(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline (or exam blueprint) of its certification examinations. A JTA is the methodical process used to determine tasks that are performed by certification holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested. The existing exam blueprint for ISSMP will be reviewed soon. In preparation for the upcoming review, we would like to hear from our ISSMP members who are participating in this forum/community to comment on the new and emerging cybersecurity issues that should be addressed but are not covered in the current ISSMP Examination Outline. This

Tricky Business Software development is a tricky business. When you think of all that can go wrong, the possibilities can be overwhelming. From coding errors, to borrowed libraries, to myriad other causes, the need for testing is fundamental to the development process. Testing can uncover many of the errors or oversights that can occur. Failure to effectively test prior to release can be very costly. Fortunately, the software security lifecycle includes testing methodologies to prevent many of these errors. As a security professional, understanding testing techniques is an extremely important job responsibility. If you are on the technical side of information security, you may be conducting the tests yourself. One way that an employer can ensure that they have a

The Language of Profit and Loss Security professionals spend a lot of time honing their area of expertise. Your strength could be in packet analysis, or programming…maybe you are at your best in the realm of security engineering, or pentesting. Or, you may have the best technical skills, but when it comes to obtaining a budget for a project or a new security tool, you need to understand and explain the difference between likelihood, and probability. Why is this important? This is important because the language of business is based on profits and loss, and that component is key to your progress. How can you describe the need for a new security initiative that makes the point to the people

Should you adopt the default security configuration from your Cloud Service Provider to avoid a misconfiguration incident? If you do, proceed with caution. Some default settings may not be required in your environment and would serve the organization better if they were disabled. As part of a complete cloud security strategy, all settings must be checked against an established hardening standard. CSPs deliver a platform and the tools to manage it. Yet ultimately, it isn’t the responsibility of the CSP to secure your environment. It’s yours. READ THE ARTICLE  

The Power of Positive Thinking Remember the early days of software programming? There were stories about the solitary programmer, toiling late into the night, (and into the next days and nights), working until the creation was complete. These images were corroborated by people such as Shawn Fanning, the creator of Napster, and Mark Zuckerberg, the creator of Facebook. They had more than a mission; they had a vision, and unceasing motivation. Software development has come a long way from those “lone wolf” days. The alumni of those early days have gone on to greater tasks. While the motivation to create a great software product has not waned, it has become more formalized and legitimized. Motivation became married to discipline. Within