It has been one year since the Equifax breach was first disclosed to the public. It has been one year and six weeks since Equifax first became aware of the breach. The delay in the public announcement of the breach after executives became aware may have proven just as damaging as the delay in installing a patch for the known vulnerability that led to the breach itself. The repercussions of the failure to communicate the breach is just part of our cover story in the latest issue of (ISC)²’s member magazine, InfoSecurity Professional. The article, “One Year Later” is a retrospective on the lessons learned from the breach that exposed the personal information of as many as 147 million Americans.

By Adrian WincklesDirector of Cyber Security, Networking and Big Data Research Group, Anglia Ruskin University Whilst figures differ depending on which report you read, Gartner estimates the average time between a breach and detection to be about 285 days. By this time, an attacker has long gone. With all the security products in an enterprise network today, why is this still so long? One reason maybe because threat detection is a big data problem. Particularly for network traffic based solutions. A handful of probes, or mirror ports, across a high-speed enterprise network and you could be capturing Terabytes of network packets a day. This then needs to be correlated to your SIEM. This all poses several problems. One, this data

You asked – we listened! We are excited to announce new Online Self-Paced Training for the CISSP-ISSAP and CISSP-ISSEP concentrations. These courses are available in the recently updated (ISC)² Learning Management System. Both self-paced courses include online access for 134 days, as well as flash cards, a post-course assessment, case studies, quizzes, videos and other learning activities. The ISSAP concentration is ideal for a CISSP who specializes in designing security solutions and providing management with risk-based guidance to meet organizational goals. The Official (ISC)² ISSAP Self-Paced Training covers the six domains of the CISSP-ISSAP CBK®: Identity and Access Management Architecture Security Operations Architecture Infrastructure Security Architect for Goverance, Compliance, and Risk Management Security Architecture Modeling Architect for Application Security The

Name: Rema Deo Title: Managing DirectorEmployer: 24By7Security, Inc.Location: Coral Springs, FloridaEducation: MBAYears in IT: 25+Years in Cybersecurity: 5+Cybersecurity Certifications: HCISPP How did you decide upon a career in healthcare security and/or privacy?   I have been in risk management technology and compliance technology career for banking for several years, so when it was time for a change, Cybersecurity and Compliance related work was a logical next choice. 24By7Security has a client portfolio consisting of healthcare organizations as well as several other industries. Healthcare security and privacy work is still more nascent compared to financial technology, and therefore, it is not only a high priority for our clients, but it is also very interesting and diverse.     Why did you decide to pursue your