http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2016-04-25 22:49:44 - ISC 2 Blog : Security professionals know that their skills are in demand Employers looking to fill security roles are looking for candidates to differentiate themselves and stand out Increasingly certification plays a critical role in that process and helps signal to employers that candidates have the knowledge and experience to fill key roles I am happy to introduce a new feature for ISC certified members to help broadcast their certification achievements ISC has partnered with an organization called Acclaim, a subsidiary of Pearson VUE, to enable verifiable digital representations of our certifications When members accept the digital badge from Acclaim they can broadcast http://www.secuobs.com/revue/news/604658.shtmlhttp://www.secuobs.com/revue/news/604658.shtml Secuobs.com : 2016-04-07 18:18:02 - ISC 2 Blog - Many of you will know that ISC ² is hosting a major event this month in downtown Tampa, Florida and I m sure that you ve also heard the phrases ISO and SC27 But what does this all mean ISO is the International Standards Organisation, set up in 1947, which oversees the creation, publication and maintenance of standards covering everything from acid-free paper to quality management systems, smart cities to information, and cybersecurity ISO has committees of experts drawn from around the world who volunteer their time and share their knowledge to create and maintain standards Each committee has http://www.secuobs.com/revue/news/603140.shtmlhttp://www.secuobs.com/revue/news/603140.shtml Secuobs.com : 2016-04-05 22:34:59 - ISC 2 Blog - There was an old practice at my previous workplace that they asked the employees to post their recently attained industry certifications on a board in a common area where everyone can share one s happiness of getting a new certification Gradually, the board becomes the Hall of Fame in the office That was the first time I saw the actual CISSP certificate During my university days, my major subject was in Voice over IP Since VoIP is an application running on the Internet, it also inherits a lot of Internet security issues Ever since then, I was fascinated by the world http://www.secuobs.com/revue/news/602933.shtmlhttp://www.secuobs.com/revue/news/602933.shtml Secuobs.com : 2016-04-01 16:13:14 - ISC 2 Blog - Security professionals know that their skills are in demand Employers looking to fill security roles are looking for candidates to differentiate themselves and stand out Increasingly certification plays a critical role in that process and helps signal to employers that candidates have the knowledge and experience to fill key roles I am happy to introduce a new feature for ISC ² certified members to help broadcast their certification achievements ISC ² has partnered with an organization called Acclaim, a subsidiary of Pearson VUE, to enable verifiable digital representations of our certifications When members accept the digital badge from Acclaim they can broadcast http://www.secuobs.com/revue/news/602672.shtmlhttp://www.secuobs.com/revue/news/602672.shtml Secuobs.com : 2016-03-25 04:49:32 - ISC 2 Blog - During this exciting time of technological advancements, when there is an app for every facet of our lives, from letting you know the right time to take a bathroom break during a movie to how to build a space shuttle, why am I continually disappointed We have become a generation addicted to our apps and having the latest and greatest technologies, but that comes with a steep price We have to continually ask ourselves with every purchase and click, what is my data and privacy worth if and when it is leaked, breached or stolen George Santayana wrote Those who http://www.secuobs.com/revue/news/602028.shtmlhttp://www.secuobs.com/revue/news/602028.shtml Secuobs.com : 2016-03-23 14:52:15 - ISC 2 Blog - Devon Bryan, an ISC 2 member for nearly 20 years, is receiving a distinguished Federal Computer Week Federal 100 Award this year The award recognizes 100 US government and industry leaders who have played pivotal roles in the federal government IT community individuals who have gone above and beyond their daily responsibilities and have made a difference in the way technology has transformed their agency or accelerated their agency's mission Devon and the other winners will be honored at a gala ceremony on April 7 Devon served in the United States Air Force as a Lead Network Engineer for 11 years After http://www.secuobs.com/revue/news/601846.shtmlhttp://www.secuobs.com/revue/news/601846.shtml Secuobs.com : 2016-03-14 17:48:31 - ISC 2 Blog - Translated from Spanish The use of tools in the cloud and hybrid cloud have reduced business costs and stimulated unprecedented growth in adoption rates worldwide Several studies show that the cloud is here to stay which makes it important to analyze the most efficient ways to control and reduce risks, such as threats of invasion, attacks, leakage of sensitive information and unavailability of services Cloud security is one of the main concerns of IT managers In addition, the Cloud Security Alliance CSA reveals that only 16 percent of organizations have fully implemented policies and controls around using the cloud The http://www.secuobs.com/revue/news/601016.shtmlhttp://www.secuobs.com/revue/news/601016.shtml Secuobs.com : 2016-03-11 22:16:57 - ISC 2 Blog - La utilización de herramientas en la nube y en la nube híbrida ha reducido los costos de las empresas de forma inédita y estimulado su crecimiento en todo el mundo Diversos estudios revelan que la nube ha llegado para quedarse, lo que torna importante el análisis de las medidas más eficientes para controlar y reducir riesgos, tales como amenazas de invasión, ataques, fuga de información sensible e indisponibilidad de servicios La seguridad en la nube es el principal motivo de preocupación de los gestores de TI en el mundo Las estimaciones indican que más del 70pourcents de ellos no confía http://www.secuobs.com/revue/news/600863.shtmlhttp://www.secuobs.com/revue/news/600863.shtml Secuobs.com : 2016-03-11 22:16:57 - ISC 2 Blog - A utilização de ferramentas na Nuvem e Nuvem Híbrida tem reduzido os custos das empresas de forma inédita, e estimulado o seu crescimento em todo o mundo Diversas pesquisas revelam que a Nuvem chegou para ficar, o que torna importante a análise das medidas mais eficientes para controlar e mitigar riscos, como ameaças de invasão, ataques, vazamento de informações sensíveis e indisponibilidades de serviços A segurança na Nuvem é o principal motivo de preocupação dos gestores de TI no mundo Estimativas indicam que mais de 70pourcents deles não confiam nas técnicas tradicionais de proteção dos dados Além disso, a Cloud http://www.secuobs.com/revue/news/600862.shtmlhttp://www.secuobs.com/revue/news/600862.shtml Secuobs.com : 2016-03-09 18:02:14 - ISC 2 Blog - Insider threats can be malicious but more commonly, they are accidental The weakest point in any security program is people They can have ill intent, they can also be manipulated or exploited, and they can simply make a mistake and email a spreadsheet full of client information to the wrong email address These types of incidents are real and happen every day They can lead to disastrous results on par with any major external cyberattack Traditionally, these threats are overlooked by most businesses as they are more concerned with the unknown malicious actor than the known staff member or business http://www.secuobs.com/revue/news/600607.shtmlhttp://www.secuobs.com/revue/news/600607.shtml Secuobs.com : 2016-03-03 19:06:47 - ISC 2 Blog - As chair of the ISC ² Bylaws committee, I want to provide clarification about the role of the ISC ² Board of Directors There seems to be ongoing confusion by some members about the role of the board, and I d like to clear up the confusion There are two documents that govern the responsibilities and activities of the organization the Articles of Association and the Bylaws The Bylaws clearly state The Board of Directors shall have the powers and duties of a board of directors pursuant to the laws of the Commonwealth of Massachusetts, and shall be responsible for the policy and http://www.secuobs.com/revue/news/600081.shtmlhttp://www.secuobs.com/revue/news/600081.shtml Secuobs.com : 2016-03-01 22:00:04 - ISC 2 Blog - The current stand-off between Apple and the FBI highlights a growing problem How do we balance privacy rights with the current patchwork of legislation that has failed to keep pace with the technological advances changing business and society For anyone following current events, the ongoing debate displays the need for comprehensive legislation Will Apple continue to defy the court order and, in essence, prevent the government from gaining information from a corporate owned device used by a dead terrorist Is the government prepared to set a precedent and force Apple and other companies to knowingly provide code to make it http://www.secuobs.com/revue/news/599832.shtmlhttp://www.secuobs.com/revue/news/599832.shtml Secuobs.com : 2016-02-23 15:53:19 - ISC 2 Blog - The 9th February 2016 was International Safer Internet Day when organisations across the world joined together to promote the safe and responsible use of digital technology for children The day also marked my 10 years of teaching the ISC ² Foundation s Safe and Secure Online lessons at schools across the United Kingdom To celebrate, I visited Robert Bloomfield Academy in the midlands area to speak to over 900, 9-13-year-old students about Internet safety Robert Bloomfield Academy has consistently been rated Outstanding by Ofsted UK regulators and specialises in Science Technology Engineering and Math STEM subjects, boasting a lot of hi-tech equipment http://www.secuobs.com/revue/news/599133.shtmlhttp://www.secuobs.com/revue/news/599133.shtml Secuobs.com : 2016-02-15 22:07:01 - ISC 2 Blog - Computers have always interested me because of their determinism They would perform perfectly if they were coded and built perfectly it is the imperfect coding and building of computers that leave them open to attack and further, why we must take on defensive roles to protect them I saw information security as a developing field where I could fill a void, become an expert and help shape the industry It also seemed cool to know how things could be broken and to prevent that from happening That s why I decided to study computer science at the National University of http://www.secuobs.com/revue/news/598365.shtmlhttp://www.secuobs.com/revue/news/598365.shtml Secuobs.com : 2016-02-10 15:37:13 - ISC 2 Blog - Yesterday marked a significant day in US government cybersecurity history and certainly for those of us in the profession the day that the White House announced its plan to hire a Chief Information Security Officer CISO For decades, we at ISC 2 have advocated for the voice of CISOs to be heard, for CISOs to be granted a seat at the executive table And yesterday, the Executive Office of the United States has put out the invitation for one of us to take part in executive decisions a validation of sorts for cybersecurity professionals who have spent their http://www.secuobs.com/revue/news/597883.shtmlhttp://www.secuobs.com/revue/news/597883.shtml Secuobs.com : 2016-01-20 17:11:20 - ISC 2 Blog - As 2016 begins, many people start setting professional development goals for the year With travel budgets often limiting the ability for professionals to attend in-person training and events, online webinars offer a convenient, cost effective way to learn Whether you re looking for ways to expand your knowledge by earning continuing professional education credits or you re searching for information on topic areas you re unfamiliar with, ISC ² Secure Webinars feature security experts from around the globe discussing today s best practices and challenges in cyber, information, software and infrastructure security In 2015, we offered a total of 42 webinars that s nearly one http://www.secuobs.com/revue/news/596057.shtmlhttp://www.secuobs.com/revue/news/596057.shtml Secuobs.com : 2016-01-05 15:15:09 - ISC 2 Blog - In US football, the terms next man up and do your job are often used as call to action mantras to spur a unified approach to consistency and sustained performance The ISC ² 2015 Global Information Security Workforce Study GISWS cites that out of the nearly 14,000 respondents, only six percent are under the age of 30 Coupled with the projected 15 million qualified next person up deficit between now and 2020, we have a global challenge to address the currently stretched thin workforce by ensuring future capabilities within the profession As the current aging workforce begins to retire, we also http://www.secuobs.com/revue/news/594848.shtmlhttp://www.secuobs.com/revue/news/594848.shtml Secuobs.com : 2015-12-31 17:18:06 - ISC 2 Blog - My brother is a retired Army Colonel who recently received a Canadian Meritorious Service Medal for his support of Canadian troops in Afghanistan This was naturally a source of pride for my family When I read the medal citation, a sentence jumped out at me Col Shearer s superb leadership was vital to operational success and helped preserve Canada s legacy in Afghanistan I read a lot, and I tend to parse out words that resonate with me like leadership, vital, operational success, preserve and legacy As we assess ourselves as cyber, information, software and infrastructure security professionals, we might ask if http://www.secuobs.com/revue/news/594605.shtmlhttp://www.secuobs.com/revue/news/594605.shtml Secuobs.com : 2015-12-09 17:45:45 - ISC 2 Blog - Lately, we ve seen news stories about cyberattacks on manufacturers of children s electronics, during which millions of parents and children s personal information, including photos of children, were stolen One incident involved over six million children s profiles worldwide, including almost three million from the US As an information security professional, we understand that in cyberspace, there will be casualties But, we have to do our best to minimize the casualties and most important of all, that they do not involve children After the latest breach incident at V Tech, we saw experts sharing their technical advice on what we can do as http://www.secuobs.com/revue/news/592632.shtmlhttp://www.secuobs.com/revue/news/592632.shtml Secuobs.com : 2015-11-11 21:34:41 - ISC 2 Blog - Academic institutions are under a lot of pressure to churn out as many cybersecurity graduates as possible who have skills they need to get to work right away and get us out of the skills crisis we re in According to Dr Jane LeClair, COO for ISC 2 Global Academic Program GAP member National Cybersecurity Institute at Excelsior College, however, transforming universities into training facilities is a dangerous move that fails to cultivate the creativity and critical thinking skills people need to be successful in the field Instead, she believes that combining education and certification is key to cultivating the future cybersecurity http://www.secuobs.com/revue/news/589813.shtmlhttp://www.secuobs.com/revue/news/589813.shtml Secuobs.com : 2015-11-04 17:15:54 - ISC 2 Blog - Application security continues to be a growing concern according to respondents of the latest ISC 2 2015 Global Information Security Workforce Study Consistent with the past two ISC ² studies in 2011 and 2013, application vulnerabilities and malware are at the top of the list These concerns are trending upward as 72 percent of survey respondents in the 2015 study selected this vulnerability and threat as either a top or high concern As mobile platforms increasingly become the choice for delivering services, applications on the mobile devices are also a top concern for information security professionals As more sensitive data and transaction http://www.secuobs.com/revue/news/589064.shtmlhttp://www.secuobs.com/revue/news/589064.shtml Secuobs.com : 2015-10-29 21:02:26 - ISC 2 Blog - As noted in our latest Global Information Security Workforce Study, the majority of security professionals 78 percent anticipate the greatest need for new hires at the entry-level in their organizations With a predicted shortage of 15 million global cybersecurity professionals by 2020, we must put efforts behind bringing more entrants into the industry It s one of my goals to bring more awareness to the Associate of ISC ² program, which is ideal for students, recent graduates just beginning their career journey, or those new to cyber, information, software and infrastructure security Many college graduates today have a difficult time finding employment http://www.secuobs.com/revue/news/588463.shtmlhttp://www.secuobs.com/revue/news/588463.shtml Secuobs.com : 2015-10-20 21:02:29 - ISC 2 Blog - Meet Donnie Grimes, ISC ² Global Academic Program GAP instructor and vice president of information systems and creator of the master s program in cybersecurity for the University of the Cumberlands Oh, and budding sound man When he s not teaching, Donnie works on sound engineering and mixing at live events He s also starting to learn about staging and lighting As a teacher, his favorite classroom moments are those times when he s able to witness students reactions as they realize they start to grasp a difficult concept He reflects, Seeing their faces light up and being a small part of contributing to a http://www.secuobs.com/revue/news/587418.shtmlhttp://www.secuobs.com/revue/news/587418.shtml Secuobs.com : 2015-10-16 20:23:45 - ISC 2 Blog - There are trends that have been on the industry s radar for a while now social, mobile, applications and cloud However, within the next year, we ll see more of an emphasis on one of the key underpinnings of these trends identity The issues with data management and security are often told and understood from an industry, business or sector perspective but society as a whole is still arguably not at a point where it is fully awake to these issues and how they directly affect individuals Next year, I believe we will begin to see people recognising the need to http://www.secuobs.com/revue/news/587028.shtmlhttp://www.secuobs.com/revue/news/587028.shtml Secuobs.com : 2015-10-14 00:04:15 - ISC 2 Blog - National Cybersecurity Awareness Month in October is the perfect time to reflect on what you re doing to overcome the cybersecurity skills shortage That s right you personally According to Dr Jane LeClair, COO for the National Cybersecurity Institute at Excelsior College, the cybersecurity skills shortage is everyone s problem, and we all have a responsibility to meet this need Dr LeClair believes that in order to shore up the workforce, it s essential to broaden the pool of candidates beyond typical populations such as the military and IT Dr LeClair sees cybersecurity awareness both its impact on our daily lives http://www.secuobs.com/revue/news/586624.shtmlhttp://www.secuobs.com/revue/news/586624.shtml Secuobs.com : 2015-10-08 17:11:25 - ISC 2 Blog - To ISC ² Members A few of you have contacted ISC ² with questions pertaining to the ISC ² board of directors election, specifically the petition process In an effort to provide transparency, we feel it is important to review how the petition process works Every member included on the slate goes through one of two processes First, slate candidates may be selected by the board nominations committee Second, the petition process whereby ISC ² members can nominate themselves or others through petitioning and providing 500 signatures of members in good standing When members submit a petition, ISC ² performs a thorough, detailed analysis to http://www.secuobs.com/revue/news/586108.shtmlhttp://www.secuobs.com/revue/news/586108.shtml Secuobs.com : 2015-10-02 16:21:12 - ISC 2 Blog - Encryption is a measure to enhance security because it can protect files and data It is important, but alone, it definitely doesn't make a system secure A system is as secure as its weakest component If the component resides behind the encryption layer which usually is the one where the data leaves or enters the system , then the Integrity and possibly Availability of the data is compromised, despite the fact that it is transferred encrypted And if this happens, the compromised data is going to be transmitted encrypted, so very secure, but nevertheless compromised http://www.secuobs.com/revue/news/585496.shtmlhttp://www.secuobs.com/revue/news/585496.shtml Secuobs.com : 2015-08-13 17:41:52 - ISC 2 Blog - For Donnie Grimes, ISC ² Global Academic Program GAP instructor and vice president of information systems and creator of the Master s program in cybersecurity for the University of the Cumberlands, based in Williamsburg, Kentucky, breaches know no boundaries and neither should cybersecurity education A GAP member since 2014, the University has historically served people from the Appalachia area and until 2014, had no cybersecurity offering Over the past 10-15 years, however, its sphere of influence has increased, with thriving graduate programs and students representing 58 different countries and most US states With a 40-year stint as a two-year school, Cumberlands http://www.secuobs.com/revue/news/580103.shtmlhttp://www.secuobs.com/revue/news/580103.shtml Secuobs.com : 2015-08-04 16:43:35 - ISC 2 Blog - To GAP instructor John Sands, the next generation is everything He has dedicated his career to teaching and creating programs that fill the cybersecurity education gap that persists today His work has propelled the cybersecurity field forward by decades In addition to his role as GAP instructor, Sands is also the department chair for Computer Integrated Technologies at Moraine Valley Community College and co-founder for the National Center for Systems Security and Information Assurance CSSIA , a GAP member since 2014 Early in his career, he recognized that schools and universities were lacking cybersecurity programs, let alone offering programs that could http://www.secuobs.com/revue/news/579313.shtmlhttp://www.secuobs.com/revue/news/579313.shtml Secuobs.com : 2015-07-13 15:30:10 - ISC 2 Blog - The fifth annual ISC ² Security Congress, proudly co-located with the 61st annual ASIS International Annual Seminar and Exhibits, is scheduled for September 28 through October 1 in Anaheim, California, USA We expect more than 19,000 information security and operational security professionals to join us, making this one of the largest and most unique conferences you will experience In honor of the fifth annual ISC ² Security Congress, here are five reasons this year's Security Congress is the ISC ² member event of the year Largest CPE Opportunity of the Year With so much to see and do at ISC ² Security Congress, there http://www.secuobs.com/revue/news/576879.shtmlhttp://www.secuobs.com/revue/news/576879.shtml Secuobs.com : 2015-07-08 20:20:56 - ISC 2 Blog - A few short years ago, cloud computing was considered a relatively new concept inherent with risks that many IT professionals weren t comfortable taking I ll avoid the debate about who coined the term cloud computing, but I m old enough to remember how we formerly referenced the cloud in telecommunications as a way to simplify and abstract the details of the external network that s connected to internal devices Today, the concept of cloud computing is intended to simplify communication by eliminating the need to know all of the specifics of the cloud provider s underlying software and infrastructure The cloud provides benefits to http://www.secuobs.com/revue/news/576504.shtmlhttp://www.secuobs.com/revue/news/576504.shtml Secuobs.com : 2015-06-30 18:47:42 - ISC 2 Blog - Commonplace to information security professionals, regulatory compliance does not necessarily guarantee security However, in a world rife with perpetual breaches and data loss, we hear more and more about the importance of regulatory compliance and IT governance, risk management and compliance or GRC for short For those folks who are required to abide by regulations such as HIPAA, SOX or PCI especially those who fall under multiple regulations , maintaining compliance can be cumbersome These requirements, in addition to normal information security duties, can be simply overwhelming for many of today s professionals This is one of many reasons why I was http://www.secuobs.com/revue/news/575885.shtmlhttp://www.secuobs.com/revue/news/575885.shtml Secuobs.com : 2015-06-25 22:19:56 - ISC 2 Blog - To provide insight into the positive strides the ISC 2 Global Academic Program GAP and its member schools are making in filling the pipeline for qualified professionals, we re going to highlight a different GAP school every other month The National Center for Systems Security and Information Assurance CSSIA , one of the country s first comprehensive Centers for Advanced Technology Education, became a GAP member school in 2014 CSSIA has four goals focused on innovation in cybersecurity education Expanding and enhancing cyber security curriculum labs, skills events and competitions Building a national infrastructure of qualified cybersecurity educators Developing national infrastructure remote virtualization lab http://www.secuobs.com/revue/news/575497.shtmlhttp://www.secuobs.com/revue/news/575497.shtml Secuobs.com : 2015-06-17 21:20:24 - ISC 2 Blog - Facebook, Twitter, Tumblr, Down, Instagram, Snapchat It seems like every day there s a new app available for children to connect with friends and strangers online According to McAfee s Digital Deception Study 2013, only 20 percent of parents say they know how to find out what their child is doing online And nearly 70 percent of the study s respondents ages 10-23 take some measure to hide their online behavior from their parents With so many new apps and social platforms springing up, it can be difficult for parents to monitor their children s online activities It can be especially difficult when children http://www.secuobs.com/revue/news/574431.shtmlhttp://www.secuobs.com/revue/news/574431.shtml Secuobs.com : 2015-05-29 18:23:24 - ISC 2 Blog - Whenever we look toward the future, we have to first look back and think about where we came from Back in 1989, ISC ² was established by a handful of passionate volunteers who wanted to create a set of standards for a newer concept, not yet a full-fledged career field, called information security In the minds of these volunteers, having the initial 500 applicants sign up to take the Certified Information Systems Security Professional CISSP was considered quite a success Little did they imagine that 26 years later, not only would those 500 applicants grow to a cadre of 100,000 CISSP http://www.secuobs.com/revue/news/572412.shtmlhttp://www.secuobs.com/revue/news/572412.shtml Secuobs.com : 2015-05-22 19:10:04 - ISC 2 Blog - If this breach follows the pattern of other health IT breaches as of late, then this type of intrusion at CareFirst wouldn t be considered particularly difficult for an advanced team of malicious actors The main objective would be to steal a set or multiple sets of user credentials A juicy target would be an administrator or super user with high levels of access This could be done using malware from a spear phishing attack or a watering hole attack From there, the bad actors would actually be using legitimate user credentials to steal the data for which they are looking http://www.secuobs.com/revue/news/571716.shtmlhttp://www.secuobs.com/revue/news/571716.shtml Secuobs.com : 2015-05-21 22:23:12 - ISC 2 Blog - ISC 2 GAP Instructors bring a wealth of experience, wisdom and inspiration to students worldwide They are the heartbeat of the program and have helped ISC 2 become the world leader in cybersecurity education They are helping us fulfill our mission to enhance the cybersecurity workforce through education and certification, one student at a time But what makes them tick What drives them to give so much back to the profession What do they do when they re not teaching To give you a glimpse into their world and into the impact they re having on the next generation, we re going to profile a http://www.secuobs.com/revue/news/571575.shtmlhttp://www.secuobs.com/revue/news/571575.shtml Secuobs.com : 2015-05-19 22:38:46 - ISC 2 Blog - The US Department of Defense DoD just released its new cybersecurity strategy report for 2015 This strategy sets five strategic goals 1 Build and maintain ready forces and capabilities to conduct cyberspace operations 2 Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions 3 Be prepared to defend the US homeland and US vital interests from disruptive or destructive cyberattacks of significant consequence 4 Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages and 5 Build and maintain robust http://www.secuobs.com/revue/news/571272.shtmlhttp://www.secuobs.com/revue/news/571272.shtml Secuobs.com : 2015-04-19 04:04:24 - ISC 2 Blog - How can there be a workforce shortage in information security if global professionals are reporting rising salaries, increased budgets, high job satisfaction rates and low changes in employment status The results of the seventh ISC ² Global Information Security Workforce Study GISWS conducted by Frost Sullivan for the ISC ² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world The analysts from Frost http://www.secuobs.com/revue/news/567714.shtmlhttp://www.secuobs.com/revue/news/567714.shtml Secuobs.com : 2015-04-15 23:33:15 - ISC 2 Blog - Don't miss the speaking sessions at next week's RSA Conference by members of the ISC ² Board of Directors, Executive and Management Teams, ISC ² Foundation, the ISC ² Application Security Advisory Council and North America Advisory Council Follow the discussions around some of these sessions on Twitter ISC2 and RSAC and Facebook isc2fb Also, don't forget to stop by our booth - 108 109 Monday, April 20 Session Title Status of the Industry 2015 Global Information Security Workforce Study 9 00 am-9 50 am West Room 3022 Status of the Industry 2015 Global Information Security Workforce Study - See more at https wwwrsaconferencecom events us15 agenda sessions 1803 status-of-the-industry-2015-global-information sthashcs86ZeGKdpuf Status of the http://www.secuobs.com/revue/news/567538.shtmlhttp://www.secuobs.com/revue/news/567538.shtml Secuobs.com : 2015-04-08 18:40:54 - ISC 2 Blog - There is a well-documented, widely recognized shortage of information security professionals From our own most recent Global Information Security Workforce Study i , 56pourcents of 12,000 respondents from around the globe believe there is a workforce shortage In November of last year, a special Parliamentary Select Committee in the United Kingdom s House of Lords reported that we re facing a global shortage of no less than two million cybersecurity professionals 2 by the year 2017 And in 2013, a US Government Accountability Office GAO report stated that the vacancy rate of the DHS s National Protection and Programs Directorate s Office of Cybersecurity and Communications was http://www.secuobs.com/revue/news/566549.shtmlhttp://www.secuobs.com/revue/news/566549.shtml Secuobs.com : 2015-03-22 23:00:34 - ISC 2 Blog - It is no secret that the cyber criminals are where the money are If the targets are easy to breach, it is even better since this improves the ratio effort outcome for them Usually, small to medium size companies are preferred targets because they fit in this category they do have money, more than the private users, and are very easy to infiltrate The tips below help these companies not only to survive in the cyber world, but also keep the attackers away http://www.secuobs.com/revue/news/564430.shtmlhttp://www.secuobs.com/revue/news/564430.shtml Secuobs.com : 2015-03-18 15:22:53 - ISC 2 Blog - Those of us within the information security industry have known for some time that the healthcare industry was going to be a prime target for these types of attacks Unfortunately, we re likely to continue to see more of these breaches as the healthcare industry scrambles to improve its information security posture I think we re all concerned about the broad implications of these breaches regarding potential fraud, identity theft and the other strategies criminals use to monetize healthcare information -David Shearer, CISSP, PMP, Executive Director, ISC ² As the hacking assault on medical providers continues, a long-time penetration of Premera Blue Cross http://www.secuobs.com/revue/news/563921.shtmlhttp://www.secuobs.com/revue/news/563921.shtml Secuobs.com : 2015-03-16 14:53:45 - ISC 2 Blog - ISC ² members now have a new tool to help corral vulnerabilities and published threats found throughout the Internet Vulnerability Central is powered by Cytenna's tool, ThreatRank, and is the first module of a larger Security Central portal New modules are scheduled for release throughout the coming years With this new online tool, system administrators and other information security professionals can -Check in to see the latest vulnerabilities and threat reports in one place -Receive early notification of vulnerabilities to be better prepared to respond -Research and prioritize detailed vulnerabilities, which are categorized based on criticality -Filter vulnerabilities based on the http://www.secuobs.com/revue/news/563581.shtmlhttp://www.secuobs.com/revue/news/563581.shtml Secuobs.com : 2015-03-12 19:55:50 - ISC 2 Blog - As a smaller organization, we balance building out more internal and robust IT infrastructure versus utilizing cloud services to fulfill those needs More infrastructure also means more personnel and overhead, and we weigh that against cost to determine the value of cloud services to our organization We then balance whether or not the IT service we are thinking of moving to the cloud is a core or unique service to our business versus merely a commodity Moving commodity services to the cloud, particularly to those providers with highly evolved and transparent security models, are particularly attractive to ISC ² The freedom http://www.secuobs.com/revue/news/563229.shtmlhttp://www.secuobs.com/revue/news/563229.shtml Secuobs.com : 2015-03-03 19:13:05 - ISC 2 Blog - With security attacks dominating news headlines, it s no secret that global cybersecurity professionals are in high demand According to the ISC ² 2013 Global Information Security Workforce Study, two out of three C-level respondents reported security staff shortages The lack of skilled and qualified information security professionals is having a negative economic impact, with 56pourcents of respondents saying the staffing shortage is causing a huge impact on their organizations The call to action is clear We need a global call to arms within academia to develop enough talent to fulfill this critical industry need I ve certainly heard the call loud and http://www.secuobs.com/revue/news/561973.shtmlhttp://www.secuobs.com/revue/news/561973.shtml Secuobs.com : 2015-02-18 19:32:45 - ISC 2 Blog - As the new executive director for ISC ², one of my most critical goals is to be a global ambassador for our membership Recently, the US White House proposed reforms to the Computer Fraud and Abuse Act CFAA of 1986, which aim to prosecute those who exceed authorized access to online networks If this proposal is enacted by law, it could make it more difficult for cybersecurity practitioners to perform their jobs to defend their organizations against malicious threats Many ISC ² members, with a high degree of professionalism and ethics, use tools that could fall under such prosecution for penetration testing http://www.secuobs.com/revue/news/560095.shtmlhttp://www.secuobs.com/revue/news/560095.shtml Secuobs.com : 2015-02-13 12:51:48 - ISC 2 Blog - Characteristics that make a security practitioner an expert in his field Advanced theoretical knowledge proven by international certifications Practical experience in applying security Ability to communicate with all levels, according to their level of understanding, from board level to end-user Ability to find solutions which are not in books and prioritize them Ability to view the risks beyond the obvious and act upon - be proactive and not reactive Ability to choose a solution which represents a fair trade-off between security and usability http://www.secuobs.com/revue/news/559463.shtmlhttp://www.secuobs.com/revue/news/559463.shtml Secuobs.com : 2015-02-10 19:47:05 - ISC 2 Blog - Protecting children from online dangers is no easy task for parents today There is no shortage of research offering insight into the concerns In the US, Internet filtering software company Covenant Eyes tells us that 54pourcents of girls are friends on social networks with someone they have never met in person And, 74pourcents of children have been contacted by a stranger online Another study released today by the UK Safer Internet Centre, takes a look at the huge role that technology plays in supporting young people s friendships, with 55pourcents of the 150 11-to 16-year-olds who participated in their online survey http://www.secuobs.com/revue/news/558915.shtmlhttp://www.secuobs.com/revue/news/558915.shtml Secuobs.com : 2015-02-05 19:57:20 - ISC 2 Blog - The impact of an identity breach is potentially more dangerous and harmful than that of a credit card breach Credit card breaches are quickly mitigated by issuing a new card and account number a routine process for card-issuing banks Even with massive credit card breaches, actual credit card fraud is low because banks are so adept at responding Identity attacks, such as the one on Anthem, will likely have a longer lasting and more devastating impact The disclosure of Social Security numbers and other data points such as income, employment status and birth dates allow attackers to sell this http://www.secuobs.com/revue/news/558268.shtmlhttp://www.secuobs.com/revue/news/558268.shtml Secuobs.com : 2015-01-15 15:38:55 - ISC 2 Blog - Over our 26-year history, ISC ² has earned a reputation for providing gold standard information security credentials Maintaining the relevancy of those credentials amidst the changes in technology and the evolving threat landscape occurring in this industry is a core strategy upon which this organization was built As a result of a rigorous, methodical process that ISC ² follows to routinely update its credential exams, I m pleased to announce that enhancements will be made to both the Certified Information Systems Security Professional CISSP and Systems Security Certified Practitioner SSCP credentials, beginning April 15, 2015 We conduct this process on a regular basis http://www.secuobs.com/revue/news/554814.shtmlhttp://www.secuobs.com/revue/news/554814.shtml Secuobs.com : 2015-01-14 19:15:08 - ISC 2 Blog - This proposal is a good start, but as always, the devil is in the details Implementing this legislation would require both planning and the right people in place to execute First, we need to consider how the term breach is defined ie, what would need to happen to require notification If breached data is encrypted, would that require notification Note that most states currently have some form of encryption exemption in their data breach laws Second, the notification should be submitted in such a way so that the information is useful and doesn t result in a backlog which would http://www.secuobs.com/revue/news/554649.shtmlhttp://www.secuobs.com/revue/news/554649.shtml Secuobs.com : 2015-01-08 18:14:23 - ISC 2 Blog - Beginning this month, ISC ² has a new annual continuing professional education CPE policy, which requires members to earn an equal number of CPEs each year within a three-year certification renewal period This policy was updated to help our members remain current on their CPEs on an annual basis, therefore, making the comprehensive three-year certification renewal process easier for them to manage We have experienced situations where many members found themselves significantly lacking CPEs during the last year of their cycles The new policy will apply to all new certification cycles starting on or after January 1, 2015 Continuing education is http://www.secuobs.com/revue/news/553659.shtmlhttp://www.secuobs.com/revue/news/553659.shtml Secuobs.com : 2015-01-05 15:15:18 - ISC 2 Blog - I m pleased to start off 2015 as the new ISC ² executive director As someone who has been entrusted with information security responsibilities throughout my career, I welcome the opportunity to speak out about the challenges we face on behalf of those working to keep our cyber world safe During my past two years as COO at ISC ², I ve seen the organization make positive strides toward establishing a member focus however, this is a sustained commitment with more work to be done I want to build on the momentum of our successes while continuing to evaluate areas that we need to http://www.secuobs.com/revue/news/553066.shtmlhttp://www.secuobs.com/revue/news/553066.shtml Secuobs.com : 2014-12-11 17:21:01 - ISC 2 Blog - As security professionals, we look back at 2014 with a sense of frustration that we are facing major security breaches in the news daily This year has been our most challenging yet The world is now well aware that no single industry is immune to cybersecurity attacks from retailers to financial institutions to hospitals and governments In fact, PricewaterhouseCoopers s 2015 The Global State of Information Security Survey found that the total number of security incidents detected by respondents climbed to 428 million this year, an increase of 48pourcents over 2013 Next year will certainly be riddled with challenges as http://www.secuobs.com/revue/news/549725.shtmlhttp://www.secuobs.com/revue/news/549725.shtml Secuobs.com : 2014-12-09 21:28:30 - ISC 2 Blog - The recent attack on Sony Pictures illustrates just how impactful a breach can be, and it will not be the last of its kind While there are minimal concrete root causes known about the Sony attack, we can infer from the extent of the breach that practices and controls surrounding information access, desktop security, and network intrusion monitoring and prevention will be in the crosshairs While defense and banking have held a 'do or die' approach to security for decades, many other organizations have passively entered an era where the means to destroy billions in shareholder value sits on central http://www.secuobs.com/revue/news/549279.shtmlhttp://www.secuobs.com/revue/news/549279.shtml Secuobs.com : 2014-12-04 14:34:47 - ISC 2 Blog - This is a bittersweet announcement to let you know I will be retiring from my role as ISC 2 executive director at the end of 2014 I have always embraced change and, as a result, I am fortunate to have enjoyable, wide-ranging life experiences Working at ISC 2 has been the highlight of my career I consider our 100,000 members, the staff and board members, past and present, a part of my extended family Over my six-and-a-half-year tenure, the organization has grown to more than 100,000 members worldwide introduced three new certifications and subsequent education programs established a non-profit Foundation moved from http://www.secuobs.com/revue/news/548486.shtmlhttp://www.secuobs.com/revue/news/548486.shtml Secuobs.com : 2014-12-03 16:27:27 - ISC 2 Blog - In our digitally-driven world, it s crucial to have a current understanding of the evolving risks and responsibilities that information security professionals face The ISC 2 Global Information Security Workforce Study GISWS is the only research available that truly offers a detailed picture of how the global cybersecurity professional is changing and driving other business factors A respected industry benchmark referenced by governments, employers, professionals, and industry stakeholders around the world for more than 10 years, this ongoing research provides much needed insight into current cybersecurity opportunities and trends experienced first-hand The study covers pay scales, skills and training requirements, hiring practices, http://www.secuobs.com/revue/news/548322.shtmlhttp://www.secuobs.com/revue/news/548322.shtml Secuobs.com : 2014-11-26 02:55:36 - ISC 2 Blog - Your vote counts How ISC ² members drive the direction of the organization In a recent election, the outcome was determined by a mere seven votes If you think your vote doesn t matter, think again You have five days left to participate in the ISC ² Board of Directors elections, and with less than a week, we d like to remind you why your vote counts, and why your voice is vital What does your current Board of Directors think about elections The nomination and election process is one of the most significant tasks we have each year, notes board member Jennifer Minella http://www.secuobs.com/revue/news/547289.shtmlhttp://www.secuobs.com/revue/news/547289.shtml Secuobs.com : 2014-11-10 23:18:37 - ISC 2 Blog - Unfortunately, this breach is just the latest in a series of incidents that have targeted the US government It seems this particular incident revealed information on individuals that could lead to targeted spear-phishing attacks towards USPS employees All of us need to be aware of potential phishing schemes, but in this particular case, USPS employees should be on the lookout for any suspicious email that would serve as a mechanism to extract additional information such as USPS intellectual property, credit card information and other types of sensitive data -Dan Waddell, CISSP, CAP, Director of Government Affairs, ISC ² It seems as http://www.secuobs.com/revue/news/544700.shtmlhttp://www.secuobs.com/revue/news/544700.shtml Secuobs.com : 2014-11-05 22:57:39 - ISC 2 Blog - There are recent reports of widespread cheating on certification exams in China, South Korea, and a few other countries As a CISSP-ISSEP and CAP, nothing is more important to me professionally or personally than my ISC ² credentials I am proud of the credentials that I worked very hard to achieve And, I stand with more than 100,000 others worldwide who are certified by ISC ² and recognize that certification is a privilege that must be legitimately earned and maintained During ISC ² s 25 year history, candidates and members from around the world have looked to ISC ² to deliver the highest caliber exams http://www.secuobs.com/revue/news/543973.shtmlhttp://www.secuobs.com/revue/news/543973.shtml Secuobs.com : 2014-10-31 19:47:58 - ISC 2 Blog - To celebrate the 11th annual National Cyber Security Awareness Month NCSAM , ISC ² has released its fifth and final set of tips by its Application Security Advisory Council tips for more secure software Make sure your business functionality maps to a security plan ie, security is built-in, not bolted-on Design your software with the future in mind, not just of the now ie, it is adaptable to talent-, technological- and threat- changes Don t develop your software if your modus operandi is, You start coding, I will go find out what they want This is not agile programming -Mano Paul, CISSP, CSSLP, http://www.secuobs.com/revue/news/543390.shtmlhttp://www.secuobs.com/revue/news/543390.shtml Secuobs.com : 2014-10-30 17:45:52 - ISC 2 Blog - To celebrate the 11th annual National Cyber Security Awareness Month NCSAM , ISC ² has released its fourth set of tips by security experts cybersecurity tips for Chief Executive Officers CEOs Two-factor authentication something you have, know, or are has become very important for system access Passwords alone just do not cut it anymore This is extremely important as we see the rapid rise in financial transactions, particularly on mobile devices Ask your bank if two-factor authentication is available and if not, get another bank that does Credit card companies and online retailers are close behind They are not going to cover http://www.secuobs.com/revue/news/543232.shtmlhttp://www.secuobs.com/revue/news/543232.shtml Secuobs.com : 2014-10-29 21:41:49 - ISC 2 Blog - A Message from the Board Communications Committee on Board Elections This year the ISC ² Board of Directors election process emerges after a massive year-long facelift Through the recommendations of last year s Board of Directors and the tenacity of the ISC ² Management team, this year marks an unprecedented shift as the organization adjusts election processes based on member feedback We really try to be problem-solvers, and with our emphasis on member service, making sure we aligned the election process to meet the changing demands of our membership was paramount this year You asked, we listened, and we have some exciting changes http://www.secuobs.com/revue/news/543080.shtmlhttp://www.secuobs.com/revue/news/543080.shtml Secuobs.com : 2014-10-23 22:50:06 - ISC 2 Blog - By ISC ² Board Chair Wim Remes and ISC ² Executive Director Hord Tipton When it comes to information security credentials, ISC ² believes in the absolute requirement for experience and this is a factor that leads to our organization often being referred to as the Gold Standard We are distinguished amongst certifying bodies because we stress the value of collaboration, experience, and continuous learning to both the ISC ² membership and information security industry at large And we don t grandfather While the value of education is obviously crucial in our field, or really any industry for that matter, only so much information can http://www.secuobs.com/revue/news/542405.shtmlhttp://www.secuobs.com/revue/news/542405.shtml Secuobs.com : 2014-10-21 17:47:01 - ISC 2 Blog - To celebrate the 11th annual National Cyber Security Awareness Month NCSAM , ISC ² has released its third set of tips by security experts cybersecurity tips for home owners Whatever browser you use Chrome is best , make sure you are using the site evaluation tools available to help identify safe not-so-safe sites With this, you get a color-coded rating of the site before you visit You can also establish secure connections on most sites automatically through add-ons and extensions Don t advertise your router address name SSID Set it to hide Use WPA2 security protocol Most all routers now support it Use a password http://www.secuobs.com/revue/news/541819.shtmlhttp://www.secuobs.com/revue/news/541819.shtml Secuobs.com : 2014-10-20 17:05:45 - ISC 2 Blog - In our digitally-driven world, it s crucial to have a current understanding of the evolving risks and responsibilities that information security professionals face The ISC 2 Global Information Security Workforce Study GISWS is the only research available that truly offers a detailed picture of how the global cybersecurity professional is changing and driving other business factors A respected industry benchmark referenced by governments, employers, professionals, and industry stakeholders around the world for more than 10 years, this ongoing research provides much needed insight into current cybersecurity opportunities and trends experienced first-hand The study covers pay scales, skills and training requirements, hiring practices, http://www.secuobs.com/revue/news/541473.shtmlhttp://www.secuobs.com/revue/news/541473.shtml Secuobs.com : 2014-10-08 17:59:22 - ISC 2 Blog - The revelation that hackers were able to use widely-known vulnerabilities to burrow deep inside JP Morgan s computer systems-compromising some 76 million household accounts and 7 million small firms- shows that software with very basic flaws is still in widespread use at corporations, providing an easy route for experienced and amateur hackers What is even more disturbing is that, with so many basic flaws in commonly-used software, this attack may just be a reconnaissance mission to prepare the ground for much worse future attacks We now know the hackers gained a comprehensive A-Z of the apps and programmes that run on http://www.secuobs.com/revue/news/539155.shtmlhttp://www.secuobs.com/revue/news/539155.shtml Secuobs.com : 2014-09-26 22:18:18 - ISC 2 Blog - Shellshock will be a test of business resolve to prioritise security So much of the data breaches that make headlines today can be traced to old or known vulnerabilities that have not been addressed Now that shell shock has been revealed, and the door has been thrown open, it will be interesting to see if companies take action It is clear that the potential exposure is significant Linux underpins the majority of webservers, network routers and Apple s MAC PCs running OS X It is not clear, however, whether there has been any loss through successful exploitation of the flaw I http://www.secuobs.com/revue/news/537085.shtmlhttp://www.secuobs.com/revue/news/537085.shtml Secuobs.com : 2014-09-24 17:28:47 - ISC 2 Blog - XSS or cross site scripting is a prolific vulnerability and has been on the Open Web Application Security Project s Top 10 most exploited vulnerabilities for at least five years now The threat is very common and incredibly easy for users to fall victim to In the OWASP s words, we can t afford to tolerate relatively simple security issues like this, especially for a company as massive as eBay Fortunately the methods and remedies to reduce the threat of XSS are well-known and are readily available Unfortunately, the development community are not recognising the need to deploy them Developers need to http://www.secuobs.com/revue/news/536637.shtmlhttp://www.secuobs.com/revue/news/536637.shtml Secuobs.com : 2014-09-10 17:48:52 - ISC 2 Blog - I spent 25 years in the Washington, DC area, and during that time I became a National Public Radio junkie I guess I still am I recently listened to a report on a comprehensive study about how people in the workplace react to the news about a coworker that s been diagnosed with breast cancer i The results of the study shocked me The worse the diagnoses and the closer employees physically worked to the diagnosed coworker, the less likely those working in close proximity were to seek cancer screening Similarly, as the conversation about the complexities, costs, and potential breaches is http://www.secuobs.com/revue/news/534255.shtmlhttp://www.secuobs.com/revue/news/534255.shtml Secuobs.com : 2014-09-03 21:55:14 - ISC 2 Blog - Consumers with a Home Depot credit account should log in to their account, change their password, and check the Account Activity section for any suspicious transactions They should also verify that their account communication preferences email address, cell phone number for SMS, etc are on file and accurate Home Depot and other online retailers should augment their alerting service by adding an option to notify users every time a transaction is made on their account This would help consumers learn about fraudulent charges quicker, while also saving retailers the hassle of remediating additional fraudulent charges- Dan Waddell, CISSP, CAP, PMP, http://www.secuobs.com/revue/news/532865.shtmlhttp://www.secuobs.com/revue/news/532865.shtml Secuobs.com : 2014-09-02 17:46:21 - ISC 2 Blog - By W Hord Tipton, CISSP, Executive Director, ISC ² and Michael Stack, Chief Executive Officer, ASIS International The mass migration of everyday objects becoming interconnected, or the Internet of Things IoT as the industry has coined it, exemplifies the merger between traditional and logical security With the IoT, we must ask ourselves where traditional security begins and logical security ends From security cameras to cars to medical devices and now even home appliances like refrigerators, what, if anything, can be identified as only traditional or logical security anym When a device accesses the Internet, it s given a unique IP address, said http://www.secuobs.com/revue/news/532636.shtmlhttp://www.secuobs.com/revue/news/532636.shtml Secuobs.com : 2014-08-30 20:44:53 - ISC 2 Blog - Authentication, meme machines, and a farewell to acronyms http://www.secuobs.com/revue/news/532320.shtmlhttp://www.secuobs.com/revue/news/532320.shtml Secuobs.com : 2014-08-28 22:44:20 - ISC 2 Blog - Continuous monitoring is the key to thwarting these types of breaches With cyberattacks becoming commonplace in every sector, companies must continuously protect their most valuable information Cyber guns fire at us all the time, but the notion of catching and stopping every cybercriminal simply isn t realistic in today s burgeoning threat environment I liken it to aspiring to completely eliminate common street crime It s just not realistic Flaws will always exist, even within the most ideal protective structures Every company should assume they ll be breached, and focus efforts on minimizing damage once cybercriminals get in The need for qualified cybersecurity professionals http://www.secuobs.com/revue/news/532057.shtmlhttp://www.secuobs.com/revue/news/532057.shtml Secuobs.com : 2014-08-22 23:53:14 - ISC 2 Blog - One of the latest breaches to hit the news took place at Community Health Systems CHS , affecting an estimated 45 million patients According to principal security consultant and founder of TrustedSec, David Kennedy, the initial attack vector was through the infamous OpenSSL heartbleed vulnerability that led to the compromise of the information What is especially noteworthy about this particular attack is its impact on the healthcare community Major data breaches such as the one at Target last year put the spotlight on how retailers need to do a better job at guarding our sensitive financial information from cyber criminals However, a May 2014 study by BitSight Technologies rated healthcare and pharmaceutical companies even worse than retailers in terms of security performance BitSight compared the performance of finance, utilities, retail, and healthcare groups within the S P 500 from April 2013 through March 2014 Overall, healthcare companies scored lowest, at about 660 on a scale of 250 to 900 Not only did the healthcare sector have the most security problems, but companies also took the longest to fix the problems on average 53 days, according to the report The importance of a strong vulnerability management and patching program is well documented but, as http://www.secuobs.com/revue/news/531157.shtmlhttp://www.secuobs.com/revue/news/531157.shtml Secuobs.com : 2014-08-22 16:20:49 - ISC 2 Blog - The Internet of Things IoT is already affecting nearly all aspects of life, and it s just getting started Some of the most promising IoT applications occur in the auto industry, but as technological innovation outpaces security, millions of Americans physical safety is put at risk Cars can already parallel park themselves, steer you back into your lane if you start drifting, and automatically slow down if you get too close to the vehicle in front of you More and more cars are being controlled by computers, not humans It s not hard to envision cars of the near-future with the capability to drive from one place to another without a driver s interference You can relax while your car uses sensors to avoid obstacles, accesses the Internet to check traffic patterns, and checks your GPS to make sure you ve arrived at the appropriate destination The in-dash espresso machine is an optional feature This car of the future has a major flaw, though security The auto industry needs to convince me that the onboard computers in my car are secure I don t want to ride in a car that a hacker can steer into an oncoming semi or direct to the wrong location http://www.secuobs.com/revue/news/531083.shtmlhttp://www.secuobs.com/revue/news/531083.shtml Secuobs.com : 2014-07-30 15:43:10 - ISC 2 Blog - I've been asked a lot of times, especially when I was working for an antivirus producer, why can't we simply write a software that always protects the users Well, there is a short answer and a long answer Short answer http://www.secuobs.com/revue/news/527611.shtmlhttp://www.secuobs.com/revue/news/527611.shtml Secuobs.com : 2014-06-29 19:01:23 - ISC 2 Blog - I was asked whether privacy is a luxury of the past Well, 'privacy' is a relative term in an online world http://www.secuobs.com/revue/news/522739.shtmlhttp://www.secuobs.com/revue/news/522739.shtml Secuobs.com : 2014-04-24 17:02:18 - ISC 2 Blog - This year will be my 7th Infosecurity Europe as an ISC 2 staff member For those who are not familiar, Infosecurity Europe we call it infosec is the largest tradeshow for security professionals where 13,000 people meet over 3 days What http://www.secuobs.com/revue/news/510139.shtmlhttp://www.secuobs.com/revue/news/510139.shtml Secuobs.com : 2014-04-17 22:05:20 - ISC 2 Blog - As ISC 2 celebrates its 25th anniversary, we continue to branch out to offer new ways to help meet the demand for more skilled cybersecurity professionals through community support programs To help provide cybersecurity resources and support to the global academic http://www.secuobs.com/revue/news/508994.shtmlhttp://www.secuobs.com/revue/news/508994.shtml Secuobs.com : 2014-03-28 17:08:06 - ISC 2 Blog - How have you assessed that decisions made by your talent will be made in line with security standards AND the vision and mission of your business http://www.secuobs.com/revue/news/505376.shtmlhttp://www.secuobs.com/revue/news/505376.shtml Secuobs.com : 2014-02-28 16:42:03 - ISC 2 Blog - With security breaches dominating news headlines daily, those responsible for securing our systems, networks, and devices are struggling to keep pace with the evolving threat landscape Perhaps some of the most concerning potential breach data comes from the healthcare industry http://www.secuobs.com/revue/news/500503.shtmlhttp://www.secuobs.com/revue/news/500503.shtml Secuobs.com : 2014-02-20 22:37:38 - ISC 2 Blog - When is a security professional not a security professional When they re an analyst, a political scientist, a sociologist, an accountant, a communicator, and a risk manager A subset of the 2013 ISC 2 Global Information Security Workforce Study GISWS report, Critical http://www.secuobs.com/revue/news/499016.shtmlhttp://www.secuobs.com/revue/news/499016.shtml Secuobs.com : 2014-02-06 22:32:51 - ISC 2 Blog - One of our core processes for maintaining ISC 2 s reputation for gold standard information security certifications involves frequent, rigorous evaluation of current certification exam questions and subsequent updates As a result of the last evaluation of the Certified Information Systems Security http://www.secuobs.com/revue/news/496440.shtmlhttp://www.secuobs.com/revue/news/496440.shtml Secuobs.com : 2014-01-29 21:28:21 - ISC 2 Blog - Android tech support scams Not quite, but technical accuracy isn't a scammer's priority and Android users' money is as desirable as anyone else's If you read some of the recent reports based on an excellent article by Jérôme Segura for http://www.secuobs.com/revue/news/494870.shtmlhttp://www.secuobs.com/revue/news/494870.shtml Secuobs.com : 2014-01-14 16:13:44 - ISC 2 Blog - You have earned your certification Congratulations Qualifying for, and studying for an InfoSec exam is not an easy task, and you should be proud of your accomplishment But once the glow of accomplishment has worn off and you have framed http://www.secuobs.com/revue/news/491503.shtmlhttp://www.secuobs.com/revue/news/491503.shtml Secuobs.com : 2013-12-20 21:40:00 - ISC 2 Blog - After many major breaches this year, it s time to rethink 2014 s cyber defense with an eye on people, not products By W Hord Tipton, CISSP, Executive Director ISC 2 As security professionals, we look back at 2013 with a sense of http://www.secuobs.com/revue/news/487781.shtmlhttp://www.secuobs.com/revue/news/487781.shtml Secuobs.com : 2013-12-10 16:07:51 - ISC 2 Blog - When I entered the workforce after college, my first job was with the Department of Defense working in IT for a military hospital I was quickly inundated with compliance requirements that spanned multiple industries and had varying levels of importance http://www.secuobs.com/revue/news/485402.shtmlhttp://www.secuobs.com/revue/news/485402.shtml Secuobs.com : 2013-11-26 16:10:28 - ISC 2 Blog - It can be easy for an Information Security professional to watch the ongoing debate over Europe s pending Data Protection Regulation with a skeptical eye While parliamentarians dicker over the Right to Erasure formerly known as the Right to Be Forgotten and Privacy by Design, you re worried about practical matters like managing BYOD or preventing the next DDoS attack http://www.secuobs.com/revue/news/483111.shtmlhttp://www.secuobs.com/revue/news/483111.shtml Secuobs.com : 2013-11-26 00:03:32 - ISC 2 Blog - The problem of Oracle is that they bought a technology that was stretched out to be actually write once, run everywhere The Virtual Machine that provides this functionality had to be ported to all devices, and lately in the past http://www.secuobs.com/revue/news/483011.shtmlhttp://www.secuobs.com/revue/news/483011.shtml Secuobs.com : 2013-11-10 21:13:11 - ISC 2 Blog - Like lots of people, I have an account on LinkedIn, the social networking website used by so many professionals in IT and other areas, of course It must be said though that at this point I don t access it much http://www.secuobs.com/revue/news/480066.shtmlhttp://www.secuobs.com/revue/news/480066.shtml Secuobs.com : 2013-10-11 03:41:57 - ISC 2 Blog - Some security metrics are probably worth sharing and using more broadly than others, but which ones And what makes them so special http://www.secuobs.com/revue/news/473967.shtmlhttp://www.secuobs.com/revue/news/473967.shtml Secuobs.com : 2013-09-17 23:47:23 - ISC 2 Blog - It s important to keep improving products as they move further and further away from static detection, but if we re to counter misinformation from other security sectors, we also need to make it clearer to our audiences and customers not necessarily the same thing - what we really do and what they can realistically expect from us http://www.secuobs.com/revue/news/469176.shtmlhttp://www.secuobs.com/revue/news/469176.shtml Secuobs.com : 2013-07-26 05:30:04 - ISC 2 Blog - Security in the virtual world It's impressive as people abandon concepts due to simple name changes I'm referring here to network and system admins that stop deploying some traditional control measures as network segregation, traffic monitoring, security zones and others http://www.secuobs.com/revue/news/459245.shtmlhttp://www.secuobs.com/revue/news/459245.shtml Secuobs.com : 2013-07-12 13:57:52 - ISC 2 Blog - I ve noticed a number of articles recently based on historical summaries of threats past for instance, a brief history of Apple hacking see also my commentary for Infosecurity Magazine and SC Magazine s Ten Devastating Computer Viruses In general, I m http://www.secuobs.com/revue/news/456604.shtmlhttp://www.secuobs.com/revue/news/456604.shtml Secuobs.com : 2013-06-21 01:28:15 - ISC 2 Blog - Today on CISSPforum we've been chatting about Death by Powerpoint, the feeling that badly constructed and delivered presentations are not just tedious but counterproductive Notable examples include eye-candy, wordy slides, Where's Wally busy-pix, cool but distracting infographics and When we http://www.secuobs.com/revue/news/452770.shtmlhttp://www.secuobs.com/revue/news/452770.shtml Secuobs.com : 2013-06-10 21:12:23 - ISC 2 Blog - Our cyber world is so rife with threats and breaches that most information security professionals have realized that a compromise is fairly certain at some point Rather than focus on this bleak reality, the important questions to ask are After http://www.secuobs.com/revue/news/450555.shtmlhttp://www.secuobs.com/revue/news/450555.shtml Secuobs.com : 2013-05-29 10:14:16 - ISC 2 Blog - As security professionals, we are continuously facing the challenge of smaller and smaller budgets allocated to maintain and improve the IT security That s probably the main reason why there is always the temptation of Free Many people, sometimes even professionals, http://www.secuobs.com/revue/news/448265.shtmlhttp://www.secuobs.com/revue/news/448265.shtml Secuobs.com : 2013-05-11 16:06:22 - ISC 2 Blog - Cold-call tech support scams Didn't they go away when the Federal Trade Commission cracked down on them in the US Actually, while the FTC crackdown wasn't quite as comprehensive as it might have seemed, there's no doubt that the number http://www.secuobs.com/revue/news/444820.shtmlhttp://www.secuobs.com/revue/news/444820.shtml Secuobs.com : 2013-04-15 20:41:41 - ISC 2 Blog - by Mano Paul, CISSP, CSSLP, MCSD, MCAD, CompTIA Network , ECSA As highlighted in the recently released 2013 Global Information Security Workforce Study GISWS the largest vendor-neutral study of its kind conducted by ISC 2 and analyst firm Frost Sullivan http://www.secuobs.com/revue/news/439594.shtmlhttp://www.secuobs.com/revue/news/439594.shtml Secuobs.com : 2013-04-12 00:51:49 - ISC 2 Blog - An amateur pilot has reportedly assembled and hacked real aircraft cockpit systems, demonstrating their vulnerabilities Security researcher Hugo Teso was able to hijack the systems to feed false navigation information to a simulated jet that made it change course BBC http://www.secuobs.com/revue/news/439047.shtmlhttp://www.secuobs.com/revue/news/439047.shtml Secuobs.com : 2013-04-09 15:38:48 - ISC 2 Blog - By Hord Tipton One chooses their career path for different reasons whether it be following in a parent s footsteps or an innate desire to help others I was inspired by a chemistry teacher to pursue a career in chemical http://www.secuobs.com/revue/news/438383.shtmlhttp://www.secuobs.com/revue/news/438383.shtml Secuobs.com : 2013-03-12 15:38:31 - ISC 2 Blog - Parents, have you heard of Snapchat It was the first messaging applications, referred to as ephemeral technology, that allows one to send an image or video to one person or a group of people This doesn't sound either new or http://www.secuobs.com/revue/news/432972.shtmlhttp://www.secuobs.com/revue/news/432972.shtml Secuobs.com : 2013-02-14 17:57:30 - ISC 2 Blog - One of the biggest problem that most IT security experts around the world have is the fact that IT security is never taken seriously until a security incident takes place After that, management boards start being interested in IT security http://www.secuobs.com/revue/news/427802.shtmlhttp://www.secuobs.com/revue/news/427802.shtml Secuobs.com : 2013-02-10 20:22:23 - ISC 2 Blog - Administrators are occasionally faced with the task to size their applications farms properly so it can sustain network growth for the years to come They follow all the best practices Understanding the company objectives and upcoming Internet related projects Establishing http://www.secuobs.com/revue/news/426832.shtmlhttp://www.secuobs.com/revue/news/426832.shtml Secuobs.com : 2013-02-05 20:21:25 - ISC 2 Blog - By Julie Peeler A Safe and Secure Online volunteer was asked by a child, If I tell someone, will it stop Just imagine the impact you can have in shaping a child s life by having the skills to answer a http://www.secuobs.com/revue/news/425918.shtmlhttp://www.secuobs.com/revue/news/425918.shtml Secuobs.com : 2013-01-29 17:51:45 - ISC 2 Blog - PPI Payment Protection Insurance has been a hot potato in the UK for some years There has long been widespread concern that the insurance, frequently added on to loans, mortgages and overdrafts, was frequently sold in circumstances inappropriate to the http://www.secuobs.com/revue/news/424487.shtmlhttp://www.secuobs.com/revue/news/424487.shtml Secuobs.com : 2013-01-16 16:29:08 - ISC 2 Blog - If you have read news lately, you couldn t have missed hearing how well the tablets, smart phones and smart TVs are selling, and how badly the PC market excluding laptops is doing Many so called futurists have predicted the passing http://www.secuobs.com/revue/news/422077.shtmlhttp://www.secuobs.com/revue/news/422077.shtml Secuobs.com : 2013-01-14 17:04:35 - ISC 2 Blog - We all see in the mass media every day that software is vulnerable and that this is bad But, few know what is happening behind the scene, until the news get out There are two ways to disclosure a vulnerability http://www.secuobs.com/revue/news/421636.shtmlhttp://www.secuobs.com/revue/news/421636.shtml Secuobs.com : 2013-01-09 15:54:37 - ISC 2 Blog - Happy New Year to all As promised in my Dec 21 blog, here are some tips that I would like to pass on, from my experience presenting to four different middle school groups in October last year, from grades 5 http://www.secuobs.com/revue/news/420697.shtmlhttp://www.secuobs.com/revue/news/420697.shtml Secuobs.com : 2012-12-21 17:13:48 - ISC 2 Blog - It was a typical work day for me, chaotic and intense, as we all have experienced in the information systems security field, as we go to our offices each day and perform our duties as information security professionals The job http://www.secuobs.com/revue/news/418297.shtmlhttp://www.secuobs.com/revue/news/418297.shtml Secuobs.com : 2012-12-20 02:12:36 - ISC 2 Blog - Federal Cloud Computing The Definitive Guide for Cloud Service Providers offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation You http://www.secuobs.com/revue/news/417960.shtmlhttp://www.secuobs.com/revue/news/417960.shtml Secuobs.com : 2012-12-10 15:17:03 - ISC 2 Blog - From time to time, I find myself having to rail against the misuse of VirusTotal s service as a sort of surrogate AV product test Sadly, I feel the need to do it again here, in the light of a current news item http://www.secuobs.com/revue/news/416067.shtmlhttp://www.secuobs.com/revue/news/416067.shtml Secuobs.com : 2012-12-01 03:41:16 - ISC 2 Blog - We all know that information security relays on a layered approach It s about people, process programs and technology And we all know about Advanced Persistent Threats How they work, attack vectors, etc And even so, more and more companies are attacked http://www.secuobs.com/revue/news/414540.shtmlhttp://www.secuobs.com/revue/news/414540.shtml Secuobs.com : 2012-11-28 18:24:19 - ISC 2 Blog - The Federal government s cloud first policy is in full swing It has been 6 months since the Federal Risk and Authorization and Management Program FedRAMP was granted initial operating capability to streamline cloud security management and vendor approvals in an http://www.secuobs.com/revue/news/413902.shtmlhttp://www.secuobs.com/revue/news/413902.shtml Secuobs.com : 2012-11-21 20:01:19 - ISC 2 Blog - By Greg J Thompson, CISSP, Vice President, Enterprise Security Services, Scotiabank As security professionals, we understand the concept of risk These days, most of the risk discussion centers around the evolution of new threats, the presence of known and unknown http://www.secuobs.com/revue/news/412755.shtmlhttp://www.secuobs.com/revue/news/412755.shtml Secuobs.com : 2012-11-16 21:52:34 - ISC 2 Blog - Today marks the start of an important official process for ISC 2 the annual Board of Director elections The Board is responsible for providing governance and oversight for the organization, granting credentials to qualified candidates, and enforcing adherence to the http://www.secuobs.com/revue/news/411917.shtmlhttp://www.secuobs.com/revue/news/411917.shtml Secuobs.com : 2012-10-26 21:38:06 - ISC 2 Blog - The 2013 Information Security Workforce study needs your input http://www.secuobs.com/revue/news/408080.shtmlhttp://www.secuobs.com/revue/news/408080.shtml Secuobs.com : 2012-10-26 21:38:06 - ISC 2 Blog - Information Security Assurance for Executives An international business companion to the 2002 OECD Guidelines for the Security of Networks and Information Systems Towards a Culture of Security Although I was already familiar with the original OECD paper, I only recently http://www.secuobs.com/revue/news/408079.shtmlhttp://www.secuobs.com/revue/news/408079.shtml Secuobs.com : 2012-10-19 22:09:48 - ISC 2 Blog - My friend and colleague Stephen Cobb has shared some interesting survey data in a blog article indicating that the age group between 18 and 34 is less likely than older groups to use complex passwords or even to use different http://www.secuobs.com/revue/news/406725.shtmlhttp://www.secuobs.com/revue/news/406725.shtml Secuobs.com : 2012-10-19 18:51:48 - ISC 2 Blog - With ISC ² being a supporter of US National Cyber Security Awareness Month every year since its inception, it strikes me that many more organizations are getting involved this year maybe more than ever before I asked myself what s changed http://www.secuobs.com/revue/news/406678.shtmlhttp://www.secuobs.com/revue/news/406678.shtml Secuobs.com : 2012-10-17 16:04:28 - ISC 2 Blog - With National Cyber Security Awareness Month in full stride, parents are realizing the vulnerability of their children and the necessity for cyber safety education Although numerous types of cybercrime are being discussed this month, I d like to examine two areas http://www.secuobs.com/revue/news/406180.shtmlhttp://www.secuobs.com/revue/news/406180.shtml Secuobs.com : 2012-10-03 22:39:11 - ISC 2 Blog - What would you do if you found out that the Certificate Authority that provides Digital Certificates to your company was compromised, and Microsoft was adding the Certificate Authority s public key to Windows un-trusted Root Store Well if you have not http://www.secuobs.com/revue/news/403433.shtmlhttp://www.secuobs.com/revue/news/403433.shtml Secuobs.com : 2012-09-03 12:53:12 - ISC 2 Blog - Do you trust Oracle to do better from now on Do you need Java anyway If enough apps and services reconsider their dependence on an unpopular service, and then Oracle will really have a problem But responsible disclosure demands responsible and responsive remediation http://www.secuobs.com/revue/news/397296.shtmlhttp://www.secuobs.com/revue/news/397296.shtml Secuobs.com : 2012-08-20 23:54:04 - ISC 2 Blog - I was on a road show in the last months talking to customers about new waves of attacks and how they re designed to avoid traditional detection capabilities What was impressive for me during those events were some concerns raised by http://www.secuobs.com/revue/news/394716.shtmlhttp://www.secuobs.com/revue/news/394716.shtml Secuobs.com : 2012-08-09 22:33:27 - ISC 2 Blog - This year's social engineering 'capture the flag' competition at the DefCon hackers' conference was won by a contestant who does social engineering for a living In the course of a 20 minute phone call, he successfully fooled a Wal Mart http://www.secuobs.com/revue/news/392723.shtmlhttp://www.secuobs.com/revue/news/392723.shtml Secuobs.com : 2012-06-10 12:16:45 - ISC 2 Blog - A short thought-provoking piece about changing security habits in order to develop a culture of security http://www.secuobs.com/revue/news/380661.shtmlhttp://www.secuobs.com/revue/news/380661.shtml Secuobs.com : 2012-06-07 16:53:28 - ISC 2 Blog - Working in information security can, without doubt, at times prove extremely stressful Sometimes it seems you have so many things to keep track of, the task can feel almost impossible Deadlines A server that won t install an update A missing http://www.secuobs.com/revue/news/380148.shtmlhttp://www.secuobs.com/revue/news/380148.shtml Secuobs.com : 2012-05-21 21:26:55 - ISC 2 Blog - Perhaps a good psychiatrist can explain why millions of people have this compulsive urge to put almost everything they do on a social networking site Whatever is your motivation for using a social networking site, it must be clearly understood http://www.secuobs.com/revue/news/376740.shtmlhttp://www.secuobs.com/revue/news/376740.shtml Secuobs.com : 2012-05-19 01:26:10 - ISC 2 Blog - OPINION A troubling article in Forbes raises concerns about how society takes care of those who raise legitimate, well-founded concerns about their employers Aside from the specific legal decision in this particular case, there is a wider issue about protecting http://www.secuobs.com/revue/news/376451.shtmlhttp://www.secuobs.com/revue/news/376451.shtml Secuobs.com : 2012-05-15 00:04:58 - ISC 2 Blog - An opinion piece regarding a possible US law change raises fascinating ethical questions about privacy rights Whereas employers have some interest in what their employees are saying and doing in their personal non-work time, employees also have reasonable expectations of privacy http://www.secuobs.com/revue/news/375485.shtmlhttp://www.secuobs.com/revue/news/375485.shtml Secuobs.com : 2012-05-14 21:34:44 - ISC 2 Blog - In the last few years, there has been a rise in the number of security vulnerabilities in software and applications which has ultimately led to huge losses in terms of money, trust and morale of the people using the software http://www.secuobs.com/revue/news/375469.shtmlhttp://www.secuobs.com/revue/news/375469.shtml Secuobs.com : 2012-05-11 18:28:21 - ISC 2 Blog - From the early hacker culture that took its form and shape at the Massachusetts Institute of Technology MIT during the late 50s and early 60s to the present day groups of hackers, a lot has changed in the world of http://www.secuobs.com/revue/news/375079.shtmlhttp://www.secuobs.com/revue/news/375079.shtml Secuobs.com : 2012-04-22 00:56:48 - ISC 2 Blog - In a packed auditorium in 2006, I recall sitting in the Red Auditorium at NIST to participate in a workshop hosted by the Computer Security Division The goal of the workshop was to discuss the implementation of Phase II of http://www.secuobs.com/revue/news/371288.shtmlhttp://www.secuobs.com/revue/news/371288.shtml Secuobs.com : 2012-04-17 12:33:40 - ISC 2 Blog - Apologies for including content that I've already used elsewhere, but I know that these are events that will interest some readers of this blog Most urgently the CeCOS cybercrime summit in Prague, 25-27 April This year's theme is Containing the http://www.secuobs.com/revue/news/370377.shtmlhttp://www.secuobs.com/revue/news/370377.shtml Secuobs.com : 2012-04-04 17:04:57 - ISC 2 Blog - by Ravi Mandalia Executive Summary Since March, 2011 more and more Cyber attacks are surfacing across the globe with damaging consequences both for the companies that faced the attacks and for the customers whose details were stolen One such attack http://www.secuobs.com/revue/news/368012.shtmlhttp://www.secuobs.com/revue/news/368012.shtml Secuobs.com : 2012-04-03 04:10:18 - ISC 2 Blog - A study into the information security practices of 600 mid-sized European businesses by PwC and Iron Mountain paints a disappointing picture of their state of maturity Their overall score comes out at 406 on a scale ranging from 0 dreadful http://www.secuobs.com/revue/news/367701.shtmlhttp://www.secuobs.com/revue/news/367701.shtml Secuobs.com : 2012-04-02 22:28:57 - ISC 2 Blog - by F Gary Alu What is the first thing we should check when we turn on our computer That s a question I always pose to the kids when I present the ISC 2 Safe and Secure Online Program If your answer http://www.secuobs.com/revue/news/367646.shtmlhttp://www.secuobs.com/revue/news/367646.shtml Secuobs.com : 2012-04-01 15:20:06 - ISC 2 Blog - The CCSK is NOT meant to be a substitute for other certifications in information security, audit and governance The CCSK augments other credentialing programs like the CISSP, CAP, CSSLP, etc However, the CCSK does provide a valuable selector for organizations http://www.secuobs.com/revue/news/367445.shtmlhttp://www.secuobs.com/revue/news/367445.shtml Secuobs.com : 2012-03-30 08:21:42 - ISC 2 Blog - The popularity of portable computing, BYOD and cloud computing services is forcing some IT departments onto the back foot, as business people are gradually regaining control of their own destinies Perhaps I'm showing my age here but the current power-play http://www.secuobs.com/revue/news/367103.shtmlhttp://www.secuobs.com/revue/news/367103.shtml Secuobs.com : 2012-03-29 18:22:59 - ISC 2 Blog - By W Hord Tipton, CISSP-ISSEP, CAP, CISA, Executive Director, ISC ² I suppose it s only natural to think about carrying on tradition and looking to the next generation after the initial reflection period has subsided when someone passes away What innovations http://www.secuobs.com/revue/news/366970.shtmlhttp://www.secuobs.com/revue/news/366970.shtml Secuobs.com : 2012-03-25 20:24:17 - ISC 2 Blog - In July 28, 2010, the Cloud Security Alliance CSA , with support from many within the industry, launched the industry s first user certification program for secure cloud computing Since the initial set of early adopters, which include over 80 professionals across http://www.secuobs.com/revue/news/366023.shtmlhttp://www.secuobs.com/revue/news/366023.shtml Secuobs.com : 2012-03-20 15:28:13 - ISC 2 Blog - I'd like to take this opportunity to pass along some memories of our good friend Hal Tipton From John O'Leary, CISSP Hal Tipton was not only one of the founding fathers of ISC 2, he was a unique individual - one http://www.secuobs.com/revue/news/364886.shtmlhttp://www.secuobs.com/revue/news/364886.shtml Secuobs.com : 2012-03-20 04:55:30 - ISC 2 Blog - It's widely known by now, that the Internet group called Anonymous is targeting an amplification attack against the DNS Root Servers Much has been said about it and different people have different opinions Here's mine To get to my point http://www.secuobs.com/revue/news/364763.shtmlhttp://www.secuobs.com/revue/news/364763.shtml Secuobs.com : 2012-03-19 19:27:13 - ISC 2 Blog - It is with a heavy heart that I write this entry As many of you likely already know, we lost a great information security warrior on Friday At the age of 89, Mr Harold F Tipton, a founder of ISC ², http://www.secuobs.com/revue/news/364656.shtmlhttp://www.secuobs.com/revue/news/364656.shtml Secuobs.com : 2012-03-05 16:25:22 - ISC 2 Blog - 2012 a New Era for ISC ² s Arsenal of Certification Exams By W Hord Tipton, CISSP-ISSEP, CAP, CISA, Executive Director, ISC ² 2012 marks a new era for ISC 2 This year, the last of our arsenal of certification exams will be transitioned http://www.secuobs.com/revue/news/361451.shtmlhttp://www.secuobs.com/revue/news/361451.shtml Secuobs.com : 2012-02-27 22:07:46 - ISC 2 Blog - You are on the internet and you are looking to purchase the latest smart phone online So you start off doing a search in Google So you get a list of maybe three potential web sites selling the brand you http://www.secuobs.com/revue/news/360206.shtmlhttp://www.secuobs.com/revue/news/360206.shtml Secuobs.com : 2012-02-07 00:52:27 - ISC 2 Blog - With news breaking of a further wave of fake malware-laden apps , let's hope that Google has seen ENISA's analysis of appstore security, and will not assume that Bouncer app review is enough http://www.secuobs.com/revue/news/356288.shtmlhttp://www.secuobs.com/revue/news/356288.shtml Secuobs.com : 2012-02-02 23:38:06 - ISC 2 Blog - For this example let us presume that the business has stipulated that users must use digital certificates to authenticate to their application One of the main functions of a CA is to verify the identity of the entity requesting a http://www.secuobs.com/revue/news/355676.shtmlhttp://www.secuobs.com/revue/news/355676.shtml Secuobs.com : 2012-01-31 21:42:10 - ISC 2 Blog - By W Hord Tipton, CISSP-ISSEP, CAP, CISA, Executive Director, ISC ² Last September, we held our first annual ISC ² Security Congress event in Orlando, and the feedback we received from our members is that it was a great learning and networking http://www.secuobs.com/revue/news/355110.shtmlhttp://www.secuobs.com/revue/news/355110.shtml Secuobs.com : 2012-01-28 00:02:29 - ISC 2 Blog - By Julie Peeler, ISC 2 Foundation Director Tomorrow marks Data Privacy Day and while it may not be a national holiday, it s a great opportunity to take a step back and evaluate our personal data privacy and security measures Over the http://www.secuobs.com/revue/news/354542.shtmlhttp://www.secuobs.com/revue/news/354542.shtml Secuobs.com : 2012-01-24 08:02:01 - ISC 2 Blog - Talking of customers, CSO s, engineers and other IT security people could give me some insights of what companies are looking for in 2012 in terms of overall IT security Far from a reality or a survey, this is more my http://www.secuobs.com/revue/news/353711.shtmlhttp://www.secuobs.com/revue/news/353711.shtml Secuobs.com : 2012-01-18 15:55:46 - ISC 2 Blog - 3 Background In the years since I took my first IT security position in 1999, the cyber security landscape has changed vastly Fortunately, there has been an awakening within the entire information technology security community in the years since 9-11 http://www.secuobs.com/revue/news/352699.shtmlhttp://www.secuobs.com/revue/news/352699.shtml Secuobs.com : 2012-01-13 22:23:22 - ISC 2 Blog - By Larry P Bunch CISSP, CEH http mysiteverizonnet vze18ez5m id3html Twitter https twittercom bunchlarryp Preface This article was originally intended to be a light reading OP ED piece However, it has slowly evolved into a hybrid OP ED Whitepaper dealing with Cyber Intelligence and Network Security http://www.secuobs.com/revue/news/352030.shtmlhttp://www.secuobs.com/revue/news/352030.shtml Secuobs.com : 2012-01-11 17:06:35 - ISC 2 Blog - By W Hord Tipton, CISSP-ISSEP, CAP, CISA, Executive Director, ISC ² A few weeks ago, I was at my doctor s office, and the topic of the cloud came up You may think this is a strange topic of conversation between a http://www.secuobs.com/revue/news/351498.shtmlhttp://www.secuobs.com/revue/news/351498.shtml Secuobs.com : 2011-12-28 18:11:13 - ISC 2 Blog - By Mano Paul, CSSLP, CISSP, ECSA, AMBCI, MCSD, MCAD, CompTIA Network On our flight to Austin, back from Orlando, on the 22nd September 2011, our five year old son, Reuben, asked me Are you famous, dada Before I tell http://www.secuobs.com/revue/news/349280.shtmlhttp://www.secuobs.com/revue/news/349280.shtml Secuobs.com : 2011-12-21 17:09:31 - ISC 2 Blog - By Julie Peeler, ISC 2 Foundation Director When I was a kid, all I wanted was a 10-speed bike for Christmas Back then, my bike came with a lock so I could keep it safe forever Nowadays, kids don t always want http://www.secuobs.com/revue/news/348445.shtmlhttp://www.secuobs.com/revue/news/348445.shtml Secuobs.com : 2011-12-19 16:59:29 - ISC 2 Blog - By W Hord Tipton, CISSP-ISSEP, CAP, CISA, Executive Director, ISC ² The first annual ASIS and ISC ² Security Congress event was held in Orlando in September, and for those who attended, it was a major success Our members made the most http://www.secuobs.com/revue/news/348002.shtmlhttp://www.secuobs.com/revue/news/348002.shtml Secuobs.com : 2011-12-08 19:29:53 - ISC 2 Blog - I recently found an article that outlined a study about cyber security and small businesses In the study, by Newtek Business Services Small Business Authority, it was discovered that just 27 percent of small business owners have had an outside http://www.secuobs.com/revue/news/346148.shtmlhttp://www.secuobs.com/revue/news/346148.shtml Secuobs.com : 2011-11-29 23:16:17 - ISC 2 Blog - Simply banning stuff such as using social media at work through management edict or policy can be counterproductive for security if employees react by circumventing the ban I argue that effective security awareness using motivation and persuasion is a far more effective technique http://www.secuobs.com/revue/news/344445.shtmlhttp://www.secuobs.com/revue/news/344445.shtml Secuobs.com : 2011-11-21 23:36:44 - ISC 2 Blog - It s hard to believe we re almost through November and that National Cyber Security Awareness Month NCSAM October has come and gone As we enter the busiest online shopping season of the year, however, I challenge you to reflect on the http://www.secuobs.com/revue/news/341858.shtmlhttp://www.secuobs.com/revue/news/341858.shtml Secuobs.com : 2011-11-16 16:03:15 - ISC 2 Blog - Many are concerned that the current forms of SOPA and PIPA, will be ineffective, and will hamper other attempts to make the internet safer http://www.secuobs.com/revue/news/340998.shtmlhttp://www.secuobs.com/revue/news/340998.shtml Secuobs.com : 2011-11-09 18:29:28 - ISC 2 Blog - As we approach the opening of the elections for the 2012 ISC ² Board of Directors, I want to encourage all ISC ² members to vote Log in to the member Website between 8 am ET 16 Nov and 5 pm ET http://www.secuobs.com/revue/news/339765.shtmlhttp://www.secuobs.com/revue/news/339765.shtml Secuobs.com : 2011-10-25 04:45:47 - ISC 2 Blog - I had the opportunity to visit several companies over the years and in many cases I could verify that their network and security teams suffered of a lack of network visibility, which let them unable to answer some important questions, http://www.secuobs.com/revue/news/336665.shtmlhttp://www.secuobs.com/revue/news/336665.shtml Secuobs.com : 2011-09-21 15:11:59 - ISC 2 Blog - According to the FAS Project on Government Secrecy, using data tabulated in the report, 4,266,091 people held security clearances in the US for access to classified information http://www.secuobs.com/revue/news/330148.shtmlhttp://www.secuobs.com/revue/news/330148.shtml Secuobs.com : 2011-09-20 22:36:57 - ISC 2 Blog - Article draws 40 business continuity lessons from earthquakes in NZ and Japan http://www.secuobs.com/revue/news/330026.shtmlhttp://www.secuobs.com/revue/news/330026.shtml Secuobs.com : 2011-09-11 03:01:59 - ISC 2 Blog - I'm not 100pourcents au fait with ISC2's board election process but as I understand it the sitting board proposes a bunch of candidates, while the general membership can propose their own independent candidates as well If you aren't into nepotism http://www.secuobs.com/revue/news/328195.shtmlhttp://www.secuobs.com/revue/news/328195.shtml Secuobs.com : 2011-07-05 00:38:53 - ISC 2 Blog - During the last months several companies were victims of attacks DDOS, steal of database records, websites defacement, leak of sensitive information, etc and we could watch on first sight how bad prepared many of them were Some of them have http://www.secuobs.com/revue/news/315119.shtmlhttp://www.secuobs.com/revue/news/315119.shtml Secuobs.com : 2011-06-18 00:04:04 - ISC 2 Blog - One of the best ways to combat identity theft is through the consistent monitoring of your credit report Over the years, your credit report was a closely-guarded secret of the 3 major credit reporting agencies Experian, TransUnion, and Equifax You http://www.secuobs.com/revue/news/312086.shtmlhttp://www.secuobs.com/revue/news/312086.shtml Secuobs.com : 2011-06-09 17:08:13 - ISC 2 Blog - The cold war is back if it ever really went away Only now, anyone can play Nations - including the UK, where I have the pleasure of residing - are queueing up to announce that they're developing cyberwarrior capabilities http://www.secuobs.com/revue/news/310182.shtmlhttp://www.secuobs.com/revue/news/310182.shtml Secuobs.com : 2011-05-31 21:44:28 - ISC 2 Blog - Well, IPV4 addresses are almost depleted, right Sort of, it s clear that we will be out of IPv4 addresses in 2011, some actual almost live info I received mentioned that we had left only 12 8 s and 11 256 s by the end http://www.secuobs.com/revue/news/308242.shtmlhttp://www.secuobs.com/revue/news/308242.shtml Secuobs.com : 2011-05-17 19:24:17 - ISC 2 Blog - An overall Enterprise Security plan will be comprised of many different moving pieces An effective plan will have all of these pieces in place and working together like a fine tuned machine Managing this plan and taking in all of http://www.secuobs.com/revue/news/305413.shtmlhttp://www.secuobs.com/revue/news/305413.shtml Secuobs.com : 2011-05-03 00:34:41 - ISC 2 Blog - Here's an excellent reason to join ISSA assuming you are not already enjoying the benefits of belonging to this friendly, supportive and global community of information security professionals, most of whom are CISSPs ISSA members can buy Auerbach CRC Press books http://www.secuobs.com/revue/news/302123.shtmlhttp://www.secuobs.com/revue/news/302123.shtml Secuobs.com : 2011-04-08 14:07:08 - ISC 2 Blog - I'm not actually going to write about the Epsilon fiasco as such here I can think of at least two journalists who will be grateful for that, but I'm not going to let them off quite that easily, even though http://www.secuobs.com/revue/news/297105.shtmlhttp://www.secuobs.com/revue/news/297105.shtml Secuobs.com : 2011-03-30 12:24:15 - ISC 2 Blog - Most of you have heard about the breach at RSA, in which SecurID token authentication implementation data was stolen In case you did not heard about it, click in the following link, prior to continue reading http newscnetcom 8301-27080_3-20044775-245html As we, as http://www.secuobs.com/revue/news/295073.shtmlhttp://www.secuobs.com/revue/news/295073.shtml Secuobs.com : 2011-03-14 20:45:24 - ISC 2 Blog - It probably hasn t escaped your notice that there s a lot of malware SEO scamming whenever a major disaster occurs A few days ago I started to put together a list of commentary some of it my own and resources relating to the http://www.secuobs.com/revue/news/291526.shtmlhttp://www.secuobs.com/revue/news/291526.shtml Secuobs.com : 2011-03-12 08:56:21 - ISC 2 Blog - Author Rebecca Herold introduces her book very eloquently I wrote this book to provide a starting point and an all-in-one resource for information security and privacy education practitioners I incorporated much of the information and knowledge I obtained while working http://www.secuobs.com/revue/news/291208.shtmlhttp://www.secuobs.com/revue/news/291208.shtml Secuobs.com : 2011-03-09 18:38:30 - ISC 2 Blog - One more clarification on the survey Any information will be handled pursuant to our privacy policy, unless stated otherwise in the survey We don t share private information with any unaffiliated third party The third parties we do share with are http://www.secuobs.com/revue/news/290507.shtmlhttp://www.secuobs.com/revue/news/290507.shtml Secuobs.com : 2011-03-09 16:10:53 - ISC 2 Blog - As many of our members now know from recent notifications, ISC ² is conducting Job Task Analysis JTA surveys for the CISSP and SSCP certifications during the month of March Recently, some members have questioned the need to reward members with http://www.secuobs.com/revue/news/290452.shtmlhttp://www.secuobs.com/revue/news/290452.shtml Secuobs.com : 2011-03-08 08:34:06 - ISC 2 Blog - T he survey showed a surprising lack of awareness of security issues among the respondents For instance, just 4pourcents admitted to being fully informed about security breaches within their organizations About 80pourcents of those who said their organizations had suffered http://www.secuobs.com/revue/news/290071.shtmlhttp://www.secuobs.com/revue/news/290071.shtml Secuobs.com : 2011-03-02 06:19:30 - ISC 2 Blog - I've heard about this technique a few times and, having never tried it myself, I've always been cynical but by all accounts it looks like I'm wrong The basic idea is to put a failed hard drive in the http://www.secuobs.com/revue/news/288743.shtmlhttp://www.secuobs.com/revue/news/288743.shtml Secuobs.com : 2011-02-24 20:35:22 - ISC 2 Blog - As many are aware, in late 2010, consulting firm, Creative Intellect Consulting UK surveyed ISC ² members along with other software development, IT and information security professionals and software architects from around the world in order to better understand the impact http://www.secuobs.com/revue/news/287497.shtmlhttp://www.secuobs.com/revue/news/287497.shtml Secuobs.com : 2011-02-22 04:20:44 - ISC 2 Blog - Yet another powerful earthquake today in Christchurch, the main city in New Zealand s South Island, reminds us once again of the importance of physical security measures to protect essential, valuable and yet fragile information assets not least our people Our http://www.secuobs.com/revue/news/286763.shtmlhttp://www.secuobs.com/revue/news/286763.shtml Secuobs.com : 2011-01-31 21:30:58 - ISC 2 Blog - In the after-crisis of the Stuxnet worm, Governments around the world are mobilizing to be better prepared against CyberThreats and CyberWar It's becoming clear, more and more that groups pf individuals with a lot of knowledge, time and motivation can http://www.secuobs.com/revue/news/281951.shtmlhttp://www.secuobs.com/revue/news/281951.shtml Secuobs.com : 2011-01-29 21:59:38 - ISC 2 Blog - In a recent article published on NextGov, there was a reference to the comments submitted by the Software Information Industry Association SIIA in response to the public comment release of the Proposed Draft of the FedRAMP requirements In reviewing http://www.secuobs.com/revue/news/281667.shtmlhttp://www.secuobs.com/revue/news/281667.shtml Secuobs.com : 2011-01-28 00:54:14 - ISC 2 Blog - Question on LinkedIn PCI message board What challenges members are currently facing in achieving or sustaining levels of Employee Awareness required for PCI DSS and the solutions they are employing Awareness has to be mandatory and it has to be http://www.secuobs.com/revue/news/281279.shtmlhttp://www.secuobs.com/revue/news/281279.shtml Secuobs.com : 2011-01-25 00:44:40 - ISC 2 Blog - Is it ethically acceptable for workers to pinch the odd pencil or Post-It note from work, or is this just the thin end of the wedge that leads to fraud, theft, corruption, Enron and Global Economic Meltdown It's a tricky http://www.secuobs.com/revue/news/280474.shtmlhttp://www.secuobs.com/revue/news/280474.shtml Secuobs.com : 2011-01-24 17:35:31 - ISC 2 Blog - After well over 20 years involved in some aspect or another of the security industry, several of them supplying services to the anti-malware industry, I can say with some confidence that AV product testing has given me more white hairs http://www.secuobs.com/revue/news/280343.shtmlhttp://www.secuobs.com/revue/news/280343.shtml Secuobs.com : 2011-01-20 02:03:37 - ISC 2 Blog - A new ISO27k standard covering digital redaction is in preparation I'm inviting comments on a 'top 10' list of information security risks associated with redacting digital files http://www.secuobs.com/revue/news/279482.shtmlhttp://www.secuobs.com/revue/news/279482.shtml Secuobs.com : 2011-01-08 01:18:07 - ISC 2 Blog - The Information Security Forum ISF , together with ISC ² and ISACA, released last month a set of 12 principles designed to help security practitioners respond more effectively to the changing needs of organizations in today s complex, interconnected world ISC ² worked with http://www.secuobs.com/revue/news/276739.shtmlhttp://www.secuobs.com/revue/news/276739.shtml Secuobs.com : 2011-01-07 08:30:24 - ISC 2 Blog - An old rechumorfunny posting about how to abuse your opponent in a flame war A good guide to remember what not to say in any online discussion http://www.secuobs.com/revue/news/276468.shtmlhttp://www.secuobs.com/revue/news/276468.shtml Secuobs.com : 2011-01-06 04:09:35 - ISC 2 Blog - A reference for the use of open source software in digital investigations, that is digital forensics, computer forensics, and incident response http://www.secuobs.com/revue/news/276162.shtmlhttp://www.secuobs.com/revue/news/276162.shtml Secuobs.com : 2011-01-06 04:09:35 - ISC 2 Blog - On the face of it, this has nothing to do with security Dig a bit deeper, though, and it does We rely on risk analysis, sometimes losing track of the dangers in the thickets of data and metrics of which http://www.secuobs.com/revue/news/276161.shtmlhttp://www.secuobs.com/revue/news/276161.shtml Secuobs.com : 2010-12-17 22:02:30 - ISC 2 Blog - The Cloud extends the scope of Risk Management when risk is considered an enterprise organizational activity which takes into consideration various aspects of the nature of the cloud adoption The 25-Point Implementation Plan to Reform Federal IT published by Vivek http://www.secuobs.com/revue/news/272715.shtmlhttp://www.secuobs.com/revue/news/272715.shtml Secuobs.com : 2010-12-10 09:57:40 - ISC 2 Blog - My eye has been caught once again this afternoon by yet another advertisement disguised as a press release breathlessly informing us that the company can deliver security awareness training It seems innocuous enough, but what does this three-word phrase really http://www.secuobs.com/revue/news/270804.shtmlhttp://www.secuobs.com/revue/news/270804.shtml Secuobs.com : 2010-12-08 15:39:58 - ISC 2 Blog - The FedRAMP Security Requirements describes the US Government s proposed Assessment and Authorization A A for US Government Cloud Computing In chapter 1, the FedRAMP PMO defined the proposed requirements security controls for a Low- and Moderate-Impact Cloud Computing environment although not http://www.secuobs.com/revue/news/270225.shtmlhttp://www.secuobs.com/revue/news/270225.shtml Secuobs.com : 2010-12-04 16:02:46 - ISC 2 Blog - According to articles posted by nexgov White House set to complete security standards for cloud computing services next year and ExecutiveGov Kundra Expect Formal Federal Cloud Security Standards in 6 Months , through the FedRAMP program, the federal government could seek http://www.secuobs.com/revue/news/269368.shtmlhttp://www.secuobs.com/revue/news/269368.shtml Secuobs.com : 2010-12-02 17:46:33 - ISC 2 Blog - 2 December, 2010 - 10 30 AM I am pleased to report that we will be, upon candidates completion of the certification process, waiving Annual Maintenance Fees AMFs for one year for those who received inaccurate fail notices in October We http://www.secuobs.com/revue/news/268875.shtmlhttp://www.secuobs.com/revue/news/268875.shtml Secuobs.com : 2010-11-30 01:51:42 - ISC 2 Blog - The FedRAMP comment submission period has recently been extended to January 17, 2011 which was extended twice - originally from December 2, 2010 until December 17, 2010 Additionally, as noted on the FedRAMPgov site, the FedRAMP PMO expects the first http://www.secuobs.com/revue/news/268176.shtmlhttp://www.secuobs.com/revue/news/268176.shtml