Blog

The disclosure of the Log4j zero-day exploit in December 2021 had a serious impact on the cybersecurity industry. The flaw is found in one of the most commonly used pieces of software, thus, it could potentially impact billions of devices. If left unpatched, attackers could seize complete control of the device, which is cause for alarm. In fact, the Federal Trade Commission (FTC) threatened to use “its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.” To better understand the implications of Log4j for cybersecurity professionals, (ISC)² conducted an online poll of 269 cybersecurity practitioners examining the Log4j vulnerability and the human impact

Cybersecurity is one of many industries lacking diverse perspectives and backgrounds, which are essential for combating the ever-evolving threat landscape. (ISC)² estimates that the Cybersecurity Workforce Gap as of 2021 stands at 2.72 million professionals globally, but women make up roughly 25% of the cybersecurity industry, compared to at least 40% of the global workforce. This imbalance and lack of diversity in the sector was highlighted in the recent report In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity. This disparity is also recognized by the U.K.’s National Cyber Security Centre (NCSC), which recently released its 2021 NCSC Diversity Report. Showing that although the U.K. cybersecurity industry is making strides to close the diversity gap,

Registration for the second (ISC)² online proctored CISSP exam pilot program is now open to candidates in the U.S., U.K. and Singapore. Built on results from the association’s first online proctored pilot test in 2021, this pilot program is designed to further assess the viability, and help determine the potential future availability, of online proctoring for (ISC)² certification examinations. The learnings from this pilot program will help us further augment our exam delivery capabilities, ensuring the experience is safe, secure and provides candidates with the best possible opportunity to demonstrate their competence, regardless of the examination delivery method. What’s New With exam security as the primary objective, (ISC)² has established new identity validation and security processes for this second pilot

In honor of Black History Month, we celebrate and acknowledge black pioneers in computer science and cybersecurity. Without their incredible contributions to technology, the cyberworld in which we live may not have been possible. We encourage you to learn more about these individuals and have included links below to read more. Annie Easley was one of the first black women to be hired by NASA as a ‘human computer’. She specialised in computer programming and alternative energy technologies, providing the technological foundations for some of the most important inventions of the 20th century, including communications, military and weather satellites.   Dr. Clarence “Skip” Ellis, a computer scientist, was the first black person to earn a Ph.D. in computer science from the University

Want to share your expertise with thousands of your peers at Security Congress? Now’s your chance! (ISC)² has issued a call for speakers for its 12th annual (ISC)² Security Congress conference, a hybrid event taking place on October 10-12, 2022, in Las Vegas and online. After two successful back-to-back virtual conferences, this year’s hybrid event will feature 120+ educational and thought leadership sessions on the hottest cyber topics from a roster of an estimated 150 speakers. In-person and virtual attendees can expect engaging sessions on a variety of emerging and trending topics, including cyber liability, quantum computing, ICS/critical infrastructure, Zero Trust principles, ransomware, workforce trends (diversity and recruiting), remote workforce security, supply chain security, artificial intelligence, DevSecOps and many more. Don’t know

By Charlene Deaver-Vazquez, CISSP, CISA. Charlene is the developer of Probabilistic Risk Modeling for Cyber (P-RMOD4Cyber) a framework of mathematical models for quantifying risk. There is a tendency to view the effectiveness of our cybersecurity practice through a single lens – compliance. We apply controls and best practices hardening our systems and continually monitoring our security posture. We implement defense in depth relying on strong perimeter defense and real-time analytics. At this point, we discuss risk in terms of defensive actions, what we’ve done and what we see based on our logs and alerts. What does a typical conversation around risk sound like at this maturity level? On any given day leadership can be informed on the progress of patching,