cancel
Showing results for 
Search instead for 
Did you mean: 

How to Excel in Community in 2018

cancel
Showing results for 
Search instead for 
Did you mean: 

How to Excel in Community in 2018

Re: How to Excel in Community in 2018

Community Manager

Earn the (ISC)2 Excel badge for demonstrating excelling in engaging in the (ISC)2 Community to advance our industry through the months of October and November.

 

Excel-Badge.png

 

To qualify, you must complete these 5 activities:

  • Receive at least 3 kudos
  • Give at least 5 kudos
  • Create at least 3 replies (can include comments on blogs, too)
  • Make at least 3 posts (meaning you need to start a brand new topic/thread in the Community)
  • Tag at least 5 (ISC)2 Community posts

 

Why Tagging?  Tagging posts in the Community helps others to find content quickly. A good way to tag an article is to think of other ways people may talk about the topic. Here’s an example – talking about a Chief Information Security Officer?  You might want to tag the post with “CISO” so other users can easily search for other articles related to this topic.

 

Why Kudos?  Kudos can have many meanings, but they work best when you want to show someone you read through their article, appreciate (or agree) with their insights, give a thank you for supplying the information, or if you just want to say “Job well done!”

 

Thank you for your commitment to Enrich. Enable. Excel. with us! Your participation helps peers and fellow (ISC)2 members remain well-rounded and informed as cybersecurity professionals.

19 Comments
Newcomer II

Happy to be a part of this great community and organization. 

 

Happy First Birthday!

 

Warren Mack, Ph.D., CISSP

Reader III

Let's all make a concerted effort to engage more Robot Happy

Viewer

Folks,

 

I want to know what people are doing in their positions to combat Phishing.

 

What solution do you use?

What strategy to you employ?

Is it working?

 

I have my own wanderings through this maze of vendors, buzzwords, fixes, and strategies to share...but Id like to hear yours first.

 

Thanks

Reader I

Hi Community,

 

I would like to know what others are doing to manage medical devices that store protected health data in your organization?

 

Do you have any solutions on your network to discover these devices?

 

How are they segmented on the network?

 

This my first community engagement, I look forward to learning and sharing with this community.

Community Champion
> wnzmtc (Viewer III) posted a new comment in (ISC)² Updates on 11-17-2018 09:21 AM in the (ISC)² Community :

> Let's all make a concerted effort to engage more 

"Engage!"

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
To build may have to be the slow and laborious task of years. To
destroy can be the thoughtless act of a single day.
- Winston Churchill
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB
Newcomer I

I’m curious how organizations approach insider threat?   I see a lot of companies heavily protecting against the outside threat but once youre inside, the keys to the kingdom seem available to everyone.   Usually the response I hear is employee morale.  Security makes the workforce unhappy and therefore security is reduced internally to appease the employees.  

 

I heavily disagree with that mentality.  

Newcomer II

Hi,

 

wondered if anybody else had a view on this  - as technologies have coalesced for example desk phones, terminals, calendars, maps and cameras etc. have become features of tablets and smartphones; how do we envisage the security technologies within organisations will evolve? Already we see the introduction of AI and big Data into User Behaviour Analysis and SOC Processes.

 

Seems like the Security industry will be set to change rapidly in just a few years and as a profession we'll need to be ready to champion a solid understanding of how the core principals relate to the new tool-sets so that we don't lose sight of the key objectives. 

Newcomer II

Enjoying the game-ification to prod us to engage our ISC2 community.  Good luck into the second year!

Newcomer I

Thank you for the nudge to get more involved in this community as well as to take advantage of the deep expertise available to each of us through our affiliation with this organization.

Newcomer II

A little push to get more involved is sometimes needed as it seems Smiley Happy

Newcomer I
Can anyone provide some guidance? I would like to know what others are doing to manage medical devices that store protected health data in your organization? Do you have any solutions on your network to discover these devices or are they being treated like any other network device? How are they segmented on the network?

Good Initiative

Newcomer I

I know there's always a time limit, but maybe a holiday gift would be extending the timeline for the badge until the end of December?  It doesn't hurt to ask.... 

Community Champion
> bukoskey (Viewer II) posted a new comment in (ISC)² Updates on 11-26-2018 11:01

> I know there's always a time limit, but maybe a holiday gift would be extending
> the timeline for the badge until the end of December?  It doesn't hurt to
> ask.... 

Oh, come on. I mean, yeah, receiving kudos is a bit out of your control, but surely
you could kudo five posts, reply to three posts, create three posts, and tag five
posts in the next four days? (Who knows? I might do that before noon. *And*
think of six impossible things ...)

Besides, the "badge keeners" will want to get on to the huge "combo" badge due to
start in December! (I'm going to be away at my uncle's funeral, so I won't be in
there competing with the eager posters on December 1st ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
It's official: Cyberterror is the new yellowcake uranium.
http://blog.wired.com/27bstroke6/2008/05/did-hackers-cau.html
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB
Newcomer I
Newcomer I
 
>Can anyone provide some guidance? I would like to know what others are doing to manage medical devices that store protected health data in your >organization? Do you have any solutions on your network to discover these devices or are they being treated like any other network device? How are >they segmented on the network?
Hello Ken, a couple of things; Since all the attention given to Med Devices at BlackHat this past summer, we are following the recommended route of several researchers, digitally signing the application. Regarding the the management of the device, that's a trickier answer, especially since the devices are not always connected and/or the HCP will not provide a gateway out of their network back to the mother ship. So we are implementing a combination of a customer IoT solution (ThingWorx) along with a "disconnected" server in the form of a common client to manage/update the devices. Not a lot of details, but at least some general guidance/things to consider as you move forward.  Dan
Newcomer I

Okay rslade, I started with giving you a kudo for pointing out the obvious :-) ! Now I just need to find the time over the next 4 days and not let my day job and family life interfere with the pursuit of a badge.... 

Community Champion

"Now I just need to find the time over the next 4 days and not let my day job and family life interfere with the pursuit of a badge...."

 

That's the spirit!  Never let the real world interfere with your pursuit of a shiny digital novelty!

Newcomer I
What about isolating these devices on a dedicated protected VLAN or other isolated network from your non-medical devices?   This could help reduce your threat footprint.
Newcomer I

Isolation might be an approach, but most hospitals run pretty flat networks, I would think we'd have a better chance of having the BioMeds server facing out to download the updates/patches, then transfer the downloads to a server on the network with the med devices that need the update/patch, or maybe the BioMeds has their own isolated vlan that they can access/have a gateway to the vendors/manufactures network to acquire the patches/updates, then the BioMeds can attached the device to this isolated network, perform the update and put it back into service. Especially since you don't want the device to be updated when it's in clinical mode anyway... Just a thought.