As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Michael Bergman, CISSP An (ISC)2 member details a software security integration system that eliminates that ’50-page security policy’ for developers. Unless your organization is gifted with resources, your software development teams do not have a dedicated first-line-of-defense function that integrates controls and makes it easier for developers to secure the products they build. Instead developers, particularly those using Agile for project management, typically are handed a 50-page security policy document and told to “implement that along with your functional requirements, all within your two-week sprint cycle.” The result is frustrated developers who usually do not understand cybersecurity well enough to extract security requirements from that massive policy document, let

U.S. healthcare institutions are under constant attack from cybercriminals, and unless hospitals take concrete steps to protect themselves, the situation won’t get any better. In 2019, the healthcare industry was the number one target for cyber attackers, with the cost of breaches totaling $4 billion, according to a new report. 2020 Vision: A Review of Major IT & Cybersecurity Issues Affecting Healthcare, published by security intelligence firm CyberMDX, provides an in-depth look at the causes and types of cybersecurity threats affecting the industry, as well as recommendations for healthcare institutions to fortify their cyber defenses. Attacks on healthcare are prevalent, according to the report, because the industry handles “valuable patient medical records” and has shown a “willingness to pay ransoms

It’s time again for another (ISC)² Job Task Analysis (JTA) study, this time for the CAP certification. We frequently review and update our content outlines (aka exam blueprints) of our credentialing examinations. If you’re not familiar, the JTA is a methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. As we prepare for a review of the CAP exam, we would like to hear from our CAP members! We would like you to comment on the new and emerging cybersecurity issues that should be addressed, but are not currently covered in the current CAP exam outline. This is your opportunity to shape the content of the CAP

Being a CISO can be stressful. That should come as no surprise. According to a new report, the stress is bad enough to cause health issues and personal relationship crises, and on average, CISOs stay in each job for just 26 months. The CISO Stress Report by Nominet, a U.K. domain registry, reveals that 95% of CISOs work longer hours than they are contracted for and 88% are “moderately or tremendously stressed.” While CISOs are undoubtedly under a lot of pressure, it’s important to not paint all of cybersecurity with the same brush, and to draw a distinction between job stressors and job dissatisfaction. The two are not always synonymous. In fact, the 2019 (ISC)2 Cybersecurity Workforce Study found that

Cloud security today is touted as better than ever. So how do we explain the ever-increasing number of data breaches? According to the new white paper, Cloud Security Risks & How to Mitigate Them, the disconnect arises from a shared security model. Cloud Service Providers protect the datacenter, but customers are responsible for safeguarding their own data, and focus is shifting from the provider to the customer. To reduce risks, cloud customers must take charge of data security. This is no small feat as many are in a period of transition and facing a wide range of threats… Insufficient access management and account hijacking System misconfiguration Hyperconverged environments Insecure interfaces and APIs Emerging technologies like AI and machine learning Clearly,