Protecting critical infrastructure and associated challenges was a recurring theme during (ISC)² Security Congress 2021, which took place virtually from Monday to Wednesday this week. It was the subject of various sessions and came up during a keynote session delivered by Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs said critical infrastructure needs to be hardened against foreign adversaries that might have an interest in disrupting it at some point. CISA and other agencies are working to come up with standards and practices for infrastructure security. And they are looking for input from the cybersecurity industry. One of the main challenges with securing critical infrastructure is the move to connect IT and operational technology (OT),

It’s October! And that can mean only one thing. It’s time to kick off the annual Cybersecurity Awareness Month, hosted by the National Cyber Security Alliance (NCSA) and the Cybersecurity & Infrastructure Security Agency (CISA). With remote work the new normal for most and ransomware attacks at peak fever pitch, there’s no time like now to learn about cybersecurity, or for those in the know, for a refresher on some of the common pitfalls to avoid in order to keep your data safe. In celebration of this month of best practices discovery, (ISC)² created a one-stop-shop to find helpful cybersecurity knowledge and tips. Throughout October we’ll be adding more links to new blog posts and research as they become available, so check

A very common complaint among information security professionals is lack of a budget to implement the best security tools. It may be true that recent newsworthy security events have increased many budgets, yet it never seems like enough.  In many ways, this is true. It is like the difference between the base-model automobile, and the fully equipped model. What easier way is there to grant a system the authority to operate than with the most robust budget imaginable? Yes, it is nice to have all the flashing lights and automated features, but that is not always what is needed to truly meet the requirements. There are many low-cost, and often free aspects of a security program that, if overlooked, can

Are you looking for a space to connect with your peers in the cybersecurity industry? (ISC)² Community connects you to a global network of cybersecurity professionals through an interactive and engaging platform. Community offers members and non-members an opportunity to share insights on the latest cybersecurity trends, ask questions, share knowledge, or voice opinions.  Community welcomes all levels of experience to weighing in on the current topics and trending conversations through public discussion or private chats. Users can subscribe to popular threads based on interests such as cloud security, privacy, tech talk, career, and more.   Community Groups encourage engagement through all stages of your career. For those just beginning, study groups for each certification allow candidates to discuss and meet for exam tips and practice items. Upon

The Language of Profit and Loss Security professionals spend a lot of time honing their area of expertise. Your strength could be in packet analysis, or programming…maybe you are at your best in the realm of security engineering, or pentesting. Or, you may have the best technical skills, but when it comes to obtaining a budget for a project or a new security tool, you need to understand and explain the difference between likelihood, and probability. Why is this important? This is important because the language of business is based on profits and loss, and that component is key to your progress. How can you describe the need for a new security initiative that makes the point to the people