(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for HCISPP is up next for review! In preparation for that upcoming review, we would like to hear from YOU, our HCISPP members. We want to hear from you on the new and emerging cybersecurity issues that should be addressed, but are not covered in the current HCISPP Examination Outline. This

How Much Access is Too Much? Many security practitioners grapple with the problem of their colleagues demanding too much access to network resources. Sometimes, it is not just people who request excessive access, it could be an application that needs more access than necessary to function, or it could be a process that is demanding too much access. In some cases, an entire system or network can be the access challenge. Whatever the case may be, there are many methods at the fingertips of the security practitioner to control access in a way that enables a business to function without the risk of oversharing. The Risks of Excessive Access Unbridled access has been cited in many security incidents. From the

Organizations looking to build cybersecurity teams by attempting to recruit “all stars” need to reevaluate their strategy and adjust expectations. With the current cybersecurity workforce gap estimated at 3.1 million worldwide, it is too daunting – or for many, nearly impossible – to find candidates with all the skills and experience that organizations often seek. The (ISC)2 Cybersecurity Career Pursuers Study delivers guidance on how to find strong candidates despite the scarcity of available talent. The report suggests organizations take a pragmatic approach to recruitment by zeroing in on qualities such as analytical thinking, problem solving and creativity, which foreshadow success in cybersecurity roles, as opposed to overly focusing on technical prowess and experience. By polling 2,034 current cybersecurity professionals

With data breach rates rising and criminal attack methods becoming more sophisticated each day, it is essential for every organization to take security seriously. That means cybersecurity training and education so that key stakeholders understand the risks that businesses are facing, and which strategies are most effective for protection. Who should receive cybersecurity training in your organization? While your immediate reaction might be to think training should stay with the cybersecurity team, there are actually many roles that would benefit from security knowledge and education. Cybersecurity is a shared responsibility and since many companies do not have a formal security team in place, managing risk can be a responsibility for many other roles within the organization. Watch the (ISC)² webinar Protecting the

With cyber attacks against financial and banking institutions now a daily occurrence, cyber threats have become the biggest risk to the global financial system, according to Federal Reserve Chairman Jerome Powell. During an interview on CBS News’ 60 Minutes, Powell said cyber risks surpass even the types of lending and liquidity risks that led to the Great Recession in 2008. The chances of a financial collapse akin to 2008 are “very low,” he said. “But the world changes, the world evolves, and the risks change as well. The risk we keep our eyes on the most is cyber risk.” If hackers succeeded in shutting down a major payment processor, which would seriously disrupt the flow of money between financial institutions,