Cybersecurity basics for non-security professionals
Knowing the fundamentals of cybersecurity is a first step toward protecting against cyberthreats. As a non-security professional, you can protect your data from cyberthreats and attacks by learning basic cybersecurity concepts and mitigation strategies.
Notably, the Security hub on Microsoft Learn provides technical guidance and resources for planning and implementing modern cybersecurity strategies, processes, and technologies for non-cybersecurity professionals. Ultimately, you can find resources and foundational training materials to build basic cybersecurity skills which will help you tackle various security challenges.
EDUCATING FUTURE INFORMATION SECURITY PROFESSION
ISC2 and its Center for Cyber Safety and Education are deeply committed to encouraging and supporting students pursuing a degree with a focus on cybersecurity, information assurance, or similar field. The scholarships, sponsored by ISC2, support students globally. Efforts like these can put students on a pathway to long term career success in a rewarding and critically-important field.
The scholarships are part of an effort to bridge the cybersecurity workforce gap—which stands at 3.4 million needed professionals—by providing future cybersecurity professionals across the globe with scholarships to prepare them for a rewarding career in this important field.
To access the scholarship application portal, visit the Center for Cyber Safety and Education website.
CyberChef – The Cyber Swiss Army Knife
CyberChef is a simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. It encourages both technical and non-technical people to explore data formats, encryption and compression.It is expected that CyberChef will be useful for cybersecurity and antivirus companies. It should also appeal to the academic world and any individuals or companies involved in the analysis of digital data, be that software developers, analysts, mathematicians or casual puzzle solvers.
There are around 200 useful operations in CyberChef for anyone working on anything vaguely Internet-related, whether you just want to convert a timestamp to a different format, decompress gzipped data, create a SHA3 hash, or parse an X.509 certificate to find out who issued it.
To access this free resource, visit the CyberChef website. To learn how to use it, read the Tool Guide.
Resource Credit: Paul Krzewinski
Implementing ISO 27001:2022 for Startups and SMEs
Hannah Suarez, SSCP, takes us through the experience of implementing the substantially revised ISO 27001:2022 and upgrading from the 2013 version of the framework.
It’s been more than a year since the ISO 27001:2022 standards were released, replacing the 2013 version and including new and updated texts related to Cloud Security, Digital Trust and Cybersecurity Leadership. For startups and SMEs, these updates pose challenges around retrofitting their existing workforce to tackle the new standards – be it upgrading or implementing an ISMS (Information Security Management System). For organizations beholden to regulatory rules, the focus on third party and supply chain assessments will enable them to focus on securing business growth via the ISO 27001 certification process.
I’m writing this article fresh from finishing an ISO 27001:2022 implementation for a startup. I implemented their ISMS according to the previous standard, and now I want to share with the ISC2 community what it’s like to upgrade.
To access this free resource, visit the ISC2 website here
Free Tools for Cloud Environments
Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment.
To access this free resource, visit the cisa.gov website here
The Business Case for Security
Amid competing financial priorities, investments in physical and cybersecurity measures are crucial for operational continuity and employee safety. This resource provides data and considerations for senior leaders as they prioritize budget items.
To access this free resource, visit the cisa.gov website here
Introducing the guidelines for secure AI
New guidelines will help developers make informed decisions about the design, development, deployment and operation of their AI systems.
Artificial Intelligence (AI) systems have the potential to bring many benefits to society. However, for the opportunities of AI to be fully realised, it must be developed, deployed and operated in a secure and responsible way.
To access this free resource, visit the UK National Cyber Security Center website here