure for a startup company. I started interacting with information security professionals from external consulting firms and developed an interest in security as a profession. I learned BS7799 framework and landed an information security officer role in ING Vysya Bank (now known... Read more →
Posted by (ISC)² Management on 01 February 2019 at 08:45 AM in IT Security, Spotlight | Permalink
|
Comments (1)
06 November 2018
SSCP Creates Point of Entry to Cyber Career
If you’re looking to break into the field of cybersecurity – and workforce research shows, we need you to join us – (ISC)²’s SSCP certification may be the way to go. Certification Magazine recently wrote about the SSCP certification as a solid point of entry for aspiring security professionals. The certification is ideal for those in “boots on the ground” positions within security operations. The SSCP exam is highly technical and focused on hands-on knowledge skills. The certification is ideal for security analysts, systems engineers, database administrators and others responsible for the day-to-day operations of securing their organizations critical assets.... Read more →
Posted by (ISC)² Management on 06 November 2018 at 04:00 PM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
07 August 2018
A First-Hand Experience with CISSP CAT
Patrick Strijkers is a 43-year-old information risk security officer at a pension funds firm in the Netherlands. He works in the IT security department in security incident management. Patrick’s employer runs a job rotation program, allowing him to gain experience in a variety of roles, with his next position coming invulnerability management this September. He holds the following security certifications: CompTIA Security+ CompTIA Network+ EC-Council Certified Ethical Hacker v8 EC-Council Certified Security Analyst v8 EC-Council Computer Hacking Forensics Investigator v8 Rapid7 Nexpose Rapid7 Metasploit Pro Patrick’s goal last year was to earn his CISSP certification. He attended a five-day boot... Read more →
Posted by (ISC)² Management on 07 August 2018 at 08:30 AM in Cybersecurity Certifications, IT Security, Network Security | Permalink
|
Comments (0)
23 July 2018
A Growing Nuisance: How to Fend Off Bad Bots
Bad bots make up more than one third of internet traffic, and although some of them try to influence elections and feed conflict on social media, most are targeting business websites, according to a newly published report. Set loose across the internet, armies of bad bots constantly carry out a multitude of misdeeds against businesses in just about every industry. Their activities include scraping prices by competitors looking to gain an upper hand in price SEO searches, stealing proprietary content, taking over accounts with stolen credentials, perpetrating credit card fraud, skimming money from gift card accounts and executing DDoS (distributed... Read more →
Posted by (ISC)² Management on 23 July 2018 at 09:15 AM in Insider Risk, IT Security | Permalink
|
Comments (0)
12 July 2018
Data Privacy Laws in Europe and California a Boon to Jobseekers
The sweeping new privacy law that went into effect in the European Union in May has significantly boosted demand for data protection expertise, according to job postings site Indeed. A report from the popular recruitment site found that job openings for data protection officers (DPO) have skyrocketed 829 percent since 2016 as organizations took steps to comply with the General Data Protection Regulation (GDPR). The need for the expertise is about to get even greater, thanks to a newly approved data privacy law in California, the world’s fifth largest economy. The new law was rushed through the state’s legislation to... Read more →
Posted by (ISC)² Management on 12 July 2018 at 09:59 AM in Government , IT Security, Privacy | Permalink
|
Comments (0)
03 July 2018
Don't be a sitting duck in the next OT cyberattack
By Ravindra Krishna, CISSP In a recent Operational Technology (OT) cyberattack, Monero Crypto-currency mining malware was discovered in the ICS network of a water utility company located in Europe. The company found the malware during a routine monitoring check of their OT network and confirmed that the malware infected five servers including the Human machine interface (HMI), which is used to control and manage physical components of OT networks. This attack provides further evidence that OT networks are not simply vulnerable, but actually easy targets. The Post-Stuxnet OT Cyberattack Era I believe that we can divide OT attacks into two... Read more →
Posted by (ISC)² Management on 03 July 2018 at 08:30 AM in IT Security, Malware, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (2)
21 May 2018
Cloud Security Concerns Grow as Incidents Rise
As investments in public cloud computing continue to grow, so do cloud-related security incidents. Over the past 12 months, 18 percent of organizations have experienced a cloud security incident, double the number reported in the previous 12-month period, according to a recent report. Not surprisingly, concerns over cloud security also are rising, with more than nine out of 10 cybersecurity professionals – 91 percent, to be exact – saying they are worried about it. This, too, represents an increase from the previous polling period, when 81 percent of cybersecurity professionals expressed similar fears, and reverses a multiple-year downward trend. The... Read more →
Posted by (ISC)² Management on 21 May 2018 at 11:30 AM in Cloud Security, IT Security | Permalink
|
Comments (0)
17 May 2018
Attacks Happen. Be Ready.
A data breach hits headquarters at 3 a.m. Are your critical assets secure? Hire (ISC)²-certified cybersecurity professionals to prepare for, prevent and recover from attacks. Read more →
Posted by (ISC)² Management on 17 May 2018 at 12:28 PM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
16 May 2018
Is the CISO Well Positioned to Mitigate Operational Risk?
by Tamer Gamali, CISSP, CISO Mashreq Bank, and member of the (ISC)² EMEA Advisory Council Is the CISO well positioned to mitigate operational risk? (ISC)² will be asking this probing question of Security leaders at the kick-off session for Infosecurity Europe’s Leaders Programme in London next month. A round table discussion conducted under the Chatham House Rule, the session creates an opportunity to offer up frank comment and illuminate the challenges currently hampering companies from appreciating and truly gaining control of cyber risks. Infosecurity Europe’s Leaders Programme is open to CISOs and Heads of Information Security, who are the final... Read more →
Posted by (ISC)² Management on 16 May 2018 at 03:00 AM in IT Security, Risk | Permalink
|
Comments (0)
11 April 2018
Associate of (ISC)²: Thien Phan
Name: Thien Phan (ISC)² Exams Passed: CISSP and CCSP Title: Cybersecurity, Privacy and IT Risk Associate Employer: PricewaterhouseCoopers (PwC) Location: New York City, NY, U.S.A. Education: MBA degree and Bachelor’s Degree in Management Information Systems (MIS) from Binghamton University Years in IT: 1 year Years in cybersecurity: 1 year Cybersecurity certifications: Security+, CCNA Cyber Ops How did you decide upon a career in cybersecurity? It was back in my third year of college when I interned for a multimedia company as a database administrator. I did not know much about how different technologies worked together. I was introduced to the... Read more →
Posted by (ISC)² Management on 11 April 2018 at 05:06 PM in Insider Risk, IT Security, Network Security, Privacy, Spotlight | Permalink
|
Comments (0)
02 April 2018
Two Steps to a Robust Security Culture
By Kwinton Scarbrough, CISSP In the midst of the business and technology merge, organizations of all industries have started their journey into the cognitive era of cybersecurity. In this era, it is essential for a business to have an IT security strategy to govern how the organization will protect itself from internal and external cyber threats. However, what commonly fails to align to IT security strategy is the organization’s overall security culture. IT security strategy can only be effective if there is a strong security culture embedded into the very fabric of the company’s operations. Today, I will cover the... Read more →
Posted by (ISC)² Management on 02 April 2018 at 10:25 AM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
29 March 2018
HCISPP Spotlight: Debi Carr
Name: Debi Carr Title: CEO and Consultant Employer: D. K. Carr and Associates, LLC Location: Christmas, FL, U.S.A. Years in IT: 28 years Years in cybersecurity and/or privacy: 20 years Cybersecurity certifications: HCISPP, CAHIMS How did you decide upon a career in healthcare security and/or privacy? As a practice manager of a healthcare practice, I was appointed the “Privacy and Security” Officer when HIPAA went into effect. I was also responsible for overseeing the technology in the practice through the years. As a result, I began educating myself on security and privacy protocols. Why did you decide to pursue your... Read more →
Posted by (ISC)² Management on 29 March 2018 at 11:11 AM in Cybersecurity Certifications, IT Security, Privacy, Spotlight | Permalink
|
Comments (0)
02 March 2018
People and technology: a two-pronged approach to closing the skills gap
By Wesley Simpson, COO, (ISC)² Some have called the skills gap in IT and cybersecurity a national security crisis. Yet, it’s one that most everyone in the industry doesn’t know how to solve. Many look to automation and other technologies as a solution to the problem. Others foster relationships that will fill the pipeline and attract new talent. But there is no ONE solution. Instead, organizations need to both build and buy the talent they need. The growing gap between skills needed and qualified candidates is not a problem that technology alone can solve, but it is one that is... Read more →
Posted by Wesley Simpson on 02 March 2018 at 09:30 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
21 February 2018
Associate of (ISC)² Spotlight: Rachel Phillips
Name: Rachel Phillips, PMP, Assoc. (ISC)² (ISC)² Exam(s) Passed: CISSP Title: Cybersecurity Analyst Location: Seattle, WA, U.S.A. Education: M.S. Information Technology (Security and Assurance) and B.S. Business Administration (New Media and Internet), Kaplan University Years in IT: 10 Years in Cybersecurity: 3 Cybersecurity Certifications: Associate of (ISC)² Rachel Phillips, PMP, Assoc. (ISC)² is an influencer and sought-after contributor for her views and leadership in technology and security. She holds a Master’s in IT with emphasis in Information Security and Assurance, and a Bachelor’s in Business Administration from Kaplan University. As a cybersecurity analyst, she provides oversight and assurance of meeting... Read more →
Posted by (ISC)² Management on 21 February 2018 at 09:20 AM in Cybersecurity Certifications, IT Security, Spotlight | Permalink
|
Comments (0)
15 February 2018
Throwback Thursday: Security Congress in Austin
Last year’s Security Congress in Austin was our largest one yet with nearly 2,000 cybersecurity professionals in attendance. You know what they say, everything is bigger in Texas! Our first independent Congress featured 139 educational sessions, as well as vendors presenting in the Solutions Theater, (ISC)² member focus groups, Cloud Security Alliance (CSA) Summit and the Information Security Leadership Awards (ISLA) Americas ceremony and celebration. If you attended last year, you saw the excitement and enthusiasm from staff, speakers and attendees. If you were unable to attend, you’re in luck – you can watch some of the top sessions from... Read more →
Posted by (ISC)² Management on 15 February 2018 at 09:15 AM in (ISC)² Events, Cloud Security, Cybersecurity Training, Cybersecurity Workforce, Government , IT Security, Risk | Permalink
|
Comments (0)
12 February 2018
SSCP Spotlight: Wai Sheng Cheng
Name: Wai Sheng Cheng Title: Security Analyst Employer: Cboe Global Markets Location: Kansas, U.S.A. Degree: Master of Science, Information Systems Engineering, Johns Hopkins University Years in IT: 6 Years in information security: 3 Cybersecurity certifications: SSCP How did you decide upon a career in cybersecurity? I decided on a career in cybersecurity when my email account was first compromised in 2011. I learned about this when my friends and family called to ask if I had sent out emails asking for money. As an engineer-in-training, I was curious to know why and how this had happened. It was through this... Read more →
Posted by (ISC)² Management on 12 February 2018 at 09:30 AM in Cybersecurity Certifications, IT Security, Network Security, Spotlight | Permalink
|
Comments (0)
31 January 2018
SSCP Spotlight: Timothy Meryweather
Name: Timothy Meryweather Title: IT Auditor Location: Greater Los Angeles Area Degree: Bachelor of Science Years in information security: 6 Cybersecurity certifications: SSCP (ISACA: CISA, CRISC) How did you decide upon a career in cybersecurity? Our Audit Department’s Senior IT Auditor needed help and I was transferred from Background Licensing. Right place, right time. I possess a guardian spirit and have mostly worked in similar areas of employment: U.S. Marine, Deputy Sheriff, Police Officer, Private Security/Life Safety, casino surveillance, background licensing investigator. With my investigative training background, it was a natural migration into auditing the cybersecurity of information technology. Why... Read more →
Posted by (ISC)² Management on 31 January 2018 at 08:55 AM in Cybersecurity Certifications, IT Security, Spotlight | Permalink
|
Comments (0)
Search
(ISC)² Links
Categories
- (ISC)² Chapters
- (ISC)² Events
- Center for Cyber Safety and Education
- Cloud Security
- Cybersecurity Certifications
- Cybersecurity Training
- Cybersecurity Workforce
- Digital Forensics
- Ethics
- Government
- Insider Risk
- IT Security
- Legal
- Malware
- Network Security
- Operations Security
- Privacy
- Ransomware
- Risk
- Software Development
- Spotlight