CISSP Tips and Topics
|
|
Recent Cybersecurity News Highlights:
- Pratt, M.K. (2023, March 16). "When and how to report a breach to the SEC: Publicly traded companies will have to make decisions and prepare for the reporting of cybersecurity breaches to the Securities and Exchange Commission when new requirements are enacted." CSO Online. https://www.csoonline.com/article/3690732/when-and-how-to-report-a-breach-to-the-sec.html
- Venkat, A. (2023, March 10). Customer Proprietary Network Information (CPNI) data belonging to 9M AT&T customers exposed in latest breach: "AT&T informs 9M customers about data breach: The company’s marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses." CSO Online. https://www.csoonline.com/article/3690609/att-informs-9m-customers-about-data-breach.html See also: Gatlan, S. (2023, March 9). "AT&T alerts 9 million customers of data breach after vendor hack." Bleeping Computer. https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/
- Nelson, N. (2023, March 8). "TSA Issues Urgent Directive to Make Aviation More Cyber Resilient: Will stricter cybersecurity requirements make flying safer? The TSA says yes, and sees it as a time-sensitive imperative." Dark Reading. https://www.darkreading.com/ics-ot/tsa-issues-urgent-directive-aviation-cyber-resilient
- From the TSA press release: "WASHINGTON, March 7, 2023 /PRNewswire/ -- Today, the Transportation Security Administration (TSA) issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is part of the Department of Homeland Security's efforts to increase the cybersecurity resilience of U.S. critical infrastructure and follows extensive collaboration with aviation partners." See: https://www.prnewswire.com/news-releases/tsa-issues-new-cybersecurity-requirements-for-airport-and-aircraft-operators-301765090.html
- Schwartz, J. (2023, February 28). "CISOs Share Their 3 Top Challenges for Cybersecurity Management: The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio." Dark Reading. https://www.darkreading.com/edge-articles/cisos-share-their-3-top-challenges-for-cybersecurity-management
- Newman, L.H. (2023, February 17). "The WIRED Guide to Data Breaches: Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers." Wired Magazine. https://www.wired.com/story/wired-guide-to-data-breaches/
- Conesti, D-L. (2023, February 9). "PREDICTIONS 2023, PART 2: WHAT WILL THE NEW YEAR BRING FOR THE INFOSEC COMMUNITY?" (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/02/predictions-2023-part-2-what-will-the-new-year-bring-for-the-infosec-community.html Issues related to Artificial Intelligence (e.g., Google OpenAI ChatGPT Chatbot), Supply Chain, Data Privacy, and Cyber Security Insurance feature among predicted cybersecurity challenges for 2023.
- Hill, M. (2023, February). "Foreign states already using ChatGPT maliciously, UK IT leaders believe
Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams." CSO. https://www.csoonline.com/article/3687089/foreign-states-already-using-chatgpt-maliciously-uk-it-leaders-believe.html - Rashid, F.Y. (2023, January 20). "GPT Emerges as Key AI Tech for Security Vendors: Orca Security is one of the companies integrating conversational AI technology into its products." Dark Reading. https://www.darkreading.com/dr-tech/gpt-emerges-ai-tech-security-vendors
- Contesti, D-L. (2023, January 11). "Predictions 2023, Part 1: What will the new year bring for the InfoSec Community?" (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/01/predictions-2023-what-will-the-new-year-bring-for-infosec.html
- Burgess, C. (2023, January 9). CSO. "OPINION: If governments are banning TikTok, why is it still on your corporate devices: When lawmakers and higher education take steps to prevent official users from accessing the popular video-sharing app on their devices, corporations should sit up and take notice." https://www.csoonline.com/article/3684908/if-governments-are-banning-tiktok-why-is-it-still-on-your-corporate-devices.html
- Adebayo, K.S. (2023, January 5). How Confidential Computing Can Change Cybersecurity: Dark Reading. https://www.darkreading.com/edge-articles/how-confidential-computing-can-change-cybersecurity From the article: "Confidential computing segregates data and code from the host computer's system and makes it harder for unauthorized third parties to access the data."
- Thinking about sharpening your INFOSEC tech skills and certifications? Good move! From The Bureau of Labor Statistics Occupational Outlook. "Employment of information security analysts is projected to grow 35 percent from 2021 to 2031, much faster than the average for all occupations." https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
About Certified Information Systems Security Professional (CISSP) Certification:
- (ISC)2 Blog. (2022, December 13). "CALLING ALL CISSPS! HELP SHAPE THE CISSP EXAM." From the blog post: "Coming up next month, the CISSP will be taking its next step in the certification lifecycle with a JTA Study Workshop tentatively scheduled for January 17-19, 2023." Read more: https://blog.isc2.org/isc2_blog/2022/12/calling-all-cissps-help-shape-the-cissp-exam.html
- "Changes to the CISSP Exam Length Coming Soon. Beginning June 1, 2022, additional pretest items and time will be added to the CISSP exam for the Computerized Adaptive Testing (CAT) format." (ISC)2 blog (March 10, 2022). Read further: https://blog.isc2.org/isc2_blog/2022/03/changes-to-the-cissp-exam-length-coming-soon.html
- How is the CISSP-ISSMP Exam Changing? - (ISC)² Blog (isc2.org) (March 17, 2022)
- "A Cybersecurity Role Has Topped List of Best Jobs" ... by (ISC)2 Management, (ISC)2 Blog (January 14, 2022)
- Survey Says: CISSP and CCSP Among the Most In Demand IT Certifications of 2021 - (ISC)² Blog (isc2.org) (26 February 2021)
- (ISC)² Updates CISSP Cybersecurity Certification Exam Based on Expert-Led Domain Revision ... (ISC)2 news release (01 February 2021)
- "SURVEY: CISSP IS THE MOST VALUABLE SECURITY CERTIFICATION FOR 2021" ... (ISC)2 blog site (January 21, 2021)
- "STUDY: CERTIFICATIONS BOOST SALARIES SUBSTANTIALLY" ... (ISC)2 blog site (November 2020)
News Sites of Interest to the Certified Information Systems Security Professional (CISSP):
- (ISC)² blog: https://blog.isc2.org/
- Krebs on Security: https://krebsonsecurity.com/
- Schneier on Security: https://www.schneier.com/
- Dark Reading: https://www.darkreading.com/
- The Hacker News: https://thehackernews.com/
- Daniel Miessler Blog: https://danielmiessler.com/blog/
- CSO Online: https://www.csoonline.com/news/
- Security Week: https://www.securityweek.com/
- Wired: https://wired.com
- Threatpost: https://threatpost.com
News Feeds
CISSP - Certified Information Systems Security Professional - About the CISSP NOW! method:
- The CISSP NOW! method, documented in the CISSP NOW! ebook, references official (ISC)² study material, which may be purchased from Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119787637
- If you do not have access to the official (ISC)² study material, you will not be able to follow the CISSP NOW! method.
- The CISSP NOW! method is built around continuous self-assessment and quantitative feedback.
