Fresh from Austin, here are the top headlines from (ISC)2's 2017 Security Congress: Let's talk about risk, baby. That's the language c-level executives and board members want to hear from the security team. Keynote speaker and Deputy Assistant Director of the FBI, Donald Freese, spoke about a non-emotional approach to security.  CSO Online quotes Dylan Thomas, who was probably talking about cybersecurity practitioners when he said "Do not go gently into that good night." Garfield loves lasagna and hates cyberbullying. Infosecurity Magazine was with us in Austin and spoke to the CISO of the state of Missouri, Michael Roling, CIO of the Truth Initiativev, Derrick Butts, and CISO of the U.S. Dept. of Health & Human Services, Steven Hernandez.  Ransomware – Tales from

It’s 2:00 pm. Do you know where your data records are? Here are the security headlines from the week of September 18, 2017. Say it ain’t so, SEC. Say it ain’t so! It looks like the U.S. Securities and Exchange Commission (SEC) suffered a cyber attack in 2016. Hackers have been trading using non-public information. In more cybercrime news, Help Net Security has a list of most wanted malware and mobile malware. We’re all hoping the risk of wearable devices is worth the health benefit – or is that just what I tell myself about my FitBit? But what if the device data falls into the wrong hands? Any infosec pro will tell you: Only install applications from a trusted

By David Shearer, CISSP, CEO (ISC)²  I was recently reading an article by my colleague, ISACA CEO Matt Loeb, that got me thinking. In his piece, Creating cyberculture, Matt creatively reworks the “cybersecurity is everyone’s responsibility” mantra with his seatbelt analogy. While I certainly applaud any effort to create an inclusive cybersecurity culture – and Matt has some great suggestions on how to do so – I believe most organizations simply are not ready. To build on Matt’s seatbelt analogy, we’re buckling ourselves into a car seat that’s not yet bolted to the frame. Let me explain. We still have a great deal of work to do at the operational levels of most organizations that stems from a fair of amount

Although some organizations have splintered cybersecurity from IT for structural purposes, typically IT teams shoulder the responsibility for security. This means IT professionals are the people who enforce the policies and run the tools to protect their organizations’ data. But even though IT teams are the de facto security team in most places, do they have all the access to tools and technology they need? Not necessarily, according to recently completed (ISC)² research. The research suggests most organizations do not provide adequate resources for training and development, or enough people, to run security. Even worse, (ISC)²’s 2017 Global Information Security Workforce Study (GISWS) reveals the ability to defend against cyber attacks has declined over the past year. These are unsettling findings

By David Shearer, CISSP, CEO (ISC)²  Let's face it, there's still a fair amount of fear when it comes to the cloud, and I know firsthand people in Texas and Florida recently experienced some devastating weather that tests individuals' and organizations' resiliency. Natural disasters like Hurricane Harvey, Irma and others around the world can serve as a reminder that cybersecurity, IT/ICT and OT for that matter, need to work in complementary ways to ensure not only cybersecurity resiliency but business and mission fulfillment resiliency (i.e. Continuity of Operations). I break these areas out, because I frequently hear them discussed in stovepipe ways. That vertical versus horizontal view simply does not serve the endgame for the organizations we serve. I'm old enough