Tag Archives: (ISC)²

David Blunkett MP to deliver opening Keynote Speech at inaugural (ISC)² Security Congress EMEA

(ISC)² – the largest not-for-profit membership body of certified information and software security professionals – has published the education programme and speaker line-up for its inaugural Security Congress EMEA, which takes place on 9-10 December at the Bloomsbury Hotel in London.

Organised in partnership with the MIS Training Institute, the conference programme offers a broad professional development opportunity, combining a comprehensive plenary programme with focused track sessions delivered by a cross-section of the security community throughout the region.

Kicking off the programme with insights into why the UK Government elevated cyber security to a Tier 1 threat is the Right Honourable David Blunkett MP, who served as Home Secretary between 2001 and 2004.

“I’m very pleased to see and also support this obvious commitment from the (ISC)² community aimed at increasing our capacity to ensure security for us all in the digitally-enabled, digitally-dependent economy,” explained Blunkett. “It has never been more crucial for the EMEA region’s international information security professionals to join forces and align their efforts as we all face the increasingly complex and adversarial challenges developing in the cyber world.”

The ISC2 Security Congress EMEA 2014 takes place in London during early December

The ISC2 Security Congress EMEA 2014 takes place in London during early December

Other confirmed keynote speakers include Dr Simon Singh (the best-selling author, journalist, radio broadcaster, TV producer and director), Dr Stefan Lüders (head of computer security at the European Organisation for Nuclear Research), Jaya Baloo (CISO for KPN in the Netherlands) and Michael Colao, head of security at AXA in the UK.

Conference sessions cover current events (including the privacy issues hampering the UK’s NHS data sharing scheme) and real world Case Studies from Euroclear, the Ministry of Justice in Saudi Arabia, UBS and the Dutch National Cyber Security Centre.

Delegates are able to organise their agenda around 30 sessions, including a comprehensive plenary programme and break-out sessions across six tracks: Governance, Risk and Compliance, Mobile Security, Human Factors, Security Architecture and Data Security.

“The quality and depth of the responses received following our Call for Speakers was overwhelming, allowing us to build a strong programme that addresses professional development needs at all levels,” explained John Colley, managing director for the EMEA region at (ISC)². “This event offers members of the professional community an opportunity to learn from their peers and debate the latest proposals around some of the key cyber security issues that are challenging companies, Governments and society on a daily basis.”

In addition to the conference sessions, Security Congress EMEA delegates have the opportunity to include two pre-conference workshops (to be held on 8 December) within their conference agenda. These workshops are based on the (ISC)² CBK training seminars for the Certified Cyber Forensics Professional (CCFPSM) and Certified Software Security Lifecycle Professional (CSSLP) credentials.

David Blunkett MP

David Blunkett MP

“It’s our vision to inspire a safe and secure cyber world,” commented Wim Remes, chairman of the (ISC)² Board of Directors. “We execute on this vision by offering value to society through credentials, resources and leadership. These concepts are reflected in Security Congress EMEA 2014 through a valuable education programme. I’m delighted to see the calibre of speakers that have chosen to present their thoughts at our event.”

All sessions and workshops qualify for Continuing Professional Education (CPE) credit. Registration is now open. (ISC)² members, chapter members and supporting organisations are eligible for special discounted pricing.

For more information or to register for the (ISC)² Security Congress EMEA visit: http://www.EMEAcongress.isc2.org

Further information about (ISC)²

Formed in 1989 and thus celebrating its 25th Anniversary in 2014, (ISC)² is the largest not-for-profit membership body of certified information and software security professionals worldwide. The organisation currently plays host to over 100,000 members in more than 135 countries.

Globally recognised as ‘The Gold Standard’, (ISC)² issues the Certified Information Systems Security Professional (CISSP) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP), the Certified Cyber Forensics Professional (CCFPSM), Certified Authorisation Professional (CAP), HealthCare Information Security and Privacy Practitioner (HCISPPSM) and Systems Security Certified Practitioner (SSCP) credentials to qualifying candidates.

(ISC)²’s certifications are among the first IT credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark designed for assessing and certifying personnel.

(ISC)² also offers education programmes and services based on its CBK, a compendium of information and software security topics.

Additional detail is available at: http://www.isc2.org

Leave a comment

Filed under Risk UK News

(ISC)² announces inaugural EMEA Security Congress: London, 8-10 December 2014

The Call for Presentations is now open for (ISC)² Security Congress EMEA 2014, an event designed to provide a unique international platform for information security professionals.

International information security professionals have a unique opportunity to meet, learn and get ahead of industry developments with the announcement of the inaugural (ISC)2 Security Congress EMEA.

Organised in partnership with the MIS Training Institute, the (ISC)² Security Congress EMEA 2014 is the first multi-day conference within the Europe, Middle East and Africa (EMEA) region to be hosted by (ISC)², the largest not-for-profit membership body of certified information and software security professionals with over 100,000 members worldwide.

Submissions for presentations are now being accepted until 4 July for the 8-10 December 2014 event, which is to be held at The Bloomsbury Hotel in London.

“(ISC)² EMEA has delivered educational conferences across the region for nearly ten years,” explained John Colley CISSP, managing director for (ISC)² EMEA, “allowing us to develop a strong network of top-notch speakers that can offer real insight into the issues we are all facing.”

International information security professionals have a unique opportunity to meet, learn, and get ahead of industry developments with the announcement of the inaugural (ISC)2 Security Congress EMEA

International information security professionals have a unique opportunity to meet, learn, and get ahead of industry developments with the announcement of the inaugural (ISC)2 Security Congress EMEA

Colley continued: “What makes this initiative really interesting is the opportunity we have to showcase the wealth of experience within the membership. This event presents a unique opportunity for professionals at all levels to come together, share what theyre experiencing on the front lines and learn from each other. I anticipate strong, informative and really useful sessions across the five designated conference tracks.”

Strengthening Cyber Security Defenders

Set to the overall theme of Strengthening Cyber Security Defenders, the (ISC)² Security Congress EMEA 2014 is open to all interested industry professionals.

Building on the experiences of the US-based (ISC)² Security Congress, which is now in its fourth year, the (ISC)² Security Congress EMEA will offer a comprehensive seminar programme over five focused tracks, a pre-conference day of training workshops and special interest sessions along with a gala dinner.

Keynotes and plenaries will be complemented by a broad review of current industry concerns in the following tracks: Governance, Risk and Compliance, Mobile Security, Human Factors, Architecture and Data Security.

The (ISC)² Security Congress EMEA 2014 is the latest development in (ISC)²’s successful and growing global event programme which currently includes 14 one-day (ISC)² information and software security events held in major cities throughout the EMEA region.

For presentation submission requirements, and to learn more, visit: http://www.EMEAcongress.isc2.org

Leave a comment

Filed under IFSECGlobal.com News

Expert-level (ISC)² Certified Cyber Forensics Professional certification available in Europe

(ISC)² (the largest not-for-profit membership body of certified information and software security professionals with nearly 100,000 members worldwide) has announced the availability of its Certified Cyber Forensics Professional – European Union certification in Europe. Registration is now open, with the first examination available on 30 April 2014 at Pearson VUE Test Centres across the region. The German translation of the examination will be available on 15 June 2014.

The CCFP is the only global standard currently available for assessing experienced digital forensics professionals’ mastery of the discipline. Originally only available for the US and South Korea, the credential has been developed for the European legal environment following a series of exam workshops conducted by a panel of experts from public and private sector organisations in the UK and Europe to ensure that its scope and content reflects the requirements of the region.

The CCFP is an expert-level credential that offers a common, internationally recognised body of knowledge. It exposes a comprehensive, yet advanced knowledge that today’s experienced cyber forensics practitioners must demonstrate.

The CCFP is the only global standard currently available for assessing experienced digital forensics professionals’ mastery of the discipline

The CCFP is the only global standard currently available for assessing experienced digital forensics professionals’ mastery of the discipline

Many of the existing certifications available today are of a foundational level and focus on a narrow aspect of the cyber forensics realm.

“A major challenge for the information security community today is that we are unable to fight cyber crime as one force,” explained Lorenz Kuhlee, CCFP-EU (ISC)² volunteer and lead investigator for the RISK Team at Verizon. “The crime scene is broad and so, to be effective, there is a need for collaboration across the cyber crime landscape in a way that bridges all aspects of security including technology, analytics, law enforcement and business.”

Kuhlee continued: “In Europe, the complexity is much higher due to the law-related disparities among countries. The CCFP credential supports the unique requirements of individual countries, but equips professionals with a Best Practice-led, uniform and thorough approach to dealing with overall challenges.”

The CCFP spans the digital forensics and information security disciplines. The six (ISC)² CBK domains within the credential include: Legal and Ethical Principles, Investigations, Forensic Science, Digital Forensics, Application Forensics and Hybrid/Emerging Technologies.

Applications to Big Data

“Cyber forensics is more than crime scenes and just collecting and analysing hard drives and USB sticks,” said Adrian Davis, managing director for EMEA at (ISC)².

“It can be applied to Big Data, security log review and other important security activities where careful analysis can yield important insights. Additionally, the discipline permeates information security, law enforcement and law in general.”

Davis went on to state: “While its importance is growing globally, standardising cyber forensics practices across Europe is especially challenging given the numerous jurisdictions within the region. We have leveraged the expertise of subject matter experts to adapt the certification to specifically meet the needs of the European market. The CCFP encompasses the depth and breadth of expertise that every cyber forensics professional must possess – from forensics techniques and procedures through to standards of practice, as well as legal and ethical principles that are commonly recognised, applicable and relevant across the region.”

To attain the CCFP, applicants must hold a four-year degree leading to a Baccalaureate or regional equivalent and have at least three years of cumulative paid full-time, professional experience in digital forensics or IT security in three out of the six domains of the credential.

Those not holding a degree must have six years of cumulative paid full-time digital forensics or IT security work experience in three out of the six domains of the credential or an alternate forensics certification approved by (ISC)² and five years of full-time digital forensics or IT security experience in three out of the six domains of the credential.

Candidates can find out more information about CCFP, download the exam outline, sign up for training courses and register for the exam at: http://www.isc2.org/ccfp.

The Official (ISC)² Guide to the CCFP CBK will be available in electronic format on iTunes by the end of April.

Leave a comment

Filed under IFSECGlobal.com News

(ISC)² introduces programme to develop cyber security education throughout global academic community

Accredited academic institutions now have access to new resources and support from the world’s largest not-for-profit membership body of certified information and software security professionals with the launch of the (ISC)² Global Academic Programme.

(ISC)² is making its educational resources, which are updated regularly by its members and industry luminaries, available to academia to help meet the global demand for more skilled cyber security professionals. With nearly 100,000 members worldwide, the (ISC)² common body of knowledge (CBK) incorporates disciplines within information security, software security, forensics and healthcare.

The (ISC)² Global Academic Programme is a key initiative behind the organisation’s commitment to address the growing gap in availability of qualified cybersecurity professionals that has been tracked since 2004 by the (ISC)² Global Information Security Workforce Study. The most recent report, released in February, offers analysis from Frost & Sullivan into the acute nature of the skills gap, forecasting an annual workforce growth rate of 11.3% by 2017 and pointing out that 35% of respondents looking to hire additional workers find it difficult to find qualified personnel today.

“We believe it’s critical to recognise and support the role of the academic community in the development of much-needed cyber security talent for now and in the future,” said W Hord Tipton CISSP, executive director at (ISC)².

Global universities now have access to the largest, most current compendium of information and software security topics

Global universities now have access to the largest, most current compendium of information and software security topics

“With the global skills gap in this sector increasingly acknowledged by companies and governments around the world, industry and academia must come together to address this challenge. (ISC)² is in a unique position to offer its educational content, which is regularly updated and vetted by experts, to colleges and universities around the world as part of this collaborative development effort required for our now digitally-dependent society.”

Need for more security content

Carsten Maple, vice-chairman of the Council of Professors and Heads of Computing, an association representing computing in UK Higher Education, highlights the need for more security content.

“It appears that many computing graduates are leaving university having studied little in the area of security,” said Maple. “There’s a varied approach to teaching security, but in a number of institutions there is only one module – approximately 5% of the total credits in a degree – dedicated to information security in their core three-year Computer Science degree. Clearly, with the growth in cyber attacks there is a need for graduates to be equipped with skills and knowledge of the threats and methods to overcome these. To do this, and to give computing students the best opportunity to succeed, we as an academic community are trying to better engage with industry representatives in fields such as information security.”

Detail behind the Global Academic Programme

The Global Academic Programme, which is being launched as Governments around the world seek to improve university curricula as part of their national cybersecurity strategies, offers products and services for colleges and universities that can be tailored for both undergraduate and post-graduate requirements.

Classroom materials, which range from domain-specific modules and practice assessments to faculty handbooks and student textbooks, are drawn from the certification CBKs.

The programme is open to accredited institutions interested in enhancing cyber content within their security, computing, IT or other relevant course offerings.

“In addition to the resources we have to offer, this programme presents a real opportunity to become part of a global network of academic members interested in establishing a joint framework for delivering essential skills and supporting the growth of a qualified cybersecurity workforce,” explained Dr Jo Portillo, global academic programme manager at (ISC)².

Academic institutions interested in learning more about the (ISC)² Global Academic Programme can contact Dr Jo Portillo, global academic programme manager at (ISC)² at: academic@isc2.org or access the website: https://www.isc2.org/academic/Default.aspx

Leave a comment

Filed under IFSECGlobal.com News

(ISC)² report reveals women’s perspectives and skills are ‘transforming’ the information security sector

The survey findings show that, despite a severe shortage of women in the information security workforce, females offer the right mentality needed to grow and diversify the security industry.

The new report, entitled ‘Agents of Change: Women in the Information Security Profession’ was authored by Frost & Sullivan and sponsored by Symantec.

This study reveals that women only represent 11% of the information security workforce, despite double-digit annual increases of personnel in the profession, yet they have the academic background and diverse perspective necessary to accelerate change in the information security industry.

The report highlights a severe shortage of woman in the information security industry, and why organisations globally need to shift attention to this critical problem.

Despite a severe shortage of females in the information security workforce, women offer the right mentality needed to grow and diversify the security industry

Despite a severe shortage of females in the information security workforce, women offer the right mentality needed to grow and diversify the security industry

Aspirations towards careers in information security

“The identified shortage of women in the industry only reiterates the importance of our Foundation’s offerings, like the women’s scholarships we award annually to female students aspiring to obtain information security careers, and the Safe and Secure Online programme, which brings (ISC)²-certified cyber security experts into classrooms to teach children how to become responsible digital citizens while introducing them to a career in cyber security,” said Julie Peeler, director of the (ISC)² Foundation.

“(ISC)²’s Chapters are also offering women in security mentoring and awareness programmes within their local communities to recruit more women into the field, but we need a broader and deeper level of education and engagement for women at a younger age before we can realise the level of impact required to solve the workforce shortage.”

Survey respondents were divided into two job title categories: Leaders and Doers. The Leaders (3,466 respondents) category included job titles such as executives, managers and strategic advisors. Doers (2,348 respondents) included respondents with job titles such as security analysts and compliance auditors.

In the Leaders category, more women (34%) were in consultant and advisor job titles than men (26%), and more than twice as many men as women were network security or software architects.

In the Doers category, 38% of women cited security analyst as their job title versus 27% of men. However, a higher proportion of men held security engineer and network administrator job titles.

The 2013 Global Information Security Workforce Study identified ‘security analyst’ as the number one most needed position in the information security industry, leading the way for a strong female presence in the future.

Job tenure, salary and academic background

The report also looks at average job tenure, median and average annual salary and academic backgrounds. In these categories, the report showed only marginal differences between women and men who work in information security fields:

• Women Leaders have spent an average of 13.5 years in the field compared to men at 13.6 years.
• Women and men Leaders both command an annual average median salary of US$105,000 per year.
• 91% of women Leaders hold a Bachelors, Masters or a doctoral degree versus 89% of men Leaders.

The findings revealed that women in information security, as a group, have a more diverse academic background than men, and a collective background with slightly greater emphasis on social sciences and business degrees versus engineering and computer sciences.

“The report data indicates that the perspectives of women offer viewpoints needed to elevate the security industry to the next level,” added Michael Suby, author of the report and vice president of research at Frost & Sullivan.

Key skills sets under examination

While technical skills are integral to developing a strong security posture within organisations, it’s important to supplement the proper skills and perspectives necessary to make impactful businesses decisions.

The report’s findings also demonstrate that the surveyed women believe a successful information security professional should maintain a variety of skills versus surveyed men, who believe technical skills should be the priority.

Women reported the following as the key attributes of a successful information security professional:

• Communication skills
• Broad understanding of the security field
• Awareness and understanding of the latest security threats
• Security policy formulation and application
• Leadership skills
• Business management skills

“Although efforts to fill the information security industry with skilled professionals have increased, the growing number of sophisticated attacks in our cyber landscape are posing an increased threat to organisations in both the public and private sectors,” added Suby.

“Combating these threats requires a community approach to training and hiring qualified security professionals from a variety of backgrounds. As our research reveals, women leaders are the strongest proponents of security and risk management education and training in the industry. This type of mentality is crucial to building standards in the industry and echoes the report’s findings that women are indeed ‘agents of change’ in the future of information security.”

Julie Talbot-Hubbard, chief security officer at Symantec, added: “Symantec believes it’s critical that we bring more qualified women into the cyber security profession. Through our support of this study, and our broader commitment to women in STEM professions, we hope to increase the representation of women in technology. In working with partners such as (ISC)², we are able to bring a greater awareness to this important issue.”

The full study can be found here: https://www.isc2cares.org/

Leave a comment

Filed under IFSECGlobal.com News