(ISC)² Community

AndreaMoore

(ISC)² – the world’s largest nonprofit membership association of certified cybersecurity professionals – today appointed Clar Rosso as the association’s new Chief Executive Officer. Rosso joins (ISC)...

(ISC)² – the world’s largest nonprofit membership association of certified cybersecurity professionals – today appointed Clar Rosso as the association’s new Chief Executive Officer. Rosso joins (ISC)² from the AICPA & CIMA, where she is executive vice president of engagement and learning innovation. She will assume the role of CEO effective Oct. 1, to head up strategy and budget planning for 2021. Outgoing CEO David Shearer, CISSP, will remain with the association in an advisory role through the end of the year to assist in the transition and ensure the organization’s 2020 goals are accomplished. Read more.

AndreaMoore

(ISC)² Community Users, We have updated our Community Usage Guidelines Policy. Please review and use this document as your guide for posting, commenting and engaging with other users on this Co...

(ISC)² Community Users, We have updated our Community Usage Guidelines Policy. Please review and use this document as your guide for posting, commenting and engaging with other users on this Community. As we head into political season both globally and in the United States, it’s a good time to remind ourselves to stay on-topic. This Community is meant to be a welcoming, professional place for everyone, so please refrain from political discussions. We recognize that issues of data breaches, deep fakes, image manipulation, financial data security, national security and secrecy, and much more will be top of the news agenda and part of our virtual water cooler discussions in the coming months and beyond. These are important issues. They most certainly have information security implications. Yet, we are also aware that there is a fine line between discussing the cybersecurity aspects of topical issues and falling into heated political debate that can quickly extend beyond the intended scope of this forum. We ask everyone to be mindful of our revised guidelines. Thank you for your attention and all you’re doing to help this Community grow, thrive, and become a valuable resource for professionals at all stages of their careers and professional growth. If you have any questions, please reach out to me or other staff on the Community. Sincerely, Andrea Moore

tim2

I am looking for a way to hold the departments accountable and ensure they atleast review the policies that we have. I was thinking about using adobe sign but don't want to go cloud. An application...

I am looking for a way to hold the departments accountable and ensure they atleast review the policies that we have. I was thinking about using adobe sign but don't want to go cloud. An application like those that make you scroll to the end then click agree would be nice if it kept track of the people who signed. I'm looking for any recommendations, we have hundreds of users and docs.

JK1

Dear Community, We have made use of internal quarterly phishing testing for the past 4 years and have an escalation path for failure that follows: Fail 1: Informal talk from line manager and/...

Dear Community, We have made use of internal quarterly phishing testing for the past 4 years and have an escalation path for failure that follows: Fail 1: Informal talk from line manager and/or Security and retake phishing course > Fail 2: Formal talk from line manger and retake course > Fail 3: First written warning > Fail 4: Final warning > Fail 5: Potential for dismissal. In discussions with HR they wish to only consider the tests from the past year rather than the whole history. This would mean either ramping up the number of tests or changing the escalation process. I was wondering how others approach internal phishing tests and consequences? Do you consider tests over a year old? If not how many tests do you run and what is the escalation process?

apbanohit · ‎01-10-2020

How are organizations screening passwords to be fully compliant with the new NIST standard? A manual process will not work for my organization. Thanks, Tom

(ISC)² Community

Re: CISA - Joint Cybersecurity Advisory

Re: Introduce Yourself!

Re: Introduce Yourself!

CISO to CIRO

Look toward the light ...

CISO to CIRO

Look toward the light ...

NEW Garfield for Virtual Classrooms

Rise in revenge pr0n ...

Maine Chapter meets the second Wednesday of the mo...

(ISC)² Names New CEO

Community Usage Policy Guidelines Updated

Forcing Users To Review Information Security Policies

Phishing testing - Consequences of failure

NIST Password Standard