Cyberattacks rank as the number one risk of doing business in North America, Europe and the East Asia-Pacific region, according to a World Economic Forum report, Regional Risks of Doing Business. While business leaders in other areas of the globe are more concerned about unemployment, unstable governments and oil prices, cyber risks rank as the fifth highest worldwide. The concern about cyberattacks shows just how critical cybersecurity has become, ranking even higher than terrorism in the global top 10. Not surprisingly, cyber risks are a bigger concern among the most industrialized areas of the globe such as North America, where... Read more →
154 posts categorized "Risk"
03 December 2018
Report: Cyberattacks Pose Big Business Risks Around the Globe
Posted by (ISC)² Management on 03 December 2018 at 09:05 AM in Malware, Risk | Permalink
|
Comments (0)
10 October 2018
LIVE FROM #ISC2CONGRESS: Should You Get Cyber Insurance?
About three thirds (76%) of companies currently have cyber insurance, but less than a third of them (32%) get policies that cover all risks, according to two representatives from insurer RLI Corp. who spoke during this week’s (ISC)2 Security Congress 2018 in New Orleans. While having a cyber policy is always a good idea, there is a fair amount of complexity that makes it difficult to determine how much coverage you need. Often third parties such as cloud providers are involved, creating coverage nuances that companies must be aware of when taking out a policy. Beyond that, companies often don’t... Read more →
Posted by (ISC)² Management on 10 October 2018 at 03:08 PM in (ISC)² Events, Risk | Permalink
|
Comments (0)
03 July 2018
Don't be a sitting duck in the next OT cyberattack
By Ravindra Krishna, CISSP In a recent Operational Technology (OT) cyberattack, Monero Crypto-currency mining malware was discovered in the ICS network of a water utility company located in Europe. The company found the malware during a routine monitoring check of their OT network and confirmed that the malware infected five servers including the Human machine interface (HMI), which is used to control and manage physical components of OT networks. This attack provides further evidence that OT networks are not simply vulnerable, but actually easy targets. The Post-Stuxnet OT Cyberattack Era I believe that we can divide OT attacks into two... Read more →
Posted by (ISC)² Management on 03 July 2018 at 08:30 AM in IT Security, Malware, Network Security, Operations Security, Ransomware, Risk | Permalink
|
Comments (2)
16 May 2018
Is the CISO Well Positioned to Mitigate Operational Risk?
by Tamer Gamali, CISSP, CISO Mashreq Bank, and member of the (ISC)² EMEA Advisory Council Is the CISO well positioned to mitigate operational risk? (ISC)² will be asking this probing question of Security leaders at the kick-off session for Infosecurity Europe’s Leaders Programme in London next month. A round table discussion conducted under the Chatham House Rule, the session creates an opportunity to offer up frank comment and illuminate the challenges currently hampering companies from appreciating and truly gaining control of cyber risks. Infosecurity Europe’s Leaders Programme is open to CISOs and Heads of Information Security, who are the final... Read more →
Posted by (ISC)² Management on 16 May 2018 at 03:00 AM in IT Security, Risk | Permalink
|
Comments (0)
22 February 2018
The Focus on Cyber Risk: Is it time to stop talking Security?
By Tamer Gamali, CISSP, CISO and member, (ISC)² EMEA Advisory Council As a Chief Information Security Officer (CISO) based in Dubai with 15 years working in financial services, and a member of (ISC)²’s EMEA Advisory Council I am keen to help companies develop a deeper understanding of how operational risks are evolving with cyberthreats. I have become aware of a growing body of opinion within cybersecurity circles that suggests the senior management tier represents a significant threat to their businesses today. They are a group that understands and works hard to mitigate risk, but, as more and more companies move... Read more →
Posted by (ISC)² Management on 22 February 2018 at 04:00 AM in (ISC)² Events, Risk | Permalink
|
Comments (0)
15 February 2018
Throwback Thursday: Security Congress in Austin
Last year’s Security Congress in Austin was our largest one yet with nearly 2,000 cybersecurity professionals in attendance. You know what they say, everything is bigger in Texas! Our first independent Congress featured 139 educational sessions, as well as vendors presenting in the Solutions Theater, (ISC)² member focus groups, Cloud Security Alliance (CSA) Summit and the Information Security Leadership Awards (ISLA) Americas ceremony and celebration. If you attended last year, you saw the excitement and enthusiasm from staff, speakers and attendees. If you were unable to attend, you’re in luck – you can watch some of the top sessions from... Read more →
Posted by (ISC)² Management on 15 February 2018 at 09:15 AM in (ISC)² Events, Cloud Security, Cybersecurity Training, Cybersecurity Workforce, Government , IT Security, Risk | Permalink
|
Comments (0)
17 January 2018
CCSP Spotlight: David Schneider
Name: David Schneider Title: Senior Cyber Security Threat Engineer Employer: Garmin International Location: Olathe, KS, U.S.A. Degree: BA, BS, MS Years in IT: 20 Years in cybersecurity: 12 Cybersecurity certifications: CCSP, CISSP, CISM, CISA, GWAPT, CIS LI How did you decide upon a career in cybersecurity? I became interested in cybersecurity while doing software development. When working as a developer, I started becoming interested in secure coding methods and what I could do to make what I was working on more secure from both a technical and end-user perspectives. I started enjoying other aspects around information security and felt that... Read more →
Posted by (ISC)² Management on 17 January 2018 at 08:45 AM in Cloud Security, Cybersecurity Certifications, IT Security, Risk, Spotlight | Permalink
|
Comments (0)
01 December 2017
As cyber grows more popular, so do techniques for developing security skills
It’s not only the tech sector that’s talking about cybersecurity. The cybersecurity industry has been advocating for awareness training for the better part of the last decade, and since the Equifax breach, security has gone mainstream. With its new popularity, cybersecurity has evolved into a hot political issue as well. One result of the attention is increased regulations, which has many defense contractors scrambling to meet the December 31, 2017 deadline for Defense Federal Acquisition Regulation Supplement (DFARS) compliance. In a year of many major breaches, legislators are eager to move forward on the Consolidated Audit Trail (CAT) project to... Read more →
Posted by (ISC)² Management on 01 December 2017 at 03:53 PM in Government , Network Security, Risk | Permalink
|
Comments (0)
10 November 2017
Weekly Security Headlines: Hearings, guidelines and news
New guidelines, increased government oversight, and mounting stress in cybersecurity With the 4th quarter underway, we are starting to see lots of predictions about what the cybersecurity industry can expect to see come 2018. Thinking about the future makes it easy to forget about what is happening right now, though. Let’s take a look back at the news that happened this week to remind us of where we are, before we focus too much on where we’re going. Arguably the biggest industry-wide news of the week was the Senate Commerce Committee hearing, “Protecting Consumers in the Era of Major Breaches.... Read more →
Posted by (ISC)² Management on 10 November 2017 at 02:10 PM in Ethics, Government , IT Security, Malware, Privacy, Ransomware, Risk | Permalink
|
Comments (1)
09 November 2017
ISO 27001 – Between the Reality and the Myth
By Tony Chebli, Senior Manager, Information Security Department/Risk Management Division, Credit Libanais S.A.L Tony will be hosting the session ISO 27001 Between the Reality and the Myth at (ISC)² Secure Summit MENA in Dubai on the 21st and 22nd November 2017. It seems like yesterday, but actually it has been over 13 years, since I obtained my ISO 27001 Lead Auditor certification and started travelling from country to country around the Middle East, preaching the benefits of ISO 27001 certification and its importance to companies that are looking to secure their information assets. I admit it was (and still is)... Read more →
Posted by (ISC)² Management on 09 November 2017 at 04:05 AM in Government , Insider Risk, Network Security, Operations Security, Risk | Permalink
|
Comments (0)
18 October 2017
CISSP Spotlight: Tony Harris
Name: Tony Harris Title: Consultant, Cyber Security Employer: KPMG LLP Location: Vancouver, Canada Education: MSc, Cyber Security (in progress) from the University of Liverpool, and Bachelor of Arts in American Studies & International Relations from the University of British Columbia Years in IT: 8 Years in cybersecurity: 7 Cybersecurity certifications: CISSP, CISM How did you decide upon a career in cybersecurity? I began my career in general IT processes eight years ago as your typical jack-of-all-trades IT. I wanted to narrow my focus into a specialty that I'd be interested in and cybersecurity ultimately was that choice. The reason was... Read more →
Posted by (ISC)² Management on 18 October 2017 at 09:05 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Operations Security, Risk | Permalink
|
Comments (0)
29 September 2017
Security Headlines: Congress Edition
Fresh from Austin, here are the top headlines from (ISC)2's 2017 Security Congress: Let's talk about risk, baby. That's the language c-level executives and board members want to hear from the security team. Keynote speaker and Deputy Assistant Director of the FBI, Donald Freese, spoke about a non-emotional approach to security. CSO Online quotes Dylan Thomas, who was probably talking about cybersecurity practitioners when he said "Do not go gently into that good night." Garfield loves lasagna and hates cyberbullying. Infosecurity Magazine was with us in Austin and spoke to the CISO of the state of Missouri, Michael Roling, CIO... Read more →
Posted by (ISC)² Management on 29 September 2017 at 04:59 PM in (ISC)² Events, Cybersecurity Certifications, Cybersecurity Training, Ransomware, Risk | Permalink
|
Comments (0)
22 September 2017
Security Headlines: Do you know where your data records are?
It’s 2:00 pm. Do you know where your data records are? Here are the security headlines from the week of September 18, 2017. Say it ain’t so, SEC. Say it ain’t so! It looks like the U.S. Securities and Exchange Commission (SEC) suffered a cyber attack in 2016. Hackers have been trading using non-public information. In more cybercrime news, Help Net Security has a list of most wanted malware and mobile malware. We’re all hoping the risk of wearable devices is worth the health benefit – or is that just what I tell myself about my FitBit? But what if... Read more →
Posted by (ISC)² Management on 22 September 2017 at 02:00 PM in Malware, Privacy, Risk | Permalink
|
Comments (1)
21 September 2017
Lack of Training and Resources Plagues IT Security Teams
Although some organizations have splintered cybersecurity from IT for structural purposes, typically IT teams shoulder the responsibility for security. This means IT professionals are the people who enforce the policies and run the tools to protect their organizations’ data. But even though IT teams are the de facto security team in most places, do they have all the access to tools and technology they need? Not necessarily, according to recently completed (ISC)² research. The research suggests most organizations do not provide adequate resources for training and development, or enough people, to run security. Even worse, (ISC)²’s 2017 Global Information Security... Read more →
Posted by (ISC)² Management on 21 September 2017 at 09:00 AM in Cybersecurity Certifications, Cybersecurity Training, IT Security, Risk | Permalink
|
Comments (3)
15 September 2017
Security Headlines: World Cup, IT and everything in between
Pardon our absence on the blog this past week. Hurricane Irma had plans of her own, but we’re back in business and ready to break down the top security headlines for the week of September 11, 2017: The fear of foreign hacking is not just related to elections or national security. England is worried about World Cup information. The silver lining of Equifax is that cybersecurity stocks are up. So I guess that’s a win? Password123 is still not a good idea, but could relaxing password policy increase security? The Hill has questions about the Equifax hack. Still waiting on... Read more →
Posted by (ISC)² Management on 15 September 2017 at 01:27 PM in Ethics, Government , IT Security, Privacy, Risk | Permalink
|
Comments (0)
29 June 2017
Being the Fly on the Wall: The latest observations from the (ISC)² Member’s GDPR Task Force
By Yves Le Roux, CISSP, CISM, Co-Chair, Europe, Middle East and Africa Advisory Council (EAC) Recently our GDPR Task Force has found that despite efforts to prepare for the incoming regulation, many practitioners are finding that there is actually a lot more to do than originally anticipated, and are still in “discovery mode” about what data they hold. Data being fragmented and contained within individual business units means that knowing where data sets reside and mapping their flow is proving challenging. Businesses have just realised the mammoth task ahead of them Many businesses are still stuck in the initial stages... Read more →
Posted by (ISC)² Management on 29 June 2017 at 04:00 AM in Ethics, Government , IT Security, Legal, Network Security, Risk | Permalink
|
Comments (4)
20 June 2017
Looking for cybersecurity job? Healthcare is hiring!
While the projected 1.8 million cybersecurity workforce gap is a staggering number, the Global Information Security Workforce Study did reveal which sectors are most aggressively looking to address this talent shortfall. Healthcare, retail and manufacturing top the list of industries looking to increase their cybersecurity workforce by more than 20% over the next year. Healthcare, in particular, is aiming for a 39% increase. It’s not surprising that they’re leading the charge to staff up, as Privacy Rights Clearninghouse reports that there were 223 known breaches to healthcare organizations in the United States in 2016 - and another 46 disclosed so... Read more →
Posted by (ISC)² Management on 20 June 2017 at 03:00 PM in Cybersecurity Certifications, Cybersecurity Training, Malware, Ransomware, Risk | Permalink
|
Comments (1)
16 June 2017
Continuing the Conversation: Spearphishing
If you’ve attended any of our (ISC)² ThinkTank Webinars (and we hope you have!) you know that moderator Brandon Dunlap shares your questions with panelists to answer during the session. While we can’t get to all questions, we’d like to address a few more here on our blog. Last week’s webinar was “The Human Target – The Tip of the Spear is Aimed at You”, with panelists Ira Winkler, president of Secret Mentem, Sylvester Gray, security product specialist at Sophos and Johnny Deutsch, senior manager, advanced security center at Ernst & Young, LLP. Thank you to our panelists for sharing... Read more →
Posted by (ISC)² Management on 16 June 2017 at 11:06 AM in (ISC)² Events, Cybersecurity Training, IT Security, Risk | Permalink
|
Comments (0)
07 June 2017
What we learned from this month’s European GISWS report
What is the GISWS? Since its first release in 2004, the biennial (ISC)²® Global Information Security Workforce Study (GISWS) has been gauging the opinions of information security professionals; and in turn, providing detailed insights into the important trends and opportunities within this increasingly crucial profession. This year, the study conducted its largest-ever global survey of cybersecurity professionals, with over 19,000 individuals taking part (3,694 of which hailing from Europe), further allowing it to ascertain an even clearer and progressively more complete profile of the information security workforce; with stronger understandings of areas and issues such as pay scales, skills gaps,... Read more →
Posted by (ISC)² Management on 07 June 2017 at 03:00 AM in Center for Cyber Safety and Education, Cybersecurity Certifications, Network Security, Risk | Permalink
|
Comments (0)
05 April 2017
Viewing Cybersecurity as a Business Enabler Versus a Money Pit
A data breach can cause a loss of revenue, destroy shareholder value, erode consumer trust and even open you up to legal consequences, whereas better security can add value to a company by preventing attacks, detecting breaches faster and mitigating the damage caused by cyber threats. The Ponemon Institute's 2016 Cost of Data Breach Study estimates that the average consolidated total cost of a data breach is $4 million; so why do we still view cybersecurity simply as an operating cost? Unfortunately, cybersecurity is often viewed as the organization that always says no versus the organization that makes the business... Read more →
Posted by David Shearer on 05 April 2017 at 10:29 AM in Risk | Permalink
|
Comments (4)
Search
Categories
- (ISC)² Chapters (16)
- (ISC)² Events (99)
- Center for Cyber Safety and Education (45)
- Cloud Security (84)
- Cybersecurity Certifications (270)
- Cybersecurity Training (268)
- Cybersecurity Workforce (139)
- Digital Forensics (27)
- Ethics (46)
- Government (83)
- Insider Risk (52)
- IT Security (345)
- Legal (41)
- Malware (95)
- Network Security (149)
- Operations Security (115)
- Privacy (93)
- Ransomware (32)
- Risk (154)
- Software Development (37)
- Spotlight (52)