The ISSA Editorial Advisory Board seeks article submissions from information security professionals throughout the industry. Security experts in the enterprise, academia, and government are encouraged to share their expertise to the advancement of our industry. ISSA members and non-members are welcome to contribute. Please submit articles to the ISSA Journal Editor and review in advance the Editorial Guidelines. Include the copyright release and submission checklist with your article. Note that accepted articles may be eligible for CPE credits.
Note: If you have an infosec topic in mind that does not align with the monthly themes, please submit. All articles will be considered.
The Open Forum
The Open Forum is a vehicle for individuals to provide opinions or commentaries on infosec ideas, technologies, strategies, legislation, standards, and other topics of interest to the ISSA community. Open Forum articles are not intended for reporting news; they must provide insight, opinion, or commentary to initiate a dialog as to be expected from an editorial. The views expressed in this column are the author’s and do not reflect the position of the ISSA, the ISSA Journal, or the Editorial Advisory Board. Columns should be 800 words maximum and include a title, a short bio, and a photo.
January: Best of 2019
February: Regulation, Public Policy, and the Law
Security professionals are literally on the front line of laws relating to privacy and accountability. What is technically correct or secure may not be what is required according to law. There are laws such as the GDPR and CCPA that drastically affect our businesses and more are on the way. Every security incident has different factors that guide an appropriate response to include impact to the company, the individuals affected, and whether it is reportable or not. Should an organization develop targeted solutions, architectures, and governance apparatus for different mandates, or is it possible to utilize a more integrated approach. We are looking for authors to share their experiences and knowledge in managing the impact of law on our profession as well as the wider impacts to the public./p>
March: Preparing the Next Generation Security Professional
As professionals in the information security industry we know there is a dire shortage of talent. Industry roles today command big salaries and bigger workloads. When you read articles about “the best jobs” or “highest paying jobs” to consider, information security is always in the top 10 of the list. How does this industry sustain current security professionals and prepare the next generation of security professionals? We are looking for information on what current professionals can do, authors experiences in growing their own career, and sound advice for preparing the next generation of security pros.
April: Corporate Espionage & Nation-State Cybersecurity: Attack and Defense
Willie Sutton robbed banks because that's where the money was. Foreign intelligence services are now not only employing cyber attacks against other government's but also against corporations because that's where the secrets are. Using high-powered exploits, these three-letter agencies are surveilling their opposition and sweeping up large swaths of data just in case. By positioning sleeper code in critical infrastructures, we are all imperiled by the threat of cyber war. Topics here include reviews of nation state exploits, problems with attribution, cyber resiliency, legal and practical views of cyber war, and defensive strategies, tools, and practices.
May: Practical Cryptography and the Quantum Menace
Cryptography is a core requirement for secure, reliable communications. Its applications allow us to identify each other over a network, control access to our applications and data, and protect the confidentiality, integrity, and authenticity of our information. Quantum computing offers great promise, but these improvements have the potential to make some of our existing cryptographic security controls more vulnerable to attack, making it much harder to defend our systems. Topics of interest include, but are not limited to, blockchain technology, cryptocurrency, digital signatures, digital rights management, email security, hashing, payment systems, personnel identifiers, quantum cryptography, and virtual private networks.
June: The Infosec Toolbox: Basics to the Bleeding Edge
Every professional has his or her toolbox, bag of tricks, and secrets of the trade. This is equally true for infosec pros. And there are multitudes of uses and purposes: automation, analysis, aggregation, detection, hacking/cracking, forensics, pen testing, s/w testing, CI/CD, and on and on. Some of these tools you’ve created yourself, some are shared freely by others, and some you’ve mashed up into new tools. Regardless, we have our favorites. Share the favorites from your infosec tool chest with your fellow ISSA members, why you need them, how they make your job easier, and why others should consider using them. This is NOT intended to be a sales or marketing pitch for your company’s tools or services, so please focus on freely available software.
July: Security vs Privacy Tug of War
Despite the evolution and maturity of cybersecurity, threats to privacy have are increasing, leading companies to continually look for more effective ways to protect personal information. Information privacy is an intertwined relationship between collecting, protecting, and sharing data, technology, and the expectation that our privacy is protected. Though every data breach, engagement with social media, search history, and smart appliances reveal that our control over privacy has weakened even though privacy rights have grown stronger. What privacy challenges have you faced in your organization? The ISSA Journal would like to hear about the solutions you have implemented as well as lessons learned along the way.
August: Disruptive Technologies
The word disruptive can sometimes make people uncomfortable because it means change, and change makes most people uncomfortable. Disruptive technology is an even bigger change because it changes current technology and modifies business, markets, and unchanging networks. This type of technology is innovative and advances our society and even our lives. The ISSA Journal is looking for information on experiences with what is considered disruptive technology and if it has impacted the author's life, or what does the author see as the next disruptive technology and how it can change all of our lives.
September: Shifting Security Paradigms in the Cloud
The cloud has many different forms, but typically we describe cloud services as public, private, and hybrid. And it is almost universally accepted that the security of data, along with the underlying system and network components, is still a work in progress. Yet we find ourselves struggling. There are both technical as well as legal, regulatory, and governance aspects to the data protection models we strive to achieve. The ISSA Journal is looking for writers who are fluent in "cloud." What are your ideas, experiences, and observations as to what works, what doesn't? What standards should be applied, and what considerations should a security practitioner keep in mind when deploying to the cloud? Avoiding the cloud is no longer the answer.
October: The Business Side of Security
There is no escaping the business motions associated with running a security function inside a firm. Be it managing a profit and loss plan, or in the case of an internal cybersecurity function a budget, your success depends on your ability to build and grow a solid business acumen. Your group is critical to the long-term success of the firm, but you will face business obstacles that require leadership. Build or buy? Outsource or offshore? Hire or contract? Risk accept or no? All of these decisions will affect more than just your budget; they will affect the success of your function and potentially your firm. We are seeking articles and advice on how we can all improve our interactions with the business. How do we provide foundational cybersecurity functionality in the face of a challenging business environment or build cybersecurity resilience into products?
November: Big Data/Machine Learning/Adaptive Systems
Artificial intelligence (AI), machine learning, predictive analytics are the latest buzzwords in information security in the areas of antivirus and threat detection. Clearly threats are becoming more sophisticated, and as their offensive capabilities increase we must look for ways to address and counter them. It is possible that new methods based upon AI, deep learning, and analytics may be incorporated into adaptive controls and countermeasures that can better address the more complex threat environment we now face. Can these techniques help? The ISSA Journal is looking for your thoughts in this area.
December: Looking toward the Future of Infosec
It's time to pull out the crystal ball for a glimpse at the future of information security. Will next year be the year that AI, neural nets, and machine learning can anticipate zero-day attacks? Will we ever sort out an individual’s right to control access to his or her data? What will new disruptive technologies look like, and how will they impact us? We are seeking pundits, definers, analysts, and insightful practitioners who can shed some light on the cyber threats—and solutions—that are waiting for us in 2021 and beyond.