Welcome to #RansomwareWeek on the (ISC)² Blog. Ransomware attacks are receiving increased exposure in global news coverage with recent high-profile incidents at SolarWinds and Colonial Pipeline. These events have prompted many companies who previously may have felt secure in their practices to take a deeper look at their security measures and engage in deeper conversations surrounding threat management, cybercriminals, and cybersecurity training. This week we’ll be providing content resources that may be helpful to you, the reader, as your organization wrestles with ransomware prevention and remediation policies and best practices. As the first item in this week’s coverage, the massive Colonial Pipeline attack has served as a wake-up call about the dangers of ransomware, compelling the U.S. Department of Justice to

As a security practitioner, perhaps you have found yourself in meetings about Risk Management. Or, perhaps, you are part of the incident response team, where you are responsible for everything from preparation, through post-incident reporting. The common thread that runs through risk management and incident response are the “what if this happens” scenarios. Whatever your involvement in these preparatory exercises, the overarching concern of all involved is: When will the business be up and running normally again? When confronted with such dire circumstances, the realization of the need for Business Continuity and Disaster Recovery becomes as important as the business itself. These are no longer “what if” moments. When a business disruption occurs, it becomes a “what now” moment. When

Cloud security skills can be seen as very similar to the security skills for any on-premises data center. But in many instances, organizations are learning that their familiar applications cannot simply be “forklifted” to the cloud. Legacy applications can break when placed in a cloud infrastructure, and the entire security model is impacted as well. The need for a trained cloud security professional has never been more apparent. Explore how certified CCSPs ease the challenges of cloud security and add critical understanding to a largely misunderstood realm. READ THE FULL ARTICLE

Way back in 1975, two members of the Institute of Electrical and Electronics Engineers (IEEE) authored a report about how to protect computer systems. One of the recommendations in the report by Saltzer and Schroeder, “The Protection of Information in Computer Systems”, was to include “Fail-safe defaults”. If you work in any area of information security, it is time to consider what failing safely is all about. If you are a candidate who is studying for the CISSP exam, understanding the difference between failing safe, and failing secure, has even broader applications in at least two study domains.  In any capacity of InfoSec, it’s time for these seemingly overlooked “defaults” to gain higher stature in many of your layered defense

Pseudonymization is a de-identification process that has gained traction due to the adoption of GDPR, where it is referenced as a security and data protection by design mechanism. The application of pseudonymization to electronic healthcare records aims at preserving the patient's privacy and data confidentiality. In the US, HIPAA provides guidelines on how healthcare data must be handled, while data de-identification or pseudonymization is considered to simplify HIPAA compliance. According to GDPR, if pseudonymization is properly applied can lead to the relaxation, up to a certain degree, of data controllers’ legal obligations. Even though pseudonymization is a core technique for both GDPR and HIPAA, there are significant differences in the legal status of the generated data. Under GDPR, pseudonymous data