Blog

We are continuing the popular bi-monthly CPE credit quiz as we transition from InfoSecurity Professional to our new web-based content platform.  The first (ISC)² News and Insights CPE Credit Quiz of 2023 is now live. Every two months, we publish a 10-question quiz with questions based on some of our editorial content from that period. Successfully passing the quiz results in two CPE credits being automatically added to your total.   Readers of our former bi-monthly magazine InfoSecurity Professional will know that each issue included a quiz, allowing members to earn CPE credits by passing the quiz, verifying they had read that issue. As we have now transitioned from the bi-monthly magazine to an on-going web-based content platform to better support members

Major U.S. government and corporate breaches, the White House enforces TikTok ban and the NCSC issues zero trust guidance. Here are the latest threats and advisories for the week of March 3, 2023.  Threat Advisories and Alerts  NCSC Publishes Guidance on Zero Trust Security   The U.K. National Cyber Security Centre has published guidance on how companies can leverage zero trust security. The article explains why some systems can’t integrate into a zero trust network. Organizations can get around this issue by building a mixed estate using a zero trust proxy or a managed virtual private network (VPN).   ZK Java Web Framework Flaw Is Being Actively Exploited  A high-severity flaw (CVE-2022-36537) affecting the ZK Framework has been added to the U.S.

By Joe Fay China is ‘most active, and most persistent threat’ as government pinpoints need for a bigger and more diverse cybersecurity workforce to meet the long-term challenge.  The Biden administration has unveiled its long-awaited cybersecurity strategy, effectively putting the country on a permanent cyberwar footing, with the Federal government adopting zero trust while demanding tech providers take more responsibility for securing their products and tackling cyberthreats.  “Voluntary” approaches to securing critical infrastructure will be stiffened with regulation, tailored to individual sectors. The Federal government will also root out insecure legacy systems from its own estate, while building up its own cyber defense and offense capabilities.  The strategy noted a state of inequality in responsibility for tacking cybersecurity threats. For

By Dave Cartwright, CISSP  The mysterious world of cybersecurity can sometimes be wildly misrepresented on-screen, causing challenges for professionals charged with educating colleagues and other users.  Movie and TV screenwriters have been known to play fast and loose with the facts. Any car involved in an accident, no matter how minor, explodes in a hideous fireball. Everyone can find an on-street parking space right outside their house. Whenever text appears on a computer screen there’s a clicky-beepy sound for each letter that appears.  No wonder, then, that the role and actions of cybersecurity can sometimes be even more wildly misrepresented and exaggerated on-screen. Today we are taking a look at our favorite five examples of where cybersecurity was misrepresented in

By Joe Fay  Workers told to make more use of cyber ranges, conferences and webinars as skills gap just gets bigger. The US Department of Defense (DoD) is overhauling the recruitment and training of its cyberspace workforce, providing a template for other public and private sector organizations battling both a growing cyber threat and widening skills gap.  The DoD’s Cyber Workforce Strategy stands as a potential model for how other public and private sector organizations should be reshaping their cybersecurity teams and nurturing talent.  When the US-based Bipartisan Policy Centre detailed the “Top Risks in Cybersecurity 2023”, it highlighted the impact of geopolitical uncertainty, an accelerating cyber arms race, an erratic regulation environment and economic headwinds that are likely to

As geopolitical tensions continue, cyberwarfare has taken its toll on the world. Last July, the FBI, CISA and the Department of the Treasury issued a joint advisory about North Korean hackers targeting U.S.  healthcare systems. Another warning was issued about Russian state-sponsored CNI attacks aimed against Ukraine or organizations providing materiel support. Alarmingly, the last few years have seen cyberattacks on oil and gas (Colonial Pipeline), nuclear operations (Iranian nuclear facility, Kansas nuclear plant, Stuxnet) and water utilities (Oldsmar, Israeli facilities) among others.  In response, more CNI-geared legislation is on the way. The most game-changing move on this front last year for the U.S. was the Cyber Incident Reporting for Critical Infrastructure Act of 2022. It marks an important milestone