Earlier this year, we announced an upcoming update to the Certified Authorization Professional (CAP) certification. This (ISC)² certification exam will be updating on August 15, 2021. During the last Job Task Analysis (JTA), the decision was made to expand the CAP to reflect the more diverse day to day work of professionals who were earning the certification. What started built primarily for U.S. government professionals using the Risk Management Framework (RMF) has now expanded to professionals working in the private sector and or organizations around the world. We spoke with the Content Development Manager here at (ISC)², Toni Hahn, about these changes. Toni – who holds both the CISSP and CAP certifications – oversees a team of certified content experts

The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security is still one of the last priorities on many developers’ minds during the software development lifecycle. Vulnerable Apps Increase Cyber Threats Despite that the 2020 Verizon Data Breach Investigations Report indicates that most data breaches happen through vulnerable web applications, many developers are still hesitant to adopt a security mindset. Even though the news headlines are filled with the names of companies being compromised every day, they make the mistake of thinking it could not happen to them. Many software developers do not typically worry about

Is There Ever Too Much Data? As a security practitioner, you know that businesses are fuelled not only by people but by data. Years ago, the phrase “Big Data” was a new, innovative way to gain a business advantage. Now, big data is the norm. When we think of all the data that has been gathered, we must stop and wonder about what is contained in that data. Many important, and often private details are stored about the clients of a particular business. Over time, it became clear that this data, if obtained by criminals, could be damaging to an individual. Personally Identifiable Information (PII), Protected Health Information (PHI), private financial records, and a selection of other sensitive data hold

Clar Rosso, (ISC)² CEO and Casey Marks, Chief Product Officer and VP, (ISC)² recently hosted the latest in our new Inside (ISC)² webinar series, a quarterly series designed to give members a glimpse of the latest developments from inside the association, as well as an opportunity to ask questions. The March 23 session included milestones from the first quarter, as well as a deep dive into (ISC)²'s process for developing exams and certifications. Q1 Recap Rosso kicked off the discussion with a recap of the association’s response to the pandemic, and its transition to online learning. Recognizing that 2021 still means travel restrictions for most people, (ISC)² is increasing its free online courses and increasing its webinar program by 40%,

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)2 has launched a series of interviews to explore where CISSP certification has led security professionals. Last time we spoke to Chris Clinton. This installment features Mari Aoba, a security analyst at Japan Security Operation Center. What job do you do today? I work as a security analyst at Japan Security Operation Center (JSOC) in LAC. JSOC provides Managed Security Service to over