Inadequate cybersecurity staffing is the second-largest barrier faced by state governments in their attempts to overcome cybersecurity challenges, according to a newly released Deloitte study. Insufficient budget was the biggest barrier reported, and interestingly, the lack of availability of cybersecurity professionals was cited as the fifth largest barrier. Inadequate staffing has been a prevalent issue for years. (ISC)2’s 2019 Cybersecurity Workforce Study estimates the shortage of needed skilled professionals is more than 4 million worldwide. This creates challenges for CISOs as they focus on protecting their organizations. The Deloitte study, which is based on responses from 51 U.S. states and territories, says that even as the CISO position “has evolved into a mature and respected role,” CISOs still “struggle with

Beginning on October 24, 2020 there is an update to the (ISC)² exam retake policy which applies to the CISSP, as well as all other (ISC)² exams. For each of the CISSP, CAP, CCSP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and SSCP certification examinations, there are two independent rules that govern exam retake attempts. If you don’t pass the exam on your first attempt, you may retest after 30 test-free days. If you don’t pass the exam on your second attempt, you may retest after 60 test-free days from your most recent exam attempt. And finally, if you don’t pass the exam on your third attempt (and for all subsequent retakes), you may retest after 90 test-free days from your most

(ISC)² regularly updates all exams to ensure that our certifications remain current and relevant in a rapidly changing profession. We can’t do that without you, the members who have earned the certifications. Throughout the year, we hold examination development workshops to update and refresh exam content. Currently, these workshops are virtual, usually last 2-3 days and are eligible for as many as 21 CPE credits. We are particularly in need of members to help us with the following certifications: CISSP-ISSAP CISSP-ISSEP CISSP-ISSMP CAP CSSLP HCISPP SSCP You must hold the certification in question in order to participate in the workshop for that exam. However, you are not eligible to volunteer if you have participated in any workshops for the (ISC)²

A Playing Field Without Any Boundaries Have you ever been assigned the task of asset security in an organization? At first glance, asset security seems pretty simple, almost boring. After all, what’s the big deal tracking some laptops and mobile phones. However, once you dive into the details of what an asset is, you may quickly find yourself with the feeling that the entire earth has become overtaken by quicksand. The asset security responsibilities of an information security professional can be so vast, as to leave one feeling that they have no firm footing. Assets are anything that imparts value to an organization. Such a broad definition would place assets everywhere, both inside and outside of any company, and depending

By David Bisson All IT professionals who want a lucrative career should consider expanding their skill set to include security. Now is an opportune time to do so, because security is continuing to grow in importance for businesses and organizations. As noted in “Why Add Security to Your Skill Set and How to Do It,” about 44% of corporate boards participate in their organization’s digital security strategy. An even greater proportion (58%) receive security briefings on at least a quarterly basis. Boards are paying greater attention to security so that they can help keep their organizations out of the headlines. Even so, the skills gap is making it difficult for organizations to hire and retain qualified digital security talent, thus