The cybersecurity field contains a professional charge like few others. Exploding into the commercial landscape over the last decade, the discipline finds itself in a perpetual state of flux. Subject to a myriad of definitions, many hopeful professionals and students know two things about cybersecurity: first, it is important; second, it is growing.
This trend is evident in the highest levels of corporate consciousness. A recent Forrester poll cited a 48 percent increase in executive awareness of information security. As a result, students and professionals worldwide are pursuing the vocation, while companies try hard to hire these professionals.
One of the most significant changes in the world of security today is the loss of the concept of a defensible network perimeter.
Many legacy security frameworks and concepts are built on the idea that we can keep threats out of the entire network where we store and transact information. The reality is that most of us now operate in a cat and mouse game of identifying and containing the latest intrusions and disruptions.
However, when we look at where our organization data are, they are often outside of the organizations’ network anyway:
For these reasons, how we apply security has to correlate with where we choose to allow electronic information of any value to travel.
Incidents involving ransomware are becoming more prevalent and can devastate an underprepared organization. What is most alarming is that ransomware variants are increasingly easier to obtain and deploy by not only criminal syndicates, but anyone with the means and desire to purchase.
In the community we have seen rapid development of ransomware with many of the more robust variants becoming more and more difficult to circumvent. Thankfully, many practitioners and researchers have come together to assist ransomware victims in recovering their data. While it is good to see open-sourced solutions available to mitigate ransomware and help victims recover their data, criminals that develop ransomware can easily sidestep identified recovery techniques and deploy a more advanced version.
Today’s cybersecurity students face a number of challenges as they learn their field of choice. Two areas my students find particularly challenging include understanding the difference between information security and cybersecurity, and gaining context of a digitally altered world. They are also learning to analyze and understand the technological convergence and challenges around security, safety and control.
My cybersecurity students now have significantly more information to help them address those challenges. One of them is ISACA’s new Cybersecurity Fundamentals Career Starter program. Through the program, college and university instructors and students can receive free access to the Cybersecurity Fundamentals Study Guide, which I, and other professors, can use to shape our academic courses or as a reference to help build our students’ foundational cybersecurity knowledge.
Cloud computing has probably been the most argued technological subject of the past 5-6 years. Throughout this period, cloud has evolved to become the top priority subject in organizations’ agendas, both in terms of governance (strategic decisions) and also as the unknown factor affecting the business. The book, Controls and Assurance in the Cloud: Using COBIT 5, is a guide that addresses both issues.
More specifically, the book starts with a section outlining all of the business factors that make the transition to cloud an attractive business strategy. It then goes a step further by laying out cloud service and delivery (or deployment) models alongside the associated benefits and risks to an organization, whilst detailing cloud computing challenges that organizations need to address.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.