By Tunde Ogunkoya, Consulting Partner, Africa, at DeltaGRiC Consulting (Pty) ltd. Tunde will be hosting the session Open Source; Pathway to Being or Not Being the VulN Victim at (ISC)² SecureJohannesburg 2017 on 5th October, 2017. The use of Open Source Software (OSS) has come a long way from when developers and organisations tried to avoid it. Today Open Source has become a go-to saving grace within most DevOps teams under pressure to roll out new functionality and features ahead of competition. Unfortunately, levels of vulnerability have grown with the trend as DevOps remain largely unaware of the risks or... Read more →
297 posts categorized "IT Security"
19 September 2017
Open Source — and Associated Risks — are the New Normal
Posted by (ISC)² Management on 19 September 2017 at 04:00 AM in IT Security, Network Security | Permalink
|
Comments (0)
15 September 2017
Security Headlines: World Cup, IT and everything in between
Pardon our absence on the blog this past week. Hurricane Irma had plans of her own, but we’re back in business and ready to break down the top security headlines for the week of September 11, 2017: The fear of foreign hacking is not just related to elections or national security. England is worried about World Cup information. The silver lining of Equifax is that cybersecurity stocks are up. So I guess that’s a win? Password123 is still not a good idea, but could relaxing password policy increase security? The Hill has questions about the Equifax hack. Still waiting on... Read more →
Posted by (ISC)² Management on 15 September 2017 at 01:27 PM in Ethics, Government , IT Security, Privacy, Risk | Permalink
|
Comments (0)
31 August 2017
Top 10 (ISC)² Webcasts of 2017
(ISC)² webcasts are a great source for insight into all areas of security. From the Internet of Things to malware and compliance, the topics vary. Here are the top 10 (ISC)² webcasts for 2017 so far as ranked by cybersecurity professionals: Part 1: Future of SIEM - Why Static Correlation Fails Insider Threat Detection Hackers stealing credentials and operating in your corporate network…disgruntled employees collecting customer lists and design materials for a competitor...malware sending identity information back to random domains…these common threats have been with us for years and are only getting worse. Most organizations have invested large amounts in... Read more →
Posted by (ISC)² on 31 August 2017 at 09:15 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Training, Insider Risk, IT Security, Network Security | Permalink
|
Comments (0)
23 August 2017
CISSP Spotlight: Mark A. Singer
Name: Mark A. Singer Title: Principal Software Engineer Employer: DoD Sub-Contractor Location: Indianapolis, IN Education: Business Management Years in IT: 19 Years in cybersecurity: 12 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? Evolution. I stumbled into computers when I served in the U.S. Navy from 1985 to 1989 when PCs with 8086 processors were common. When I got out of the service, I was able to get a job working for Naval Avionics in Indianapolis and was placed in a role where I was doing local computer support on tempest computers (386, 486, & 486DX... Read more →
Posted by (ISC)² Management on 23 August 2017 at 09:30 AM in Cybersecurity Certifications, Cybersecurity Training, Government , IT Security, Network Security, Operations Security, Spotlight | Permalink
|
Comments (0)
11 August 2017
Security Headlines: Payouts and Panic
WannaCry and NotPetya aftermath means payouts and panic. Here are the top security headlines for the week of August 7, 2017: Big money, no whammies! It seems like the hackers behind WannaCry have cashed out their bitcoin into Monero, a harder to track cryptocurrency. Mo money means mo malware. The success – can we call it that? – of WannaCry and NotPetya means ransomware is not going away any time soon, because… well, people and businesses pay the ransom. What’s that definition of insanity? Oh yeah, doing the same thing and expecting a different result… Tripwire research indicates that two-thirds... Read more →
Posted by (ISC)² Management on 11 August 2017 at 11:28 AM in Government , Insider Risk, IT Security, Malware, Network Security, Operations Security, Ransomware | Permalink
|
Comments (0)
25 July 2017
Is IT the solution to filling cybersecurity workforce gap?
Insights from the 2017 Global Information Security Workforce Study show that the IT players in your organization may be the key to filling the looming cybersecurity workforce gap. The survey was taken by 10,584 cyber and information security professionals in North America, and showed a projected 265,000 industry jobs will be left unfilled in 2022. Practitioners back up that data, with 68 percent indicating their organizations had too few security professionals. Filling a gap of that size with qualified professionals is daunting, but the help may already be in your organization in the information technology department. In North America, 87... Read more →
Posted by (ISC)² Management on 25 July 2017 at 11:00 AM in IT Security | Permalink
|
Comments (0)
21 July 2017
Security headlines: IoT and GoT
From IoT to GoT, budget issues to interview busts, here are the top security headlines for the week of July 17, 2017: Who is a target for ransomware? Short answer: everyone. But education, government and healthcare organizations top the list. In math that doesn’t seem to add up, UK businesses estimate they would spend £1.1m to recover from a breach, but only 14.4% of their organisation’s operation budget is spent on infosec. We’ve mentioned the cybersecurity workforce gap a time or two, but what are entry-level job seekers doing that keeps them from getting the gig? Verizon has been breached... Read more →
Posted by (ISC)² on 21 July 2017 at 11:42 AM in IT Security | Permalink
|
Comments (0)
29 June 2017
Being the Fly on the Wall: The latest observations from the (ISC)² Member’s GDPR Task Force
By Yves Le Roux, CISSP, CISM, Co-Chair, Europe, Middle East and Africa Advisory Council (EAC) Recently our GDPR Task Force has found that despite efforts to prepare for the incoming regulation, many practitioners are finding that there is actually a lot more to do than originally anticipated, and are still in “discovery mode” about what data they hold. Data being fragmented and contained within individual business units means that knowing where data sets reside and mapping their flow is proving challenging. Businesses have just realised the mammoth task ahead of them Many businesses are still stuck in the initial stages... Read more →
Posted by (ISC)² Management on 29 June 2017 at 04:00 AM in Ethics, Government , IT Security, Legal, Network Security, Risk | Permalink
|
Comments (4)
19 June 2017
Recognize the Best in Cybersecurity: Guide for (ISC)² EMEA ISLA Nominators
Nominations are open for the first-ever (ISC)² EMEA Information Security leadership Awards (ISLA) to recognize the achievements of your fellow cyber, information, software and infrastructure security professionals across Europe, the Middle East and Africa. This is a great opportunity to showcase the outstanding work and remarkable contributions the profession is making despite the challenges and widening skills gap we face. The 2017 Global Information Security Workforce Study confirms more than two thirds of the region’s hiring managers are looking to expand their teams in the next 12 months, and about half are struggling to find qualified talent for their roles.... Read more →
Posted by (ISC)² Management on 19 June 2017 at 06:51 AM in IT Security | Permalink
|
Comments (1)
16 June 2017
Continuing the Conversation: Spearphishing
If you’ve attended any of our (ISC)² ThinkTank Webinars (and we hope you have!) you know that moderator Brandon Dunlap shares your questions with panelists to answer during the session. While we can’t get to all questions, we’d like to address a few more here on our blog. Last week’s webinar was “The Human Target – The Tip of the Spear is Aimed at You”, with panelists Ira Winkler, president of Secret Mentem, Sylvester Gray, security product specialist at Sophos and Johnny Deutsch, senior manager, advanced security center at Ernst & Young, LLP. Thank you to our panelists for sharing... Read more →
Posted by (ISC)² Management on 16 June 2017 at 11:06 AM in (ISC)² Events, Cybersecurity Training, IT Security, Risk | Permalink
|
Comments (0)
12 June 2017
CCSP Spotlight: Haruhiko Kurita
Name: Haruhiko Kurita Title: Senior Security Consultant Employer: NetOne Systems Location: Tokyo, Japan Degree: Master of Science, Physics Years in IT: 24 Years in cybersecurity: 21 Cybersecurity certifications: CISSP, CCSP, CISA, PCI DSS QSA How did you decide upon a career in cybersecurity? My career in cybersecurity started around 1995, when the internet was becoming popular here in Japan. My first product was HSM (Hardware Security Module) and I was interested in cryptography, as technology was very attractive to me. After three mergers, the company (Tandem) became bigger and I covered various parts of security, like F/W, antivirus, identity management,... Read more →
Posted by (ISC)² Management on 12 June 2017 at 01:00 AM in Cloud Security, Cybersecurity Certifications, IT Security, Network Security | Permalink
|
Comments (0)
04 June 2017
SSCP Spotlight: Aoba Mari
Name: Aoba Mari Title: Security Analyst Employer: LAC / JSOC (Japan Security Operation Center) Location: Tokyo, Japan Degree: Bachelor’s Degree in International Policy Years in IT: 5 years Years in information security: 5 years Cybersecurity certifications: SSCP How did you decide upon a career in cybersecurity? Among the various fields in the IT industry, information security is the fastest growing and at the same time, I think there is a high demand for rare technical skills. For me, more than anything, that’s the biggest reason why I think it’s a very interesting field. I was involved in forensic analysis, and... Read more →
Posted by (ISC)² Management on 04 June 2017 at 09:30 PM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (1)
29 May 2017
CISSP Spotlight: Samana Haider
Name: Samana Haider Title: Manager, Forcepoint Security Labs Employer: Forcepoint Location: Dublin, Ireland Education: MSc Computer Science Years in IT: 15 Years in cybersecurity: 7 Cybersecurity certifications: CISSP How did you decide upon a career in cybersecurity? I started my career in IT in the education sector where I was a lecturer at a university back home in Pakistan. I started working in HP managing SAP administration. I got the opportunity to work with one of the leading Irish banks where I was responsible for implementing security controls for SAP administration and ensuring SOX compliance. The security aspect of that... Read more →
Posted by (ISC)² Management on 29 May 2017 at 04:15 AM in Cybersecurity Certifications, IT Security, Network Security | Permalink
|
Comments (1)
25 May 2017
Five reasons to nominate someone for the first (ISC)² EMEA ISLAs
What are the EMEA ISLAs? After eleven consecutive years of success in the Americas and Asia-Pacific, the Information Security Leadership Awards (ISLA) program is finally coming to EMEA! The (ISC)² EMEA ISLAs are a unique opportunity for you to nominate fellow information security and management professionals who go the extra mile to enhance security throughout the private and public sectors across Europe, the Middle East and Africa. There are four nomination categories: Senior Information Security Professional, Information Security Practitioner, Up-and-Coming Information Security and Woman Information Security Professional. It’s not long now until the nominations will be open (between the 12th... Read more →
Posted by (ISC)² Management on 25 May 2017 at 05:00 AM in IT Security | Permalink
|
Comments (1)
24 May 2017
CCSP Spotlight: Frederico Hakamine
Name: Frederico Hakamine Title: Principal Curriculum Developer Employer: Okta Inc. Location: San Francisco, CA, U.S.A. Degree: Bachelor in System Analysis Years in IT: 10 years Years in cybersecurity: 9 years Cybersecurity certifications: CISSP, CCSP, ISFS, ITIL, CobIT, Oracle Certified Architecture Specialist, Okta Certified Professional How did you decide upon a career in cybersecurity? I started working for Oracle as consultant 10 years ago, with a challenge: develop a portal with independent web applications, that should require a single login and display restricted information depending on where you were located (intranet or internet). Developing the application was a straightforward task. The... Read more →
Posted by (ISC)² Management on 24 May 2017 at 12:08 PM in Cloud Security, Cybersecurity Certifications, IT Security | Permalink
|
Comments (0)
15 May 2017
2017 Americas ISLA – nominations are open!
(ISC)² has had the honor of celebrating leaders in cyber, information, software and infrastructure security since 2004. The 2017 Americas Information Security Leadership Awards (AM-ISLA®) are now open for nominations. We can’t wait to hear about your latest achievements, so please tell us about a cybersecurity leader whose work deserves recognition by the industry and by their peers. The categories for nomination are: Information Security Practitioner Senior Information Security Professional Up-and-Coming Information Security Professional Community Awareness The deadline to submit is June 7, 2017 at 11:59pm EST. Nominations and awards are open to (ISC)² members and non-members alike. Winners will... Read more →
Posted by (ISC)² Management on 15 May 2017 at 03:00 PM in (ISC)² Events, IT Security, Network Security, Operations Security | Permalink
|
Comments (0)
02 May 2017
SSCP Spotlight: Ajet Ibraimoski
Name: Ajet Ibraimoski Title: System/Network Administrator Employer: PBS Systems Inc. Location: Calgary, Alberta, Canada Degree: MSc. in Computer Networks and e-Technologies; B.Sc. in Informatics and computer engineering Years in IT: 9 Years in information security: 5 Cybersecurity certifications: SSCP, CEH, Security+, Cybersecurity: Technology, Application and Policy – MIT, Information Security Foundation based on ISO/IEC 27002 How did you decide upon a career in cybersecurity? Security has always been my passion. Information security blogs and magazines kept me awake at night during my university years. After graduation, I had the chance to work in various positions and industries that presented unique... Read more →
Posted by (ISC)² Management on 02 May 2017 at 10:05 AM in Cybersecurity Certifications, IT Security, Spotlight | Permalink
|
Comments (2)
10 April 2017
SSCP Spotlight: Adam Gorecki
Name: Adam Gorecki Title: System Administrator/Information Security Analyst Employer: Mountain View County Location: Didsbury, Alberta, Canada Years in IT: Over 10 years Years in information security: 1 Cybersecurity certifications: SSCP How did you decide upon a career in cybersecurity? Information security has been something that has always interested me. It has been at the forefront of my mind during my career as a network analyst and a system administrator. When the opportunity arose for me to take on an information security analyst role, I jumped at it. Why did you get your SSCP®? I wanted to get a designation that... Read more →
Posted by (ISC)² Management on 10 April 2017 at 11:14 AM in Cybersecurity Certifications, IT Security, Network Security, Spotlight | Permalink
|
Comments (1)
30 March 2017
CCSP Spotlight: Chris Sellards
Name: Chris Sellards Title: Senior Security Architect Employer: Harland Clarke Holdings Location: San Antonio, Texas Degree: Master of Science, Information Security. Currently pursuing a Doctor of Science in Cybersecurity at Capitol Technology University Years in IT: 21 Years in cybersecurity: 17 Cybersecurity certifications: CISSP-ISSAP, CCSP, CAP, CCSK, CEH, CHFI, GCWN, NSA IAM, NSA IEM, Tripwire Enterprise Administration How did you decide upon a career in cybersecurity? Even before officially being employed in the IT field, I was fascinated with security. I ran my first blog in the mid-1990s where I covered various security topics. I worked as an engineer for... Read more →
Posted by (ISC)² Management on 30 March 2017 at 09:15 AM in Cloud Security, Cybersecurity Certifications, IT Security | Permalink
|
Comments (1)
24 March 2017
CISSP Spotlight: Uzoma Nwankwo
Name: Uzoma Nwankwo Title: Information Systems Security Officer Employer: Booz Allen Hamilton Location: National Business Park, Maryland, U.S.A. Education: MBA, BS in Computer Information Systems Years in IT: 12 Years in cybersecurity: 7 Cybersecurity certifications: CISSP, Certified Ethical Hacker (CEH), Comptia Security +, Project Management Professional (PMP) How did you decide upon a career in cybersecurity? I began my career as a systems administrator, supporting a project for a large government agency. When that project ended, I was presented with an opportunity to help another government agency with cybersecurity services in locations throughout the country. I travelled, met new people... Read more →
Posted by (ISC)² Management on 24 March 2017 at 12:15 PM in Cybersecurity Certifications, Government , IT Security, Network Security, Operations Security, Spotlight | Permalink
|
Comments (2)
Search
(ISC)² Links
Categories
- (ISC)² Chapters
- (ISC)² Events
- Center for Cyber Safety and Education
- Cloud Security
- Cybersecurity Certifications
- Cybersecurity Training
- Cybersecurity Workforce
- Digital Forensics
- Ethics
- Government
- Insider Risk
- IT Security
- Legal
- Malware
- Network Security
- Operations Security
- Privacy
- Ransomware
- Risk
- Software Development
- Spotlight