The Bean Counters Many years ago, a car was manufactured with a design flaw resulting in the gas tank catching fire when the car was struck from behind. Many deaths stemmed from this mechanical flaw. It was later revealed during subsequent wrongful death court cases, that the vehicle’s manufacturer was aware of the problem, had performed a risk/benefit analysis, and determined the cost to fix the problem would exceed any penalty levied by the courts. As a software security professional, you may question – what type of software could result in a risk to life? Imagine, however, a faulty calculation in medical device’s software, possibly causing death if the calculation was significantly incorrect. Or aviation software, where the failure can

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted.   In this installment, we talk to Theresa ‘Terry’ Grafenstine. Terry tells us about her time working as the appointed Inspector General of the U.S. House of Representatives and her journey to becoming Chief Auditor for Global Technology at Citi. She shares with us her passion for cybersecurity and her advice for those considering it as a career. What job do you do today? I am the

Clar Rosso, (ISC)² CEO recently joined a roundtable of experts in an (ISC)² Think Tank webinar to highlight why it’s so important to the cybersecurity industry to focus on Diversity, Equity and Inclusion (DEI) as well as offer tangible and practical tips to address common challenges and tensions that often arise on the inclusion journey. The June 23 panel discussed why these initiatives often fail and how to push through the barriers that often keep them from achieving lasting transformation. Rosso was joined by Dr. Kevin Charest, Executive Vice President and CTO at HITRUST, and Samara Moore, AWS Security Assurance Senior Manager and Global Energy Specialist. Both have held (ISC)² Board of Directors positions. DEI’s Role in Filling the Skills

Earlier this week, (ISC)² announced that the DoD approved both the HCISPP and CCSP certifications to its DoD 8570 Approved Baseline Certifications table on the DoD Cyber Exchange website. Why does this matter? This means that the entire roster of (ISC)² certifications are now required for different security workforce categories within the Department, depending on the functional area the role covers. Approval for these additions came from the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group (CWAG) Certification Committee. The HCISPP has been approved for the following categories: Information Assurance Manager Level 1 (IAM 1) IAM Level II (IAM II) The CCSP has been approved for the following categories: Information Assurance System Architect and Engineer Level

As we close out #RansomwareWeek here on the (ISC)² blog, a timely piece of news comes from The National Institute of Standards and Technology (NIST) in the form of new draft guidance for organizations concerning ransomware attacks, according to reporting by Infosecurity Magazine. As the body responsible for one of the most revered standards frameworks in the world, NIST’s entry into the discussion is remarkable. According to the Infosecurity Magazine article, “The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it. [It] can be used by organizations that have already adopted the NIST Cybersecurity Framework and wish to