Earlier this week, (ISC)² announced that the DoD approved both the HCISPP and CCSP certifications to its DoD 8570 Approved Baseline Certifications table on the DoD Cyber Exchange website. Why does this matter? This means that the entire roster of (ISC)² certifications are now required for different security workforce categories within the Department, depending on the functional area the role covers. Approval for these additions came from the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group (CWAG) Certification Committee. The HCISPP has been approved for the following categories: Information Assurance Manager Level 1 (IAM 1) IAM Level II (IAM II) The CCSP has been approved for the following categories: Information Assurance System Architect and Engineer Level

As we close out #RansomwareWeek here on the (ISC)² blog, a timely piece of news comes from The National Institute of Standards and Technology (NIST) in the form of new draft guidance for organizations concerning ransomware attacks, according to reporting by Infosecurity Magazine. As the body responsible for one of the most revered standards frameworks in the world, NIST’s entry into the discussion is remarkable. According to the Infosecurity Magazine article, “The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it. [It] can be used by organizations that have already adopted the NIST Cybersecurity Framework and wish to

As #RansomwareWeek draws to a close here on the (ISC)² blog, we turn our attention to how organizations can defend themselves. Yesterday, we announced that (ISC)² has granted free access to its "Ransomware: Identify, Protect, Detect, Recover" course through the Professional Development Institute to anyone who is interested in learning more about prevention and remediation. That’s because the consequences can be dire for organizations. The days of ransomware attackers demanding a few hundred dollars for a decryption key are long gone. Attacks have gotten more severe, and perpetrators have become bolder, demanding multimillion-dollar payouts from their victims. In March, CNA Financial reportedly paid ransomware attackers $40 million. Paying ransom, however, may solve one company’s problems but could make it worse

In conjunction with #RansomwareWeek, today (ISC)² announced that its popular Professional Development Institute (PDI) course titled “Ransomware: Identify, Protect, Detect, Recover,” is now free to the public through July 31, 2021. (ISC)² recognizes the intense demand for ransomware prevention and mitigation content and has opened registration to anyone who is interested in the topic. The two-hour ransomware course is Quality Matters (QM) approved and upon successful completion, learners earn a certification of completion and digital badge. Successful course completion will also unlock a 25% discount off all PDI courses through July 31, including the All-Access Pass and the Express Bundle. There are also two related courses that are recommended for those interested in learning more about ransomware: Techniques for Malware Analysis and Navigating

Welcome back to #RansomwareWeek here on the (ISC)² Blog! Today we’re linking you up with eight episodes from the award-winning (ISC)² webinar program that touch on ransomware and cover the key components surrounding the state of cybersecurity threats. These sessions can help teams to better understand cybersecurity attacks, prepare for defense and plan a response in the event of a security breach. Anatomy of a Targeted Industrial Ransomware Attack Ransomware-New variants and Better Tactics to Defend and Defeat These Threats Darktrace #1: Ransomware in Focus: How AI Stays One Step Ahead of Attackers Ransomware Deep Dive: Examining Disturbing Ransomware Trends Working with Law Enforcement and the FBI Your Data Held Hostage: Understanding the Extensive Ransomware Threat Nice to Have or Have