By Tony Chebli, Senior Manager, Information Security Department/Risk Management Division, Credit Libanais S.A.L Tony will be hosting the session ISO 27001 Between the Reality and the Myth at (ISC)² Secure Summit MENA in Dubai on the 21st and 22nd November 2017. It seems like yesterday, but actually it has been over 13 years, since I obtained my ISO 27001 Lead Auditor certification and started travelling from country to country around the Middle East, preaching the benefits of ISO 27001 certification and its importance to companies that are looking to secure their information assets. I admit it was (and still is)... Read more →
145 posts categorized "Risk"
09 November 2017
ISO 27001 – Between the Reality and the Myth
Posted by (ISC)² Management on 09 November 2017 at 04:05 AM in Government , Insider Risk, Network Security, Operations Security, Risk | Permalink
|
Comments (0)
18 October 2017
CISSP Spotlight: Tony Harris
Name: Tony Harris Title: Consultant, Cyber Security Employer: KPMG LLP Location: Vancouver, Canada Education: MSc, Cyber Security (in progress) from the University of Liverpool, and Bachelor of Arts in American Studies & International Relations from the University of British Columbia Years in IT: 8 Years in cybersecurity: 7 Cybersecurity certifications: CISSP, CISM How did you decide upon a career in cybersecurity? I began my career in general IT processes eight years ago as your typical jack-of-all-trades IT. I wanted to narrow my focus into a specialty that I'd be interested in and cybersecurity ultimately was that choice. The reason was... Read more →
Posted by (ISC)² Management on 18 October 2017 at 09:05 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Operations Security, Risk | Permalink
|
Comments (0)
29 September 2017
Security Headlines: Congress Edition
Fresh from Austin, here are the top headlines from (ISC)2's 2017 Security Congress: Let's talk about risk, baby. That's the language c-level executives and board members want to hear from the security team. Keynote speaker and Deputy Assistant Director of the FBI, Donald Freese, spoke about a non-emotional approach to security. CSO Online quotes Dylan Thomas, who was probably talking about cybersecurity practitioners when he said "Do not go gently into that good night." Garfield loves lasagna and hates cyberbullying. Infosecurity Magazine was with us in Austin and spoke to the CISO of the state of Missouri, Michael Roling, CIO... Read more →
Posted by (ISC)² Management on 29 September 2017 at 04:59 PM in (ISC)² Events, Cybersecurity Certifications, Cybersecurity Training, Ransomware, Risk | Permalink
|
Comments (0)
22 September 2017
Security Headlines: Do you know where your data records are?
It’s 2:00 pm. Do you know where your data records are? Here are the security headlines from the week of September 18, 2017. Say it ain’t so, SEC. Say it ain’t so! It looks like the U.S. Securities and Exchange Commission (SEC) suffered a cyber attack in 2016. Hackers have been trading using non-public information. In more cybercrime news, Help Net Security has a list of most wanted malware and mobile malware. We’re all hoping the risk of wearable devices is worth the health benefit – or is that just what I tell myself about my FitBit? But what if... Read more →
Posted by (ISC)² Management on 22 September 2017 at 02:00 PM in Malware, Privacy, Risk | Permalink
|
Comments (1)
21 September 2017
Lack of Training and Resources Plagues IT Security Teams
Although some organizations have splintered cybersecurity from IT for structural purposes, typically IT teams shoulder the responsibility for security. This means IT professionals are the people who enforce the policies and run the tools to protect their organizations’ data. But even though IT teams are the de facto security team in most places, do they have all the access to tools and technology they need? Not necessarily, according to recently completed (ISC)² research. The research suggests most organizations do not provide adequate resources for training and development, or enough people, to run security. Even worse, (ISC)²’s 2017 Global Information Security... Read more →
Posted by (ISC)² Management on 21 September 2017 at 09:00 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Risk | Permalink
|
Comments (3)
15 September 2017
Security Headlines: World Cup, IT and everything in between
Pardon our absence on the blog this past week. Hurricane Irma had plans of her own, but we’re back in business and ready to break down the top security headlines for the week of September 11, 2017: The fear of foreign hacking is not just related to elections or national security. England is worried about World Cup information. The silver lining of Equifax is that cybersecurity stocks are up. So I guess that’s a win? Password123 is still not a good idea, but could relaxing password policy increase security? The Hill has questions about the Equifax hack. Still waiting on... Read more →
Posted by (ISC)² Management on 15 September 2017 at 01:27 PM in Ethics, Government , IT Security, Privacy, Risk | Permalink
|
Comments (0)
29 June 2017
Being the Fly on the Wall: The latest observations from the (ISC)² Member’s GDPR Task Force
By Yves Le Roux, CISSP, CISM, Co-Chair, Europe, Middle East and Africa Advisory Council (EAC) Recently our GDPR Task Force has found that despite efforts to prepare for the incoming regulation, many practitioners are finding that there is actually a lot more to do than originally anticipated, and are still in “discovery mode” about what data they hold. Data being fragmented and contained within individual business units means that knowing where data sets reside and mapping their flow is proving challenging. Businesses have just realised the mammoth task ahead of them Many businesses are still stuck in the initial stages... Read more →
Posted by (ISC)² Management on 29 June 2017 at 04:00 AM in Ethics, Government , IT Security, Legal, Network Security, Risk | Permalink
|
Comments (4)
20 June 2017
Looking for cybersecurity job? Healthcare is hiring!
While the projected 1.8 million cybersecurity workforce gap is a staggering number, the Global Information Security Workforce Study did reveal which sectors are most aggressively looking to address this talent shortfall. Healthcare, retail and manufacturing top the list of industries looking to increase their cybersecurity workforce by more than 20% over the next year. Healthcare, in particular, is aiming for a 39% increase. It’s not surprising that they’re leading the charge to staff up, as Privacy Rights Clearninghouse reports that there were 223 known breaches to healthcare organizations in the United States in 2016 - and another 46 disclosed so... Read more →
Posted by (ISC)² Management on 20 June 2017 at 03:00 PM in Cybersecurity Certifications, Cybersecurity Training, Malware, Ransomware, Risk | Permalink
|
Comments (1)
16 June 2017
Continuing the Conversation: Spearphishing
If you’ve attended any of our (ISC)² ThinkTank Webinars (and we hope you have!) you know that moderator Brandon Dunlap shares your questions with panelists to answer during the session. While we can’t get to all questions, we’d like to address a few more here on our blog. Last week’s webinar was “The Human Target – The Tip of the Spear is Aimed at You”, with panelists Ira Winkler, president of Secret Mentem, Sylvester Gray, security product specialist at Sophos and Johnny Deutsch, senior manager, advanced security center at Ernst & Young, LLP. Thank you to our panelists for sharing... Read more →
Posted by (ISC)² Management on 16 June 2017 at 11:06 AM in (ISC)² Events, Cybersecurity Training, IT Security, Risk | Permalink
|
Comments (0)
07 June 2017
What we learned from this month’s European GISWS report
What is the GISWS? Since its first release in 2004, the biennial (ISC)²® Global Information Security Workforce Study (GISWS) has been gauging the opinions of information security professionals; and in turn, providing detailed insights into the important trends and opportunities within this increasingly crucial profession. This year, the study conducted its largest-ever global survey of cybersecurity professionals, with over 19,000 individuals taking part (3,694 of which hailing from Europe), further allowing it to ascertain an even clearer and progressively more complete profile of the information security workforce; with stronger understandings of areas and issues such as pay scales, skills gaps,... Read more →
Posted by (ISC)² Management on 07 June 2017 at 03:00 AM in Center for Cyber Safety and Education, Cybersecurity Certifications, Network Security, Risk | Permalink
|
Comments (0)
05 April 2017
Viewing Cybersecurity as a Business Enabler Versus a Money Pit
A data breach can cause a loss of revenue, destroy shareholder value, erode consumer trust and even open you up to legal consequences, whereas better security can add value to a company by preventing attacks, detecting breaches faster and mitigating the damage caused by cyber threats. The Ponemon Institute's 2016 Cost of Data Breach Study estimates that the average consolidated total cost of a data breach is $4 million; so why do we still view cybersecurity simply as an operating cost? Unfortunately, cybersecurity is often viewed as the organization that always says no versus the organization that makes the business... Read more →
Posted by David Shearer on 05 April 2017 at 10:29 AM in Risk | Permalink
|
Comments (4)
10 February 2017
Calling All Cybersecurity Experts!
This year’s (ISC)² Security Congress – with the theme “Leaders of Tomorrow” – will take place September 25-27 in Austin, Texas at the JW Marriott. For the first time, Security Congress will be a stand-alone event, without former partner ASIS International. “We value the partnership we had with ASIS International for the past six years, but it was time for Security Congress to stand on its own to address the programming needs expressed by our members,” says (ISC)² CEO David Shearer. The cybersecurity conference will host more than 90 educational sessions, as well as a town hall meeting, career center... Read more →
Posted by (ISC)² Management on 10 February 2017 at 09:25 AM in (ISC)² Events, Cloud Security, Cybersecurity Certifications, Digital Forensics, IT Security, Malware, Network Security, Privacy, Ransomware, Risk | Permalink
|
Comments (0)
27 January 2017
EMEA Advisory Council Marks International Data Protection Day with GDPR Warning
Yves Le Roux, co-chair and public policy workgroup lead, (ISC)2 EMEA Advisory Council This Saturday marks the 10th anniversary for Data Protection Day, celebrated each year on 28 January – which is the date the Council of Europe’s data protection convention, known as “Convention 108”, was established. Data Protection Day, known as Privacy Day outside of Europe, is now celebrated globally, raising awareness of people’s rights as they relate to the automatic processing of their data. Each year, events are held around the world to both arm citizens with the information they need to understand and protect their rights, while... Read more →
Posted by (ISC)² Management on 27 January 2017 at 04:00 AM in Government , Legal, Privacy, Risk | Permalink
|
Comments (0)
12 January 2017
CISSP Spotlight: Miriam Celi
Name: Miriam Celi Title: Technical Leader – Secure Coding IT Quality Assurance Employer: Humana, Inc. Years in IT: 20 Years in cybersecurity: 7 Cybersecurity certifications: CISSP, GISP How did you decide upon a career in cybersecurity? I got into a career in cybersecurity by chance. In early 2009, I joined a small startup that specialized in personal identity verification (PIV) solutions for the government. I was very fortunate that since the company was small, I was able to perform various roles, such as integrating products with various physical access control systems and biometric devices, representing the company in security conferences... Read more →
Posted by (ISC)² Management on 12 January 2017 at 09:15 AM in Cybersecurity Certifications, IT Security, Network Security, Risk, Spotlight | Permalink
|
Comments (4)
27 December 2016
Why cars are increasingly vulnerable to cyber attack
Adrian Davis, Managing Director, EMEA at (ISC)² explains how we can stop the ongoing proliferation of vulnerabilities in connected cars It’s clear that we are rapidly moving towards turning cars into rolling internet browsers, connecting to everything from traffic lights to household appliances. Future vehicles will get remote updates on traffic jams or weather, automatically alert emergency services to accidents as they happen, allow drivers to get over-the-air ‘upgrades’ without visiting a dealership and even warm up their kettles from their cars. Software updates can now give cars self-driving features, turn them into rolling Wi-Fi hotspots or even allow them... Read more →
Posted by (ISC)² Management on 27 December 2016 at 04:00 AM in Cloud Security, IT Security, Risk | Permalink
|
Comments (9)
20 December 2016
CISSP Spotlight: Collin Chung
Name: Collin Chung Title: Risk and Compliance Analyst II Employer: CareerBuilder Education: B.A. Years in IT: 6 Years in cybersecurity: 5 Cybersecurity certifications: CISA, CISSP, CRISC, ITIL How did you decide upon a career in cybersecurity? It honestly just happened upon me. I loved video games growing up and decided to pursue an education in information technology and business - MIS. I later discovered that my love of computers pervaded enterprises in ways I couldn't have imagined and dove head first into the world of IT and eventually cybersecurity. Why did you get your CISSP®? Before I obtained my CISSP... Read more →
Posted by (ISC)² Management on 20 December 2016 at 09:15 AM in Cybersecurity Certifications, IT Security, Risk | Permalink
|
Comments (1)
10 September 2014
Moving Beyond the Dangerous Denial Phase as Individuals and Organizations
I spent 25 years in the Washington, DC area, and during that time I became a National Public Radio junkie. I guess I still am. I recently listened to a report on a comprehensive study about how people in the workplace react to the news about a coworker that’s been diagnosed with breast cancer.[i] The results of the study shocked me. The worse the diagnoses and the closer employees physically worked to the diagnosed coworker, the less likely those working in close proximity were to seek cancer screening. Similarly, as the conversation about the complexities, costs, and potential breaches is... Read more →
Posted by David Shearer on 10 September 2014 at 10:59 AM in Ethics, IT Security, Legal, Network Security, Privacy, Risk | Permalink
|
Comments (0)
28 August 2014
JP Morgan Chase Security Breach Comments from (ISC)² Leadership
Continuous monitoring is the key to thwarting these types of breaches. With cyberattacks becoming commonplace in every sector, companies must continuously protect their most valuable information. Cyber guns fire at us all the time, but the notion of catching and stopping every cybercriminal simply isn’t realistic in today’s burgeoning threat environment. I liken it to aspiring to completely eliminate common street crime. It’s just not realistic. Flaws will always exist, even within the most ideal protective structures. Every company should assume they’ll be breached, and focus efforts on minimizing damage once cybercriminals get in. The need for qualified cybersecurity professionals... Read more →
Posted by (ISC)² Management on 28 August 2014 at 04:29 PM in IT Security, Network Security, Privacy, Risk | Permalink
|
Comments (0)
15 April 2013
Secure Software Development – Closing the Gap between Risk Awareness and Response
by Mano Paul, CISSP, CSSLP, MCSD, MCAD, CompTIA Network+, ECSA As highlighted in the recently released 2013 Global Information Security Workforce Study (GISWS) – the largest vendor-neutral study of its kind conducted by (ISC)2 and analyst firm Frost & Sullivan – the largest gap between information security risk awareness and response exists in the secure software development discipline. In fact, respondents ranked application vulnerabilities as their top concern, making application security and secure software development the highest ranking security concern for the information security profession today. As the first software security certification, the groundbreaking Certified Secure Software Lifecycle Professionals (CSSLP®s)... Read more →
Posted by Mano Paul on 15 April 2013 at 02:00 PM in Risk, Software Development | Permalink
|
Comments (1)
11 April 2013
Flight risk
An amateur pilot has reportedly assembled and hacked real aircraft cockpit systems, demonstrating their vulnerabilities. "Security researcher Hugo Teso was able to "hijack" the systems to feed false navigation information to a simulated jet that made it change course." BBC It's not hard to think of scenarios where a well-resourced, competent and overtly malicious yet non-suicidal adversary could wreak havoc by redirecting aircraft, missiles, anti-missile-missiles, drones etc. using similar techniques, or simply interfere with them, hence one would have thought that information security was an obvious safety-critical requirement for their navigation and comms systems ... like for example the 30... Read more →
Posted by Gary Hinson on 11 April 2013 at 06:07 PM in Malware, Network Security, Operations Security, Risk | Permalink
|
Comments (0)
Search
(ISC)² Links
Categories
- (ISC)² Chapters
- (ISC)² Events
- Center for Cyber Safety and Education
- Cloud Security
- Cybersecurity Certifications
- Cybersecurity Training
- Cybersecurity Workforce
- Digital Forensics
- Ethics
- Government
- Insider Risk
- IT Security
- Legal
- Malware
- Network Security
- Operations Security
- Privacy
- Ransomware
- Risk
- Software Development
- Spotlight