A Fun Science Fact Are you familiar with the often misquoted study about how every cell in the human body is replaced around every seven years? While a complete body makeover doesn’t actually happen, there is truth that many cells are regenerated over time. In some parts of the body this happens faster than others. It would be fascinating if humans could truly change their identity every few years. As an information security professional, you are aware that identity management is a very important part of the security landscape. Like many cells in the human body, identity access management (IAM) has not remained static. It started from some very simple beginnings, has changed and continues to change. Is this just

Why Does This Have to Be So Hard? As a security practitioner, how often have you heard the refrain from your colleagues that one of the security protocols that were so carefully thought-out and expertly implemented are just too difficult to deal with? Perhaps you have sighed when you had to adhere to your own security protocol? As a security evangelist, you understand the necessity of adhering to a set of security requirements, but as a normal staff member, you can understand the frustration of your non-security coworkers. Is there ever such a thing as being a “normal” staff member after you have crossed into the elite world of information security? It seems that once one becomes aware of all

In 2020, ransomware was the most widely-used method of delivering cyber attacks, accounting for 23% of security events handled by the IBM Security X-Force. One attack alone scored profits of more than $123 million for the perpetrators, according to an IBM report. A distant second to ransomware, the report says, was data theft (13%), followed by server access (10%). All three types of attack increased in comparison to 2019 numbers: +3% for ransomware, +8% for data theft, and +7% for server access. Meanwhile, scan-and-exploit attacks emerged as the top initial attack vector, and were used in 35% of attacks, up from 30% in 2019. Scan-and-exploit threats knocked phishing from the top spot, which accounted for 33% of attacks, up 31%

Last year taught us a valuable lesson: Always be prepared for the unknown. In a cybersecurity context, fostering resilience requires thinking of all possible scenarios – even if they seem implausible – and seeking solutions that can really work. But resilience in a cloudy world doesn’t happen overnight. It must be supported by a well-woven culture of security that evolves with the shifting global environment. Organizations that create a culture for the future are destined to excel; those that resist change will be left behind. READ THE FULL ARTICLE  

Earlier this year, we announced an upcoming update to the Certified Authorization Professional (CAP) certification. This (ISC)² certification exam will be updating on August 15, 2021. During the last Job Task Analysis (JTA), the decision was made to expand the CAP to reflect the more diverse day to day work of professionals who were earning the certification. What started built primarily for U.S. government professionals using the Risk Management Framework (RMF) has now expanded to professionals working in the private sector and or organizations around the world. We spoke with the Content Development Manager here at (ISC)², Toni Hahn, about these changes. Toni – who holds both the CISSP and CAP certifications – oversees a team of certified content experts