As published in the March/April 2020 edition of InfoSecurity Professional Magazine By Crystal Bedell Humans have long been touted as the weakest link in security. But in many ways that axiom oversimplifies the issue of the human element and makes end users collectively the bad guy when, for the most part, they’re only trying to do their jobs. Understanding why humans behave the way they do, and allowing them to inform a security strategy, can strengthen the human element so that people aren’t the weakest link but a helpful component of your security arsenal. “We put people in front of... Read more →
356 posts categorized "IT Security"
14 May 2020
The First Line of Defense: Are Humans Doing a Good Enough Job?
Posted by (ISC)² Management on 14 May 2020 at 10:15 AM in Insider Risk, IT Security | Permalink
|
Comments (0)
16 April 2020
Study: Small Businesses Are More Focused on IoT Investments Than Cybersecurity
More than twice as many small businesses are investing in Internet of Things (IoT) technologies than in cybersecurity, according to recent research. And while this may raise some red flags, it is possible that small businesses are spending less on cybersecurity for justifiable reasons. A poll conducted by Survey Monkey for business network CNBC says 44% of small businesses are planning to invest in IoT while only 20% plan to invest in cybersecurity. Naturally, this raises the very real concern that companies may purchase technology without properly securing it. Doing so, of course, would be a mistake. As a whole,... Read more →
Posted by (ISC)² Management on 16 April 2020 at 07:50 AM in IT Security, Network Security | Permalink
|
Comments (2)
05 March 2020
Let’s Work Together
As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Michael Bergman, CISSP An (ISC)2 member details a software security integration system that eliminates that ’50-page security policy’ for developers. Unless your organization is gifted with resources, your software development teams do not have a dedicated first-line-of-defense function that integrates controls and makes it easier for developers to secure the products they build. Instead developers, particularly those using Agile for project management, typically are handed a 50-page security policy document and told to “implement that along with your functional requirements, all within your two-week sprint cycle.” The result... Read more →
Posted by (ISC)² Management on 05 March 2020 at 08:00 AM in IT Security, Network Security, Operations Security | Permalink
|
Comments (0)
24 February 2020
Threat Hunting: Is Your Security Operation Ready to Launch Such a Program?
As published in the November/December edition of InfoSecurity Professional Magazine. It could be a blended attack as slick as a multichannel marketing campaign. Or a spontaneous crime of opportunity by a single dis-gruntled employee. It could even be an innocent configuration error. When a threat exists, there will be indicators. The perennial challenge is to hunt for signs in the right places and to isolate the signal from the noise. How best to find—and remove, where possible—such threats remains up for debate. Lance Cottrell, chief scientist at Ntrepid, approaches threat hunting less as a specific set of techniques than as... Read more →
Posted by (ISC)² Management on 24 February 2020 at 08:45 AM in IT Security, Malware, Network Security, Operations Security | Permalink
|
Comments (0)
18 December 2019
A Lifeline: Patient Safety and Cybersecurity
By Lee Kim, JD, CISSP, CIPP/US, Director, Privacy and Security, HIMSS The most valuable part of the healthcare system is the patient. Patient safety is paramount in the healthcare sector. With the digitization of healthcare information, the free flow of information comes at a price. We need to be responsible stewards of healthcare information. Patients entrust us with their healthcare information and their lives. Those of us in the healthcare cybersecurity field have the unique task of protecting and securing patient information yet ensuring that the information is available on demand—especially when critical, life threatening situations arise. The Vulnerabilities of... Read more →
Posted by (ISC)² Management on 18 December 2019 at 08:30 AM in Cybersecurity Workforce, Ethics, Government , IT Security, Privacy | Permalink
|
Comments (0)
22 November 2019
Cybersecurity Is the Top Concern for Midmarket Executives
Nearly half of midmarket executives (47%) in a newly released quarterly report cited cybersecurity as their top concern for the coming year. The Middle Market Indicator report, by Chubb and the National Center for the Middle Market (NCMM), shows that cybersecurity topped the list of concerns for the second quarter in row. The concern isn’t surprising. Any executive who pays attention to the cyber threat landscape is bound to feel trepidation about the potential for cyber attacks against their organization. A study published by The Conference Board earlier this year found that cybersecurity is the top business concern for U.S.... Read more →
Posted by (ISC)² Management on 22 November 2019 at 09:47 AM in Cybersecurity Workforce, IT Security, Network Security, Risk | Permalink
|
Comments (0)
21 October 2019
PCI Compliance in AWS - Simplified
by Adam M. Lechnos, CISSP Payment Card Industry Data Security Standards or PCI DSS, are a set of 12 requirements with over 300 controls which apply to any organization which stores, processes or transmits credit card data. Today, I will attempt to add some clarity around PCI compliance within AWS. Concepts and practices were sourced from the referenced document below and here I will break it down further. I do suggest you first read the Architecting for PCI DSS Scoping and Segmentation on AWS and come back to enhance your understanding of the methods being applied and its rationale. For... Read more →
Posted by (ISC)² Management on 21 October 2019 at 09:00 AM in Cloud Security, IT Security | Permalink
|
Comments (1)
30 September 2019
Cybersecurity Audits Are Now Standard Practice in M&A
Cybersecurity threats are a major concern for businesses of all sizes, and that challenge can have repercussions when a company puts itself on the selling block. One of the things buyers will want to know is whether the company has had a breach and, if so, how it was handled. If the business can show it addressed the breach in a satisfactory way and learned from the experience by fixing its security vulnerabilities, its sale value increases, according to 88% of respondents in a new (ISC)² study titled Cybersecurity Assessments in Mergers and Acquisitions. The study reveals that cybersecurity audits... Read more →
Posted by (ISC)² Management on 30 September 2019 at 09:56 AM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
24 September 2019
Attackers Are Targeting IT Service Providers
IT service providers have recently become a common target of cyber attacks and 11 of them have been compromised since July 2018. Attackers target providers in attempts to gain access to their customers, according to a blog post by Symantec. What makes this especially ironic is that IT service providers often are the same companies that businesses hire to protect them against cyber threats. It’s not exactly a new tactic by cybercriminals, who in the past have even attacked security vendors. Perpetrators also have been known to target some companies purely to get to their business partners. This practice was... Read more →
Posted by (ISC)² Management on 24 September 2019 at 10:05 AM in IT Security | Permalink
|
Comments (0)
05 September 2019
Looking to Break into Cybersecurity Without Direct Experience? Find Out How
The cybersecurity skills gap means companies are scrambling to fill security positions, and that presents an opportunity for you to find security work – even without direct experience. Faced with a critical shortage of qualified candidates, organizations are increasingly taking chances on nontraditional applicants and training them for security roles. One way to bridge a cybersecurity experience gap and get started? Make the case for your transferable skills. Success in security requires a mix of technical and soft skills. These can potentially come from ANY previous job. Analytical skills, enthusiasm for exploring technical questions and issues, and diagnostic experience will... Read more →
Posted by (ISC)² Management on 05 September 2019 at 09:15 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (0)
29 August 2019
VMware Acquisitions Highlight the Importance of DevSecOps
In the digital age, security can no longer be an afterthought. As organizations modernize their IT environments through digital transformation initiatives, it’s become more critical than ever to bake security into new applications from the start. Virtualization giant VMware recognizes this new reality, which explains why it has decided to acquire two companies that give the company a stronger foothold in digital transformation and cybersecurity. One of the companies, Pivotal Software, brings to VMware a platform for developing applications in the cloud. The other, Carbon Black, has a cloud-native endpoint protection platform that ensures this is done securely. Together, the... Read more →
Posted by (ISC)² Management on 29 August 2019 at 09:05 AM in Cloud Security, Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (1)
27 August 2019
IT Professionals: Use the Security Skills Shortage to Your Advantage
A cybersecurity skills shortage is expected to result in 3.5 million unfilled positions by 2021. Research from ESG finds 51% of organizations believe they have a “problematic shortage” of cybersecurity skills – an increase of 7% year-over-year. Clearly, the skills gap is a serious problem, impacting an organization’s ability to keep up with software vulnerabilities, harden devices, respond to security issues quickly and strategically manage security in an ever-evolving threat landscape. With the odds stacked against them, businesses must find new ways to recruit and retain skilled security employees and proactively address the lack of talent to fill critical roles.... Read more →
Posted by (ISC)² Management on 27 August 2019 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
15 August 2019
3 Pro Tips for Moving from IT to Security
Already have a background in IT? Here are three tips for moving toward a more security-focused role. Take a cue from Goldilocks: Go after the industry certification that’s “just right.” This entails pursuing a credential that helps augment technical skills with security practices. Many choose the SSCP for its balance between the foundational and technical. SSCP allows you to prove a technical understanding without having to seek a more entry-level certification. Change your perspective to layer security into the work you’re already doing. Moving from IT to security is a natural evolution. Once you’ve gained the requisite knowledge and put... Read more →
Posted by (ISC)² Management on 15 August 2019 at 09:10 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security | Permalink
|
Comments (1)
13 August 2019
SSCP vs. CISSP Exams: How are they different?
You’re considering a cybersecurity certification and the SSCP and CISSP are both on your list. After comparing the material, you’re thinking there’s a good bit of overlap between the two. But is there, really? And if you sit for one exam would you be able to sit for the other without additional study or preparation? These are excellent questions. In fact, we hear them a lot. And the reality is, there ARE commonalities, which is true for most things in the field. However, these two certifications are wholly different and were developed from two distinct perspectives. In many ways, the... Read more →
Posted by (ISC)² Management on 13 August 2019 at 08:30 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (6)
17 July 2019
CEOs: Cybersecurity Will Be a Major Challenge in the Coming Decade
Cybersecurity concerns remain top of mind for global CEOs as they weigh the challenges their organizations will face in the next five to 10 years. A new report by global management consultancy EY reveals that cybersecurity tops the list of concerns for CEOs, along with income inequality and job loss caused by technology advances. The findings in EY’s 2019 CEO Imperative Study confirm earlier research showing that chief executives view cybersecurity threats as one of their most daunting challenges. Adding to the problem, the EY study reveals that CEOs lack confidence in the C-suite’s ability to address these challenges. Only... Read more →
Posted by (ISC)² Management on 17 July 2019 at 09:05 AM in Cybersecurity Workforce, Ethics, Insider Risk, IT Security, Risk | Permalink
|
Comments (0)
20 June 2019
Small Businesses Not the Weakest Link in the Supply Chain, Study Shows
A new (ISC)2 study suggests that small businesses may get too much attribution for causing security breaches for their large enterprise clients. While it’s true that enterprises have suffered breaches caused by third parties, they are more likely a result of actions by a large partner, not a small business. The Securing the Partner Ecosystem study, which polled respondents both at large enterprises and small businesses, revealed about one third of enterprises (32%) have experienced a breach caused by a third party, but in these cases, large partners are more likely to blame (54%) than small business partners (46%). Only... Read more →
Posted by (ISC)² Management on 20 June 2019 at 11:00 AM in Cybersecurity Workforce, IT Security, Risk | Permalink
|
Comments (1)
05 June 2019
Cybersecurity Falls Short in Organizations Undergoing Digital Transformation
While C-level executives understand the need for cybersecurity as their organizations undergo digital transformation, they aren’t prioritizing it enough, according to a recent Deloitte report based on a survey of 500 executives. The report, “The Future of Cyber Survey 2019,” reveals a disconnect between organizational aspirations for a “cyber everywhere” future and their actual cyber posture. One area where this is evident is in budgeting, with organizations allocating only 14% of their digital transformation budgets to cybersecurity. Further evidence is how often cyber appears on the agendas of company board meetings. Cybersecurity makes it to the agenda of 49% of... Read more →
Posted by (ISC)² Management on 05 June 2019 at 08:45 AM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (1)
01 May 2019
CSSLP Spotlight: John Kent
Name: John Kent Title: Manager IT, DevSecOps Employer: FedEx Location: Irving, Texas Education: BAAS Computer Science, MS Cybersecurity Years in IT: 37 Years in cybersecurity and/or privacy: 13 Cybersecurity certifications: CSSLP, CEH, CHFI How did you decide upon a career in security software development? My passion for software development began in 1981 and launched my career in 1987. It wasn’t until my first exposure to pen test results in 2005 that I understood software design, development, test and operations from a much wider perspective. There was so much more to programming than creating working software — it had to be... Read more →
Posted by (ISC)² Management on 01 May 2019 at 09:10 AM in IT Security, Spotlight | Permalink
|
Comments (1)
29 April 2019
Heavy Industrial Companies Grapple with Cybersecurity Problems
Companies in heavy industrial industries such as mining, oil and gas, electricity and chemicals have become a major target for cybercrime. But securing these companies is complicated as they must not only protect their IT infrastructure but also their OT (operational technology) assets. Cybersecurity solutions and tools that work in IT environments do not transfer well to the OT side, potentially harming industrial devices. “Even merely scanning these devices for vulnerabilities has led to major process disruptions,” according to a recent McKinsey article. But even though the same tools aren’t effective for both environments, links between OT and IT are... Read more →
Posted by (ISC)² Management on 29 April 2019 at 08:55 AM in IT Security | Permalink
|
Comments (1)
01 February 2019
CISSP Spotlight: Renju Damodaran
Name: Renju Damodaran Title: Senior Manager, Cyber Risk Services Employer: Wipro Limited Location: Boston, MA Education: BS, Information Systems from BITS, Pilani. Years in IT: 20 Years in cybersecurity: 16 Cybersecurity certifications: CISSP, CISA, SABSA SCF How did you decide upon a career in cybersecurity? Back in the day (early 2000s), I was involved in setting up IT infrastructure for a startup company. I started interacting with information security professionals from external consulting firms and developed an interest in security as a profession. I learned BS7799 framework and landed an information security officer role in ING Vysya Bank (now known... Read more →
Posted by (ISC)² Management on 01 February 2019 at 08:45 AM in IT Security, Spotlight | Permalink
|
Comments (1)
Search
Categories
- (ISC)² Chapters (21)
- (ISC)² Events (136)
- Center for Cyber Safety and Education (50)
- Cloud Security (119)
- Cybersecurity Certifications (351)
- Cybersecurity Training (295)
- Cybersecurity Workforce (197)
- Digital Forensics (27)
- Ethics (49)
- Government (99)
- Insider Risk (54)
- IT Security (356)
- Legal (41)
- Malware (96)
- Network Security (157)
- Operations Security (126)
- Privacy (96)
- Ransomware (51)
- Risk (166)
- Software Development (41)
- Spotlight (65)