(ISC)² Community

The (ISC)² Community has been updated during the last few months. Take a look at this quick (2 minute) video to learn more about new features and where to find discussions in the Community. You can find it on the Community homepage or click here to view.        https://www.youtube.com/watch?v=QsWi_uVSgOs&feature=youtu.be 

Hello - does anyone have a BCP that they are willing to share?  I am trying to put one together for a healthcare organization, but it's my first one so want to make sure I am on the right track.  Thank you!

Across several threads in several parts of the Community you will see discussions on what to use in preparing for the CISSP exam. One book you should definitely use is the Common Body of Knowledge, Official (ISC)² CISSP CBK Reference, Fifth Edition. Even if you use one of the many other 3rd party CBK study guides, you really need to have the official CBK at your elbow for cross check.   Many Community members have pointed out that the exam is not a rote memory fact check The questions are designed to test your ability to think like a senior manager in the security function. The absolutely essential reference for preparing yourself for such a perspective is Ross Anderson's Security Engineering. I used the 2001 1st edition to prepare for my 2002 exam. I bought the 2008 2nd edition as soon as it was available as an invaluable update to my work in the field. I also used several chapters of the 2nd edition as the textbook for a graduate level course I taught.   Anderson is on the verge of releasing the 3rd edition in November 2020. All three versions are available FREE at the above link, each chapter a separate PDF file. Still, if you are serious about work in our field I strongly recommend getting the full dead-tree version for your desk (not your bookshelf).   Craig    

Earlier this year, we started a listening exercise with members to learn more about the motivations that led to pursuing certification and about how being a member of (ISC)² has been beneficial in your professional and personal circumstances.   We began this process with members in EMEA, and we have received a number of testimonials from members across the region that we want to share with you and with the wider industry. Over the coming weeks we will be adding member testimonials to this thread so that we can all benefit from the insights and experiences of others within the (ISC)² community.   To start things off, here is Tony Chebli, a CISSP and the Head of Information Security for a major banking organisation, talking about his background and how (ISC)² certification and membership has been beneficial:   Q: What do you do in your job role? A: I am in charge of securing and protecting the data/information within the organisation. In a nutshell, I established, implemented and maintained a security programme based on ISO 27001 and PCI-DSS standards. This programme encompasses defence in depth approach and is aligned with business requirements.   Q: Why did you decide to get an (ISC)² certification? A: I started in early 2000 as a data security consultant and used to market security solutions and services within the Middle East region. During that period, it wasn't easy to market security and people considered me as a lunatic and wouldn’t believe that hackers could penetrate their system through the Internet. Moreover, people wouldn't take me seriously without having a recognised certification. Subsequently I searched for a reputed certificate to back me up while proposing solutions and services and found the CISSP and saw it as the standard for security certification.   Q: How has the (ISC)² certification you hold benefitted your professional life? A: Becoming a CISSP changed my entire professional life. My employer, clients and friends listen to me and consider my recommendations for improvements. Moreover, I have been invited to present awareness sessions on local radio and people were interacting with me, liked the topics which I presented and waited for my session on weekly basis. In addition, being a CISSP opened doors which I would otherwise not be able to reach. Namely, I was invited to be a keynote speaker at several conferences across the Middle East region.   Q: How has your (ISC)² membership has been beneficial to you? A: Holding a CISSP certification since 2001 has been very beneficial in every sense of the word. The CISSP gave me an advantage, not only as a consultant and a security manager, but as a trainer. In fact, I became a professional trainer and gave classes for several security practices: i.e. ISO27001, PCI-DSS, GDPR and others.

I am looking for a way to hold the departments accountable and ensure they atleast review the policies that we have.  I was thinking about using adobe sign but don't want to go cloud.  An application like those that make you scroll to the end then click agree would be nice if it kept track of the people who signed.  I'm looking for any recommendations, we have hundreds of users and docs.