This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
Contact Us   |   Print Page   |   Sign In   |   Join Now
ISSA Journal Call for Articles


The ISSA Editorial Advisory Board seeks article submissions from information security professionals throughout the industry. Security experts in the enterprise, academia, and government are encouraged to share their expertise to the advancement of our industry. ISSA members and non-members are welcome to contribute. Please submit articles to the ISSA Journal Editor and review in advance the Editorial Guidelines. Include the copyright release and submission checklist with your article. Note that accepted articles may be eligible for CPE credits.

Note: If you have an infosec topic in mind that does not align with the monthly themes, please submit. All articles will be considered.

The Open Forum

The Open Forum is a vehicle for individuals to provide opinions or commentaries on infosec ideas, technologies, strategies, legislation, standards, and other topics of interest to the ISSA community. Open Forum articles are not intended for reporting news; they must provide insight, opinion, or commentary to initiate a dialog as to be expected from an editorial. The views expressed in this column are the author’s and do not reflect the position of the ISSA, the ISSA Journal, or the Editorial Advisory Board. Columns should be 800 words maximum and include a title, a short bio, and a photo.


January: Best of 2018

February: Legal & Public Policy

Security professionals are literally on the front lines of laws relating to privacy and accountability. What is technically correct or secure may not be what is required according to law. There are new laws such as the GDPR that drastically affect our businesses when they come into force. Every security incident has different factors that guide an appropriate response to include impact to the company, the individuals affected, and whether it is reportable or not. Other countries may have laws that affect us or may suggest directions that new laws are going that we will have to adapt to. We are looking for authors to share their experiences and knowledge in managing the impact of law on our profession as well as the wider impacts to the public.

March: Cloud

Although cloud technologies have been around for a while, we still find ourselves struggling for answers to some basic questions. Where is the data actually being stored? Is it really possible to be secure in the cloud? How can we ensure that we are in compliance with the growing number of regulations that are being created to help protect data and privacy? During our quest for information as we move to a cloud-first policy or cloud-only policy organization, imagine what it would be like if we had the services of a "cloud whisperer." The ISSA Journal is looking for writers who are fluent in "cloud." We need your input, ideas, experience, and observations as to what works and what doesn't. Let us know what solutions are available, what standards should be applied, and what considerations a security practitioner should keep in mind when it comes to life in the cloud.

April: Infosec Basics

We’ve come a long way from information security consisting of a short list of access controls on an edge firewall, manually performed daily log reviews, and good coding practices. While the core tenets of confidentiality, integrity, and availability are still relevant, the breadth of today’s information security basics now cover a large number of disciplines. Technical knowledge for domains such as system administration and network security have remained necessary but matured. Knowledge around other key areas has also become required: topics like cloud management, scripting and coding best practices in new languages, security monitoring automation, and risk management. Working your way up from the bottom requires learning dedicated skills and how those basics fit into the overall picture. Help others understand how that bigger picture is developed!

May: Cryptography

Today, multiple cryptographic technologies lie at the center of our daily interactions. In the corporate world, cryptography is a critical component of any mature corporate information security program to secure information that we access, process, transport, store, or retrieve. This is also true in personal lives, where we rely upon cryptography to protect our daily communications, entertainment, financial transactions, and transportation. We are seeking articles on all aspects of cryptography. Topics of interest include, but are not limited to, the theory, technology, and application of blockchain technology, cryptocurrency, digital signature, digital rights management, email security, hashing, payment systems, personnel identifiers, quantum cryptography, and virtual private networks. How does your organization employ cryptography technologies and insure information security? What are the difficulties when implementing new cryptographic policies and procedures? How do you remain current on new cryptographic developments and technologies? How do you evaluate new cryptographic security technologies?

June: Privacy

The 2016 US election and Facebook/data analytics scandal revealed that average people truly don’t know their rights in regards to information and data privacy and the privacy we give up and as we engage more and more with the Internet. Information privacy is an intertwined relationship between collecting, protecting, and sharing data, technology, and the expectation that our privacy is protected. Every data breach, engagement with social media, search history, smart appliances, and even the much loved Amazon Echo reveal that our control over privacy has weakened even though privacy rights have grown stronger. Privacy has emerged as the most significant consumer protection issue. How little or how much do we have? What are our privacy rights? Should we demand more? Are we giving up too much privacy by living life on the internet?

July: Internet of Things

As our world evolves it's only natural that our interactions with machines and other inanimate objects become more complex. The Internet of things is quickly transforming into the network of things, possibly making our lives better, faster, and more efficient. However, the increased connections open up new opportunities for cyber criminals to wreak havoc (think medical devices, utility grids, automobiles, etc.). Are we ready to meet the growing challenges in designing and delivering secure, impenetrable devices? What are the ramifications of a device that may be mass produced at low cost and more than likely not have a means to be patched or updated in the event a flaw or vulnerability is discovered. How do we prepare for and guide our organizations in the safe adoption of this wave of new technology? How might our privacy be impacted by remote sensing devices in our homes? If you are an information security thought leader who is willing to lead the discussion on how IoT technology can become a trusted participant in our information world, we would like to hear from you.

August: The Toolbox: Tools of the Infosec Pro

Every professional has his or her toolbox, bag of tricks, and secrets of the trade. This is equally true for infosec pros. And there are multitudes of uses and purposes: automation, analysis, aggregation, detection, hacking/cracking, forensics, pen testing, s/w testing, CI/CD, and on and on. Some of these tools you’ve created yourself, some are shared freely by others, and some you’ve mashed up into new tools. Regardless, we have our favorites. Share the favorites from your infosec tool chest with your fellow ISSA members, why you need them, how they make your job easier, and why others should consider using them. This is NOT intended to be a sales or marketing pitch for your company’s tools or services, so please focus on freely available software.

September: Standards

From the earliest days of computing, standards have provided structure and details to allow a set of common concepts to emerge. The Internet, our use of cryptography, risk management, and a host of protocols and technologies we use today were codified through a string of design decisions and technical standards called Request for Comments, or RFCs. The United States government published the Rainbow Series that provided early computer security standards and guidelines. Today we look to NIST, ISO, and others to define standards. International organizations, industry associations, and corporations have added to the litany of standards that now impact the field of information security. Where did they come from? What standards are out there? How do they impact computer security? Are they good/bad? How are they evolving our field?

October: The Business Side of Security

There is no escaping the business motions associated with running a security function inside a firm. Be it managing a profit and loss plan, or in the case of an internal cybersecurity function a budget, your success depends on your ability to build and grow a solid business acumen. Your group is critical to the long-term success of the firm, but you will face business obstacles that require leadership. Build or buy? Outsource or offshore? Hire or contract? Risk accept or no? All of these decisions will affect more than just your budget; they will affect the success of your function and potentially your firm. We are seeking articles and advice on how we can all improve our interactions with the business. How do we provide foundational cybersecurity functionality in the face of a challenging business environment or build cybersecurity resilience into products?

November: Security DevOps

The field of development operation is all about getting clean code deployed quickly, but adding security to the mix is often a neglected logical step. Development operations is relatively new, and it is a technology that can have significant impact on how we do our work. Integrating security into the various automated test suites or even including security in early specification can greatly improve the code that is generated and requires the security professional to know and understand how testing is performed and even how to get into the planning or “story” part of development. Given the ability to quickly deploy code, how can security mitigate against the risks associated with its rapid deployment. There are also lessons, such as the meticulous and real-time analysis of logs to identify problems in an automated way. This is a rapidly growing field. If you have ideas or real-world experience, we would like to share it in our security DevOps issue.

December: Looking Forward

When you hear holiday music on the radio and see festive decorations everywhere you look, you know it's time to pull out the crystal ball for a glimpse at the future of information security. Will next year be the year that AI, neural nets, and machine learning can anticipate zero day attacks? What comes after GDPR, and will we ever sort out an individual’s right to control access to his or her data? What will new disruptive technologies look like, and how will they impact us? We are seeking pundits, definers, analysts, and insightful practitioners who can shed some light on the cyber threats - and solutions - that are waiting for us in 2020 and beyond

Community Search
Sign In


ISSA International Series: SDLC - Is it Useful?

ISSA Thought Leadership Series: Building a People-Centric Cybersecurity Strategy for Healthcare

Software-Defined Segmentation Solving the Challenges of Today's Accelerated Enterprise

2/22/2020 » 2/23/2020
February 2020 ISSA Cyber Executive Forum San Francisco, CA

Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information