Top 5 Programming Languages In 2018

English: A selection of programming language t...

English: A selection of programming language textbooks on a shelf. Levels and colors adjusted in the GIMP. Français : Une étagère en bois de houx naturel lacqué : Prgrammé en java pour avoir l’AIR réel. Ainsi que quelques livres (Photo credit: Wikipedia)

Top 5 Programming Languages In 2018

Programming world is rising exponentially with every passing year. With over 600 unique programming languages. The main question which comes to everyone’s thought is which language is most appropriate given the current and future market needs.

Let’s see which programming languages are popular enough today to deserve your attention:

1. Java:
There is no doubt that Java is keeping its place as the most popular language from long time. It is still the most favored language for building the backends for modern applications.

2. Python:
One of the main reasons as to why python became so common is the tons of frameworks available for actually anything ranging from web applications to text mining.

3. JavaScript:
Every web browser supports JavaScript, it’s used by over 80% of developers and by 95% of all websites. With the ability of node.js, even the backend can also be developed using JavaScript.

4. C++:
This language is regularly used for application software, game development, drivers, client-server apps and embedded firmware. According to Coding Dojo, C++ continues in use in several legacy systems at large enterprises,

5. C#:
An object-oriented language from Microsoft designed to run on the .NET platform, This language is designed for use in developing software and it is also massively used in video game development.


Leave a Comment

From CIA to APT: An Introduction to Cyber Security


By Edward Amoroso

Most introductory books on cyber security are either too technical for popular readers, or too casual for professional ones. This book, in contrast, is intended to reside somewhere in the middle. That is, while concepts are explained in a friendly manner for any educated adult, the book also necessarily includes network diagrams with the obligatory references to clouds, servers, and packets.

But don’t let this scare you. Anyone with an ounce of determination can get through every page of this book, and will come out better informed, not only on cyber security, but also on computing, networking, and software. While it is true that college students will find the material particularly accessible, any adult with the desire to learn will find this book part of an exciting new journey.

A great irony is that the dizzying assortment of articles, posts, and books currently available on cyber security makes it difficult to navigate the topic. Furthermore, with so much information coming from writers with questionable backgrounds in cyber security, separating the wheat from the chaff has become an almost impossible task for most readers, experienced or otherwise.

This book is written specifically to address that problem. That is, we set out to create an accessible but technically accurate work on cyber security that would not insult the intelligence of our readers. We avoid the temptation to navigate away from the technical issues, choosing instead to steer toward the detailed concepts in the hopes that our readers will develop new understanding and insights.

The material here provides a technical grounding that is commensurate with what you might receive in a college course on the topic. If you are an engineer, developer, or student, then you are certainly in the right place. On the other hand, if you work in management, executive leadership, or some other non-technical role, then this is exactly the technical grounding in cyber that you’ve been looking for.

Anyone who has not been sleeping in a cave the past few years knows the consequences of misguided decision-making in cyber security. Business leaders colliding with this complex issue will find their intellectual property gone and their services blocked by hackers. Government and political leaders who misstep in this area will find their careers, programs, and campaigns ruined.

Consider this: Target, Home Depot, and Sony have seen massive attacks on their infrastructure, and most citizens, including our leaders, have no idea how or why this occurred. Similarly, we watched data leaks from the US Office of Personnel Management and the Democratic National Committee, and most people have only a vague sense of how such cyber attacks were accomplished.

Perhaps more disturbingly, decision-makers in our society have no idea how to reduce this risk. Because they typically have zero technical understanding, they are forced to suggest simple, trite measures they can understand like awareness, penalties, and compliance. Our approach here is to demonstrate that cyber security attacks are best avoided through improved technology and architecture.

Written from the perspective of the professional cyber security executive, long-time academic, and industry analyst (Edward Amoroso), and the graduate computer science student, software developer, and occasional hacker (Matthew Amoroso), this book provides a concise technical introduction to cyber security that keeps things as straightforward as possible, but without veering into silly analogies.

One brief warning to expert readers: At times, we have decided to take out our scissors and trim some of the more confusing details of a given cyber security issue. We’ve tried in these cases to smoothen the edges to make complex concepts more accessible, hopefully without changing the essence of the technology. This is a difficult task, we discovered, and we hope only fat was removed and never bone.

In the end, our hope is that this short book will help you become more technically equipped to navigate the mine fields of misleading and incorrect cyber security information found across the Internet and on television. It is our hope that you will be in a better position to make informed decisions about anything of consequence that might be affected by the growing potential for cyber attacks.

If you successfully complete this book, you will no longer have to shrug when asked about cyber security. Rather, you will be able to lean in and offer an informed opinion based on an introductory grounding in the fundamental aspects of cyber security technology. Our goal is to expand your understanding and make you a more informed and educated adult.

We are pleased that you’ll be spending time with our material. To not lose any momentum, proceed ahead and continue your reading right now with the first chapter on cyber threats.

This book is available for download today on Amazon.com!

 


Leave a Comment

4 reasons you should get a cyber security qualification

The dramatic rise in cyber attacks over the past few years has caught most businesses off guard. Their cyber security departments are severely understaffed, causing them to look desperately for qualified professionals to help tackle the threat.

There has never been a better time to get into cyber security, so if you’re looking to enter the field, or further your career in it, you could benefit massively from gaining a relevant qualification. Here are four reasons why:

  1. Cyber security professionals are well paid

Money isn’t everything when it comes to choosing your career, but it’s obviously a big factor for many people. We mentioned recently that people with a CISM®PCIor GDPR qualification could earn £60,000 or more a year.

Of these, the CISM (Certified Information Security Manager) qualification is the most versatile. It’s the globally accepted standard of achievement among information security, information systems audit and IT governance professionals.

According to ITJobsWatch, people with a CISM qualification earn £64,000 a year on average. This figure has grown by more than 9% in the past two years.

  1. There’s a high level of job security

The shortage of qualified cyber security professionals means that those in the field are less likely to be replaced or made redundant. Their skills are hard to find elsewhere, and the more someone gets to know the company, the more valuable they will become.

Additionally, because almost every organisation currently needs cyber security professionals, those with the relevant qualifications are more likely to find a position in a location or company that suits them.

  1. There’s room for career growth

For the same reason that cyber security is a safe career, it’s also one that offers plenty of room for growth. Qualifications plus experience is a powerful combination that can help you move into more senior positions.

As you gain experience, you’ll also get the opportunity to earn more advanced qualifications. For example, you must have at least three years’ experience in IT governance to be eligible for a Certified in Risk and Information Systems Control (CRISC) qualification, and five years’ experience to be eligible for a Certified in the Governance of Enterprise IT (CGEIT®) qualification.

  1. The work is rewarding

Cyber security is still a relatively young field, making it an exciting and prosperous place. The threats that organisations face are constantly evolving, so you’ll always have new challenges. Plus, you know that your hard work is for a good cause: to stop cyber criminals and keep your organisation safe.

What qualifications do I need?

The qualifications you need will depend on the career path you choose. If you’re interested in governance, risk management, and compliance, for instance, a CGEIT qualification is essential. If you’re interested in information security, you’ll need a CRISC qualification.

We’re currently running promotions on our CRISC, CGEIT, CISA and CISM training courses. If you book before 22 December, you’ll receive a 10% discount on the courses and a 5% discount on all reading materials.

Find out more about our:



Leave a Comment

Security in the Digital World

Cyberspace, the Internet, the digital world – call it what you will – is always developing. But so are the threats and risks that come with it.

It doesn’t matter if you are working in the most mature enterprise environment, unemployed, retired, or still at school, whether you often have a smartphone in your hand or only use an e-reader: You are still at risk and the threats will try to target you.

Protect yourself from increasing cyber threats and risks with our latest title, Security in the Digital World, now available to pre-order.

Security in the Digital World

This must-have guide features simple explanations, examples, and advice to help you be security aware online in the digital age. Learn how to:

  • Keep your information secure
  • Put the necessary controls on your home network, protecting your family from cyber crime
  • Prevent identity theft when shopping online or using contactless debit cards
  • Keep your children safe when using the Internet

Look inside this book >>


Leave a Comment

How ISO 27001 can help to achieve GDPR compliance

gdpr

By Julia Dutton

Organizations have until 25 May 2018 to comply with the EU General Data Protection Regulation (GDPR).

Those who have studied the Regulation will be aware that there are many references to certification schemes, seals and marks. The GDPR encourages the use of certification schemes like ISO 27001 to serve the purpose of demonstrating that the organisation is actively managing its data security in line with international best practice.

Managing people, processes and technology

ISO 27001 is the international best practice standard for information security, and is a certifiable standard that is broad-based and encompasses the three essential aspects of a comprehensive information security regime: people, processes and technology.  By implementing measures to protect information using this three-pronged approach, the company is able to defend itself from not only technology-based risks, but other, more common threats, such as poorly informed staff or ineffective procedures.

By implementing ISO 27001, your organisation will be deploying an ISMS (information security management system): a system that is supported by top leadership, incorporated into your organisation’s culture and strategy, and which is constantly monitored, updated and reviewed.  Using a process of continual improvement, your organisation will be able to ensure that the ISMS adapts to changes – both in the environment and inside the organisation – to continually identify and reduce risks.

What does the GDPR say?

The GDPR states clearly in Article 32 that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  1. the pseudonymisation and encryption of personal data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.”

Let’s look at these items separately:

Encryption of data is recommended by ISO 27001 as one of the measures that can and should be taken to reduce the identified risks.  ISO 27001:2013 outlines 114 controls that can be used to reduce information security risks.  Since the controls an organisation implements are based on the outcomes of an ISO 27001-compliant risk assessment, the organisation will be able to identify which assets are at risk and require encryption to adequately protect them.

One of ISO 27001’s core tenets is the importance of ensuring the ongoing confidentiality, integrity and availability of information.  Not only is confidentiality important, but the integrity and availability of such data is critical as well. If the data is available but in a format that is not usable because of a system disruption, then the integrity of that data has been compromised; if the data is protected but inaccessible to those who need to use it as part of their jobs, then the availability of that data has been compromised.

Risk assessment

ISO 27001 mandates that organisations conduct a thorough risk assessment by identifying threats and vulnerabilities that can affect an organisation’s information assets, and to take steps to assure the confidentiality, availability and integrity (CIA) of that data. The GDPR specifically requires a risk assessment to ensure an organisation has identified risks that can impact personal data.

Business continuity

ISO 27001 addresses the importance of business continuity management, whereby it provides a set of controls that will assist the organisation to protect the availability of information in case of an incident and protect critical business processes from the effects of major disasters to ensure their timely resumption.

Testing and assessments

Lastly, organisations that opt for certification to ISO 27001 will have their ISMSs independently assessed and audited by an accredited certification body to ensure that the management system meets the requirements of the Standard. Companies need to regularly review their ISMS and conduct the necessary assessments as prescribed by the Standard in order to ensure it continues protecting the company’s information. Achieving accredited certification to ISO 27001 delivers an independent, expert assessment of whether you have implemented adequate measures to protect your data.

The requirements to achieve compliance with ISO 27001 of course do not stop there.  Being a broad standard, it covers many other elements, including the importance of staff awareness training and leadership support.  ISO 27001 has already been adopted by thousands of organisations globally, and, given the current rate and severity of data breaches, it is also one of the fastest growing management system standards today.

Related articles:

Read more about ISO 27001 and the GDPR >>>>
GDPR Documentation Toolkit and gap assessment tool >>>>
Understanding the GDPR: General Data Protection Regulation >>>>

 


Leave a Comment

Breach highlights the need for a cyber health check

Cyber Health Check

 

Deloitte breach highlights the need for a cyber health check

Javier Brias

Deloitte, one of the world’s biggest accounting organizations, recently suffered a data breach that compromised confidential emails and plans of some of its blue-chip clients, according to the Guardian.

The hackers also had potential access to usernames, passwords, IP addresses, architectural designs and health information.

Deloitte has confirmed it was breached but said that only a small number of clients were affected.

This breach is even more unfortunate because Deloitte offers clients advice on how to manage risks posed by cyber attacks. Its Cyber Intelligence Centre states that it can “integrate state-of-the-art technology with industry insight to provide round-the-clock business-focused operational security.”

The problem with a solutions-based approach

The fact that Deloitte is a global consultant with interests in cyber security proves that no one is safe from a cyber attack.

In today’s cyber security market, technology vendors tend to focus on specific solutions, such as endpoint security, next-gen firewalls with IDS/IPS, email and web filtering, data loss prevention and identity access management. The problem is that mixing and matching solutions can cause interoperability gaps to materialise.

To understand the complexities of today’s IT infrastructure, companies need to have a strategic plan that takes a global view of the technological landscape and identifies the possible vulnerability points.

How Cyber Health Check fills the gaps

Our independent, three-phase Cyber Health Check service combines on-site consultancy and audit, remote vulnerability assessments and an online staff survey to identify your current cyber risks in the three key exposure areas of people, processes and technology.

This service will provide you with a concise report describing your current cyber risk status and critical exposures, and will draw on best practice – such as ISO 27001, 10 Steps to Cyber Security and Cyber Essentials – to provide recommendations for reducing your cyber and compliance risks. The report also provides feedback on basic cyber hygiene, cyber governance framework, policies and procedures, and technical controls.

The Cyber Health Check service identifies your actual cyber risks, assesses your responses to those risks and analyses your risk exposure. The result is a best-practice action plan to mitigate those risks effectively and in line with your business objectives.

For more information, visit our Cyber Health Check page.

Contact us for more information


Leave a Comment

Conducting an asset-based risk assessment in ISO 27001:2013

Conducting an asset-based risk assessment in ISO 27001:2013 – Vigilant Software

The nature of ISO27001 is that it is heavily focused on risk-based planning. This is to ensure that the identified information risks are appropriately managed according to the threats and the nature of the threats. While asset-based risk assessments are still widely regarded as best practice, and present a robust methodology for conducting risk assessments, it is no longer a requirement under ISO 27001:2013.  ISO 27001:2013 leaves it to the organisation to choose the relevant risk assessment methodology, i.e. ISO 27005, or ISO/IEC 31010.

It is commonly believed that an asset-based information security risk assessment provides a thorough and comprehensive approach to conducting a risk assessment, and this article will look at the steps to follow when conducting this type of risk assessment.

Where do you start when you embark on an asset-based information security risk assessment?

The first step would be to produce an asset register, which can be done through a series of interviews with asset owners. The ‘asset owner’ is an individual or entity that has responsibility for controlling the production, development, maintenance, use and security of an information asset.

Note: In the new standard, ISO 27001:2013, there is a stronger emphasis on the role of the ‘risk owner’, which pushes up the responsibility for the risks to a higher level within the organisation. However, since the approach we are following is an asset-based methodology, the asset owner would be the logical point to start in order to compile an asset register.

Once the asset register has been compiled, the next step is to identify any potential threats and vulnerabilities that could pose risks to those assets. A vulnerability / weakness of an asset or control can be defined as one that can be exploited by one or more threats.

Risk assessment & impact determination

Once the threats and vulnerabilities have been identified, then an analysis of the risks should be undertaken, to establish the impact level of the risks.  The impact value needs to take into consideration how the Confidentiality, Integrity and Availability of data can be affected by each of the risks.

It should also consider the business, legal, contractual and regulatory implications of risks, including the cost of the replacement of the asset, the potential loss of income, fines and reputational damage.

ISO 27005 presents a structured, systematic and rigorous process of analysing risks, and for creating the risk treatment plan, and includes a list of known threats and vulnerabilities that can be used for establishing the risks your information assets are exposed to.

vsRisk comes with an optional, pre-populated asset library.  Organisational roles are pre-assigned to each asset group, and the corresponding potential threats / risks are pre-applied to each asset. vsRisk also pre-assigns the relevant controls from Annex A to each threat. See sample below. View options to purchase vsRisk now.

Sample risk assessment

vsRisk™ provides key benefits for anyone undertaking an asset-based risk assessment.

By providing a simple framework and process to follow, vsRisk minimises the manual hassle and complexity of carrying out an information security risk assessment, saving the risk assessor time and resources. In addition, once the assessment has been completed, the risk assessments can be repeated easily in a standard format year after year.  The tool generates a set of 6 reports that can be exported and edited,  presented to management and audit teams, and includes pre-populated databases of threats and vulnerabilities as well as 7 different control sets that can be applied to treat the risks.


Leave a Comment

10 most clicked phishing email subject lines

10 most clicked phishing email subject lines

Ironically, the most successful phishing emails of Q3 2017 told recipients that they had been victims of a data breach.

This finding comes from a report from KnowBe4 that investigated the most effective phishing email subject lines. The report looked at tens of thousands of emails from simulated and custom phishing tests, and discovered that the most clicked subject line was ‘Official Data Breach Notification’.

Phishing subject lines

The top ten most clicked subject lines were:

  1. Official Data Breach Notification
  2. UPS Label Delivery 1ZBE312TNY00015011
  3. IT Reminder: Your Password Expires in Less Than 24 Hours
  4. Change of Password Required Immediately
  5. Please Read Important from Human Resources
  6. All Employees: Update your Healthcare Info
  7. Revised Vacation & Sick Time Policy
  8. Quick company survey
  9. A Delivery Attempt was made
  10. Email Account Updates

KnowBe4 also evaluated phishing email subject lines specifically from social networks. The most clicked subject lines were messages ostensibly from LinkedIn. This is worrying for organisations, as many people link their work email address to their LinkedIn account, and a successful phishing attack could expose the company to a data breach or further phishing emails.

Other common social media phishing emails claimed that someone had attempted to log in to their accounts, that they’d been tagged in a photo or that they’d received free pizza.

“Nearly impossible” for technology to protect you

Commenting on the study, KnowBe4’s chief evangelist and strategy officer, Perry Carpenter, said: “The level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats. Phishing attacks are smart, personalized and timed to match topical news cycles. Businesses have a responsibility to their employees, their shareholders and their clients to prevent phishing schemes.”

You can take action against targeted phishing attacks by enrolling your staff on ITG Phishing Staff Awareness Course.

This online course shows your staff how phishing works, what to look out for and how to respond when they receive a malicious message. It’s ideal for all employees who use the Internet or email in their day-to-day duties and, as such, it’s delivered in simple terms that everyone in your organisation can understand.

Find out more about our Phishing Staff Awareness Course >>


Leave a Comment

GDPR essentials and how to achieve compliance

gdpr

The GDPR will replace these with a pan-European regulatory framework effective from 25 May 2018.  The GDPR applies to all EU organizations – whether commercial business or public authority – that collect, store or process the personal data (PII) of EU individuals.

Organizations based outside the EU that monitor or offer goods and services to individuals in the EU will have to observe the new European rules and adhere to the same level of protection of personal data. This potentially includes organizations everywhere in the world, regardless of how difficult it may be to enforce the Regulation. Compliance consultant must know the following 9 tenants of the GDPR.

 

  • Supervisory Authority – A one-stop shop provision means that organizations will only have to deal with a single supervisory authority, not one for each of the EU’s 28 member states, making it simpler and cheaper for companies to do business in the EU.

 

  • Breach Disclosure – Organizations must disclose and document the causes of breaches, effects of breaches, and actions taken to address them.

 

  • Processor must be able to provide “sufficient guarantees to implement appropriate technical and organizational measures” to ensure that processing will comply with the GDPR and that data subjects’ rights are protected. This requirement flows down the supply chain, so a processor cannot subcontract work to a second processor without the controller’s explicit authorization. If requested by subject you must cease processing and using his or her data for some limited period of time.

 

  • Data Consent – The Regulation imposes stricter requirements on obtaining valid consent from individuals to justify the processing of their personal data. Consent must be “freely given, specific, informed and unambiguous indication of the individual’s wishes”. The organization must also keep records so it can demonstrate that consent has been given by the relevant individual. Data can only be used for the purposes that data subject originally explicitly consented. You must obtain and document consent for only one specific purpose at a time.

 

  • Right to be forgotten – Individuals have a right to require the data controller to erase all personal data held about them in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected. If requested by subject, you must erase their data on premises, in apps and on devices.

 

  • Data portability – Individuals will have the right to transfer personal data from one data controller to another where processing is based on consent or necessity for the performance of a contract, or where processing is carried out by automated means

 

  • Documentation – The Regulation requires quite a bit of documentation. In addition to the explicit and implicit requirements for specific records (especially including proof of consent from data subjects), you should also ensure that you have documented how you comply with the GDPR so that you have some evidence to support your claims if the supervisory authority has any cause to investigate.

 

  • Fines – Major noncompliance of the law will be punishable by fines of up to either 4% or €20 million of group annual worldwide turnover.

 

Data protection by design – Organization must ensure data security and data privacy across cloud and endpoints as well as design their system and processes that protects from unauthorized data access and malware.  Specifically, organizations must take appropriate technical and organizational measures before data processing begin to ensure that it meets the requirements of the Regulation. Data privacy risks must be properly assessed, and controllers may use adherence to approved codes of conduct or management system certifications, such as ISO 27001, to demonstrate their compliance.

 

How to improve information security under the GDPR

Although many businesses understand the importance of implementing the right procedures for detection, report and investigate a data breach, but not many are aware of how to go about this effectively, especially during implementation phase.

 

Seven steps that can help you prevent a data breach:

  1. Find out where your personal information resides and prioritize your data.
  2. Identify all the risks that could cause a breach of your personal data.
  3. Apply the most appropriate measures (controls) to mitigate those risks.
  4. Implement the necessary policies and procedures to support the controls.
  5. Conduct regular tests and audits to make sure the controls are working as intended.
  6. Review, report and update your plans regularly.
  7. Implement comprehensive and robust ISMS.

 

ISO 27001, the international information security standard, can help you achieve all of the above and protect all your other confidential company information, too. To achieve GDPR compliance, feel free to contact us for more detail on implementation.

Related articles on GDPR and ISO 27k

The GDPR and Personal Data…HELP! from Cloud Security Alliance

Leave a Comment

Data flow mapping under the EU GDPR

As part of an EU General Data Protection Regulation (GDPR) compliance project, organisations will need to map their data and information flows in order to assess their privacy risks. This is also an essential first step for completing a data protection impact assessment (DPIA), which is mandatory for certain types of processing.

The key elements of data mapping

To effectively map your data, you need to understand the information flow, describe it and identify its key elements.

1. Understand the information flow

An information flow is a transfer of information from one location to another, for example:

  • From inside to outside the European Union; or
  • From suppliers and sub-suppliers through to customers.

2. Describe the information flow

  • Walk through the information lifecycle to identify unforeseen or unintended uses of data. This also helps to minimise what data is collected.
  • Make sure the people who will be using the information are consulted on the practical implications.
  • Consider the potential future uses of the information collected, even if it is not immediately necessary.

3. Identify its key elements

Data items

  • What kind of data is being processed (name, email, address, etc.) and what category does it fall into (health data, criminal records, location data, etc.)?

Formats

  • In what format do you store data (hardcopy, digital, database, bring your own device, mobile phones, etc.)?

Transfer method

  • How do you collect data (post, telephone, social media) and how do you share it internally (within your organisation) and externally (with third parties)?

Location

  • What locations are involved within the data flow (offices, the Cloud, third parties, etc.)?

Accountability

  • Who is accountable for the personal data? Often this changes as the data moves throughout the organisation.

Access

  • Who has access to the data in question?

 

The key challenges of data mapping

  • Identifying personal data Personal data can reside in a number of locations and be stored in a number of formats, such as paper, electronic and audio. Your first challenge is deciding what information you need to record and in what format.
  • Identifying appropriate technical and organizational safeguards The second challenge is likely to be identifying the appropriate technology – and the policy and procedures for its use – to protect information while also determining who controls access to it.
  • Understanding legal and regulatory obligations Your final challenge is determining what your organisation’s legal and regulatory obligations are. As well as the GDPR, this can include other compliance standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001.Once you’ve completed these three challenges, you’ll be in a position to move forward, gaining the trust and confidence of your key stakeholders.

 

Data flow mapping

To help you gather the above information and consolidate it into one area, Vigilant Software, a subsidiary of IT Governance, has developed a data flow mapping tool with a specific focus on the GDPR.

 

Order Today

 


Leave a Comment

Information Security Certifications and Salaries

Is this a good time to be in the field of InfoSec, (ISC)2 report shows the skills shortage is getting worse.

 

Over the next five years, the number of unfilled cybersecurity jobs will rise to a whopping 1.8 million, a 20% increase from 2015 estimates, according to a new (ISC)2 survey released. Cybersecurity Faces 1.8 Million Worker Shortfall By 2022

 

Start learning InfoSec basic:

When planning to take on this career, at early stage of this career you may get as much practical experience as possible and achieve industry-standard qualifications offered by such as Microsoft, CISCO, Checkpoint, Symantec and HP. Also vendor-independent learning path A+, Network+, and Security+ qualifications are recommended.

When evaluating prospective InfoSec candidates, employers frequently look to certification as one of the measure of excellence in continuing education and commitment to learning. Below are the 7 most sought out InfoSec certifications.

 

InfoSec Salaries review:

Security Analyst Salaries in the United States
Information Security Analyst Salary Range
IT Security Certifications Salary Guide
Top Cyber Security Salaries In U.S. Metros Hit $380,000

 


Leave a Comment

ISO27001 Gap Analysis

 

A specialist, in-person review of your current information security posture against the requirements of ISO/IEC 27001:2013.

Get the true picture of your ISO 27001 compliance gap, and receive expert advice on how to scope your project and establish your project resource requirements.

What to expect:

An ISO 27001 specialist will interview key stakeholders  and perform an analysis of your existing information security arrangements and documentation.

Following this, you will receive a gap analysis report collating the findings of these investigations. The report will detail areas of compliance and areas requiring improvement, and provide further recommendations for the proposed ISO 27001 compliance project.

The report includes:

  • The overall state and maturity of your information security arrangements
  • The specific gaps between these arrangements and the requirements of ISO 27001
  • ISO 27001 2013 requirements
  • ISO 27002 2013 controls, categories and domains
  • Compliance report by ISO 27001 requirements
  • Compliance report by control ISO 27002 2013
  • Compliance report by category ISO 27002 2013
  • Compliance report by domain ISO 27002 2013

DISC gap assessment includes three or six level rating (CMMI) matrix of your choice for each control, category and domain.

Start your ISMS project with ISO27001 2013 Documentation Toolkit

ISO/IEC 27001 2005 to 2013 Gap Analysis Tool (Download)

Download ISO27000 family of information security standards today!

• ISO27001 2013 ISMS Requirement (Download now)

• ISO27002 2013 Code of Practice for ISM (Download now)

Contact us for further information or visit DISC site for our ISO27k services


Leave a Comment

GDPR Documentation Toolkit and gap assessment tool

Data Protection / EU GDPR Toolkits

 

Use this gap assessment tool to:

  • Quickly identify your GDPR compliance gaps
  • Plan and prioritize your GDPR project

EU GDPR Compliance Gap Assessment Tool

 

Accelerate your GDPR compliance implementation project with the market-leading EU GDPR Documentation Toolkit used by hundreds of organizations worldwide, now with significant improvements and new content for summer 2017:

  • A complete set of easy-to-use and customizable documentation templates, which will save you time and money, and ensure compliance with the GDPR.
  • Easy-to-use dashboards and project tools to ensure complete coverage of the GDPR.
  • Direction and guidance from expert GDPR practitioners.
  • Includes two licenses for the GDPR Staff Awareness E-learning Course.

EU General Data Protection Regulation (GDPR) Documentation Toolkit


Comments (2)

Security Management and Governance

  • The textbook for the Open University’s postgraduate information security course.
  • The recommended textbook for all IBITGQ ISO 27001 courses.
  • Available in softcover or eBook format.



Description

Fully updated expert information security management and governance guidance based on the international standard for information security management, ISO 27001.

As global threats to information security increase in frequency and severity, and organisations of all sizes, types and sectors face increased exposure to fast-evolving cyber threats, there has never been a greater need for robust information security management systems.

Now in its sixth edition, the bestselling IT Governance: An International Guide to Data Security and ISO27001/ISO27002 provides best-practice guidance for technical and non-technical managers looking to enhance their information security management systems and protect themselves against information security threats.

This new edition of IT Governance: An International Guide to Data Security and ISO27001/ISO27002 has been fully updated to take account of current cyber security trends and advanced persistent threats, and reflects the latest regulatory and technological developments, including the 2013 updates to ISO 27001 and ISO 27002.

Product overview

Including coverage of key international markets, such as the UK, North America, the EU and the Asia-Pacific region, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 is the definitive guide to implementing an effective information security management system (ISMS), as set out in the international standard ISO 27001.

It covers all aspects of data protection/information security, including viruses, hackers, online fraud, privacy regulations, computer misuse and investigatory powers.

Changes introduced in this edition include:

  • Full updates in line with the 2013 revisions to the ISO 27001 standard and ISO 27002 code of practice.
  • Full coverage of changes to data protection regulations in different jurisdictions and advice on compliance.
  • Guidance on the new continual improvement model that replaces the plan-do-check-act cycle that was mandated in the 2005 iteration of ISO 27001.
  • New developments in cyber risk and mitigation practices.
  • The latest technological developments that affect IT governance and security.
  • Guidance on the new information security risk assessment process.

IT Governance: An International Guide to Data Security and ISO27001/ISO27002 is the recommended textbook for the Open University’s postgraduate information security course and the recommended text for all IBITGQ ISO 27001 courses.


Comments (1)

EU GDPR: Does my organization need to comply?

By Chloe Biscoe

The General Data Protection Regulation (GDPR) is a new law that will harmonize data protection in the European Union (EU) and will be enforced from May 25, 2018. It aims to protect EU residents from data and privacy breaches, and has been introduced to keep up with the modern digital landscape.

Who needs to comply with the GDPR?

The GDPR will apply to all organizations outside of the EU that process the personal data of EU residents.

Non-compliance can result in hefty fines of up to 4% of annual global turnover or €20 million $23.5 million) – whichever is greater.

Organizations that are compliant with the new Regulation will also find that their processes and contractual relationships are more robust and reliable.

What do US organizations need to do to comply with the GDPR?

The transition period for compliance with the GDPR ends in May 2018. This means that organizations now have less than ten months to make sure they are compliant.

For US organizations, the most significant change concerns the territorial reach of the GDPR.

The GDPR will supersede the current EU Data Protection Directive. Under the current Regulation, organizations without a physical presence or employees in the EU have one main compliance issue to deal with: How to legally transfer data out of the EU. The EU–US Privacy Shield provides such a mechanism for compliance.

Almost all US organizations that collect or process EU residents’ data will need to comply fully with the requirements of the GDPR. US organizations without a physical EU presence must also appoint a GDPR representative based in a Member State.

Save 10% on your essential guide to the GDPR and the EU–US Privacy Shield

EU GDPR & EU-US Privacy Shield – A Pocket GuideAugust’s book of the month is the ideal resource for anyone wanting a clear primer on the principles of data protection and their new obligations under the GDPR and the EU–US Privacy Shield.

Alan Calder’s EU GDPR & EU-US Privacy Shield – A Pocket Guide explains in simple terms:

  • The terms and definitions used within the GDPR and the EU-US Privacy Shield
  • The key requirements
  • How to comply with the Regulation

 

Data Protection / EU GDPR Toolkits

 

Leave a Comment