By Diana Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP Ransomware is in the news lately with attacks on Norsk Hydro, multiple cities in Florida, Baltimore and Atlanta, not to mention the numerous hospitals that have been hit. These attacks have cost companies like Norsk an estimated $45 million due to lost revenues and the cost to restore and recover their IT department. The cost to the two cities in Florida is estimated to be $1.1 million and the tally continues to grow. Ransomware is short for ransom malware and has been around since the late 1980s, but is now gaining in popularity from bad actors. The software typically prevents users from accessing their system or personal files and then will demand a

This is one you won’t want to miss. (ISC)² Director of Cybersecurity Advocacy, John McCumber, will walk through the 2019 Cybersecurity Workforce Study results in a webinar hosted by the Center for Internet Security this Wednesday, February 12 at 12:30 p.m. ET. In an era of high-profile data breaches and devastating cyber attacks, cybersecurity impacts every individual and every organization. But (ISC)² research also shows that those in the field are optimistic that those challenges can be overcome if organizations take the right approach to growing the workforce and building strong cybersecurity teams. The presentation, titled “The Cybersecurity Workforce Shortage & How We Can Combat It” will dive into: An overview of the 2019 (ISC)² Cybersecurity Workforce Study The numbers and

By Dr. Thomas P. Scanlon, CISSP Software Engineering Institute, Carnegie Mellon University Today’s software developers are as much integrators as they are pure coders. There is an abundance of libraries, plug-ins and other third-party software components readily available to speed development. There is no sense in reinventing something when you can just download it, merge it in and move along. Using free and open source software (FOSS) components can save both time and money, so they make for attractive choices. However, including open source software into development projects often makes the cybersecurity professionals in an organization a little uneasy. But, should it? There is often a misconception that FOSS components are ‘less secure’ than commercial products. The reality is that

In yet another sign that (ISC)2 is working to increase its international efforts and alliances, today we’re excited to announce a new strategic partnership with the Australian Information Security Association to work jointly toward a safer and more secure cyber world. As the press release outlines: “. . . the Strategic Partnership Agreement . . . recognises (ISC)2 certifications as the global standard for cybersecurity certifications that AISA members can aspire to and achieve. AISA will run quarterly certification sessions to its membership for (ISC)2 certifications including the CISSP, CCSP and SSCP, among others. AISA will promote to its members (ISC)2’s award-winning webinar series and its research studies, and offer discounts on (ISC)2 Professional Development Institute (PDI) courses.” In order

By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP  and John Martin, CISSP-ISSAP Continued discussion from Security Predictions for 2020 from the (ISC)² Community of Security Professionals (Part 1) Internet of Things (IoT), Industrial Internet of Things (IIoT) and Operating Technology (OT) related to the state of digital certificates The issue is not just self-signed digital certificates or expired certificates. Many of these devices have digital certificates, which need to be managed via a Key Management System and maintained. The fallout, of course, is that without proper controls, these devices can and will be compromised. Currently, the onus is on the consumer to ensure that they know what they are purchasing is actually secure – which is almost an impossible job.  So, the