Blog

The SSH protocol that is embedded on Unix, Linux, Mainframe, and Windows 16 Servers – in additional to Switches, Routers, IOT devices, etc. can be compromised by bad actors with access to keys. This is also true for anyone deploying applications in the cloud. The SSH protocol creates an encrypted tunnel providing users with root level access. In the wrong hands, misuse of the SSH protocol have led to disastrous consequences. Here is why: Encrypted SSH traffic cannot be monitored by existing tools. DLP, SIEM’s, Firewall’s etc. do not workSSH Key’s don’t expire – a key created 20 years ago still works today. SSH Keys are often copied and shared, creating a challenges to tie back who did what and

At the recent Security Congress APAC 2016 held in Bangkok, attendees consisted of ICT professionals, information security professionals, practitioners, and university students and professors from some regional universities. It was a successful gathering where the attendees shared their ideas and views. We also had a great student track presentation from a young information security practitioner, Vijay Luiz, CISSP (Read Vijay’s blog on how he got into cybersecurity http://blog.isc2.org/isc2_blog/2016/02/associate-security.html), which the students found very informative. While the Congress was a great success, it became an issue that not everyone spoke the “same language”. Something was amiss and upon looking back, one can only rule that an information security knowledge baseline was lacking amongst attendees. This brings about the importance of creating

We are excited to share news about the launch of a change to our certification endorsement process. Beginning today, August 17, the process will take place entirely online. Once an (ISC)² exam has been taken and the results validated, a candidate applying for certification must be endorsed by another (ISC)²-certified professional in good standing before the credential can be awarded. This change will enable candidates and the members endorsing them to easily navigate through the endorsement process online, rather than printing, filling out and mailing documents. Feedback from our members and candidates is important to (ISC)². We listened to what you had to say and are happy to initiate this change to streamline the endorsement process. Select members and candidates

In recent years, many young people have felt disenfranchised and robbed of opportunities to pursue career ambitions. This sits in contrast to the fast-developing field of cybersecurity, where hiring managers regularly report staff shortages and lead times of over six months to fill positions. Cybersecurity is fundamental to the digital economy, but the (ISC)2 Global Information Security Workforce Study forecasts a growing workforce shortage of 1.5 million by 2020. As cybersecurity is a relatively new discipline, most organisations look for a minimum of three to five years’ experience, as well as a good understanding of cybersecurity concepts for the roles they are creating. Newcomers struggle to get these roles as employers find it difficult to judge their instincts. Often only

The benefits of digital health are discussed widely around the world. The prospect of increased efficiency and enabling patients to take a more hands-on role in their own medical care are considered positive outcomes by many. However, concerns over data privacy and the prevalence of data breaches in the sector are creating barriers to the adoption of digital health in the United Kingdom (U.K.). With this in mind, we recently hosted a roundtable event in London, inviting several experienced and respected individuals from all aspects of the healthcare sector to discuss some of the most pressing issues on the journey to digital health. During the event there were a number of different issues explored, and although there were a lot

In mid-July, the White House released its “first-ever” Cybersecurity Workforce Strategy, a directive under the Cybersecurity National Action Plan (CNAP) and the President’s 2017 budget. Its goal is to “…grow the pipeline of highly skilled cybersecurity talent entering federal service, and retain and better invest in the talent already in public service.” The government believes that by implementing this Strategy, it will elevate the attractiveness of public service to such a level that every private sector cybersecurity leader will ultimately deem it essential to his/her career to complete a tour of duty in federal service. How many cyber and IT professionals are they looking to attract? According to the White House blog, the magic number is 3,500. How long will