(ISC)² NCR is pleased to announce an agreement with (ISC)² to offer NCR members a discount of 15% off official course and book prices. For more information, please contact Steve Chichester at (703) 637-4409 or schichester@isc2.org and advise him that you are an member of (ISC)² NCR and what you are interested in learning more about.

The SSH protocol that is embedded on Unix, Linux, Mainframe, and Windows 16 Servers – in additional to Switches, Routers, IOT devices, etc. can be compromised by bad actors with access to keys. This is also true for anyone deploying applications in the cloud. The SSH protocol creates an encrypted tunnel providing users with root level access. In the wrong hands, misuse of the SSH protocol have led to disastrous consequences. Here is why: Encrypted SSH traffic cannot be monitored by existing tools. DLP, SIEM’s, Firewall’s etc. do not workSSH Key’s don’t expire – a key created 20 years ago still works today. SSH Keys are often copied and shared, creating a challenges to tie back who did what and

At the recent Security Congress APAC 2016 held in Bangkok, attendees consisted of ICT professionals, information security professionals, practitioners, and university students and professors from some regional universities. It was a successful gathering where the attendees shared their ideas and views. We also had a great student track presentation from a young information security practitioner, Vijay Luiz, CISSP (Read Vijay’s blog on how he got into cybersecurity http://blog.isc2.org/isc2_blog/2016/02/associate-security.html), which the students found very informative. While the Congress was a great success, it became an issue that not everyone spoke the “same language”. Something was amiss and upon looking back, one can only rule that an information security knowledge baseline was lacking amongst attendees. This brings about the importance of creating

We are excited to share news about the launch of a change to our certification endorsement process. Beginning today, August 17, the process will take place entirely online. Once an (ISC)² exam has been taken and the results validated, a candidate applying for certification must be endorsed by another (ISC)²-certified professional in good standing before the credential can be awarded. This change will enable candidates and the members endorsing them to easily navigate through the endorsement process online, rather than printing, filling out and mailing documents. Feedback from our members and candidates is important to (ISC)². We listened to what you had to say and are happy to initiate this change to streamline the endorsement process. Select members and candidates

In recent years, many young people have felt disenfranchised and robbed of opportunities to pursue career ambitions. This sits in contrast to the fast-developing field of cybersecurity, where hiring managers regularly report staff shortages and lead times of over six months to fill positions. Cybersecurity is fundamental to the digital economy, but the (ISC)2 Global Information Security Workforce Study forecasts a growing workforce shortage of 1.5 million by 2020. As cybersecurity is a relatively new discipline, most organisations look for a minimum of three to five years’ experience, as well as a good understanding of cybersecurity concepts for the roles they are creating. Newcomers struggle to get these roles as employers find it difficult to judge their instincts. Often only