Cloud security skills can be seen as very similar to the security skills for any on-premises data center. But in many instances, organizations are learning that their familiar applications cannot simply be “forklifted” to the cloud. Legacy applications can break when placed in a cloud infrastructure, and the entire security model is impacted as well. The need for a trained cloud security professional has never been more apparent. Explore how certified CCSPs ease the challenges of cloud security and add critical understanding to a largely misunderstood realm. READ THE FULL ARTICLE

Way back in 1975, two members of the Institute of Electrical and Electronics Engineers (IEEE) authored a report about how to protect computer systems. One of the recommendations in the report by Saltzer and Schroeder, “The Protection of Information in Computer Systems”, was to include “Fail-safe defaults”. If you work in any area of information security, it is time to consider what failing safely is all about. If you are a candidate who is studying for the CISSP exam, understanding the difference between failing safe, and failing secure, has even broader applications in at least two study domains.  In any capacity of InfoSec, it’s time for these seemingly overlooked “defaults” to gain higher stature in many of your layered defense

Pseudonymization is a de-identification process that has gained traction due to the adoption of GDPR, where it is referenced as a security and data protection by design mechanism. The application of pseudonymization to electronic healthcare records aims at preserving the patient's privacy and data confidentiality. In the US, HIPAA provides guidelines on how healthcare data must be handled, while data de-identification or pseudonymization is considered to simplify HIPAA compliance. According to GDPR, if pseudonymization is properly applied can lead to the relaxation, up to a certain degree, of data controllers’ legal obligations. Even though pseudonymization is a core technique for both GDPR and HIPAA, there are significant differences in the legal status of the generated data. Under GDPR, pseudonymous data

(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its certification examinations. A JTA is the methodical process used to determine tasks that are performed by certification holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for ISSMP will be reviewed soon. In preparation for the upcoming review, we would like to hear from our ISSMP members who are participating in this forum/community to comment on the new and emerging cybersecurity issues that should be addressed but are not covered in the current ISSMP Examination Outline. This

Today’s cybersecurity skills shortage is threatening safe cloud adoption – and cloud security is the No. 1 area most impacted by the shortfall. To help fill the gaps, more professionals are expanding their cloud expertise. Join two cybersecurity specialists as they share their journeys to a mastery of cloud security and how it benefited their careers. READ THEIR STORIES IN THE ARTICLE