The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security is still one of the last priorities on many developers’ minds during the software development lifecycle. Vulnerable Apps Increase Cyber Threats Despite that the 2020 Verizon Data Breach Investigations Report indicates that most data breaches happen through vulnerable web applications, many developers are still hesitant to adopt a security mindset. Even though the news headlines are filled with the names of companies being compromised every day,... Read more →
345 posts categorized "IT Security"
12 April 2021
Wanted: Software Developers with a Security Mindset
Posted by (ISC)² Management on 12 April 2021 at 08:12 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Software Development | Permalink
|
Comments (0)
08 April 2021
Hush – This Data Is Secret
Is There Ever Too Much Data? As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase “Big Data” was a new, innovative way to gain a business advantage. Now, big data is the norm. When we think of all the data that has been gathered, we must stop and wonder about what is contained in that data. Many important, and often private details are stored about the clients of a particular business. Over time, it became clear that this data, if obtained by criminals, could be damaging to an... Read more →
Posted by (ISC)² Management on 08 April 2021 at 07:35 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
24 March 2021
How To Get It Right With Cybersecurity Training
The cybersecurity team can be a challenging one for organizations to keep engaged and happy. Talent is scarce, turnover and burnout rates are high. That’s why employers have to keep existing teams engaged in their profession, and current on the latest threats and defenses. To accomplish this, every organization needs a formal, standards-based cybersecurity training and education program for the employees responsible for securing their critical assets. What are the key components of a training program? Whatever an organization’s unique circumstances, three major tenets must guide any training effort: Security is an obligation, not an option. Evolving technology and constantly... Read more →
Posted by (ISC)² Management on 24 March 2021 at 08:04 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
03 March 2021
What Are the Phases of an Incident Response Plan?
Disaster recovery is now a normal part of business operations. However, before the year 2000, disaster recovery was a “nice to have” addition to a business. Then, the “Y2K” bug became the impetus that brought disaster recovery to the forefront of business preparedness. Next, in 2001, the rise of terrorism brought new attention to the need for businesses to prepare for disasters. As time progressed, incidents such as the blackout of 2003 that shut down the northeastern United States for a day, made many recognize that disaster recovery centers could not be on the same power grid, let alone at... Read more →
Posted by (ISC)² Management on 03 March 2021 at 08:15 AM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
25 February 2021
Challenges and Misconceptions of Certificate Revocation in PKI
By Qamar Peer Bellary Sadiq, CISSP, CCSP Public Key Infrastructure is the most commonly used technology in security space for the purpose of establishing Authentication, Data Integrity, Non-Repudiation, email encryption, SSL/TLS with X.509 Certificates (also known as Digital Certificate). Digital Certificate is a form of a digital identity document in the digital world and helps identify users, entities and servers. PKI is an amalgamation of a suite of protocols, people, processes and technologies that must work in a synchronized manner to create, store, distribute, manage and revoke digital identities. However, there exists real world challenges, pitfalls and misconceptions around Certificate... Read more →
Posted by (ISC)² Management on 25 February 2021 at 08:55 AM in IT Security, Network Security | Permalink
|
Comments (2)
19 February 2021
The Weeds and Flowers of Information Security
Why it is essential to have experience - and not JUST to pass the CISSP Growing The Garden of InfoSec Think about your path in information security. It took a lot of work and study. No one is born knowing information security, and no child in any playground has ever said “when I grow up, I want to get a CISSP credential”. Information security is one of the most popular professions right now, and it is anticipated that the demand for qualified information security professionals will continue to grow for the foreseeable future. Any great garden requires serious care and... Read more →
Posted by (ISC)² Management on 19 February 2021 at 08:30 AM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
04 February 2021
Addressing the Human Element of Security: Awareness & Training Programs
Did you ever hear the story about the hyphen that cost 80 Million dollars? In the infancy of the United States’ space program, a programming error resulted in a forced abort of a rocket early in its flight to prevent possible injury along its crash path. Or how about the time a pilot miscalculated the required fuel for a flight from Montreal to Edmonton? These are both fatal examples of how human error can have serious consequences. In our hyper-connected world, our errors can have damaging consequences. Sometimes, the harm can be minor, such as the “Melissa” macro virus of... Read more →
Posted by (ISC)² Management on 04 February 2021 at 08:50 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
02 February 2021
Employment for Security Analysts to Grow 31% by 2029
Demand for cybersecurity professionals will stay strong through the remainder of the decade, according to U.S. Bureau of Labor statistics. In the 10-year period between 2019 and 2029, employment of information security analysts will grow by 31%, according to the bureau’s Occupational Outlook Handbook. The projected growth rate is more than seven times higher than the national job growth average of 4%, and roughly three times that of the 11% projected growth in IT-related occupations. The reason for the high growth rate for information security analysts is no secret to anyone in the industry. As the bureau notes: “Cyberattacks have... Read more →
Posted by (ISC)² Management on 02 February 2021 at 08:30 AM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
01 February 2021
Remote Work During the Pandemic: What We Got Wrong
By Stephen Fried, CISSP As COVID-19 began to spread rapidly across the globe in 2020, many organizations moved their employees off company premises and enabled large "work from home" efforts. Nobody knew how long this would last, but we assumed we could work remotely for a few months until this thing worked itself out, then return to the office and get back to "normal." We were very wrong. We weren’t just wrong about the length of the crisis; we were wrong about how our employees defined “home.” What we didn’t anticipate is that the pandemic would force companies to rethink... Read more →
Posted by (ISC)² Management on 01 February 2021 at 08:30 AM in IT Security, Network Security, Privacy, Risk | Permalink
|
Comments (1)
20 January 2021
Is Your Security Team Cloud Ready?
Cloud services play a key role in the digital transformation and operation of today’s enterprises. Yet security teams are often left out of planning these initiatives, increasing the level of risk organizations will face. Security is an integral part of adopting cloud services, without being a barrier to innovation. More and more enterprises are migrating their data and applications to the cloud. The variations in implementations and environments create a level of complexity for IT security teams to monitor cloud services while keeping them secure. Is your internal team poised to shape secure cloud strategy and innovation? If it isn’t,... Read more →
Posted by (ISC)² Management on 20 January 2021 at 08:35 AM in Cloud Security, Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
14 January 2021
Report: Impact of COVID-19 on Enterprise IT Security Teams
How has the COVID-19 pandemic affected enterprise IT security organizations around the world? And how are they rethinking their priorities and investments as a result? Find answers and insights inside CyberEdge Group’s Impact of COVID-19 on Enterprise IT Security Teams Report, sponsored by (ISC)². This comprehensive survey of 600 cybersecurity professionals representing 7 countries and 19 industries reveals an in-depth study of how COVID-19 has altered enterprises and how they are responding. The research shows: A 114% increase in remote workers during the pandemic 67% of responding organizations are experiencing IT security staffing challenges 75% claim COVID-19 has increased their... Read more →
Posted by (ISC)² Management on 14 January 2021 at 08:30 AM in IT Security | Permalink
|
Comments (0)
21 December 2020
Can I Ask You A Question?
The Many Advisory Roles of a CISSP A Long and Prosperous Career Throughout your cybersecurity career, you will spend a lot of time in the world of identify, protect, detect, respond, and recover. Sometimes, the skills required for the job can range from the mundane, such as running a phishing campaign, to some nail-biting, all-nighters of remediation (after someone ignored your carefully crafted phishing campaign and clicked on a malicious link). Your skills were not easily acquired. Perhaps you derived these skills from tinkering with machinery, dumpster-diving, and everything in between. Information security research has transitioned to more sophisticated tools... Read more →
Posted by (ISC)² Management on 21 December 2020 at 08:15 AM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
15 December 2020
Patch Management in IT and OT Environments
The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Although the terms “patch management” and “vulnerability management” are used as if they are interchangeable, this is not the case. Most are confused because applying patches is one of the many ways available in our arsenal to mitigate cyber risks. What is Patch Management? Patch management is a strategy for managing patches or upgrades for software applications and technologies and involves the acquisition, testing, and installation of multiple patches to... Read more →
Posted by (ISC)² Management on 15 December 2020 at 08:45 AM in Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
18 November 2020
What Do You Do When No One Is Watching
The Internal and External Struggles of Ethics and the CISSP Credential As Old As Mythology All students of information security have heard of the Caesar cipher and the Spartan Scytale. These early encryption methods demonstrate the craftiness of the human mind. Encryption has evolved and become more sophisticated. Encryption has been instrumental in the advancement of society. Can you think of another ancient mental construct of humanity that has remained static, yet is no less important to the functioning of society? Let’s consider the topic of ethics. The concept of ethics has existed since ancient times, and the subject is... Read more →
Posted by (ISC)² Management on 18 November 2020 at 08:45 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
10 November 2020
How Do Security Controls Help Implement a Corporate Security Policy?
A corporate security policy is the cornerstone document of a company’s risk management. Does your business have the appropriate security controls in place to implement the policy, or is the policy a forgotten document in a dusty drawer? Although most companies have established security policies at the strategic level these are not always enforced, because they lack foundational support at the tactical level. The key to solving this is knowledgeable and skilled security practitioners who can take the lead and implement security controls aligned to the policy’s goals. Many security incidents may have been avoided if the proper security controls... Read more →
Posted by (ISC)² Management on 10 November 2020 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
02 November 2020
The HR Manager's Guide to Mitigating Cyber Attacks in Healthcare
by Anastasios Arampatzis Cyberattacks in the Healthcare Industry are Increasing The use of technology in the healthcare sector can be both life-saving and life-threatening. Advancements in technology, like 3D printing, virtual reality, robotics, and Internet of Medical Things (IoMT), improve the ability of healthcare organizations to provide better care for their patients. At the same time, criminals leverage this new technology to execute their malevolent causes by either stealing protected health information (PHI) and other sensitive data or disrupting the operation of healthcare providers. The recent COVID-19 pandemic serves as a good example of the attack vectors criminals are using.... Read more →
Posted by (ISC)² Management on 02 November 2020 at 09:17 AM in Cybersecurity Certifications, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
20 October 2020
The Need For Eyes Everywhere – Asset Security
A Playing Field Without Any Boundaries Have you ever been assigned the task of asset security in an organization? At first glance, asset security seems pretty simple, almost boring. After all, what’s the big deal tracking some laptops and mobile phones. However, once you dive into the details of what an asset is, you may quickly find yourself with the feeling that the entire earth has become overtaken by quicksand. The asset security responsibilities of an information security professional can be so vast, as to leave one feeling that they have no firm footing. Assets are anything that imparts value... Read more →
Posted by (ISC)² Management on 20 October 2020 at 08:50 AM in Cybersecurity Certifications, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
16 October 2020
How to Get the Experience You Need to Pursue SSCP Certification
By David Bisson All IT professionals who want a lucrative career should consider expanding their skill set to include security. Now is an opportune time to do so, because security is continuing to grow in importance for businesses and organizations. As noted in “Why Add Security to Your Skill Set and How to Do It,” about 44% of corporate boards participate in their organization’s digital security strategy. An even greater proportion (58%) receive security briefings on at least a quarterly basis. Boards are paying greater attention to security so that they can help keep their organizations out of the headlines.... Read more →
Posted by (ISC)² Management on 16 October 2020 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (1)
14 October 2020
The Digital Future Needs Cybersecurity Leaders
We’re sure you have heard this before: the rate of technological change is accelerating. It is unpredictable and unprecedented. As the World Economic Forum acknowledges, the fourth industrial revolution brings “developments in previously disjointed fields such as artificial intelligence and machine learning, robotics, nanotechnology, 3D printing and genetics and biotechnology [that] are all building on and amplifying one another.” This unprecedented disruption of society by technology introduces many changes in the workforce as well. In the words of the World Economic Forum “more than a third of the desired core skill sets of most occupations will be comprised of skills... Read more →
Posted by (ISC)² Management on 14 October 2020 at 08:40 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, IT Security | Permalink
|
Comments (1)
07 October 2020
The Human Element of Zero Trust
One weak link in a chain is all that’s needed to topple a cyberdefense. Sometimes this comes down to an errant line of code in a hastily developed API, inadequate penetration testing, or old, unpatched, exploitable code hidden deep within a legacy system. But more often than not, it’s because of the actions of an individual – a single person who clicks on a malware payload within a phishing email, or who allows someone to physically access a workplace unchallenged, or whose work-from-home office features a Wi-Fi router that was never properly secured. Effective cybersecurity demands a zero trust platform.... Read more →
Posted by (ISC)² Management on 07 October 2020 at 08:35 AM in Cloud Security, Cybersecurity Workforce, Insider Risk, IT Security | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters (16)
- (ISC)² Events (99)
- Center for Cyber Safety and Education (45)
- Cloud Security (84)
- Cybersecurity Certifications (264)
- Cybersecurity Training (265)
- Cybersecurity Workforce (135)
- Digital Forensics (27)
- Ethics (46)
- Government (83)
- Insider Risk (52)
- IT Security (345)
- Legal (41)
- Malware (94)
- Network Security (149)
- Operations Security (114)
- Privacy (92)
- Ransomware (31)
- Risk (153)
- Software Development (35)
- Spotlight (51)