The Internal and External Struggles of Ethics and the CISSP Credential As Old As Mythology All students of information security have heard of the Caesar cipher and the Spartan Scytale. These early encryption methods demonstrate the craftiness of the human mind. Encryption has evolved and become more sophisticated. Encryption has been instrumental in the advancement of society. Can you think of another ancient mental construct of humanity that has remained static, yet is no less important to the functioning of society? Let’s consider the topic of ethics. The concept of ethics has existed since ancient times, and the subject is... Read more →
332 posts categorized "IT Security"
18 November 2020
What Do You Do When No One Is Watching
Posted by (ISC)² Management on 18 November 2020 at 08:45 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
10 November 2020
How Do Security Controls Help Implement a Corporate Security Policy?
A corporate security policy is the cornerstone document of a company’s risk management. Does your business have the appropriate security controls in place to implement the policy, or is the policy a forgotten document in a dusty drawer? Although most companies have established security policies at the strategic level these are not always enforced, because they lack foundational support at the tactical level. The key to solving this is knowledgeable and skilled security practitioners who can take the lead and implement security controls aligned to the policy’s goals. Many security incidents may have been avoided if the proper security controls... Read more →
Posted by (ISC)² Management on 10 November 2020 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
02 November 2020
The HR Manager's Guide to Mitigating Cyber Attacks in Healthcare
by Anastasios Arampatzis Cyberattacks in the Healthcare Industry are Increasing The use of technology in the healthcare sector can be both life-saving and life-threatening. Advancements in technology, like 3D printing, virtual reality, robotics, and Internet of Medical Things (IoMT), improve the ability of healthcare organizations to provide better care for their patients. At the same time, criminals leverage this new technology to execute their malevolent causes by either stealing protected health information (PHI) and other sensitive data or disrupting the operation of healthcare providers. The recent COVID-19 pandemic serves as a good example of the attack vectors criminals are using.... Read more →
Posted by (ISC)² Management on 02 November 2020 at 09:17 AM in Cybersecurity Certifications, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
20 October 2020
The Need For Eyes Everywhere – Asset Security
A Playing Field Without Any Boundaries Have you ever been assigned the task of asset security in an organization? At first glance, asset security seems pretty simple, almost boring. After all, what’s the big deal tracking some laptops and mobile phones. However, once you dive into the details of what an asset is, you may quickly find yourself with the feeling that the entire earth has become overtaken by quicksand. The asset security responsibilities of an information security professional can be so vast, as to leave one feeling that they have no firm footing. Assets are anything that imparts value... Read more →
Posted by (ISC)² Management on 20 October 2020 at 08:50 AM in Cybersecurity Certifications, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
16 October 2020
How to Get the Experience You Need to Pursue SSCP Certification
By David Bisson All IT professionals who want a lucrative career should consider expanding their skill set to include security. Now is an opportune time to do so, because security is continuing to grow in importance for businesses and organizations. As noted in “Why Add Security to Your Skill Set and How to Do It,” about 44% of corporate boards participate in their organization’s digital security strategy. An even greater proportion (58%) receive security briefings on at least a quarterly basis. Boards are paying greater attention to security so that they can help keep their organizations out of the headlines.... Read more →
Posted by (ISC)² Management on 16 October 2020 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (1)
14 October 2020
The Digital Future Needs Cybersecurity Leaders
We’re sure you have heard this before: the rate of technological change is accelerating. It is unpredictable and unprecedented. As the World Economic Forum acknowledges, the fourth industrial revolution brings “developments in previously disjointed fields such as artificial intelligence and machine learning, robotics, nanotechnology, 3D printing and genetics and biotechnology [that] are all building on and amplifying one another.” This unprecedented disruption of society by technology introduces many changes in the workforce as well. In the words of the World Economic Forum “more than a third of the desired core skill sets of most occupations will be comprised of skills... Read more →
Posted by (ISC)² Management on 14 October 2020 at 08:40 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, IT Security | Permalink
|
Comments (1)
07 October 2020
The Human Element of Zero Trust
One weak link in a chain is all that’s needed to topple a cyberdefense. Sometimes this comes down to an errant line of code in a hastily developed API, inadequate penetration testing, or old, unpatched, exploitable code hidden deep within a legacy system. But more often than not, it’s because of the actions of an individual – a single person who clicks on a malware payload within a phishing email, or who allows someone to physically access a workplace unchallenged, or whose work-from-home office features a Wi-Fi router that was never properly secured. Effective cybersecurity demands a zero trust platform.... Read more →
Posted by (ISC)² Management on 07 October 2020 at 08:35 AM in Cloud Security, Cybersecurity Workforce, Insider Risk, IT Security | Permalink
|
Comments (0)
23 September 2020
How Important Is Cybersecurity in M&A?
Even though cybersecurity considerations have become part of the mergers and acquisitions (M&A) process, data breaches remain commonplace at acquired companies, raising suspicions that cybersecurity doesn’t get as much attention as it should, according to a recent TechCrunch article. “The fact that data breaches are still increasing and can cause negative financial impact that will be felt long after the deal has closed highlights a greater need for acquirers to continue to improve their approach and address cyber threats,” the article says. The author makes it a point to mention that “past or potential cyber threats are no longer ignored... Read more →
Posted by (ISC)² Management on 23 September 2020 at 10:31 AM in IT Security | Permalink
|
Comments (0)
17 September 2020
Can the U.S. election process be hacked?
While election security has been a concern for many countries, the possibility of cybersecurity threat impacting the U.S. presidential election is of top concern. (ISC)² member Dr. Carnell Council, CISSP addresses the multiple steps in the voting process that could face vulnerabilities and how each step can be better secured. With different systems, networks and devices come a different set of vulnerabilities. Dr. Council's full article can be found in Security Magazine. Read more →
Posted by (ISC)² Management on 17 September 2020 at 11:21 AM in Ethics, Government , IT Security | Permalink
|
Comments (0)
14 September 2020
How HR can Improve Corporate Cybersecurity
Cybercrime is one of the greatest threats to business Security breaches are becoming more targeted and costly. IBM estimates that the average cost of a data breach in the United States being $8.19 million. In the U.K., the government’s Cyber Security Breaches Survey 2019 shows that one in three businesses (32%) suffered an attack or breach in the previous 12 months. As businesses adopt emerging technologies to boost their productivity, enhance collaboration and minimize spending, they open themselves to new risks and challenges. The overall business risk has increased because of the expanding threat landscape. Cyber criminals are also leveraging... Read more →
Posted by (ISC)² Management on 14 September 2020 at 08:45 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
03 September 2020
The Value of CSSLP Certification Is Surging
The (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) certification has earned a place in a list of 10 IT certifications with the most increased value over the past year. Researcher Foote Partners collected compensation data from more than 3,300 employers in the U.S. and Canada to compile the list as part of its 2020 IT Skills and Certifications Pay Index report. The index calculates certification value based on the percentage of salary that accounts for a certification. CSSLP holders earn 13% on top of their base salary, according to the research. The index gives holders – or those planning to... Read more →
Posted by (ISC)² Management on 03 September 2020 at 08:30 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
02 September 2020
The Problem With Cyberhygiene
Alert fatigue, password change resistance, and poor cyberhygiene are just a few of the challenges that security specialists face. Human beings do not like being forced into habits, even when it is for their own well-being or that of the organization they work for. It’s a quirk of human nature that we have a hard time contemplating abstract notions of danger, especially when it’s introduced to us by others. Humans are guided in part by instinct and reflex. So if we cannot perceive danger through our physical senses, then we cannot process it accurately. When it comes to cyberhygiene activities,... Read more →
Posted by (ISC)² Management on 02 September 2020 at 08:30 AM in Cybersecurity Training, IT Security | Permalink
|
Comments (0)
28 August 2020
The 7 Benefits of SSCP to Highly Successful Security Practitioners
In a world that is constantly changing, the immediate future of emerging technologies looks exciting and promising. Rapid advances over the next five years may help humanity solve some of the biggest challenges like the climate crisis, our ability to cure illnesses, understanding the universe and our microcosmos, and improving productivity through business automation. Despite the obvious benefits technology brings, it has also created many cybersecurity and privacy challenges. The overall business risk has increased because of the changing and expanding threat landscape. Cyber criminals are also leveraging these technologies to launch their malicious actions, which are more sophisticated than... Read more →
Posted by (ISC)² Management on 28 August 2020 at 08:15 AM in Cybersecurity Certifications, Cybersecurity Training, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
10 August 2020
Why Cybersecurity is a Great Choice for an Exciting Career
Cybersecurity is becoming increasingly important as more businesses collect, share, and use more and more data as part of their practices. The news headlines have been dominated by security incidents affecting the personal data of millions of people around the world. The importance of cybersecurity is underscored by the cost of a breach, with IBM estimating the average cost of a data breach in the United States being $8.19 million. Zero unemployment is not a dream! The cybersecurity industry has a zero percent unemployment, which make it an attractive statistic. It certainly is a great reason for everyone, either IT... Read more →
Posted by (ISC)² Management on 10 August 2020 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
29 June 2020
Beware of TMI: Cyber Crooks Are Watching
Research conducted since the start of the COVID-19 pandemic shows an increase in cyber threats as cybercriminals try to take advantage of users working remotely. What most users may not realize is that they could be making it easier for threat actors to target them. Here’s how: Every time a user posts a picture of his or her remote office setup on social media or participates in a videoconference, the user unwittingly may be revealing personal or company information that threat actors can exploit. In an opinion piece published by the Wall Street Journal, a cybersecurity expert warned about the... Read more →
Posted by (ISC)² Management on 29 June 2020 at 08:30 AM in IT Security, Privacy | Permalink
|
Comments (0)
21 May 2020
Bank On It
As published in the March/April 2020 edition of InfoSecurity Professional Magazine By Shaun Aghili, DBA, CISSP-ISSMP, CCSP, CISA and Bobby Swar, Ph.D. In May 2018, two major banks in Canada—Bank of Montreal and Canadian Imperial Bank of Commerce—received email threats from malicious hackers claiming to have gained access to customers’ sensitive information. The attackers demanded $1 million in cryptocurrency from each bank or they would publicly release customers’ information. The successful attacks on these banks led to 90,000 customers’ account information being compromised and an undisclosed amount of money lost as the result of the security breaches. In recent years,... Read more →
Posted by (ISC)² Management on 21 May 2020 at 08:30 AM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
14 May 2020
The First Line of Defense: Are Humans Doing a Good Enough Job?
As published in the March/April 2020 edition of InfoSecurity Professional Magazine By Crystal Bedell Humans have long been touted as the weakest link in security. But in many ways that axiom oversimplifies the issue of the human element and makes end users collectively the bad guy when, for the most part, they’re only trying to do their jobs. Understanding why humans behave the way they do, and allowing them to inform a security strategy, can strengthen the human element so that people aren’t the weakest link but a helpful component of your security arsenal. “We put people in front of... Read more →
Posted by (ISC)² Management on 14 May 2020 at 10:15 AM in Insider Risk, IT Security | Permalink
|
Comments (0)
16 April 2020
Study: Small Businesses Are More Focused on IoT Investments Than Cybersecurity
More than twice as many small businesses are investing in Internet of Things (IoT) technologies than in cybersecurity, according to recent research. And while this may raise some red flags, it is possible that small businesses are spending less on cybersecurity for justifiable reasons. A poll conducted by Survey Monkey for business network CNBC says 44% of small businesses are planning to invest in IoT while only 20% plan to invest in cybersecurity. Naturally, this raises the very real concern that companies may purchase technology without properly securing it. Doing so, of course, would be a mistake. As a whole,... Read more →
Posted by (ISC)² Management on 16 April 2020 at 07:50 AM in IT Security, Network Security | Permalink
|
Comments (2)
05 March 2020
Let’s Work Together
As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Michael Bergman, CISSP An (ISC)2 member details a software security integration system that eliminates that ’50-page security policy’ for developers. Unless your organization is gifted with resources, your software development teams do not have a dedicated first-line-of-defense function that integrates controls and makes it easier for developers to secure the products they build. Instead developers, particularly those using Agile for project management, typically are handed a 50-page security policy document and told to “implement that along with your functional requirements, all within your two-week sprint cycle.” The result... Read more →
Posted by (ISC)² Management on 05 March 2020 at 08:00 AM in IT Security, Network Security, Operations Security | Permalink
|
Comments (0)
24 February 2020
Threat Hunting: Is Your Security Operation Ready to Launch Such a Program?
As published in the November/December edition of InfoSecurity Professional Magazine. It could be a blended attack as slick as a multichannel marketing campaign. Or a spontaneous crime of opportunity by a single dis-gruntled employee. It could even be an innocent configuration error. When a threat exists, there will be indicators. The perennial challenge is to hunt for signs in the right places and to isolate the signal from the noise. How best to find—and remove, where possible—such threats remains up for debate. Lance Cottrell, chief scientist at Ntrepid, approaches threat hunting less as a specific set of techniques than as... Read more →
Posted by (ISC)² Management on 24 February 2020 at 08:45 AM in IT Security, Malware, Network Security, Operations Security | Permalink
|
Comments (0)
Search
Categories
- (ISC)² Chapters
- (ISC)² Events
- Center for Cyber Safety and Education
- Cloud Security
- Cybersecurity Certifications
- Cybersecurity Training
- Cybersecurity Workforce
- Digital Forensics
- Ethics
- Government
- Insider Risk
- IT Security
- Legal
- Malware
- Network Security
- Operations Security
- Privacy
- Ransomware
- Risk
- Software Development
- Spotlight