May 2019 Volume 17 Issue 5 Trends in Security Executive Leadership and the Rise of the vCISO The Mathematics behind RSA Encryption Industrial Cybersecurity Enhancements NIST Cryptographic Algorithm and Module Validation Programs: Validating New Encryption Schemes The Python Programming Language Choosing Tokenization or Encryption CRYPTOGRAPHY Table of Contents DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLOBALLY Feature 14 Choosing Tokenization or Encryption By Jeff Stapleton – ISSA member, St. Louis Chapter This article discusses the similarities and differences between two popular cryptographic techniques: tokenization and encryption. When making the decision between protection methods, there are several things to consider, including how the data is used and the key management life cycle. 21 Trends in Security Executive Leadership and 37 NIST Cryptographic Algorithm and Module the Rise of the vCISO Validation Programs: Validating New By Donna Gallaher – ISSA member, Metro Atlanta Encryption Schemes Chapter By Eric Lankford – ISSA member, Fort Worth Chapter This article discusses the author’s personal experience The author provides a simplified overview of how and observations with starting her own business as a crytographic algorithms and modules are validated virtual CISO. according to the Cryptographic Algorithm Validation 26 The Mathematics behind RSA Encryption Program and Cryptographic Module Validation Program. By William C. Barge – ISSA member, Northeast Indiana Chapter 41 The Python Programming Language The author describes the mathematics behind the RSA By Constantinos Doskas – ISSA Senior Member, cryptosystem and a coding technique that can be used Northern Virginia Chapter to decrease the chance of the calculation resulting in an This article continues the discussion about the basic abnormal end. building blocks of the Python programming language. 31 Industrial Cybersecurity Enhancements It is the second article in the Python training series. The main topic of this article is file input/output procedures By Cevn Vibert – ISSA member, UK Chapter and date processing. This article highlights alerts and advice for end users of automation and control systems (ICS/OT/IACS/ SCADA) and selected advisory notes for practitioners of industrial cyber-physical security. Also in this Issue 3 From the President 5 Sabett’s Brief Cryptography As a Weapon 6 Women in Cybersecurity A Historical 180 for Women in Technology 7 Crypto Corner Another Quantum Breakthrough 8 Open Forum Security Engineering and Integration Principles and Myths 9 Cryptic Curmudgeon Quantum and Crypto ©2019 Information Systems Security Association, Inc. (ISSA) 10 Security in the News The ISSA Journal (1949-0550) is published monthly by 11 Association News Information Systems Security Association 36 Career Center 1964 Gallows Road, Suite 310, Vienna, VA 22182 +1 (703) 382-8205 (local/international) 2 – ISSA Journal | May 2019 From the President Hello, ISSA Members and Friends Candy Alexander, International President can hardly believe it has only been six months since I began in my role as president of our association! Like most of life’s journeys, some days it seems like it has been a long six months, and other days it seems like only yesterday. Either way, we are making some great progress I– together! A lot of work has been going on behind the scenes. Thinking of it reminds me of the duck analogy: when you see a duck swimming across a pond, it appears to take little to no effort to glide across the water. What is not visible, however, is the effort that the little legs and feet are paddling swiftly, with precision and strength under the water to move the duck forward. The same can be said with any organization – on the surface it appears as though things are slow and with no or little effort, while behind the scenes actions are being performed with precision and strength. To that point, the International Board and I have worked through putting business processes in place, such as the strategic goals that focus on our valued membership (growing and keeping members). Marc Thompson has been working hard with headquarters’ staff on back-office improvements with the Your Membership (YM) software used to manage our membership database, and a cleanup of our QuickBooks use. All of this work is necessary in preparing the association to grow and provide you and our chapters with world-class service that should be expected from an international professional association. I am also very happy to say, for the first time in my years on the Board of Directors, we are currently de- veloping a program management function with the assistance of Brian Shultz and Deb Peinert. This effort will help the Board and me to monitor and evaluate the performance of existing programs offered by the ISSA, as well as making knowledgeable decisions on proposed programs. All of this is part of the effort for ISSA International to utilize sound business practices to ensure efficiencies and quality services. You should have received the “Call for Nominations” for this year’s elections for the ISSA International Board of Directors. The election is one of the most important processes of our association that all mem- bers should participate in. Whether you are considering a run for an open seat on the International Board or you cast your vote, it is important for all members to participate! If you are choosing to become a candidate, know that it is an excellent opportunity to demonstrate your leadership and business skills in a global organization! It is an experience of a lifetime and can be very rewarding! If you are not looking to become a candidate, understand that your role in voting is just as important. Take a moment and learn what each candidate offers and is looking to accomplish before you cast your vote—your decisions pave the future for our association. For those of you who are waiting for this year’s ESG/ISSA research on the “Life and Times of the Cyber- security Professional,” we will be releasing the full report in May. Not to give away too much, but things haven’t improve in many areas for us, including CISO burnout. But you probably already knew that. What you may not know is that we have included some research around “privacy and security” and how it is effective to us as professionals. Be sure to be on watch for the release of the report, which will be available from the ISSA International’s NEW website (another back-office improvement item). I will close by saying my virtual door is always open. Please feel free to reach out by sending me an email at [email protected]. Candy Alexander, CISSP CISM ISSA International President May 2019 | ISSA Journal – 3 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLOBALLY Now Indexed with EBSCO Editor: Thom Barrie [email protected] Advertising: [email protected] International Board Officers Board of Directors Editorial Advisory Board President Mary Ann Davidson Candy Alexander Distinguished Fellow James Adamson Distinguished Fellow Ken Dunham, CISSP, CISM, Jack Freund, Senior Member Distinguished Fellow Vice President Alex Grohmann, CISSP, CISA, CISM, Michael Grimaila, Fellow Roy Wilkinson CIPT, Fellow Distinguished Fellow Yvette Johnson Shawn Murray, C|CISO, CISSP, CRISC, Secretary/Director of Operations FITSP-A, C|EI, Senior Member John Jordan, Senior Member Anne M. Rogers Deborah Peinert Steve Kirby – Chairman CISSP, Fellow Wayne Proctor, CISSP, CISM, CISA, CRISC Mollie Krehnke, Fellow Treasurer/Chief Financial Officer Distinguished Fellow Pamela Fusco David Vaughn, C|CISO, CISSP, LPT, GSNA, Joe Malec, Fellow Distinguished Fellow Senior Member Abhinav Singh Stefano Zanero, PhD, Fellow Kris Tanaka Joel Weise Information Systems Security Association Distinguished Fellow 1964 Gallows Road, Suite 310, Vienna, VA 22182 +1 (703) 382-8205 (local/international) Branden Williams, Distinguished Fellow Rajat Varuni The Information Systems Security Association, Inc. (ISSA)® is a not-for-profit, interna- tional organization of information security professionals and practitioners. It provides educational forums, publications and peer inte raction opportunities that enhance the Services Directory knowledge, skill and professional growth of its members. Website With active participation from individuals and chapters all over the world, the ISSA is [email protected] the largest international, not-for-profit association specifically for security profession- als. Members include practitioners at all levels of the security field in a broad range of Chapter Relations industries, such as communications, education, healthcare, manufacturing, financial, [email protected] and government. The ISSA international board consists of some of the most influential people in the se- Member Relations curity industry. With an international communications network developed throughout [email protected] the industry, the ISSA is focused on maintaining its position as the preeminent trusted global information security community. Executive Director The primary goal of the ISSA is to promote management practices that will ensure the [email protected] confidentiality, integrity and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global informa- Advertising and Sponsorships tion systems security and for the professionals involved. [email protected] The information and articles in this the best knowledge of the author and the official policy of ISSA. Articles may poration and is not
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages46 Page
-
File Size-