A Singular Aspect of Risk Management As a security and privacy practitioner, you understand the importance of risk management. Perhaps you are a member of the risk management committee in your organization, or you may serve in an advisory role for that committee. The enormous task of risk management requires careful thought and consideration. Some aspects of a complete risk management plan include the acknowledgment of known vulnerabilities, as well as predictions about unknown vulnerabilities. Topics such as security awareness training, threat management, access control, incident response, risk mitigation, and many others must be taken into consideration. While the majority of risk management processes focus on internal operations of the organization, the rise of vulnerabilities from trusted external partners is

Nearly three weeks after (ISC)² made its highly popular Professional Development Institute (PDI) course titled “Ransomware: Identify, Protect, Detect, Recover,” free to the public through July 31, 2021, more than 4,500 professionals have enrolled in the course. The ransomware crisis has reached an all-time high, with numerous headline-grabbing attacks coming to light. Some attacks, such as the ones against Kaseya and SolarWinds, are having far-reaching effects that, by design, extend well beyond the original target. The current ransomware epidemic is leaving victim organizations struggling to remediate and others wondering if they’ll be next. However, with protection strategies and remediation plans in place prior to an attack, organizations are better prepared to recover quickly or negate an attack altogether. The two-hour nontechnical (ISC)² course covers

A very common complaint among information security professionals is lack of a budget to implement the best security tools. It may be true that recent newsworthy security events have increased many budgets, yet it never seems like enough.  In many ways, this is true. It is like the difference between the base-model automobile, and the fully equipped model. What easier way is there to grant a system the authority to operate than with the most robust budget imaginable? Yes, it is nice to have all the flashing lights and automated features, but that is not always what is needed to truly meet the requirements. There are many low-cost, and often free aspects of a security program that, if overlooked, can

Is your organization protected with a stronger cloud security posture from new concepts and technologies like Zero Trust, micro segmentation, containerization and microservices? With Certified Cloud Security Professional (CCSP) training, cybersecurity teams are gaining a mastery of the latest cloud architecture, infrastructure, deployment models, risk management strategies and more. Read the Full Article.

Last year was a first for (ISC)² Security Congress, as our conference took place entirely virtually. The COVID-19 pandemic forced nearly all events in 2020 to go virtual and we’re excited to take the experience from that event and use it to deliver an even better one for you this year. Whether you’re a first-timer or a returning attendee, you’re going to love the first-ever hybrid Security Congress. This year, the All Access Pass offers the in-person experience that so many of us have missed over the past year and a half, plus the option to attend sessions virtually. We also have a virtual only pass which offers attendees the ability to enjoy everything that Security Congress has to offer