(ISC)² Blog http://propeciagreek.com/?myths=isc2_blog/ Voice of the Information Security Professional en-US Thu, 14 Dec 2017 09:15:00 -0500 http://www.typepad.com/ http://www.rssboard.org/rss-specification Share Your Cybersecurity Insight in New Orleans! http://feedproxy.google.com/~r/isc2Blog/~3/pdv8SK6E0fY/share-your-cybersecurity-insight-in-new-orleans.html http://propeciagreek.com/?myths=isc2_blog/2017/12/share-your-cybersecurity-insight-in-new-orleans.html (ISC)²’s 2018 Security Congress will take place October 8-10 in New Orleans. Last year’s sold-out event was in Austin and included 185 speakers and 2,000 attendees. We expect Congress in the Big Easy, as New Orleans is called, to be even bigger! “Security Congress is built by the most prominent professionals in the cybersecurity industry – our members,” said (ISC)² Managing Director for North America Brian Correia. “It’s an annual event that’s uniquely aimed at the day-to-day cybersecurity practitioner. We had record attendance last year at our first independent Security Congress with 2,000 attendees, and we hope to grow the... (ISC)²’s 2018 Security Congress will take place October 8-10 in New Orleans. Last year’s sold-out event was in Austin and included 185 speakers and 2,000 attendees. We expect Congress in the Big Easy, as New Orleans is called, to be even bigger!

“Security Congress is built by the most prominent professionals in the cybersecurity industry – our members,” said (ISC)² Managing Director for North America Brian Correia. “It’s an annual event that’s uniquely aimed at the day-to-day cybersecurity practitioner. We had record attendance last year at our first independent Security Congress with 2,000 attendees, and we hope to grow the event tremendously in 2018.”

The theme for conference is “Enrich. Enable. Excel.” – which will encompass not only Security Congress, but (ISC)²’s focus for the entire year. Our goal at the event is to advance security leaders, by arming you with the knowledge, tools and expertise you need to protect your organizations.

We are accepting both individual and panel presentations. You can submit up to two proposals as a primary presenter, but can be a participant on additional panels. How do you get your proposal approved? Here are some helpful hints!

  1. Have a catchy title. Try asking an interesting question, or present a startling statistic.
  2. Keep it short. You’re limited to 125 words for your description, so make them count!
  3. Present learning objectives. List the three things attendees will take away from your session.
  4. Don’t sound like sales. Be sure your proposals are not sales or marketing-oriented, as (ISC)² remains vendor-neutral for the benefit of our members and the industry at large.

Congress_CFSIf you want to share your cybersecurity expertise with thousands of professionals – and enjoy some beignets and jazz – submit your proposal to be a speaker at 2018’s event. We’ll be accepting submissions until February 23, 2018. Get a jump on your new year’s resolution of speaking at an event and submit today!

]]>
Current Affairs Security Congress (ISC)² Management Thu, 14 Dec 2017 09:15:00 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/12/share-your-cybersecurity-insight-in-new-orleans.html
CISSP Now Registered with Credential Engine http://feedproxy.google.com/~r/isc2Blog/~3/G_lr3-gdJNM/cissp-now-registered-with-credential-engine.html http://propeciagreek.com/?myths=isc2_blog/2017/12/cissp-now-registered-with-credential-engine.html Understanding which certification is right for you can be a daunting task. (ISC)² itself has a portfolio of credentials related to cybersecurity, with specializations in certain areas. Credential Engine hopes to help people navigate the sometimes-cloudy world of certifications. Launched on December 7, 2017, Credential Engine is a nonprofit organization dedicated to promoting transparency and literacy in the credential marketplace, to make it easier for people to figure out what certification is best for them no matter where they find themselves in their career. The organization came out of the Credential Transparency Initiative (CTI) which started back in 2013. While... CISSP_CEUnderstanding which certification is right for you can be a daunting task. (ISC)² itself has a portfolio of credentials related to cybersecurity, with specializations in certain areas. Credential Engine hopes to help people navigate the sometimes-cloudy world of certifications.

Launched on December 7, 2017, Credential Engine is a nonprofit organization dedicated to promoting transparency and literacy in the credential marketplace, to make it easier for people to figure out what certification is best for them no matter where they find themselves in their career.

The organization came out of the Credential Transparency Initiative (CTI) which started back in 2013. While Credential Engine on its registry will list certifications in all fields – not just cybersecurity – their goal is to create a clear and consistent way for organizations to share what their certifications are about.

Our Certified Information Systems Security Professional certification, better known as the CISSP®, can be found on Credential Engine now, along with information about (ISC)².

]]>
Cybersecurity Certifications (ISC)² Management Tue, 12 Dec 2017 08:55:00 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/12/cissp-now-registered-with-credential-engine.html
CISSP Spotlight: James Packer http://feedproxy.google.com/~r/isc2Blog/~3/P4CJZ0t-9Us/cissp-spotlight-james-packer.html http://propeciagreek.com/?myths=isc2_blog/2017/12/cissp-spotlight-james-packer.html Name: James Packer Title: Security and Cloud Specialist Employer: Big 4 Firm Location: London, UK Education: Information Technology and Security Years in IT: 10 Years in Cybersecurity: 5 Cybersecurity Certifications: CISSP, CCSP, CIS F ISO27001 How did you get in to a career in cybersecurity? I’d say I’m like countless security professionals out there, I first started in IT and security was just a part of my job, inherent in every role I performed. I started in desktop support, progressing through the service desk lines to a managerial role, before moving in to projects and architecture- “solutionising” as I call... James packerName: James Packer
Title: Security and Cloud Specialist
Employer: Big 4 Firm
Location: London, UK
Education: Information Technology and Security
Years in IT: 10
Years in Cybersecurity: 5
Cybersecurity Certifications: CISSP, CCSP, CIS F ISO27001

 

How did you get in to a career in cybersecurity?

I’d say I’m like countless security professionals out there, I first started in IT and security was just a part of my job, inherent in every role I performed. I started in desktop support, progressing through the service desk lines to a managerial role, before moving in to projects and architecture- “solutionising” as I call it. This was when security for me, upped a gear.

As my career matured, I also started working for larger firms where security was a great concern, particularly confidentiality, while working for a global mergers and acquisitions firm. And so it was, as time passed, security started to dominate my work and in turn, my interest in the discipline grew. With IT being such a wide field, I’d always been searching for my specialisation, so security therefore was a natural progression.

 

What is the biggest security challenge you face in your current role? 

The biggest challenge I face is integrating security in to business processes and requirements seamlessly. I’m a real advocate for overcoming the age-old view that security should be seen as a blocker and not an enabler. In reality though, this often is the case and necessarily so in some circumstances.  But ultimately, security is supposed to support the business goals of an organisation. Leading technology is being developed at such a rapid pace and is embraced into business just as speedily.; Developing effective, yet silent, processes that support this rapid adoption requires very careful design and implementation though.

 

How has the CISSP certification helped you in your career?

My CISSP has helped me two-fold, professionally and personally. Professionally, going through the process of obtaining the certification was a worthwhile endeavour. Not only did it help me refine my knowledge, but consequently I have no reservations about taking any other exams on the market after sitting that one! Furthermore, it stands out as the respected gold standard in cybersecurity, demonstrating to employers and colleagues my calibre and level of knowledge in the field.

Personally, it has also helped me to get further acclimatised with the information security market and network with like-minded individuals. The constant knowledge sharing available through the (ISC)2 community is invaluable! Since joining the fold, I have attended countless industry events I’d learnt about from (ISC)2, made dozens of security connections and been able to participate in some great initiatives for the good of the general public. 


What personal goals are you currently working on?

Personally, I am looking to feed my constant hunger for knowledge with some further studies. I’m looking to achieve further certifications in both the technical/operational field and the risk management field.

The most exciting goal I am working on however is launching the (ISC)2 London Chapter! Having learnt that such a Chapter didn’t exist, and wanting to network and volunteer my time more, I have embarked on the journey with three other (ISC)2 members to start up the Chapter. The approach of starting with four founding officers, I feel will establish the Chapter in good stead for ongoing success. And there certainly has been plenty of interest and offers of support for this endeavour.


What is the on the horizon for the London Chapter? 

Firstly, the Chapter must go through the chartering phase, in order to become a fully-fledged Chapter. This process takes around six months, so will look to be completed around February 2018. During this phase, we will elect our Chapter Officers in to their roles, roadmap the vision and direction for the Chapter in the short, medium and long term and to also look to recruit an opening membership.

Looking further ahead, the Chapter will aim to gradually build its structure and presence in the community. The founding officers are striving to lay the foundation for long term success and as such, plentiful planning and starting out manageably will be essential. We are hoping to build a global, leading Chapter and hope to welcome the thousands of London based (ISC)2 members on board. To achieve this, we will be working on building partnerships, collaborating with existing and experienced Chapter Officers to validate our roadmap, and we will consult with our opening membership to capture ideas and initiatives that align with the wider information security profession.

In the longer term, it is the vision that the Chapter will be open to the community. We are looking to host Chapter meetings and events in public venues, accept members from the profession who may not be (ISC)² members and to spawn initiatives that contribute to the general public, such as in education and healthcare.

What is the most useful advice you have for other cybersecurity professionals?

Network! I’ve found that making connections in the profession is extremely valuable, as it helps you to learn about how other parts of the field deal with similar challenges to those you face; as it’s always helpful to have someone else to bounce ideas off. It also gives you a broader understanding of trends, developments and innovation in the industry that can help you add more value to both your career and your organisation. Lastly, great things can be achieved when you have common goals and work in collaboration with others to drive improvements. There are countless, invaluable initiatives out there that serve as forces for good; it’s always extremely satisfying to know that you’ve made a difference.

]]>
Current Affairs Cybersecurity Careers Cybersecurity Certifications (ISC)² Management Mon, 11 Dec 2017 04:00:00 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/12/cissp-spotlight-james-packer.html
With new leadership at the helm, DHS may recruit more talent http://feedproxy.google.com/~r/isc2Blog/~3/JBOqmVc4CBQ/with-new-leadership-at-the-helm-dhs-may-recruit-more-talent.html http://propeciagreek.com/?myths=isc2_blog/2017/12/with-new-leadership-at-the-helm-dhs-may-recruit-more-talent.html If leadership truly does come from the top, having Kirstjen Neilsen as the newest Homeland Security secretary may prove promising when it comes to filling the jobs gap. After all, she’s the first person to bring industry experience to the role. Few things have the ability to obliterate people’s passion for their work like a terrible boss, especially when that boss lacks the knowledge and skills needed to guide an organization’s growth. But Kirstjen Neilsen certainly has the potential to really reform and improve the Department of Homeland Security. It’s exciting times, but that is not all the notable news... If leadership truly does come from the top, having Kirstjen Neilsen as the newest Homeland Security secretary may prove promising when it comes to filling the jobs gap. After all, she’s the first person to bring industry experience to the role.

Few things have the ability to obliterate people’s passion for their work like a terrible boss, especially when that boss lacks the knowledge and skills needed to guide an organization’s growth. But Kirstjen Neilsen certainly has the potential to really reform and improve the Department of Homeland Security.

It’s exciting times, but that is not all the notable news that happened this week.

Weekly-Security-Headlines

Dec. 4. Corporate partnerships are one way to fill the pipeline and narrow the looming jobs gap. To that end, Raytheon has partnered with the Girl Scouts to provide a space for young girls to grow into the next generation of leaders in robotics engineering, data science and cybersecurity.

Dec. 5. Kaspersky Labs returned to the headlines when the UK’s head of National Cyber Security Centre warned not to use the products on systems that deal with national security.

According to a new Protect.me report, nearly two-thirds (72%) of consumers believe it is the responsibility of businesses--not the government--to protect their private information.

Dec. 6. A recently released Executive Order puts the onus of cybersecurity risks on the shoulders of federal agency and department heads, directing agencies to comply with NIST frameworks and submit a risk management report in 90 days.

Researchers at the University of Birmingham discovered a critical vulnerability allowing an attacker to perform “Man in the Middle Attacks” on multiple banking apps putting 10 million users at risk.

Dec. 7. New developments in technology, particularly with AI, have hackers and cybersecurity defenders racing to get to sensitive data first.

Many are asking what is next for Palo Alto Networks, and the answers remains unclear. After a twelve month low, shares of Palo Alto Networks traded up $1.46. But in the last three months, insiders--including president Mark Anderson and director Carl M. Eschenbach--have sold nearly 350,000 shares of company stock.

Dec. 8. The idea that computers will someday rule the world seems like a dystopian novel until news breaks about new technology in life sciences and cyberbiosecurity risks associated with digitizing genetic information, including DNA.

There’s no shortage of investments flowing into cybersecurity, but as markets expand, how do you decide on the best investment? Take a look at this head-to-head contrast of Smart Global and Rambus to learn about strengths, risks and profitability.

 

]]>
Current Affairs Government Hacking IT Security Network Security (ISC)² Management Fri, 08 Dec 2017 11:16:15 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/12/with-new-leadership-at-the-helm-dhs-may-recruit-more-talent.html
Breached Data: Keeping It Secret Doesn't Make It Go Away http://feedproxy.google.com/~r/isc2Blog/~3/-i6fw_qyj8I/breached-data-keeping-it-secret-doesnt-make-it-go-away.html http://propeciagreek.com/?myths=isc2_blog/2017/12/breached-data-keeping-it-secret-doesnt-make-it-go-away.html When Uber’s massive data breach made it to the public’s ears recently, it became a member of an infamous group of companies who not only had vital customer data stolen, but who sat on the story and did not inform the public or the media until much later. The reasons for data breaches vary, but are heavily tinted by human errors and the presence of unprotected files or weaknesses on cloud servers. This is something that should make all cloud service providers (CSPs) sit up and take notice. Bad PR for one is bad PR for all. The fact is,... Breach-dataWhen Uber’s massive data breach made it to the public’s ears recently, it became a member of an infamous group of companies who not only had vital customer data stolen, but who sat on the story and did not inform the public or the media until much later. The reasons for data breaches vary, but are heavily tinted by human errors and the presence of unprotected files or weaknesses on cloud servers. This is something that should make all cloud service providers (CSPs) sit up and take notice. Bad PR for one is bad PR for all.

 

The fact is, applications running in the cloud are not completely immune from breaches. Experts state clearly that IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss. This is where a Certified Cloud Security Professional (CCSP) comes in. Their hands-on expertise and strategic wisdom adds an additional layer of relevance and practical application of cloud security techniques. A cloud service provider working in league with a CCSP helps ensure business on the cloud stays secure and profitable for the end users.

 

Read the full blog on the CloudTweaks website and download the Ultimate Guide to the CCSP.

]]>
Cloud Security Cybersecurity Certifications (ISC)² Management Thu, 07 Dec 2017 08:45:00 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/12/breached-data-keeping-it-secret-doesnt-make-it-go-away.html
Exploring Industrial Cyber Physical Security Enhancement http://feedproxy.google.com/~r/isc2Blog/~3/9oT0qkruPR0/exploring-industrial-cyber-physical-security-enhancement.html http://propeciagreek.com/?myths=isc2_blog/2017/12/exploring-industrial-cyber-physical-security-enhancement.html By Cevn Vibert, ICS Industrial Cyber Physical Security Advisor Cevn will be hosting the session Grass Roots Industrial Control Security at (ISC)² Secure Summit UK, between 12th and 13th December 2017. The industrial cybersecurity market is facing rapid changes as more threats are discovered, more impact is felt by end-users and cybersecurity vendors vie for leadership. My session will highlight both alerts and advice for end-users of automation and control systems (ICS/OT), as well as selected advisory notes for practitioners of Industrial Cyber Physical Security. Strategic methodologies and programmes of activities for mitigation of impacts on IIOT, IOT and how... Cevn VibertBy Cevn Vibert, ICS Industrial Cyber Physical Security Advisor

Cevn will be hosting the session Grass Roots Industrial Control Security at (ISC)² Secure Summit UK, between 12th and 13th December 2017.

The industrial cybersecurity market is facing rapid changes as more threats are discovered, more impact is felt by end-users and cybersecurity vendors vie for leadership.

My session will highlight both alerts and advice for end-users of automation and control systems (ICS/OT), as well as selected advisory notes for practitioners of Industrial Cyber Physical Security. Strategic methodologies and programmes of activities for mitigation of impacts on IIOT, IOT and how holistic integrated security can provide comprehensive situational awareness will additionally be provided. Multiple types of security are addressed, together with some mythical attack and defense scenarios. The history of industrial cyber-attacks are mentioned briefly, to counterpoint the prevalent myths of defense, and finally some alerts to the cyber arms race.

End-users face increased pressure to improve their security stance, and I will discuss some successful methods for implementing these improvements including a “stairway”, a “jigsaw” and an “A-Team”.

The cyber physical bad guys are now attacking IOT and IIOT. They are constantly getting better at attacking, so the good guys must also constantly get better at defending. There is much evidence that most good guys have not even properly started to improve their security stance yet, so my session will be a serious ‘call-to-action’ too.

Our modern society is built on automation, control systems and their management. The “Things”, mentioned often in the Internet of Things (IOT) and the Industrial Internet of Things (IIOT), are becoming smarter and more ubiquitous. If you think about all the automation controlled “Things” that have contributed to your day and try to list them, you may be surprised and perhaps a little worried to know that they are also being invisibly attacked.

Food manufacturing, transport (planes, trains, automobiles etc.), clothing, water treatment, waste processing and management, pharmaceutical manufacturing and testing, logistics, medical device manufacturing, energy (generation, transmission and distribution), power, defense, hospitals, cashpoints, and beverage dispensers are just some of the examples of the vast variety of “Things” in our personal lives.

Critical national infrastructures are under immense pressure from Government, regulators, and themselves to enhance their defenses, improve cyber monitoring and to re-work the gargantuan quantities of legacy systems. This is not an easy task with industrial IT, due to a range of largely legacy problems. The aging and legacy Industrial systems were not designed to be monitored and interrupted and scanned by active defense solutions. These security problems are both procedural, legislative and technical, so all end-users are now having to review remediation against enormous business and operational risks.

The rise in attacks on these ‘Things’ has started to concern people. National Infrastructures are investing in improvement plans, many markets are ahead of the game, but so much more is needed to be done. Meanwhile the bad guys get better at the attacking.

We now know of so many new cyber perpetrators or threats, that there is a veritable ‘cyber zoo’ of attackers: Yetis, Bears, Dragons, Dragonfly, Worms, Penguins and more.… A whole new cyber genus is perhaps yet to come?

There are also many new words and references in our evolving cyber weapons vocabulary:  Cyber Zombies, Watering holes, Slammer, Nachi, Mahdi, Shamoon, Red October, Petya, ShadowBrokers, Conficker, Duqu, Flame, Havex, APTs, Blasters, Dumpsters, Drive-bys, Honeypots, Pastebin, Phishing, BotNets, Trojans, Heartbleed, Modbus, CANbus and more are all being aired or created on social media and on news sources around the world.

Fig 2
Figure 2: Industrial Cyber words (used wordle.org)

Many conferences now are haranguing the audience as being ‘incompetent’, merely in tongue-in-cheek, but still aiming at both the vendors and integrators who do not implement security-by-design in their products and systems together with the security industry which has not yet eradicated cyber-attacks by leap-frogging the bad guys with new innovative defenses and solutions.

The steps to climb the stairway to security can be very high, certainly for organisations with extensive legacy systems, but the steps do need to be climbed, and sooner rather than later. The best approach is often to build small steps, parallel steps and think differently.

Remember, the bad guys are always improving, so it is essential for organisations to also keep improving, but more than that, looking for that giant leap ahead in defenses. There is talk of new secure operating systems, new secure trusted computer systems, and of the increased lock-down and monitoring of The Internet. While all these advances are being made, are they appearing on the market quickly enough to make that giant leap forward in the cyber arms race?

The industry must now stop talking about Stuxnet and start talking about innovation and new ways of thinking. Keynote speakers are talking about the soft skills of the cyber war. Cyber-attacks are made by humans, often exploiting human weaknesses as key building blocks of their attacks. The cyber defense industry must therefore recognise this more and build security improvement programmes which include humans as the core to the solution.

]]>
Government Network Security (ISC)² Management Wed, 06 Dec 2017 11:28:08 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/12/exploring-industrial-cyber-physical-security-enhancement.html
SSCP Spotlight: Mario Bardowell http://feedproxy.google.com/~r/isc2Blog/~3/11UOFO0ubD0/sscp-spotlight-mario-bardowell.html http://propeciagreek.com/?myths=isc2_blog/2017/12/sscp-spotlight-mario-bardowell.html Name: Mario Damar Bardowell Title: Security Analyst Employer: Leidos Location: Orlando, Florida, U.S.A. Degree: B.S. in Network Systems Communications Years in IT: 8 Years in information security: 2 Cybersecurity certifications: SSCP, CISSP, CompTIA’s CASP and Security +, CEH How did you decide upon a career in cybersecurity? The decision to pursue a career in cybersecurity was made due to the impression I received when I got a chance to work with an information security professional in my very first role as a help desk analyst. The man was sharp and always did things by the book. He didn't cut corners... BardowellName: Mario Damar Bardowell
Title: Security Analyst
Employer: Leidos
Location: Orlando, Florida, U.S.A.
Degree: B.S. in Network Systems Communications
Years in IT: 8
Years in information security: 2
Cybersecurity certifications: SSCP, CISSP, CompTIA’s CASP and Security +, CEH

 

How did you decide upon a career in cybersecurity?

The decision to pursue a career in cybersecurity was made due to the impression I received when I got a chance to work with an information security professional in my very first role as a help desk analyst. The man was sharp and always did things by the book. He didn't cut corners and showed me why securing systems was critical to a business’s success. It was then that I knew I wanted to put my time and effort into becoming an information security professional. The impact and difference he made in his role is something that motivated me to pursue a career in cybersecurity.


Why did you get your SSCP
®?

As I gained experience as a IT professional I found myself with a great opportunity to be promoted to my current role as a security analyst, but was challenged by my manager to get the SSCP certification prior to starting the role. I was hungry for the chance to finally move into cybersecurity and bought books and registered for online classes to make sure I would pass the exam. I believe luck is when preparedness meets opportunity, and those two things came together for me as I cleared the exam and received my new title. It was the proudest day in my career.


What is a typical day like for you? 

My typical day starts with checking logs, approving or denying certain software to run in my environment, and researching new threats and how best to defend against them. Due to changes in my department, I have more influence and sit on the change advisory board that allows me to ask questions about the risk that may be associated with the requested changes. Upgrading systems and scanning for vulnerabilities is a part of our “plan-do-check-act” (PDCA) methodology that keeps myself and our system administrators busy. Building relationships with vendors is also important for future projects that require a proof of concept deployment before management signs off. This gives us the top down approach to expedite the security initiatives that are required for business success.


Can you tell us about a personal career highlight? 

A personal career highlight for me is my ability to create documentation that helps staff and the IT department personnel know how to use the security systems we have in place. I was told once that you don't really know something unless you can teach it. In my line of work, I like to say “if you don't document it, you can't teach it or understand it.” I have had great success in my career because I have taken the time to document crucial steps for keeping systems running securely and keeping systems available for those who are authorized to use them.


How has the SSCP certification helped you in your career?

The SSCP certification has allowed my mangers to provide me with more complex work. It has helped me financially and gave me the confidence to go after the CISSP® certification. I have a deeper understanding and commitment to information security because of my journey to becoming an SSCP. The certification has opened the door for me to lead projects like USB encryption, password self-service functionality, and Network Access Control. It has also placed me at the table for some of my firms most critical discussions where my ideas are valued and respected. 

 

What is the most useful advice you have for other information security professionals?

The best advice I have to offer to infosec professionals is this - always attach yourself to something bigger than yourself. Don't ever be afraid to fail and when you want something as bad as I wanted the career that I have made for myself, understand that it’s about the journey and never about the destination. The journey is where you learn the skills necessary to keep you at the destination you may arrive.

 

For more information on the Systems Security Certified Practitioner certification, download our Ultimate Guide to the SSCP.

]]>
Cybersecurity Careers Cybersecurity Certifications IT Security Network Security (ISC)² Management Tue, 05 Dec 2017 09:10:00 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/12/sscp-spotlight-mario-bardowell.html
As cyber grows more popular, so do techniques for developing security skills http://feedproxy.google.com/~r/isc2Blog/~3/n81abZiUUaE/as-cyber-grows-more-popular-so-do-techniques-for-developing-security-skills.html http://propeciagreek.com/?myths=isc2_blog/2017/12/as-cyber-grows-more-popular-so-do-techniques-for-developing-security-skills.html It’s not only the tech sector that’s talking about cybersecurity. The cybersecurity industry has been advocating for awareness training for the better part of the last decade, and since the Equifax breach, security has gone mainstream. With its new popularity, cybersecurity has evolved into a hot political issue as well. One result of the attention is increased regulations, which has many defense contractors scrambling to meet the December 31, 2017 deadline for Defense Federal Acquisition Regulation Supplement (DFARS) compliance. In a year of many major breaches, legislators are eager to move forward on the Consolidated Audit Trail (CAT) project to... It’s not only the tech sector that’s talking about cybersecurity. 

The cybersecurity industry has been advocating for awareness training for the better part of the last decade, and since the Equifax breach, security has gone mainstream. With its new popularity, cybersecurity has evolved into a hot political issue as well.

One result of the attention is increased regulations, which has many defense contractors scrambling to meet the December 31, 2017 deadline for Defense Federal Acquisition Regulation Supplement (DFARS) compliance. In a year of many major breaches, legislators are eager to move forward on the Consolidated Audit Trail (CAT) project to improve Wall Street’s records collection.

While Apple’s root flaw made headlines as a huge vulnerability, McAfee soared skyward with more exciting announcement. A lot has happened in this final week of November.

Weekly-Security-Headlines

  • Concerns continue to mount for cybersecurity threats in the K-12 sector--advising that online and digital safety be on par with the physical safety of students and schools.
  • Health care remains a sector of concern for cybersecurity given the extensive potential harm that could come to victims whose medical records are compromised.
  • Singapore’s Cybersecurity Bill, released earlier this year, reminds public and private sectors of the power of information sharing in solving security problems.
  • Addressing concerns about the cybersecurity talent shortage, Chris Young, CEO, McAfee advised audience members at the MPower Partner Summit in Amsterdam to think differently about the talent that they currently have.

 

]]>
Current Affairs Government Hacking Network Security Risk (ISC)² Management Fri, 01 Dec 2017 15:53:12 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/12/as-cyber-grows-more-popular-so-do-techniques-for-developing-security-skills.html
(ISC)² Endorsement Demystified http://feedproxy.google.com/~r/isc2Blog/~3/2Zdtx0S4RPk/isc%C2%B2-endorsement-demystified.html http://propeciagreek.com/?myths=isc2_blog/2017/11/isc%C2%B2-endorsement-demystified.html Following the jubilant moment of finding out you have achieved a passing score on your (ISC)² exam, you’re now ready for the endorsement process – but what does that actually mean? First, believe us when we say that the hard part is over! You’ve already passed the exam, and there’s no reason to be anxious or delay your endorsement. Especially if you’ve heard any of the endorsement myths below we are about to bust. Endorsement isn’t important It sure is! Becoming a certified member of (ISC)² is more than simply passing an exam, no matter how rigorous and challenging that... ApprovalFollowing the jubilant moment of finding out you have achieved a passing score on your (ISC)² exam, you’re now ready for the endorsement process – but what does that actually mean? First, believe us when we say that the hard part is over! You’ve already passed the exam, and there’s no reason to be anxious or delay your endorsement. Especially if you’ve heard any of the endorsement myths below we are about to bust.

  1. Endorsement isn’t important

It sure is! Becoming a certified member of (ISC)² is more than simply passing an exam, no matter how rigorous and challenging that exam may be. Earning your certification requires a certain amount of verifiable work experience – unless you’re an Associate of (ISC)² working toward full certification. Endorsement verifies the work experience you have listed is accurate and relevant. The endorser also confirms that you are a professional in good standing within the industry and will be able to uphold the (ISC)² Code of Ethics.

  1. Endorsement requires a lot of paperwork

Nope! Beginning in August of 2016, the endorsement process is completely paperless! We took your feedback to heart and long gone are the days of faxing or mailing resumes and letters. Now you can do the entire process directly through isc2.org.

  1. Endorsement takes forever

Not so fast! The process only takes six weeks! Once your endorsement application is received by (ISC)², the review process is completed in less than two months. You’ll be notified as soon as it’s complete and can shout your fully certified membership status from the rooftops.

  1. You need to know a member to endorse you

We can help you there! If you don’t know any (ISC)² members in good standing, getting endorsed may feel like a challenge, but it doesn’t have to be. (ISC)² – yes, the organization itself – can act as your endorser. You’ll be able to choose this selection in your online endorsement form. If you do know a member you’d like to endorse you, you’ll need to provide their last name and member number.

  1. If you don’t pass the endorsement process, you have to retake the exam

Another myth busted! When you start the endorsement process, you’ll be able to choose if you’re pursuing Associate of (ISC)² status, or to be fully certified. If you select fully certified, but don’t have the required experience to pass the endorsement process, you will still be able to become an Associate. At that time, you’ll have several years – the number depends on the certification – to earn the required experience and submit your endorsement again. Don’t worry, your passed exam remains valid during this time.

 

The endorsement process is easy, especially in comparison to the challenge you’ve just overcome in passing an (ISC)² exam! Once you pass, you have nine months to complete the endorsement process to become either fully certified or an Associate of (ISC)². We will always communicate any updates during the process with you via the primary email address in your (ISC)² profile.

We hope this has helped to demystify the (ISC)² endorsement process!

]]>
Current Affairs (ISC)² Management Wed, 29 Nov 2017 13:18:12 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/11/isc%C2%B2-endorsement-demystified.html
(ISC)²'s Ten Most Popular EMEA Webinars http://feedproxy.google.com/~r/isc2Blog/~3/_Lxw7OnSvLM/isc%C2%B2s-ten-most-popular-emea-webinars.html http://propeciagreek.com/?myths=isc2_blog/2017/11/isc%C2%B2s-ten-most-popular-emea-webinars.html The (ISC)² EMEA Secure Webinar series features live and on-demand online events where industry thought leaders, (ISC)² members and solution providers share their views on a variety of topics to help cybersecurity professionals in tackling the current threats and challenges they may be facing today. From GDPR to malware, the themes vary greatly, offering valuable insight into a wide range of areas concerning information security. The webinars are also free to members and non-members, timed conveniently for European, Middle East and African audiences and provide opportunities to earn CPEs. If you’re not familiar with the series or are perhaps interested... The (ISC)² EMEA Secure Webinar series features live and on-demand online events where industry thought leaders, (ISC)² members and solution providers share their views on a variety of topics to help cybersecurity professionals in tackling the current threats and challenges they may be facing today. From GDPR to malware, the themes vary greatly, offering valuable insight into a wide range of areas concerning information security. The webinars are also free to members and non-members, timed conveniently for European, Middle East and African audiences and provide opportunities to earn CPEs.

If you’re not familiar with the series or are perhaps interested in revisiting some topical issues facing the profession, why not explore our current top ten webinars, as ranked by fellow cybersecurity professionals:

  1. GDPR Blueprint; Tackling Confidentially, Integrity and Availability of Data

24NovPicGemaltoThe new EU regulation of the privacy world is rapidly approaching. This webinar will reveal a back to basics approach in relation to the General Data Protection Regulation (GDPR). Join Jason Hart, Gemalto CTO, as he identifies a GDPR blueprint that tackles the privacy concerns around confidentiality, integrity and availability of sensitive data.

 

 

  1. Securing Cisco with Splunk - Lessons from One of the World’s Most Mature CSIRTs

The Cisco Computer Security Incident Response Team (CSIRT) is a global team of information security professionals responsible for the 24/7 monitoring, investigation and incident response at one of the world’s largest and leading technology companies. Learn how Imran Islam, leader of Cisco’s EMEA/APAC CSIRT team, relies on Splunk to help his team drive best practices in threat assessment, mitigation planning, incident detection and response, incident trend analysis, and the development of future security architecture. 

  1. Getting started with GDPR, Privacy and Applying Appropriate Security Controls

In this webinar, compliance experts Christine Andrews (DQM GRC) and Jason Hart (Gemalto) will take you through the background of the new General Data Protection Regulation (GDPR), an overview of the key areas of change from the existing Data Protection Act – and the penalties for getting it wrong; as well as an approach for understanding the “gaps” in your current compliance and, importantly, how best to move forward.

  1. The Unique Challenges of Protecting Cloud Assets

This session is for IT and security leaders, and is designed to help them understand and address the unique challenges that enterprises typically face when deploying their applications in the public cloud. This webinar summarizes the areas that the public cloud vendors typically take care of, and highlights what the enterprise and application owners are typically responsible for. With a focus on managing privileged accounts in the cloud environment, it will also address the challenges and solutions for securing application to application sharing and communications, elastic, hybrid and DevOps environments.

  1. Latest Malware Trends & Attack Vectors

In this webinar, Richard Cassidy, Cybereason’s EMEA Technical Director and Adrian Davis, (ISC)²’s EMEA Managing Director, discuss the latest Malware trends and attack vectors. The most reported cyber-criminal groups, the latest attack trends (such as WannaCry) and best practices for fighting the adversary will be also explored. Additionally, you will hear an up-to-date deep dive into adversary TTPS and how to prevent and respond to attacks, using techniques like proactive hunting and SOC analysis and response.

  1. How to get started with GDPR & Applying Appropriate Security Controls

As a follow-up to our previous webinar exploring this topic, this panel discussion will dive into further detail concerning GDPR. Presented by compliance experts Lisa Bentall (DQM GRC) and Jason Hart (Gemalto), they will answer some of the big questions raised in the previous webinar, as well as answer questions from a live Q & A from the originally recorded session.

  1. The Rise of Malware-less Attacks: How Can Endpoint Security Keep Up?

The information security industry is witnessing a rapid evolution in attack techniques - including advanced polymorphic malware and file-less attacks. In fact, according to the 2016 Verizon Data Breach Report, a majority of breaches (53%) involved no malware. Clearly, traditional antivirus (AV) solutions can no longer stop advanced attacks. Modern attackers can easily get their hands on the static and highly predictable prevention models used by legacy AV vendors, which means they can reliably bypass them. Unfortunately, many emerging ‘next gen’ vendors are using approaches that fall victim to the same fundamental flaw. In this webinar, guest speaker Chris Sherman, Senior Analyst at Forrester Research, discusses the latest trends in endpoint security, including results from The Forrester Wave™: Endpoint Security Suites, Q4 2016. Carbon Black's Paul Morville will also talk about how to stop these pervasive attack techniques.

  1. Don’t Be the Next Victim of a Ransomware Attack

Nr8-CyberArk16MayPicLast year ransomware attacks targeting businesses grew exponentially, and there’s no indication of the trend shifting in 2017. Attackers are continuing to target organisations and individuals for financial gain, and the attacks are escalating to potentially impact civilians, if ransoms are not paid. This webinar offers an in-depth, expert examination of ransomware - how it’s evolving, what you need to know to protect your organisation, as well as a demo of a simulated ransomware attack.

  1. Facing up to Mobile Security Challenges

Whether it is iOS, Android or Windows Phone, you can enable employees to be more productive and work flexibly on the go, by supporting the smartphones, tablets and business applications used on a daily basis. But what about the risks? Join Stephen McCormack from IBM MaaS360, as he takes you step-by-step through the key challenges that mobile devices bring, and how you can easily act to ensure that your organisation is protected.

  1. GDPR: Countdown to Day0

With the EU General Data Protection Regulation entering into force and becoming applicable from 25th May 2018, this webinar, featuring an expert panel, will focus on key milestones to become ready for the new regulation and what has been learned to date; with less than one year to go.

Sign up for the latest (ISC)² EMEA webinar installments and to browse the back catalogue; and if you’re interested in getting involved in the (ISC)2 EMEA webinar programme as a sponsor or speaker, email Jack Cowell, Sponsorship and CPE Manager EMEA, on jcowell@isc2.org.

]]>
(ISC)² Management Tue, 28 Nov 2017 04:00:00 -0500 http://propeciagreek.com/?myths=isc2_blog/2017/11/isc%C2%B2s-ten-most-popular-emea-webinars.html