Cybersecurity Pros Are Not Feeling the Love… Again

Stop us if you heard this one before: Cybersecurity professionals are responsible for protecting their organization’s users and data from the dangers of cyber threats, but they feel underappreciated. Two-thirds (67%) believe “IT security is viewed either as merely reactive to business needs or a cost rather than an asset to the organization,” says a survey of cybersecurity professionals and CISOs by Thycotic, a privileged access management (PAM) vendor. The survey found that a majority of cybersecurity professionals in the United Kingdom and Germany say executives and co-workers see them as more of a burden than a business benefit –…

What Does Our Partnership with CyberUSA Mean?

By John McCumber, Director of Cybersecurity Advocacy, (ISC)² After a lot of planning and coordination, we were excited to announce our new partnership with CyberUSA earlier this week. What is CyberUSA, you may ask? Governed by its members, the nonprofit was established to enhance information sharing between states and improve cyber resilience at all levels of participation: local, regional, and national. It is focused on the common mission of enabling innovation, education, workforce development, enhanced cyber readiness and resilience within our state and local communities, and connects them at the national level. What does all that mean? The key takeaway…


In this blog, we will take a look at the different Categories of countermeasure, Type of Control, Goals of Countermeasure, and their respective cost justification. Refer to below mind map for complete details. Security control categories Types of control Goals and Justification of Countermeasure

CISSP Spotlight: Renju Damodaran

Name: Renju Damodaran Title: Senior Manager, Cyber Risk Services Employer: Wipro Limited Location: Boston, MA Education: BS, Information Systems from BITS, Pilani. Years in IT: 20 Years in cybersecurity: 16 Cybersecurity certifications: CISSP, CISA, SABSA SCF How did you decide upon a career in cybersecurity? Back in the day (early 2000s), I was involved in setting up IT infrastructure for a startup company. I started interacting with information security professionals from external consulting firms and developed an interest in security as a profession. I learned BS7799 framework and landed an information security officer role in ING Vysya Bank (now known…

Qualitative Risk Analysis … Delphi Technique

Purely quantitative risk assessment is hard to achieve because some items are difficult to tag to fixed dollar amounts. Absolute qualitative risk analysis is possible because it ranks the seriousness of threats and sensitivity of assets into grades or classes, such as low, medium, and high.  Typically this analysis is done for Intangible assets such … Continue reading “Qualitative Risk Analysis … Delphi Technique”