Blog

Global C-suite executives are confident in their organizations’ preparedness to handle a ransomware attack, according to a newly published (ISC)² ransomware study titled, “Ransomware in the C-Suite: What Cybersecurity Leaders Need to Know About What Executives Need to Hear.” Although confident, C-suite executives express a strong willingness to invest in technology and staff to improve defenses—signaling that now is an opportune time for cybersecurity leaders to proactively address their organizational readiness with the executive team. In response to several high-profile cyberattacks this year, (ISC)2 commissioned a survey of 750 C-level executives across the United States and the United Kingdom to provide cybersecurity professionals with deeper insights into how C-suite executives perceive their organizations’ readiness for ransomware. This data underscores the

A surge of organizations are moving their operations to the cloud for the benefits of improved efficiency, better scalability and faster deployment. But with the wave of migration to the cloud come more threats than ever before. The cloud is giving bad actors a more expansive set of targets, as well as new tools to conduct attacks, says Or Azarzar, Co-founder and CTO of Lightspin, in an article in Dark Reading. With so many risks for cyberattacks targeting the cloud, which certification demonstrates a broader understanding and skillset to protect cloud security? Let’s compare two cloud certs, (ISC)² Certified Cloud Security Professional (CCSP) vs. Google Cloud Certified-Professional Cloud Security Engineer. CCSP is a vendor-neutral certification that demonstrates the broad knowledge

(ISC)² is now accepting applications for its 2022 Women's Cybersecurity Scholarships, Undergraduate Cybersecurity Scholarships and Graduate Cybersecurity Scholarships. More than $100,000 in scholarships will be awarded in 2022. Applicants are evaluated based on academic excellence, passion for the industry and financial need. They are reviewed by volunteer (ISC)² members. If you are a member interested in participating and earning CPE credits, send an email to center@isc2.org. These scholarships are part of an effort to bridge the cybersecurity workforce gap—which stands at 2.72 million needed professionals—by providing future cybersecurity professionals across the globe with scholarships to prepare them for a rewarding career in this important field. “Supporting young talent with their educational studies is one of many methods to widen the pipeline of

The Role of the Board in Effective Risk Assessment The growing sophistication of cybercrime is making it a necessity for companies to discuss its challenges and defense methods regularly at the board level. The results of an attack may involve refusal of an insurance company to pay, the potential for class action lawsuits, infections that penetrate too deep into the IT system to be removed, and violation of data protection rules. Boards and directors must approach cybersecurity as an enterprise-wide risk management issue. They must embrace their organization’s cyber risk appetite and understand the types of internal and external threats the company faces. An experienced CAP certified professional helps guide directors by blending their education and experience with a capacity

The end of the year is a good time to reflect on the past 12 months and create a plan to improve in 2022. Like years past, 2021 revealed more of the same for the cybersecurity industry—more breaches, bigger ransomware attacks, higher stakes. Some of the most disruptive cyberattacks occurred this year, such as JBS Foods, Kaseya and Colonial Pipeline. These attacks received global attention and spotlighted the need for even more attention on cybersecurity best practices. To help CEOs around the globe better understand cyber risks and how to make their businesses more secure, (ISC)² conducted an online poll of 200 cybersecurity practitioners, whose roles range from cybersecurity leadership to cybersecurity team member, and asked them a simple question:

In cloud computing environments, files are not stored in a hierarchical way. Most cloud architectures use a combination of splitting data vertically, horizontally and replication to improve response times, scalability, availability and fault tolerance. This is called object storage. Objects are accessible through APIs or through a web interface. Object storage introduces new challenges related to data consistency, which are not present in relational databases. One of the more fundamental decisions cloud professionals need to make is whether they will choose eventual consistency for data in corporate systems or strong consistency. Selecting a data consistency model is a decision that cloud security professionals must make. Both models are useful tools in the hands of cloud professionals, who must determine the