Information Security Certifications and Salaries

Is this a good time to be in the field of InfoSec, (ISC)2 report shows the skills shortage is getting worse.

 

Over the next five years, the number of unfilled cybersecurity jobs will rise to a whopping 1.8 million, a 20% increase from 2015 estimates, according to a new (ISC)2 survey released. Cybersecurity Faces 1.8 Million Worker Shortfall By 2022

 

Start learning InfoSec basic:

When planning to take on this career, at early stage of this career you may get as much practical experience as possible and achieve industry-standard qualifications offered by such as Microsoft, CISCO, Checkpoint, Symantec and HP. Also vendor-independent learning path A+, Network+, and Security+ qualifications are recommended.

When evaluating prospective InfoSec candidates, employers frequently look to certification as one of the measure of excellence in continuing education and commitment to learning. Below are the 7 most sought out InfoSec certifications.

 

InfoSec Salaries review:

Security Analyst Salaries in the United States
Information Security Analyst Salary Range
IT Security Certifications Salary Guide
Top Cyber Security Salaries In U.S. Metros Hit $380,000

 


Leave a Comment

ISO27001 Gap Analysis

 

A specialist, in-person review of your current information security posture against the requirements of ISO/IEC 27001:2013.

Get the true picture of your ISO 27001 compliance gap, and receive expert advice on how to scope your project and establish your project resource requirements.

What to expect:

An ISO 27001 specialist will interview key stakeholders  and perform an analysis of your existing information security arrangements and documentation.

Following this, you will receive a gap analysis report collating the findings of these investigations. The report will detail areas of compliance and areas requiring improvement, and provide further recommendations for the proposed ISO 27001 compliance project.

The report includes:

  • The overall state and maturity of your information security arrangements
  • The specific gaps between these arrangements and the requirements of ISO 27001
  • ISO 27001 2013 requirements
  • ISO 27002 2013 controls, categories and domains
  • Compliance report by ISO 27001 requirements
  • Compliance report by control ISO 27002 2013
  • Compliance report by category ISO 27002 2013
  • Compliance report by domain ISO 27002 2013

DISC gap assessment includes three or six level rating (CMMI) matrix of your choice for each control, category and domain.

Start your ISMS project with ISO27001 2013 Documentation Toolkit

ISO/IEC 27001 2005 to 2013 Gap Analysis Tool (Download)

Download ISO27000 family of information security standards today!

• ISO27001 2013 ISMS Requirement (Download now)

• ISO27002 2013 Code of Practice for ISM (Download now)

Contact us for further information or visit DISC site for our ISO27k services


Leave a Comment

GDPR Documentation Toolkit and gap assessment tool

Data Protection / EU GDPR Toolkits

 

Use this gap assessment tool to:

  • Quickly identify your GDPR compliance gaps
  • Plan and prioritize your GDPR project

EU GDPR Compliance Gap Assessment Tool

 

Accelerate your GDPR compliance implementation project with the market-leading EU GDPR Documentation Toolkit used by hundreds of organizations worldwide, now with significant improvements and new content for summer 2017:

  • A complete set of easy-to-use and customizable documentation templates, which will save you time and money, and ensure compliance with the GDPR.
  • Easy-to-use dashboards and project tools to ensure complete coverage of the GDPR.
  • Direction and guidance from expert GDPR practitioners.
  • Includes two licenses for the GDPR Staff Awareness E-learning Course.

EU General Data Protection Regulation (GDPR) Documentation Toolkit


Comments (1)

Security Management and Governance

  • The textbook for the Open University’s postgraduate information security course.
  • The recommended textbook for all IBITGQ ISO 27001 courses.
  • Available in softcover or eBook format.



Description

Fully updated expert information security management and governance guidance based on the international standard for information security management, ISO 27001.

As global threats to information security increase in frequency and severity, and organisations of all sizes, types and sectors face increased exposure to fast-evolving cyber threats, there has never been a greater need for robust information security management systems.

Now in its sixth edition, the bestselling IT Governance: An International Guide to Data Security and ISO27001/ISO27002 provides best-practice guidance for technical and non-technical managers looking to enhance their information security management systems and protect themselves against information security threats.

This new edition of IT Governance: An International Guide to Data Security and ISO27001/ISO27002 has been fully updated to take account of current cyber security trends and advanced persistent threats, and reflects the latest regulatory and technological developments, including the 2013 updates to ISO 27001 and ISO 27002.

Product overview

Including coverage of key international markets, such as the UK, North America, the EU and the Asia-Pacific region, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 is the definitive guide to implementing an effective information security management system (ISMS), as set out in the international standard ISO 27001.

It covers all aspects of data protection/information security, including viruses, hackers, online fraud, privacy regulations, computer misuse and investigatory powers.

Changes introduced in this edition include:

  • Full updates in line with the 2013 revisions to the ISO 27001 standard and ISO 27002 code of practice.
  • Full coverage of changes to data protection regulations in different jurisdictions and advice on compliance.
  • Guidance on the new continual improvement model that replaces the plan-do-check-act cycle that was mandated in the 2005 iteration of ISO 27001.
  • New developments in cyber risk and mitigation practices.
  • The latest technological developments that affect IT governance and security.
  • Guidance on the new information security risk assessment process.

IT Governance: An International Guide to Data Security and ISO27001/ISO27002 is the recommended textbook for the Open University’s postgraduate information security course and the recommended text for all IBITGQ ISO 27001 courses.


Comments (1)

EU GDPR: Does my organization need to comply?

By Chloe Biscoe

The General Data Protection Regulation (GDPR) is a new law that will harmonize data protection in the European Union (EU) and will be enforced from May 25, 2018. It aims to protect EU residents from data and privacy breaches, and has been introduced to keep up with the modern digital landscape.

Who needs to comply with the GDPR?

The GDPR will apply to all organizations outside of the EU that process the personal data of EU residents.

Non-compliance can result in hefty fines of up to 4% of annual global turnover or €20 million $23.5 million) – whichever is greater.

Organizations that are compliant with the new Regulation will also find that their processes and contractual relationships are more robust and reliable.

What do US organizations need to do to comply with the GDPR?

The transition period for compliance with the GDPR ends in May 2018. This means that organizations now have less than ten months to make sure they are compliant.

For US organizations, the most significant change concerns the territorial reach of the GDPR.

The GDPR will supersede the current EU Data Protection Directive. Under the current Regulation, organizations without a physical presence or employees in the EU have one main compliance issue to deal with: How to legally transfer data out of the EU. The EU–US Privacy Shield provides such a mechanism for compliance.

Almost all US organizations that collect or process EU residents’ data will need to comply fully with the requirements of the GDPR. US organizations without a physical EU presence must also appoint a GDPR representative based in a Member State.

Save 10% on your essential guide to the GDPR and the EU–US Privacy Shield

EU GDPR & EU-US Privacy Shield – A Pocket GuideAugust’s book of the month is the ideal resource for anyone wanting a clear primer on the principles of data protection and their new obligations under the GDPR and the EU–US Privacy Shield.

Alan Calder’s EU GDPR & EU-US Privacy Shield – A Pocket Guide explains in simple terms:

  • The terms and definitions used within the GDPR and the EU-US Privacy Shield
  • The key requirements
  • How to comply with the Regulation

 

Data Protection / EU GDPR Toolkits

 

Leave a Comment

Cyber Resilience Guidance Standards Kit

The standards in the Cyber Resilience Guidance Standards Kit provide expert guidance on cyber security and business continuity. These standards will help you build on the guidance of the standards in the Cyber Resilience Core Standards Kit.

The standards included in this kit are:

  • PAS 555:2013:- This Publicly Available Specification (PAS) document from BSI details what good cyber security looks like.
  • ISO/IEC 27031:2011:- ISO/IEC 27031 outlines processes that will help you prevent, detect and manage IT incidents.
  • ISO/IEC 27032:2012:- Provides guidance on improving the state of cyber security.

 

Why should I buy this kit?

If you have purchased the standards in the Cyber Resilience Core Standards Kit and want to get more expert guidance on ensuring the continuity of your organization in case of a cyber security incident, the standards in this kit are key.

Cyber Security Standards & Books



Leave a Comment

Why You Should Be Using a Password Manager

Password managers such as LastPass offer a simple service: They will store all your annoying passwords (and help you generate new ones if needed) and then give them out to whatever service you’re logging into through the use of browser add-ons and apps. They’re much like the password tools already built into your browser itself—the ones that ask you if you want to save your password for this site so you don’t have it enter it again. Password managers, however, were built for this specific purpose and include a suite of tools that let you access the same library of passwords across your devices. This cache of passwords is, of course, protected by a super-password of its own which you obviously need to choose carefully.

With a password manager, on the other hand, it’s trivial to make all your passwords unique. You don’t need to memorize passwords, because it’s impossible-to-memorize 30-character long password, text, and symbols which are hard to type. When you have to change them, no problem. LastPass even has a feature that will auto-change your passwords for supported sites. In the worst case scenario if passwords are somehow exposed, your most crucial accounts should be protected by two-factor authentication.

While the risks of password managers prevail over by the ease with which LastPass allow you to make your passwords strong and unique, they do have their downsides. LastPass App is available on virtually every device, but you will have to download them on new gadgets before logging in to other things. This also makes logging into your accounts on someone else’s device a strange and potentially risky proposition.

Inevitably, you’ll stumble across a device that isn’t supported, and then you’re spending five minutes typing your incomprehensible Amazon password onto a Kindle manually while looking back at your phone for reference all the while. (It pays to keep a handful of the crucial passwords strong, but still something you can memorize). And for the full suite of features any password manager offers, you’re going to have to shell out a little bit of cash. It’s worth it for the convenience and peace of mind.

Everybody should install and use a password manager. Without a password manager, you’ll find yourself using simple-minded passwords like LastPass, or memorizing one strong password and using it over and over. Password manager prices range from nothing at all to $40 or more. At $12 per year, LastPass 4.0 Premium is on the low side for a commercial password manager price-wise, but on the high side feature-wise. The current version’s online console has gotten a welcome face-lift, along with a number of useful new features.

BEST PASSWORD MANAGERS OF 2017: REVIEWS OF THE TOP PRODUCTS

“LastPass also supports a range of multi-factor authentication options for protecting your vault, including app-based authenticators like Symantec VIP and Google Authenticator, hardware tokens like YubiKey, and fingerprint readers. And its $12-a-year subscription is a steal when other password manager services charge as much as $35 for a single user.”

Password Manager

Leave a Comment

Fundamentals of Information Risk Management Auditing

New information and IT risks seem to be everywhere, so it is essential that organizations address these risks in the context of enterprise risk management (ERM).
ERM is a practice that has become increasingly popular. It’s important that an organization’s information risk management specialist or auditor understands this practice because much of their work will need to be in the context of ERM.
Kick-start your career in information risk management with introductory guidance.

Fundamentals of Information Risk Management Auditing

Provides insight and guidance into information risk management and ERM, ideal for those considering a career in information risk management, for non-specialist auditors, and for managers.
This book will give you an introduction to:
Risk and risk management
Information security and management risks
Concepts of application controls

Gain an insight into the risks and controls/mitigations that you might encounter when performing or managing an audit of information risk.
Buy Now >>>

 

Author Podcast: Fundamentals of Information Risk Management Auditing, with Christopher Wright

In the podcast Christopher discusses Lean, Agile, the EU General Data Protection Regulation (GDPR), and ERM.
Listen now >>



Leave a Comment

Why is ISO 27001 so important for US technology firms?

by Rob Freeman

At IT Governance, we have long known that compliance with the ISO 27001 information security management standard is essential for all US companies that wish to do business with the rest of the world. This requirement is fuelled by the ever growing threat of cybercrime and the increasing awareness of the data privacy rights of all individuals in target markets globally.

Win international business

To win and maintain international business, your firm needs to demonstrate that it takes cybersecurity and data privacy seriously, and fully complies with all of the relevant laws and regulations.

This is particularly true for US technology companies, many of which deliver services and products using online web-based channels. Modern Internet marketing and sales methodology demands the acquisition of large databases of customers’ personal data. In return for purchasing goods and services, these customers expect that their data will be secured, stored, and used in an appropriate manner. From the big guys like Microsoft or Salesforce.com to the little guys trading internationally on Ebay, ensuring the data security and privacy of customers is just as important as delivering a great product.

Although now a little dated, I can recommend that you view the August news release from InsideView, a CA-based market intelligence company, which announced “InsideView Expands ISO/IEC 27001:2013 Certification to Include ISO/IEC 27018”. This somewhat innocuous headline is hiding a really big message that is buried in the second paragraph:

A global priority

Protection of personal information has become a globally recognized priority. Emerging regulations and frameworks, such as European Union Data Protection Directive (GDPR) and the US Department of Commerce Privacy Shield, will require data processors to provide specific protections and rights of access regarding personal information.

“This extension of our ISO 27001 information security management system to include the ISO 27018 controls for personal data shows that InsideView is leading the market in preparation for new privacy regulations,” said Jenny Cheng, Chief Product Officer at InsideView.

If you are not aware of the importance of ISO 27001, I can recommend that you purchase and read this textbook: IT Governance – An International Guide to Data Security and ISO27001/ISO27002, Sixth Edition.

Leave a Comment

vsRisk™ risk assessment

vsRisk Standalone 3.0 – Brand new vsRisk™ risk assessment software available now

vsRisk is fully aligned with ISO 27001:2013 and helps you conduct an information security risk assessment quickly and easily. The upgrade includes three key changes to functionality: custom acceptance criteria, a risk assessment wizard and control set synchronization. This major release also enables users to export the asset database in order to populate an asset management system/register.

Price: $745.00

Buy now

Leave a Comment

Top rated InfoSec books to broaden your horizon

There are plenty of good books out there, feel free to share your favorite InfoSec books in the comment section

If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.  – Bruce Schneier

Explore vast selection of Information Security Books

Leave a Comment

Discover the prank caller with reverse phone search

The availability of free reverse mobile phone lookup services on the web may prove to be useful in future. The service comes with a number of benefits especially when a comparison with paid directories is made. Many people are getting to know that the cell phone lookup services are getting not only more common but also more available.

The method is a fantastic as it can be used to find friends or other people who have been out of the life of other people for a while. Any person who is being sought will definitely be found given that he or she has a cell phone.

You can easily track someone down with the help of the free reverse phone number service. Within a fraction of a minute, you will be at a position to know the age, address and also the location of the person whom you are trying to find.

All of those involved in this process should look for a service which offers the necessary protection for private information, information about criminal records and many more. This is a necessary deterrent against scam and fraud. There are people who may use your sensitive information to commit fraud therefore it is necessary in today’s digital economy that you perform the necessary check and take advantage of this protection. The key is to perform necessary safeguard to protect your digital identity before it is too late.

Many companies offering this service claim that they can help you find any phone number. Since the system is a bit new, it is imperative that you look for a reliable provider. Locating the perfect company for this service enables you find the information that you need quickly.

The company buys cell phone numbers from large databases hence making it the best way to track down callers who have become unnecessary nuisance. With an internet connection, you can start finding the identity of the prank callers now.

Reverse Phone LookUp

Reverse Phone Checkup & Trace Any Phone Number – Include Phone Numbers, Addresses and Background check

Reverse Phone Ferret – Include Phone Numbers, Addresses & Background check including sex offender

 

Leave a Comment

Security Awareness

Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization. Many organizations require formal security awareness training for all workers when they join the organization and periodically thereafter, usually annually.

Topics covered in security awareness training may include:

Being security aware means you understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within a company’s computer systems and throughout its organization. Therefore, it would be prudent to support the assets of the institution (information, physical, and personal) by trying to stop that from happening.

According to the European Network and Information Security Agency, ‘Awareness of the risks and available safeguards is the first line of defence for the security of information systems and networks.’

‘The focus of Security Awareness consultancy should be to achieve a long term shift in the attitude of employees towards security, whilst promoting a cultural and behavioral change within an organisation. Security policies should be viewed as key enablers for the organisation, not as a series of rules restricting the efficient working of your business.’

If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.  – Bruce Schneier

Top Rated Security Awareness Books

Leave a Comment

CISSP Books

Top Rated CISSP Books

Leave a Comment

Secure usb flash drive – password protected and Encrypted

Encrypted Flash Drives

Top Rated
Kingston Digital 8GB Data Traveler AES Encrypted

Leave a Comment