As part of its expanded diversity, equity and inclusion (DEI) initiative, (ISC)² and its partner, BUiLT (Blacks United in Leading Technology, Inc.), are releasing four new toolkits aimed at increasing the number of Black and underrepresented professionals entering, staying and advancing in the cybersecurity profession.   “Diversity continues to lag in the tech and cyber industries – and in order to meet the workforce gap head on, we need to create racial equity by helping the Black community explore new career possibilities within these fields,” said Peter Beasley, executive director and chairman of the board, BUiLT. “Partnering with (ISC)² encourages a shift we need – to convert, train and educate adults already in the workforce to meet the open roles in

An FBI cyber incident, GoDaddy’s third breach in three years and an NHS data leak highlight a week of major cybersecurity events. Here are the latest threats and advisories for the week of February 24, 2023.  Threat Advisories and Alerts  NCSC Provides Recommendations on Supply Chain Security  As the recent ransomware attack on ION Trading revealed, supply chain attacks can be devastating to a business and have knock-on effects for suppliers and customers alike. The U.K. National Cyber Security Centre recently published guidance on the topic to help companies address supply chain cyberthreats. The article provides detailed security recommendations, including how companies can map their supply chains, the type of supplier information to gather and how to address subcontractors in

By John E. Dunn Forget vanilla phishing attacks – cybercriminals today have much more interesting tricks up their sleeves. MFA Fatigue Attacks  When push notification via smartphone first appeared, it looked as if the industry had finally found a type of MFA that was both easy to use while being more secure than rivals such as SMS one-time passwords (OTPs). Recently, attackers have dented this reputation with a series of simple MFA fatigue attacks. After using stolen credentials, these bombard users with repeat push notifications in the hope a few will agree to make the barrage stop. Several large companies have been successfully targeted this way.  The mitigation is a combination of education – few users have even heard of

By Vivek Soni, CCSP Key Risk Indicators (KRIs) are critical predictors/indicators of undesirable events that can adversely impact the organisation. These are the kind of metrics which are forward looking and contribute to the early warning sign that facilitates enterprise to report risks, prevent calamity and remediate them promptly. Risks to an organisation may vary based on their business environment and the respective business unit. For example, an IT service management team might worry about changes going into production without approvals, an Information Security Team might focus on preventing data compromise, a bank might be concerned with fraudulent bank accounts being opened, etc. KRIs measure the potential risk related to specific decision that an organisation is considering as well as

Practitioners from across the cybersecurity industry and the (ISC)² member community are invited to submit their session proposals as the cyber world begins its journey to Nashville.  (ISC)² today launched its call for presentations for its annual (ISC)² Security Congress event, taking place live in Nashville, Tennessee on October 25-27, 2023 at the Gaylord Opryland Resort and Convention Center and also online.  One of the biggest vendor-neutral global cybersecurity events on the calendar, (ISC)² Security Congress 2023 brings together thousands of front-line cybersecurity practitioners and cybersecurity business leaders to network, share ideas and continue their ongoing cybersecurity education through three days of keynotes and specialist sessions. For (ISC)² members, Congress is an essential opportunity for them to maintain the continuous