CISSP Tips and Topics
|
|
Recent Cybersecurity News Highlights:
- Dunn, John E. (2023, May 26). Analysis: Ransomware In 2023 – Same Old Vulnerabilities, Bigger Ransoms, And Plenty of Pain. (ISC)2 blog. https://blog.isc2.org/isc2_blog/2023/05/analysis-ransomware-in-2023-same-old-vulnerabilities-bigger-ransoms-and-plenty-of-pain.html. Question posed in the article: "The 2023 Sophos State of Ransomware report found that while the number of ransomware attacks stabilized, larger victims are paying more than ever. Are they simply getting used to paying up?"
- Sharma, S. (2023, May 31). "Phishing remained the top identity abuser in 2022: IDSA report
The survey revealed phishing as the most common identity-related incident in 2022, with “emails” as the most popular type." CSO. https://www.csoonline.com/article/3697755/phishing-remained-the-top-identity-abuser-in-2022-idsa-report.html. According to the article, the reason comes down to "employees unknowingly clicking on a #phishing email." - Hill, M. (2023, May 25). "Inactive accounts pose significant account takeover security risks: Inactive accounts that haven’t been accessed for extended periods are more likely to be compromised due to password reuse and lack of multifactor authentication." CSO. https://www.csoonline.com/article/3696941/inactive-accounts-pose-significant-account-takeover-security-risks.html
- Brumfield, C. (2023, May 15). Law enforcement crackdowns and new techniques are forcing cybercriminals to pivot: Researchers say that law enforcement crackdowns and new investigative tools are putting pressure on cybercriminals, but challenges for defenders remain." CSO. https://www.csoonline.com/article/3696748/law-enforcement-crackdowns-and-new-techniques-are-forcing-cybercriminals-to-pivot.html The article highlights how the use of investigative tools have resulted in the identification and tracking of cybercrimes -- making it more difficult for cybercriminals to engage in illicit operations undetected. But article contributors caution that the drop in annual ransomware revenue, for example, has made way for cybercriminals to resort to other schemes and techniques "with more certainty of success."
- How long will it take before an unusual traffic alert on one of your servers bubbles up to a full-scale security breach in your organization? Are you concerned about potential "backdoors" in your network infrastructure?
Bradley, S. (2023, May 8). "Review your on-prem ADCS infrastructure before attackers do it for you: Attacks through Active Directory Certificate Services are fairly easy for bad actors to perform but basic vigilance and built-in Windows protections can help mitigate the risk of a breach." CSO. https://www.csoonline.com/article/3695769/review-your-on-prem-adcs-infrastructure-before-attackers-do-it-for-you.html - About Digital Services Act (DSA) compliance in the EU: Trueman, Charlotte. (2023, April 25). "Amazon, Facebook, Twitter on EU list of companies facing DSA content rules: The EU Commission has announced the 19 online companies and search engines, including Bing and Google, that will have to comply with new transparency and accountability regulations by August." https://www.computerworld.com/article/3694571/amazon-facebook-twitter-on-eu-list-of-companies-facing-dsa-content-rules.html From the article: "The EU Commission has announced 19 large online platforms and search engines that will face new content moderation rules under the Digital Services Act."
- Free (ISC)2 webinar: Navigating the Expanding Cloud Attack Surface: Save the Date: April 20, 2023 at 1 pm ET: https://www.isc2.org/News-and-Events/Webinars/Security-Briefing?commid=578733
- (ISC)2 Management. (2023, March 30). "NEW CISSP EXAM REGISTRATION PROCESS FOR 2023: Looking to earn your (ISC)² CISSP certification? Make sure you follow these updated steps to register for your exam." (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/03/new-cissp-exam-registration-process-for-2023.html
- Dark Reading Staff. (2023, March 29). "Phishing Emails Up a Whopping 569% in 2022: Credential phishing emails are the clear favorite of threat actors, with a 478% spike last year, new research shows." Dark Reading. https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022
- Pratt, M.K. (2023, March 16). "When and how to report a breach to the SEC: Publicly traded companies will have to make decisions and prepare for the reporting of cybersecurity breaches to the Securities and Exchange Commission when new requirements are enacted." CSO Online. https://www.csoonline.com/article/3690732/when-and-how-to-report-a-breach-to-the-sec.html
- Venkat, A. (2023, March 10). Customer Proprietary Network Information (CPNI) data belonging to 9M AT&T customers exposed in latest breach: "AT&T informs 9M customers about data breach: The company’s marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses." CSO Online. https://www.csoonline.com/article/3690609/att-informs-9m-customers-about-data-breach.html See also: Gatlan, S. (2023, March 9). "AT&T alerts 9 million customers of data breach after vendor hack." Bleeping Computer. https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/
- Nelson, N. (2023, March 8). "TSA Issues Urgent Directive to Make Aviation More Cyber Resilient: Will stricter cybersecurity requirements make flying safer? The TSA says yes, and sees it as a time-sensitive imperative." Dark Reading. https://www.darkreading.com/ics-ot/tsa-issues-urgent-directive-aviation-cyber-resilient
- From the TSA press release: "WASHINGTON, March 7, 2023 /PRNewswire/ -- Today, the Transportation Security Administration (TSA) issued a new cybersecurity amendment on an emergency basis to the security programs of certain TSA-regulated airport and aircraft operators, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is part of the Department of Homeland Security's efforts to increase the cybersecurity resilience of U.S. critical infrastructure and follows extensive collaboration with aviation partners." See: https://www.prnewswire.com/news-releases/tsa-issues-new-cybersecurity-requirements-for-airport-and-aircraft-operators-301765090.html
- Schwartz, J. (2023, February 28). "CISOs Share Their 3 Top Challenges for Cybersecurity Management: The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio." Dark Reading. https://www.darkreading.com/edge-articles/cisos-share-their-3-top-challenges-for-cybersecurity-management
- Newman, L.H. (2023, February 17). "The WIRED Guide to Data Breaches: Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers." Wired Magazine. https://www.wired.com/story/wired-guide-to-data-breaches/
- Conesti, D-L. (2023, February 9). "PREDICTIONS 2023, PART 2: WHAT WILL THE NEW YEAR BRING FOR THE INFOSEC COMMUNITY?" (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/02/predictions-2023-part-2-what-will-the-new-year-bring-for-the-infosec-community.html Issues related to Artificial Intelligence (e.g., Google OpenAI ChatGPT Chatbot), Supply Chain, Data Privacy, and Cyber Security Insurance feature among predicted cybersecurity challenges for 2023.
- Hill, M. (2023, February). "Foreign states already using ChatGPT maliciously, UK IT leaders believe
Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams." CSO. https://www.csoonline.com/article/3687089/foreign-states-already-using-chatgpt-maliciously-uk-it-leaders-believe.html - Rashid, F.Y. (2023, January 20). "GPT Emerges as Key AI Tech for Security Vendors: Orca Security is one of the companies integrating conversational AI technology into its products." Dark Reading. https://www.darkreading.com/dr-tech/gpt-emerges-ai-tech-security-vendors
- Contesti, D-L. (2023, January 11). "Predictions 2023, Part 1: What will the new year bring for the InfoSec Community?" (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/01/predictions-2023-what-will-the-new-year-bring-for-infosec.html
- Thinking about sharpening your INFOSEC tech skills and certifications? Good move! From The Bureau of Labor Statistics Occupational Outlook. "Employment of information security analysts is projected to grow 35 percent from 2021 to 2031, much faster than the average for all occupations." https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
About Certified Information Systems Security Professional (CISSP) Certification:
- (ISC)2 Management. (2023, March 30). "NEW CISSP EXAM REGISTRATION PROCESS FOR 2023: Looking to earn your (ISC)² CISSP certification? Make sure you follow these updated steps to register for your exam." (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/03/new-cissp-exam-registration-process-for-2023.html
- (ISC)2 Blog. (2022, December 13). "CALLING ALL CISSPS! HELP SHAPE THE CISSP EXAM." From the blog post: "Coming up next month, the CISSP will be taking its next step in the certification lifecycle with a JTA Study Workshop tentatively scheduled for January 17-19, 2023." Read more: https://blog.isc2.org/isc2_blog/2022/12/calling-all-cissps-help-shape-the-cissp-exam.html
- "Changes to the CISSP Exam Length Coming Soon. Beginning June 1, 2022, additional pretest items and time will be added to the CISSP exam for the Computerized Adaptive Testing (CAT) format." (ISC)2 blog (March 10, 2022). Read further: https://blog.isc2.org/isc2_blog/2022/03/changes-to-the-cissp-exam-length-coming-soon.html
- How is the CISSP-ISSMP Exam Changing? - (ISC)² Blog (isc2.org) (March 17, 2022)
- "A Cybersecurity Role Has Topped List of Best Jobs" ... by (ISC)2 Management, (ISC)2 Blog (January 14, 2022)
- Survey Says: CISSP and CCSP Among the Most In Demand IT Certifications of 2021 - (ISC)² Blog (isc2.org) (26 February 2021)
- (ISC)² Updates CISSP Cybersecurity Certification Exam Based on Expert-Led Domain Revision ... (ISC)2 news release (01 February 2021)
- "SURVEY: CISSP IS THE MOST VALUABLE SECURITY CERTIFICATION FOR 2021" ... (ISC)2 blog site (January 21, 2021)
- "STUDY: CERTIFICATIONS BOOST SALARIES SUBSTANTIALLY" ... (ISC)2 blog site (November 2020)
News Sites of Interest to the Certified Information Systems Security Professional (CISSP):
- (ISC)² blog: https://blog.isc2.org/
- Krebs on Security: https://krebsonsecurity.com/
- Schneier on Security: https://www.schneier.com/
- Dark Reading: https://www.darkreading.com/
- The Hacker News: https://thehackernews.com/
- Daniel Miessler Blog: https://danielmiessler.com/blog/
- CSO Online: https://www.csoonline.com/news/
- Security Week: https://www.securityweek.com/
- Wired: https://wired.com
- Threatpost: https://threatpost.com
News Feeds
CISSP - Certified Information Systems Security Professional - About the CISSP NOW! method:
- The CISSP NOW! method, documented in the CISSP NOW! ebook, references official (ISC)² study material, which may be purchased from Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119787637
- If you do not have access to the official (ISC)² study material, you will not be able to follow the CISSP NOW! method.
- The CISSP NOW! method is built around continuous self-assessment and quantitative feedback.
