Blog

Cybersecurity is becoming increasingly important as more businesses collect, share, and use more and more data as part of their practices. The news headlines have been dominated by security incidents affecting the personal data of millions of people around the world. The importance of cybersecurity is underscored by the cost of a breach, with IBM estimating the average cost of a data breach in the United States being $8.19 million. Zero unemployment is not a dream! The cybersecurity industry has a zero percent unemployment, which make it an attractive statistic. It certainly is a great reason for everyone, either IT professionals or students graduating from Universities, to choose cybersecurity as a career. But this is not the only factor to

As we look forward to (ISC)² Security Congress 2020 on November 16-18, we are continuing to highlight a few of last year’s sessions to review so you know what to expect for the upcoming digital conference. You can also earn CPEs for viewing these sessions if you weren’t able to attend last year’s conference. Trends in Cloud Security: Where We're Going, We Don't Need Roads Cloud security remains one of the most popular tracks at Security Congress. In this session, Liz Tesch from Microsoft examines the current state of security in a hybrid cloud environment, discusses cloud security tools and technologies, and describes how they will enable us to practice security more effectively in the future. The Automation Quandary This

Software glitches like the Y2K bug and its recent echoes, such as the New York City parking meter failure serve to remind us of the complacency that often settles into organizational culture, and which allows security threats to turn into full-on failures. The New York City parking meter failure was soon eclipsed by the enormity of the COVID-19 pandemic, which has occupied the world’s attention ever since. But this story should not be forgotten, because it has roots that extend far back into the past and – more importantly – has serious implications for computing and threat management far into the future. It starts with some parking meters in New York City. And it teaches us a lot about complacency

By AJ Yawn, CISSP Introduction Amazon Web Services (AWS) is the market-leading cloud service provider for many reasons. One of the reasons for its market share is the breadth and depth of security services available to organizations hosted on AWS. With new services being released almost daily, it is understandable for security practitioners to get lost in the many options to secure your AWS account. AWS CloudTrail is one of these services that are commonly underused but fairly simple to set up and critical for security governance, detection, and incident response. What is CloudTrail, and Why Does it Matter? AWS CloudTrail is an AWS service that helps you audit your AWS account, providing complete visibility into the governance, compliance, and

As published in the May/June 2020 edition of InfoSecurity Professional Magazine. BY JASON McDOWELL, CISSP Companies from all industries are looking for qualified cybersecurity professionals to fill the skills gap in their current workforce. Demand is high, and many companies are willing to pay top dollar to those who possess the skills they need. With this high-demand, high-paying environment, what could go wrong? Plenty. With the exception of companies that specialize in information security, accurate valuation of the cybersecurity role in many companies is still very challenging, and many managers lack even a basic understanding of what cybersecurity professionals do within the organization. Add in the urgency to meet industry-specified cybersecurity requirements, and things can quickly lead to corporate desperation and poor

Professionalizing the world of cybersecurity education and training is a major focus area for the UK Government, especially in the new realities we find ourselves in. It included plans in its National Cyber Security Strategy in 2016 to develop the cyber security profession, including creating a UK Cyber Security Council to focus on professional development, professional ethics, thought leadership, influence and outreach. Late last year, the Department for Digital, Culture, Media and Sport commissioned the creation of the Council through a consortium of cyber security professional bodies – including (ISC)² –known as the Cyber Security Alliance. (ISC)² has been diligently working alongside other Alliance volunteers to build the UK Cyber Security Council. It is set to commence operations in April 2021.