CISSP Tips and Topics
Recent Cybersecurity News Highlights:
- Solomon, M. (2023, December 7). "Burn and Churn: CISOs and the Role of Cybersecurity Automation: Organizations need to listen to their CISOs and start turning to cybersecurity automation for the qualitative benefits of employee satisfaction and well-being.Security Week. https://www.securityweek.com/burn-and-churn-cisos-and-the-role-of-cybersecurity-automation/
- Carless, J. (2023, November 30). "How to maintain a solid cybersecurity posture during a natural disaster: Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst." CSO. https://www.csoonline.com/article/1249508/how-to-maintain-a-solid-cybersecurity-posture-during-a-natural-disaster.html
- Beek, K. (2023, November 22). "Idaho National Nuclear Lab Targeted in Major Data Breach
The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy." Dark Reading. https://www.darkreading.com/ics-ot/idaho-national-nuclear-lab-targeted-in-major-data-breach
- Bradley S. (2023, November 22). "Batten down the hatches: it’s time to harden every facet of your Windows network: Gone are the days when a protected OS kept the bad guys out. Hardening authentication, the help desk, and log files in place is now needed to beat the bad guys." CSO. https://www.csoonline.com/article/1248963/batten-down-the-hatches-its-time-to-harden-every-facet-of-your-windows-network.html
- Edge Editors. (2023, November 16). "IT Pros Worry That Generative AI Will Be a Major Driver of Cybersecurity Threats" Organizations are concerned about generative AI technologies as being a major driver of cybersecurity threats in 2024." Dark Reading. https://www.darkreading.com/edge-threat-monitor/it-pros-worry-generative-ai-will-be-a-major-driver-of-cybersecurity-threats
- ISC2. (2023, November 10.) "Resources for Military Service Members and Veterans Transitioning to the Private-Sector Cybersecurity Workforce." ISC2 Insights. https://www.isc2.org/Insights/2023/11/Resources-for-Military-Veterans-Transitioning-Private-Sector-Cybersecurity-Workforce?queryID=64bd802dec1c47b90fc5246436b1f76e
- Arghire, I. (2023, November 10). "US Government Issues Guidance on SBOM Consumption; CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security." Security Week. https://www.securityweek.com/us-government-issues-guidance-on-sbom-consumption/
- Bradley, S. (2023, November 9). "Forget the spam filter: How unique phishing attempts undermine Microsoft email security." CSO. https://www.csoonline.com/article/1240792/forget-the-spam-filter-how-unique-phishing-attempts-undermine-microsoft-email-security.html
- Edge Editors. (2023, November 6). "Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule: Mandiant/Google Cloud's Jill C. Tyson offers up timelines, checklists, and other guidance around enterprisewide readiness to ensure compliance with the new rule." Dark Reading. https://www.darkreading.com/edge/steps-to-follow-to-comply-with-the-sec-cybersecurity-disclosure-rule
- ICS2. (2023, November 3rd). "ISC2 Cybersecurity Workforce Study: Looking Deeper into the Workforce Gap." ICS2 Insights. https://www.isc2.org/Insights/2023/11/ISC2-Cybersecurity-Workforce-Study-Looking-Deeper-into-the-Workforce-Gap?queryID=84e82de8a0067f92ddfdb29ec0dbbd47
- Kovacs, E. (2023, November 2). "Boeing Confirms Distribution Business Hit by Cyberattack: Boeing has confirmed that parts of its distribution business were hit by a cyberattack after a ransomware group claimed to have breached the company’s systems." Security Week. https://www.securityweek.com/boeing-confirms-distribution-business-hit-by-cyberattack/
- Bradley, S. (2023, October 26). "Copilot is ready for takeoff: Microsoft rolls out artificial intelligence for Windows." CSO. https://www.csoonline.com/article/657083/copilot-is-ready-for-takeoff-microsoft-rolls-out-artificial-intelligence-for-windows.html
- NIST.gov. (Updated 2023). "Updating the NIST Cybersecurity Framework – Journey To CSF 2.0." https://www.nist.gov/cyberframework/updating-nist-cybersecurity-framework-journey-csf-20
From the site: "NIST initially produced the Framework in 2014 and updated it in April 2018 with CSF 1.1. Based on stakeholder feedback, in order to reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST is working on a new, more significant update to the Framework: CSF 2.0.
- Schuman, E. (2023, July 26). "Companies Must Have Corporate Cybersecurity Experts, SEC Says
Enterprises must now describe their management's expertise in cybersecurity. But what exactly does that entail?." DarkReading. https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says
- Brumfield, C. (2023, July 18). "House-passed US 2024 defense bill contains $13.5 billion for cyberspace activities." CSO. https://www.csoonline.com/article/646597/house-passed-us-2024-defense-bill-contains-13-5-billion-for-cyberspace-activities.html From the FY 2024 Defense Budget Overview: "The FY 2024 cyberspace activities budget resources the development of new capabilities and technologies to support the advancement of the Department’s cybersecurity and cyberspace operations programs (FY 2024, $0.5 billion). These activities will accelerate multiple innovative lines of effort across the Department to support the 2023 DoD Cyber Strategy and facilitate Information Advantage throughout the spectrum of competition, crisis, and conflict." Ref: Overview – FY 2024 Defense Budget https://comptroller.defense.gov/Portals/45/Documents/defbudget/FY2024/FY2024_Budget_Request_Overview_Book.pdf
- Pratt, M.K. (2023, March 16). "When and how to report a breach to the SEC: Publicly traded companies will have to make decisions and prepare for the reporting of cybersecurity breaches to the Securities and Exchange Commission when new requirements are enacted." CSO Online. https://www.csoonline.com/article/3690732/when-and-how-to-report-a-breach-to-the-sec.html
- Thinking about sharpening your INFOSEC tech skills and certifications? Good move! From The Bureau of Labor Statistics Occupational Outlook. "Employment of information security analysts is projected to grow 35 percent from 2021 to 2031, much faster than the average for all occupations." https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
About Certified Information Systems Security Professional (CISSP) Certification:
- ISC2. (2023, November 30). "CISSP+CCSP: The Power of Duo Cybersecurity Certifications: Organizations worldwide put a premium on the strength CISSP + CCSP together bring to their defense. CISSPs save 20% on training now." ISC2
Learn more: https://www.isc2.org/landing/powerduo/cissptoccsp
- ISC2. (2023, November 15). "Changes to the CISSP Exam Weighting – What You Need to Know: Effective from April 15, 2024, ISC2 will refresh the CISSP credential exam. ISC2 regularly updates the exams and domain weighting for its certifications."
ISC2 Insights. https://www.isc2.org/Insights/2023/11/Changes-to-CISSP-Exam-Weighting?queryID=f10ca4e454bd734ac66d02e365af9aca
- Call to Action: Review the current outline for CISSP-ISSEP concentration exam and reply to questions.
Link to: (ISC)2 Management. (2023, July 12). "Calling All CISSP-ISSEPs! Help Shape Future CISSP-ISSEP Exams!" (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/07/calling-all-cissp-isseps-help-shape-future-cissp-issep-exams.html
- (ISC)2 Management. (2023, March 30). "NEW CISSP EXAM REGISTRATION PROCESS FOR 2023: Looking to earn your (ISC)² CISSP certification? Make sure you follow these updated steps to register for your exam." (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/03/new-cissp-exam-registration-process-for-2023.html
- (ISC)2 Blog. (2022, December 13). "CALLING ALL CISSPS! HELP SHAPE THE CISSP EXAM." From the blog post: "Coming up next month, the CISSP will be taking its next step in the certification lifecycle with a JTA Study Workshop tentatively scheduled for January 17-19, 2023." Read more: https://blog.isc2.org/isc2_blog/2022/12/calling-all-cissps-help-shape-the-cissp-exam.html
- "Changes to the CISSP Exam Length Coming Soon. Beginning June 1, 2022, additional pretest items and time will be added to the CISSP exam for the Computerized Adaptive Testing (CAT) format." (ISC)2 blog (March 10, 2022). Read further: https://blog.isc2.org/isc2_blog/2022/03/changes-to-the-cissp-exam-length-coming-soon.html
- How is the CISSP-ISSMP Exam Changing? - (ISC)² Blog (isc2.org) (March 17, 2022)
- "A Cybersecurity Role Has Topped List of Best Jobs" ... by (ISC)2 Management, (ISC)2 Blog (January 14, 2022)
- Survey Says: CISSP and CCSP Among the Most In Demand IT Certifications of 2021 - (ISC)² Blog (isc2.org) (26 February 2021)
- (ISC)² Updates CISSP Cybersecurity Certification Exam Based on Expert-Led Domain Revision ... (ISC)2 news release (01 February 2021)
- "SURVEY: CISSP IS THE MOST VALUABLE SECURITY CERTIFICATION FOR 2021" ... (ISC)2 blog site (January 21, 2021)
- "STUDY: CERTIFICATIONS BOOST SALARIES SUBSTANTIALLY" ... (ISC)2 blog site (November 2020)
News Sites of Interest to the Certified Information Systems Security Professional (CISSP):
- (ISC)² insights: https://www.isc2.org/Insights
- Krebs on Security: https://krebsonsecurity.com/
- Schneier on Security: https://www.schneier.com/
- Dark Reading: https://www.darkreading.com/
- The Hacker News: https://thehackernews.com/
- Daniel Miessler Blog: https://danielmiessler.com/blog/
- CSO Online: https://www.csoonline.com/news/
- Security Week: https://www.securityweek.com/
- Wired: https://wired.com
- Threatpost: https://threatpost.com
Thinking about taking the CISSP certification exam?
- What are the benefits of CISSP certification?
- What are the requirements for CISSP certification?
- What experience do you need to have before you take the CISSP certification exam?
- How should you prepare to take the CISSP certification exam?
CISSP - Certified Information Systems Security Professional - About the CISSP NOW! method:
- The CISSP NOW! method, documented in the CISSP NOW! ebook, references official (ISC)² study material, which may be purchased from Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119787637
- If you do not have access to the official (ISC)² study material, you will not be able to follow the CISSP NOW! method.
- The CISSP NOW! method is built around continuous self-assessment and quantitative feedback.