Cyber Security News Sources We're Following
Recent Cybersecurity News Highlights
2024 CISSP Now Cybersecurity News Highlights
- SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, and IBM (NYSE: IBM), a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver AI-powered security outcomes for customers. The announcement is a testament to Palo Alto Networks' and IBM's commitment to each other's platforms and innovative capabilities. https://newsroom.ibm.com/2024-05-15-Palo-Alto-Networks-and-IBM-to-Jointly-Provide-AI-powered-Security-Offerings-IBM-to-Deliver-Security-Consulting-Services-Across-Palo-Alto-Networks-Security-Platforms
- Schuman, E. (2024, May 8). "Massive security hole in VPNs shows their shortcomings as a defensive measure: Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there." CSO Online. https://www.csoonline.com/article/2099467/massive-security-hole-in-vpns-shows-their-shortcomings-as-a-defensive-measure.html
- Dunn, J. (2024, May 1). "NIST publishes new guides on AI risk for developers and CISOs." CSO Online.
https://www.csoonline.com/article/2097119/nist-publishes-new-guides-on-ai-risk-for-developers-and-cisos.html - Lemos, R. (2024, April 23). "Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs: State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices." Dark Reading. https://www.darkreading.com/endpoint-security/edge-vpns-firewalls-nonexistent-telemetry-apts
- Dunn, J. (2024, April 12). "CISA orders US government agencies to check email systems for signs of Russian compromise." CSO Online. https://www.csoonline.com/article/2089558/cisa-orders-us-government-agencies-to-check-email-systems-for-signs-of-russian-compromise.html
See also: CISA. (2024, April 2). "ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System." https://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-system - Coker, J. (2024, April 8.)
"US Federal Data Privacy Law Introduced by Legislators: A bipartisan US federal data protection law has been drafted by two US lawmakers, aiming to codify and enforce privacy rights for all US citizens." Infosecurity Magazine. https://www.infosecurity-magazine.com/news/us-federal-privacy-law-legislators/ - Sharma, S. (2024, April 4). "Cyberattack forces Omni Hotels to shut down its IT systems: Omni shut down its IT systems in response to an attack it faced on Friday, disrupting key operations including reservations, payments, and point-of-sale systems. " CSO Online. https://www.csoonline.com/article/2081598/cyberattack-forces-omni-hotels-to-shut-down-its-it-systems.html
- Muncaster, P. (2024, March 27). "Zero-Day Vulnerabilities Surged by Over 50% Annually, Says Google." (Infosecurity Magazine). https://www.infosecurity-magazine.com/news/zeroday-surged-50-annually-google/
- Sharma, S. (2024, March 22). "FBI and CISA warn government systems against increased DDoS attacks: The advisory describes the critical DDoS tactics, with recommendations to defend against such attacks. " https://www.csoonline.com/article/2073589/fbi-and-cisa-warn-government-systems-against-increased-ddos-attacks.html
- NSA. (2024, March 14). "Advancing Zero Trust Maturity Throughout the Network and Environment Pillar." Cyber Security Information Sheet. https://media.defense.gov/2024/Mar/05/2003405462/-1/-1/0/CSI-ZERO-TRUST-NETWORK-ENVIRONMENT-PILLAR.PDF
- 3/8/2024: Arghire, I. (2024, March 8). "CISA Outlines Efforts to Secure Open Source Software: Concluding a two-day OSS security summit, CISA details key actions to help improve open source security." https://www.securityweek.com/cisa-details-efforts-to-secure-open-source-software/
- 3/5/2024: Korolov, M. (2024, March 5). "How gen AI helps entry-level SOC analysts improve their skills: By automating repetitive triage and documentation tasks, generative AI systems allow entry-level security analysts to spend more time on investigations, response, and developing core skills." CSO Online. https://www.csoonline.com/article/1310938/how-genai-helps-entry-level-soc-analysts-improve-their-skills.html
- 2/27/2024: NIST #Cybersecurity Framework 2.0 officially released:
https://www.securityweek.com/nist-cybersecurity-framework-2-0-officially-released/
About Certified Information Systems Security Professional
(CISSP) Certification:
(CISSP) Certification:
- ISC2. (2024, April 15). "CISSP Exam Refresh and Updated Official Training Now Live." ISC2 Insights. https://www.isc2.org/Insights/2024/04/CISSP-Exam-Refresh-and-Updated-Official-Training-Now-Live?queryID=7de1a62f322d6f13f548aca9641597fd Check out the 2024 Detailed Content Outline with Weights Final, Effective April 15, 2024, by clicking here.
- ISC2. (2024, February 25). "Computerized Adaptive Testing (CAT) for CISSP Examinations in All Languages." https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages From the announcement: "We are pleased to announce that as of April 15, 2024, all CISSP examinations worldwide will take place in Computerized Adaptive Testing (CAT) format." Read the rest: https://www.isc2.org/Insights/2024/02/Computerized-Adaptive-Testing-CISSP-Examinations-All-Languages
- CISSP Exam Refresh FAQ: Here are the details about the April 15, 2024 CISSP exam update direct from ISC2. https://www.isc2.org/certifications/cissp/cissp-exam-refresh-faq
- ISC2. (2024, February 12). "Asking All CISSP Holders to Help Shape the Certified in Cybersecurity (CC) Exam." ISC2 Insights. https://www.isc2.org/Insights/2024/02/Asking-All-CISSP-Holders-to-Help-Shape-the-Certified-in-Cybersecurity-CC-Exam?queryID=a1e205b26f8bb9f9d83cc62c123cc17b
- ISC2. (2023, November 30). "CISSP+CCSP: The Power of Duo Cybersecurity Certifications: Organizations worldwide put a premium on the strength CISSP + CCSP together bring to their defense. CISSPs save 20% on training now." ISC2
Learn more: https://www.isc2.org/landing/powerduo/cissptoccsp - ISC2. (2023, November 15). "Changes to the CISSP Exam Weighting – What You Need to Know: Effective from April 15, 2024, ISC2 will refresh the CISSP credential exam. ISC2 regularly updates the exams and domain weighting for its certifications."
ISC2 Insights. https://www.isc2.org/Insights/2023/11/Changes-to-CISSP-Exam-Weighting?queryID=f10ca4e454bd734ac66d02e365af9aca - Call to Action: Review the current outline for CISSP-ISSEP concentration exam and reply to questions.
Link to: (ISC)2 Management. (2023, July 12). "Calling All CISSP-ISSEPs! Help Shape Future CISSP-ISSEP Exams!" (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/07/calling-all-cissp-isseps-help-shape-future-cissp-issep-exams.html - (ISC)2 Management. (2023, March 30). "NEW CISSP EXAM REGISTRATION PROCESS FOR 2023: Looking to earn your (ISC)² CISSP certification? Make sure you follow these updated steps to register for your exam." (ISC)2 Blog. https://blog.isc2.org/isc2_blog/2023/03/new-cissp-exam-registration-process-for-2023.html
- (ISC)2 Blog. (2022, December 13). "CALLING ALL CISSPS! HELP SHAPE THE CISSP EXAM." From the blog post: "Coming up next month, the CISSP will be taking its next step in the certification lifecycle with a JTA Study Workshop tentatively scheduled for January 17-19, 2023." Read more: https://blog.isc2.org/isc2_blog/2022/12/calling-all-cissps-help-shape-the-cissp-exam.html
- "Changes to the CISSP Exam Length Coming Soon. Beginning June 1, 2022, additional pretest items and time will be added to the CISSP exam for the Computerized Adaptive Testing (CAT) format." (ISC)2 blog (March 10, 2022). Read further: https://blog.isc2.org/isc2_blog/2022/03/changes-to-the-cissp-exam-length-coming-soon.html
- How is the CISSP-ISSMP Exam Changing? - (ISC)² Blog (isc2.org) (March 17, 2022)
- "A Cybersecurity Role Has Topped List of Best Jobs" ... by (ISC)2 Management, (ISC)2 Blog (January 14, 2022)
- Survey Says: CISSP and CCSP Among the Most In Demand IT Certifications of 2021 - (ISC)² Blog (isc2.org) (26 February 2021)
- (ISC)² Updates CISSP Cybersecurity Certification Exam Based on Expert-Led Domain Revision ... (ISC)2 news release (01 February 2021)
- "SURVEY: CISSP IS THE MOST VALUABLE SECURITY CERTIFICATION FOR 2021" ... (ISC)2 blog site (January 21, 2021)
- "STUDY: CERTIFICATIONS BOOST SALARIES SUBSTANTIALLY" ... (ISC)2 blog site (November 2020)
CISSP Tips and Topics
News Sites of Interest to the Certified Information Systems Security Professional (CISSP):
- (ISC)² insights: https://www.isc2.org/Insights
- Infosecurity Magazine: https://www.infosecurity-magazine.com/
- Dark Reading: https://www.darkreading.com/
- The Hacker News: https://thehackernews.com/
- CSO Online: https://www.csoonline.com/news/
- Security Week: https://www.securityweek.com/
- Wired: https://wired.com
- Threatpost: https://threatpost.com
News Feeds
Thinking about taking the CISSP certification exam?
- What are the benefits of CISSP certification?
- What are the requirements for CISSP certification?
- What experience do you need to have before you take the CISSP certification exam?
- How should you prepare to take the CISSP certification exam?
CISSP - Certified Information Systems Security Professional - About the CISSP NOW! method:
- The CISSP NOW! method, documented in the CISSP NOW! ebook, references official (ISC)² study material, which may be purchased from Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119787637
- If you do not have access to the official (ISC)² study material, you will not be able to follow the CISSP NOW! method.
- The CISSP NOW! method is built around continuous self-assessment and quantitative feedback.