By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP John Martin, CISSP-ISSAP, CISM Richard Nealon, CISSP-ISSMP, SSCP, SCF In part one of this blog series, we discussed privacy, remote access (aka Work from Home), insider threats, data leakage, Zero Trust Architecture (ZTA) and security architecture. To continue this discussion, we believe that 2021 will still see folks working from home; thus, the risks due to insider threats and data leakage will continue to grow. However, we believe that there are other concerns for information security professionals, including edge computing, 5G, IoMT/IoT, AI and ransomware.   Edge Computing Edge Computing is a distributed computing framework that brings enterprise applications closer to data sources such as IoT devices or local edge servers. This proximity

By Yuri Braz, CISSP, CRISC, PMP Information Security, or cybersecurity, has become more relevant every day. One of the main reasons is because information has become the main asset of most companies. Thus, this information needs to be safeguarded or companies would not be able to create value for society and its shareholders. Large institutes, such as (ISC)², help to develop and democratize the information security field, so that today the majority of medium and large companies have an information security policy. An infosec policy is the first step towards risk governance, essential for the practice of due care and due diligence, which aim to make a reasonable effort to ensure that all efforts and investments made by the company

The SolarWinds cyber incident has dominated security headlines since the end of December. (ISC)2 wants to hear opinions from practitioners in the field on what impact it really had. Take our quick survey today to make your thoughts known: https://www.surveymonkey.com/r/ISC2SolarWindsPulseSurvey On March 30th, (ISC)2 will host a webinar to discuss the results and hear firsthand from your colleagues in the field. Registration will open soon.

Policy is Everywhere Think of every company you have ever worked for. Whether it was a job in a warehouse, or employment in an office, there was always a policy to follow. In fact, when you think back to your earliest days, your family also had policies. Policies are the rules established to keep order within a group. Sometimes, policies are not followed, or are simply ignored.  According to a report issued by the Federal Aviation Administration, one of the primary causes of policy failure is a lack of available, current, or well written documentation. That was followed by the difficulty of the task being performed; and concluded with work environments leading to failures to follow procedures. Sometimes, the failure

When it comes to cybersecurity, bigger may not always be the best indicator of effectiveness. (ISC)2 research reveals organizations of all sizes have similar strategies when it comes to structuring their cybersecurity teams. Set aside bigger technology budgets for a moment and focus on people; Look at how small and midsized businesses (SMBs), and enterprises align their cybersecurity talent by functional roles within their organizations. What you’ll find are striking similarities. These findings – based on the (ISC)2 2020 Cybersecurity Workforce Study – suggest size has little bearing on how organizations structure their cybersecurity operations. Furthermore, study participants by and large seem satisfied their organizations are doing a good job of matching their teams’ roles and capabilities to the needs