As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Naresh Kurada, CISSP Threat modeling is gaining even more attention with today’s dynamic threat environment. The sophistication of threat actors and development of advanced tactics, techniques and procedures (TTPs) has put a brighter spotlight on the process of finding vulnerabilities by incorporating the attacker’s point of view. There are several threat modeling approaches and techniques to consider. Often, these can be classified as asset-centric, system-centric, people-centric or risk-centric. For instance, Microsoft’s STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is system-centric, while PASTA (Process for Attack Simulation and Threat Analysis) is risk-centric. Regardless of the model, the primary objectives remain the same—identify threats and

By Clayton Jones, Managing Director, Asia-Pacific for (ISC)² The past few weeks have been challenging. Governments, individuals and organizations are working hard to contain the spread of Covid-19. Many of us across the Asia-Pacific region are still haunted by the SARS epidemic that wreaked havoc back in 2003. At the time, I had a very young family and was new to (ISC)², which in the region was still in its infancy. I feared for the health of my family and was also very conscious of the potential impact an economic downturn in the region could have on my recently created position. 17 years later, my children are young adults and (ISC)² has grown our membership in the region to over

(ISC)²’s Certified Information Systems Security Professional (CISSP) is currently the sixth highest paying IT certification, according to newly published research. CISSP-certified cybersecurity professionals earn salaries averaging more than $140,000. The CISSP is one of just six IT certifications commanding salaries above $140,000, which places them on the 15 Top-Paying IT Certifications for 2020 compiled by training company Global Knowledge. The list contains salaries ranging from an average of $117,000 for Citrix Certified Professional – Virtualization to nearly $176,000 for Google Certified Professional Cloud Architect. The list’s top four certifications are either in cloud computing or cybersecurity, confirming that demand in these two areas continues to soar. In cybersecurity, (ISC)²research has revealed an acute shortage of cybersecurity skills, currently estimated at 4

The number of U.S. data breaches bumped up 17% in 2019 but despite the increase, the volume of sensitive consumer records that were exposed declined substantially by 65%, according to a newly published report. These statistics are a complete reversal of what happened in 2018, when the number of exposed consumer records soared by 126% and breaches declined by 23%, according to the Identity Theft Resource Center’s (ITRC) End-of-Year Data Breach Report for 2019  Data breaches tracked in 2019 in the United States jumped to 1,473, from 1,257 in the previous year, the report revealed. Meanwhile, 164,683,455 sensitive records were exposed, compared to 471,225,862 in 2018. The ITRC notes, however, that the 2018 Marriott data alone exposed 383 million records,

On February 3, (ISC)2 announced that it opened the call for speakers for its 2020 Security Congress in Orlando, FL, running from November 16-18. Speaker applicants can either submit for an individual presentation or panel presentation before the March 22 submission deadline. All submissions require a five-step process, which must be fully completed in order to be considered. Proposals must be non‐sales and non‐marketing oriented and no fees are required to submit. All applications must include a title, a proposal abstract (with a limit of 125 words) and three learning objectives to impart to attendees. As a reminder, (ISC)2 is looking for presentation abstracts on the following subject areas: Application Security / Software Assurance Cloud Security Critical Thinking Cryptography Cutting