By Tara Wisniewski, EVP, Advocacy, Global Markets and Member Engagement, (ISC)² Summary The U.S. Securities and Exchange Commission (SEC) last week voted to adopt significant new rules relating to how publicly traded companies act and disclose cybersecurity-related risk and incidents. While U.S. healthcare providers, financial services firms and other critical infrastructure operators must, by law, report data and network breaches, no all-encompassing U.S. federal breach or incident disclosure law currently exists. However, the new rules passed by the SEC commissioners leave considerable ambiguity, particularly regarding the definition and measure of risk, along with not making a definitive ruling on cybersecurity... Read more →
01 August 2023
SEC Votes To Adopt Rules Expanding Cybersecurity Reach and Disclosure
Posted by ISC2 Management on 01 August 2023 at 01:00 PM in Cybersecurity Workforce, IT Security | Permalink
|
Comments (0)
Critical Next Steps for Transitioning Military
Transitioning military personnel - come to learn valuable insights from a panel of recruitment experts as they discuss “Critical Next Steps for Transitioning Military '' on Thursday, October 26 at 3:05 pm CT in the Career Center at (ISC)2 Security Congress. Meet the Panel This military transition discussion will feature Kirsten Renner, Tiffany Robbins, and Michael McCoy. Kirsten Renner, Talent Engagement Lead at Accenture Federal Services is a passionate supporter of active-duty service members, veterans, and transitioning military job seekers, in addition to being a proud Army mom. Kirsten has a history of providing resume reviews and guidance to transitioning... Read more →
Posted by ISC2 Management on 01 August 2023 at 12:30 PM in Cybersecurity Training, Cybersecurity Workforce | Permalink
|
Comments (0)
31 July 2023
Strengthened Cybersecurity Through Collaborative Defense: Sector-wide Integrated Cyber Defense Approach (SICDA), Part 2
By Enoma Odia, CISSP, ISSMP, CSSLP In Part One of this blog, I explained how Sector-wide Integrated Cyber Defense Approach (SICDA) is intended to function, the challenges of this process, as well as some root causes to be addressed to mitigate those challenges. To overcome existing limitations in individual cybersecurity efforts, consider the adoption of a collective and cooperative model inspired by the strategies employed in conventional warfare, where allies unite for robust defense against adversaries. This model, known as the Sector-wide Integrated Cyber Defense Approach (SICDA), takes a holistic and integrated approach towards fortifying cybersecurity resilience. SICDA envisions fostering... Read more →
Posted by ISC2 Management on 31 July 2023 at 12:30 PM | Permalink
|
Comments (0)
Kaseya Incident – Two Years Later, What Has Changed What Have We Learned?
By: Anindya Chatterjee, CISSP, CCSP The threat landscape has evolved a lot in the past two years following by the Kaseya incident. With the maturity of software-as-a-service (SaaS) marketplaces and an industry-wide cost saving drive for off the shelf applications, the dependency on managed service providers (MSPs) and application providers has increased. Initially, organizations had a choice of on-premise or SaaS deployment but now it’s a decision largely driven by vendor solutions. Organizations are much more dependent on cloud providers and application providers. Today, more that 50 percent of industry applications are bought off-the-shelf and hence the threat pertaining to... Read more →
Posted by ISC2 Management on 31 July 2023 at 07:00 AM | Permalink
|
Comments (0)
28 July 2023
Latest Cyberthreats and Advisories - July 28, 2023
The myth of Mac’s malware invincibility, ransomware attacks skyrocketed in June and North Korean actors found to be behind the JumpCloud breach. Here are the latest threats and advisories for the week of July 28, 2023. Threat Advisories and Alerts Vulnerability Leaves 900,000 MikroTik Routers Open to Attack An estimated 900,000 MikroTik routers may be vulnerable to attack due to a new security flaw. The vulnerability (CVE-2023-30788) can provide cybercriminals entry into an organization’s network. "The worst-case scenario is that an attacker can install and execute arbitrary tools on the underlying Linux operating system," said security researcher Jacob Baines. Considering... Read more →
Posted by ISC2 Management on 28 July 2023 at 07:00 AM in Cybersecurity Workforce, IT Security, Malware, Ransomware, Risk | Permalink
|
Comments (0)
27 July 2023
Collaboration is Key: Sector-wide Integrated Cyber Defense Approach (SICDA), Part 1
By Enoma Odia, CISSP, ISSMP, CSSLP Cybersecurity is a crucial concern for modern organizations due to the rise of increasingly sophisticated cyber threats and attacks. Implementing cybersecurity controls and managing the escalating risk presents considerable challenges for organizations, especially considering the potential financial implications. It is why collaboration is a preferred approach, allowing cost and workload to be diluted to more manageable levels. While cybersecurity collaboration is not a novel concept, government agencies like ENISA and CISA-ISACs are primarily tasked with promoting collaboration to bolster cybersecurity resilience. Notwithstanding, these agencies often rely on information sharing on emerging threats, vulnerabilities, and... Read more →
Posted by ISC2 Management on 27 July 2023 at 12:30 PM in IT Security | Permalink
|
Comments (1)
Meta Will Serve Up LLaMA at Vegas Coding Get-Together
Social media giant chooses DEF CON to stress test AI models in an unusual public show of its technology and security approaches. Meta will let developers loose on its large language models at DEF CON next month, as it adopts a more “open” approach to assuring regulators and society at large that its artificial intelligence (AI) algorithms are resilient and secure. The move was revealed by Meta’s president of global affairs and the former U.K. politician, Nick Clegg, in an opinion piece in the Financial Times. The world is not anywhere close to achieving artificial general intelligence (AGI) argued Clegg.... Read more →
Posted by ISC2 Management on 27 July 2023 at 09:35 AM | Permalink
|
Comments (0)
26 July 2023
The importance of cybersecurity and the role government should play
By Alexander Bovell, CISSP, a seasoned IT professional with a wealth of knowledge in the field of information security. Often, I’m asked, what is cybersecurity? Why is cybersecurity important? What job sector would it be implemented in? Cybersecurity protects computers, networks, and data from unauthorized access or damage. While most users use products as intended, others use them for nefarious activities. Cyber and information security personnel help protect against these bad actors and advise where protections should be implemented. As to where it should be implemented, my answer is that information security should be implemented everywhere, from schools, businesses, and... Read more →
Posted by ISC2 Management on 26 July 2023 at 07:00 AM | Permalink
|
Comments (0)
25 July 2023
Cybersecurity Industry News Review – July 25, 2023
Imperva sold in a multi-billion dollar exit deal for its private equity owners, U.K. businesses struggle with cyber skills shortage, the U.S. moves on AI and MOVEit keeps causing trouble. Thales Agrees $3.6 billion Deal for Imperva with Thoma Bravo French conglomerate Thales, which has operations from aerospace to defense, has agreed a $3.6 billion takeover deal for U.S.-based cybersecurity software and services company Imperva. The acquisition, which will create a combined cybersecurity business with more than €2.4 billion in annual revenues, will add Imperva’s Web Application Firewall (WAF) to the Thales product line, along with Imperva’s application security portfolio... Read more →
Posted by ISC2 Management on 25 July 2023 at 10:12 AM | Permalink
|
Comments (0)
24 July 2023
Preparing for the (ISC)² CCSP exam
By Dwayne Natwick, CISSP, CCSP, CGRC, CC, (ISC)² Authorized Trainer, author, and product manager with 30+ years of experience in the IT industry You want to take the CCSP exam with the hopes of getting (ISC)² Certified Cloud Security Professional. So, what are the best ways to prepare for this exam? People prepare and learn differently. You may prefer a study guidebook, you may test your skills through on-demand courses and quizzes, or maybe you prefer preparation through a full instructor-led training course. Whatever your preference, this article will provide you with some of the tools and materials that you... Read more →
Posted by ISC2 Management on 24 July 2023 at 07:00 AM in Cybersecurity Certifications | Permalink
|
Comments (0)
21 July 2023
E.U.’s Computer Resilience Act Rewrite Clarifies Vulnerability Reporting, Product Classes
But does the revised Computer Resiliency Act text calm open-source fears around reporting and liabilities? By Joe Fay The European Union (E.U.) Cyber Resilience Act could be finalized by the end of this year after the member states agreed on a revised text for the controversial cybersecurity legislation. The revised text was agreed this week by the European Council. It includes plans for a single vulnerability reporting platform and clarifies under which circumstances open-source software will be covered by the legislation. The legislation came under criticism from industry bodies for being too prescriptive when it was unveiled by the European... Read more →
Posted by ISC2 Management on 21 July 2023 at 12:30 PM in IT Security, Software Development | Permalink
|
Comments (0)
Latest Cyberthreats and Advisories - July 21, 2023
The cybercriminal version of ChatGPT, BreachForums’ founder pleads guilty and FBI warns of tech support scam. Here are the latest threats and advisories for the week of July 21, 2023. By John Weiler Threat Advisories and Alerts CISA Factsheet Offers Security Advice for Companies Transitioning to the Cloud The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published the Free Tools for Cloud Environments factsheet to help protect companies migrating to the cloud. The factsheet provides cloud security guidance on how organizations can safeguard their data and critical assets from vulnerabilities, anomalies and other cyberthreats. CISA has encouraged organizations to... Read more →
Posted by ISC2 Management on 21 July 2023 at 06:00 AM in Cloud Security, Digital Forensics, Ethics, Government , Insider Risk, IT Security, Malware, Risk | Permalink
|
Comments (0)
20 July 2023
Elevate your Security Congress experience with pre-conference workshops!
How would you like to attend high-level cybersecurity workshops in community with your peers ahead of one of the industry’s hottest events? You’ll get your chance on October 23 and/or October 24, the two days leading up to this year’s (ISC)² Security Congress! These workshops are being offered live, onsite at the Gaylord Opryland Resort in Nashville, Tennessee. Choose from among 10 one- and two-day workshops that will increase your knowledge, present opportunities to mix and mingle with fellow cyber professionals and, if you’re an (ISC)² Member or Associate, provide those all-important Continuing Professional Education (CPE) credits! These amazing workshops... Read more →
Posted by ISC2 Management on 20 July 2023 at 12:00 PM in ISC2 Events | Permalink
|
Comments (0)
Real Talk with CCSPs
An interview with Neha Dhyani, CCSP The information security profession is one of the most evolving careers across the IT industry. In many cases, people have a hard time staying up to date on all of the developing trends and changing technologies. Imagine what it would be like to take an extended sabbatical, and then try to return without any gaps in your knowledge. We interviewed Neha Dhyani, who took a break in her professional journey and returned to the Infosec profession with renewed energy levels not only to continuously improve her skills but to impart that knowledge to others... Read more →
Posted by ISC2 Management on 20 July 2023 at 07:00 AM in Cybersecurity Certifications | Permalink
|
Comments (0)
18 July 2023
White House Reveals National Cybersecurity Strategy Implementation Roadmap Priorities
By John E. Dunn The Biden-Harris Administration wants to fix cybersecurity’s tangled puzzle. Its National Cybersecurity Strategy Implementation Plan shows us the boxes it will have to tick. In March, the Biden-Harris Administration’s National Cybersecurity Strategy signaled an historic shift: in future, technology companies and large federal institutions would have to take over the bulk of responsibility for protecting the nation. The Administration has now published the roadmap setting out how this ambition will be turned into a reality through the National Cybersecurity Strategy Implementation Plan (NCSIP) between now and 2026. The 57-page Plan translates the National Cybersecurity Strategy’s 27... Read more →
Posted by ISC2 Management on 18 July 2023 at 01:00 PM | Permalink
|
Comments (0)
Cybersecurity Industry News Review – July 18, 2023
Are cybersecurity professionals able to shape policy, the White House tackles smart device quality standards, the MOVEit breach keeps moving and a new resource for understanding maritime cyber threats. Survey To Look at Involvement of Cybersecurity Professionals in UK Policy Development Jen Ellis, founder of NextJenSecurity and also an Advisory Board Member for the U.K. Cabinet Office's Government Cybersecurity Advisory Board has launched a survey and is looking to understand the extent of involvement of frontline cybersecurity professionals in the U.K.’s cybersecurity policymaking process. This survey investigates whether cybersecurity professionals in the U.K. are interested in participating in, and have... Read more →
Posted by ISC2 Management on 18 July 2023 at 09:59 AM in Cybersecurity Workforce, Government , IT Security, Ransomware, Risk | Permalink
|
Comments (0)
17 July 2023
New cybersecurity express-learning opportunities with (ISC)² Skill-Builders
Cybersecurity never stands still. It’s a constantly evolving field that requires constant learning to stay in front of cyberthreats. (ISC)² Skill-Builders are a new way to stay current and demonstrate your knowledge of emerging cybersecurity topics. The quick, on-demand learning from cybersecurity’s leading professional organization features content created by industry experts. Learning activities focused on real-world activities ensure the content is accessible and relevant. Anyone can access the courses anytime, anywhere. (ISC)² Skill-Builders dive into the following focus areas: Entry-Level Cybersecurity Skill-Builders - Learn valuable fundamental skills as you pursue a career in cybersecurity. Cloud Security - Get up to... Read more →
Posted by ISC2 Management on 17 July 2023 at 08:00 AM in Cloud Security, Cybersecurity Training, IT Security, Network Security, Operations Security, Risk, Software Development | Permalink
|
Comments (0)
14 July 2023
The Trouble with Trust
By Duncan Greaves, PhD, CISSP Developing trusting relationships in online situations provides intelligence-led and useable business techniques to develop relationships to improve control, productivity, innovation, creativity, and reduce friction between teams. The development of trust is the engine of business and helps organizations prepare for unexpected events. Knowledge about the formation and dynamics of trust assists managers to control the debate and realize the strategic benefits of a network of collaborators. It also provides an innovative toolset with which to approach the operation of trust in extended supply chains. Crucially, such relationships also help to embed ethical behaviors that enhance... Read more →
Posted by ISC2 Management on 14 July 2023 at 01:00 PM | Permalink
|
Comments (0)
Latest Cyberthreats and Advisories - July 14, 2023
Cybersecurity agencies warn of Truebot malware, ransomware and phishing attacks surge in 2023 and the rise of Clop ransomware gang. Here are the latest threats and advisories for the week of July 14, 2023. By John Weiler Threat Advisories and Alerts Cybersecurity Agencies Warn of New Truebot Malware Variants The U.S. Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with other domestic agencies and the Canadian Centre for Cyber Security (CCCS) have released a joint advisory that warns of Truebot malware variants. Truebot, which has been utilized by groups like Clop Ransomware, is a botnet used for data exfiltration. While... Read more →
Posted by ISC2 Management on 14 July 2023 at 06:00 AM in IT Security, Malware, Ransomware, Risk | Permalink
|
Comments (0)
13 July 2023
Security Administration and Operations Demands a Big Picture View
In today’s ever-evolving digital landscape, cybersecurity is more critical than ever. With the rise of cyberthreats, organizations worldwide are facing unprecedented challenges in protecting their data and systems from breach and attack. The constant need to stay one step ahead of bad actors means the stakes are high. Attention to the issue of cybersecurity has never been higher. In the United States, the Biden Administration recently unveiled a new National Cybersecurity Strategy that outlines the priorities The White House notes as most pressing. It calls for enhanced regulations, improved communication and information sharing between government and private sectors and an... Read more →
Posted by ISC2 Management on 13 July 2023 at 08:00 AM in Cybersecurity Training | Permalink
|
Comments (0)
Search
Categories
- Center for Cyber Safety and Education (52)
- Cloud Security (137)
- Cybersecurity Certifications (387)
- Cybersecurity Training (315)
- Cybersecurity Workforce (254)
- Digital Forensics (30)
- Ethics (53)
- Government (127)
- Insider Risk (57)
- ISC2 Chapters (22)
- ISC2 Events (166)
- IT Security (389)
- Legal (46)
- Malware (116)
- Network Security (178)
- Operations Security (144)
- Privacy (117)
- Ransomware (90)
- Risk (204)
- Software Development (46)
- Spotlight (71)