By Vivek Soni, CCSP Key Risk Indicators (KRIs) are critical predictors/indicators of undesirable events that can adversely impact the organisation. These are the kind of metrics which are forward looking and contribute to the early warning sign that facilitates enterprise to report risks, prevent calamity and remediate them promptly. Risks to an organisation may vary based on their business environment and the respective business unit. For example, an IT service management team might worry about changes going into production without approvals, an Information Security Team might focus on preventing data compromise, a bank might be concerned with fraudulent bank accounts being opened, etc. KRIs measure the potential risk related to specific decision that an organisation is considering as well as

Practitioners from across the cybersecurity industry and the (ISC)² member community are invited to submit their session proposals as the cyber world begins its journey to Nashville.  (ISC)² today launched its call for presentations for its annual (ISC)² Security Congress event, taking place live in Nashville, Tennessee on October 25-27, 2023 at the Gaylord Opryland Resort and Convention Center and also online.  One of the biggest vendor-neutral global cybersecurity events on the calendar, (ISC)² Security Congress 2023 brings together thousands of front-line cybersecurity practitioners and cybersecurity business leaders to network, share ideas and continue their ongoing cybersecurity education through three days of keynotes and specialist sessions. For (ISC)² members, Congress is an essential opportunity for them to maintain the continuous

At (ISC)², we pride ourselves in our steadfast dedication to maintaining the relevance and quality of all the certifications in our portfolio. (ISC)² certifications are constantly being reviewed and updated to make sure they are serving the needs of professionals who hold them, as well as those that are seeking them.   (ISC)² is exploring a new security engineering credential that is in better alignment with global standards for recognized roles and specialisms. The current CISSP-ISSEP concentration certification is earned after obtaining your CISSP. This new certification could be obtained by a practitioner before seeking the CISSP credential. We are in the process of reviewing our security management credential in a similar manner.  The first step of the process is to

The latest (ISC)² research report, How the Cybersecurity Workforce Will Weather a Recession, found that despite looming recession concerns, cybersecurity teams will be least impacted by staffing cuts in 2023.   To assess the impact of a potential economic downturn on cybersecurity teams, (ISC)² polled 1,000 C-suite executives in December 2022 across five countries: Germany, Japan, Singapore, the U.K. and U.S. The research highlights how C-suite executives view cybersecurity as an essential, valuable asset that is a strategic priority.  While 85% of respondents expect layoffs will be necessary at their organizations, cybersecurity roles are expected to be the least affected by staff reductions. Only 10% of organizations are likely to cut jobs in cybersecurity compared to other business areas, such

By Joe Fay Aviva subsidiary assessing impact on data and customers. Wider group unaffected.  Financial services giant Aviva’s recently acquired subsidiary Succession Wealth has been hit by a cyberattack, leaving it trying to assess the impact on a customer base which includes sports and entertainment professionals.  Succession Wealth, which offers “high-quality independent financial advice” is not commenting on the nature of the attack, but it understood that it is restricted to its specific systems and that the wider Aviva Group is not affected.  While Succession Wealth is still working out how the attack has affected customers and their data, its systems are still in operation, and it continues to service clients.  The firm confirmed in a statement on February 15