ISSA Journal Call for Articles
The ISSA Editorial Advisory Board seeks article submissions from information security professionals throughout the industry. Security experts in the enterprise, academia, and government are encouraged to share their expertise to the advancement of our industry. ISSA members and non-members are welcome to contribute. Please submit articles to the ISSA Journal Editor and review in advance the Editorial Guidelines. Include the copyright release and submission checklist with your article. Note that accepted articles may be eligible for CPE credits.
We occasionally revisit past topics for inclusion when space permits: see below.
The Open Forum
The Open Forum is a vehicle for individuals to provide opinions or commentaries on infosec ideas, technologies, strategies, legislation, standards, and other topics of interest to the ISSA community. Open Forum articles are not intended for reporting news; they must provide insight, opinion, or commentary to initiate a dialog as to be expected from an editorial. The views expressed in this column are the author’s and do not reflect the position of the ISSA, the ISSA Journal, or the Editorial Advisory Board. Columns should be 800 words maximum and include a title, a short bio, and a photo.
December: Security Architecture
Developing a security architecture is tantamount to developing an architecture for a building. Like a building, security is meant to support and protect the environment in which activities transpire. In order to successfully establish a security architecture an organization needs to fully understand what is being supported and protected, and what threats may be present, both currently and in the future. Because the environment and threats are dynamic in nature, a security architecture needs to incorporate enough flexibility to allow changes to the framework, without ever compromising the ability to support and protect. Until recently, security architecture was an activity undertaken by network engineers and security professionals who had minimal collaboration with the business operations professionals in the organization, resulting in rigid architectures that were challenged by business changes and business operations that felt burdened when the security architecture forced a change in workflow. Organizations are now beginning to collaborate better and this has led to security architecture implementations that can grow with the changing environment, without threatening business operations. The ISSA Journal would like to hear about your experiences in developing security architectures, and understand what you have learned from challenged implementations, and what you have learned from implementing architectures that you deem successful.
Articles Due: NOW
January: Best of 2016
February: Legal, Privacy, Regulation, Ethics
The dynamics of security and compliance with legal and regulatory mandates as well as current privacy and ethical questions can be an extremely difficult area to navigate. While many are no doubt familiar with NIST, ISO, GLBA, SOX, or PCI, it is often very difficult to develop, implement, and maintain a governance framework that can address diverse requirements in a comprehensive and coherent manner. Thus, it is often asked if an organization should develop targeted solutions, architectures, and governance apparatus for different mandates, or if it is possible to utilize a more integrated approach. We are looking for your input and ideas on legal, regulatory, privacy and ethical topics as they affect security, compliance, and privacy.
Articles Due: 1/6/17
March: Internet of Things
The Internet of Things isn't new. The idea that we could communicate with a machine, understanding various state information based on embedded sensors, has been around since the 1980s. As the networked world has evolved, it's only natural for increased interaction with machines and other inanimate objects. The potential real-world solutions seem endless -- so do the opportunities to wreak havoc (think medical devices, utility grids, automobiles, etc.). Designing and delivering secure, impenetrable devices presents a daunting challenge. We are looking for information security thought leaders to lead the discussion on how IoT technology can become a trusted participant in our information world.
Articles Due: 1/22/17
April: New Technologies in Security
Here we are in 2017, and it still feels like there must be at least one new security company filing papers in Delaware almost every day. The sheer number of security vendors availble to choose from is staggering. Fifteen years ago the market was much smaller with a healthy mix of commercial to open source tools, but today we practitioners have a real problem on our hands. How do we balance the best of the new with the risks that our organizations face, keeping in mind we have legacy tools and infrastructure to consider? This month's issue focuses on New Technologies in Security. The ISSA Journal is looking for new approaches to classic problems, strategies for navigating the complex vendor landscape, and advice for practitioners who face thousands of options for tools—commercial and open source.
Articles Due: 2/22/17
May: The Cloud
The cloud has many different forms, but typically we describe cloud services as public, private, and hybrid. It is almost universally accepted that the security of data, along with the underlying system and network components, is a work in progress. There are both technical as well as legal, regulatory, and governance aspects to the data protection models we strive to achieve. Add to this the use of different virtualization techniques that underly the different cloud forms and the design, architecture, deployment, and management of a cloud becomes very complex. We are looking for your input, ideas, experience, and observations as to what works, what doesn't, what standards should be applied, and what considerations should a security practitioner keep in mind when deploying a cloud. Avoiding the cloud is not the answer, so what practical solutions do you have to meet the business requirements?
Articles Due: 3/22/17
June: Big Data/Machine Learning/Adaptive Systems
Artificial intelligence (AI), machine learning, predictive analytics are the latest buzzwords in information security; in particular, in the areas anti-virus and threat detection. Clearly threats are becoming more sophisticated and as their offensive capabilities increase we must look for ways to address and counter those. It is possible that new methods based upon AI, deep learning and analytics may be incorporated into adaptive controls and countermeasures that can better address the more complex threat environment we now face. Can these techniques help? The ISSA Journal is looking for your thoughts in this area.
Articles Due: 4/2/17
July: Cybersecurity in World Politics
The highest level politicians and bureaucrats have had great difficulties from mixing personal and state secret email, failed security, and hacked communication systems. This has elevated cybersecurity to new heights of international political attention. Should we praise or condemn whistleblowers like Snowdon or Assange? Should ISSA welcome information security professionals from Russia, China, or North Korea into membership? How do international political cybersecurity events affects us? What must we do and what roles must we attempt to play in these world-shaking issues?
Articles Due: 5/22/17
August: Disruptive Technologies
Waves of disruptive technologies continually threaten to sweep away existing business landscapes. Blockchain, tokenization, 5G networks, quantum cryptography, smart cars, and the Internet of Things (IoT) are names of just a few. All promise the disintermediation of our competitors, and offer us unlimited new opportunities if only we become early adopters willing to accept the risks. This issue of the Journal seeks articles on the security threats and vulnerabilities of all things disruptive, and solutions that can help us to embrace the coming new technology waves and manage the risks.
Articles Due: 6/22/17
September: Health Care
Healthcare is one area of particular focus for information security practitioners as there are very specific security, privacy and technological issues and mandates one must deal with. These also vary by jurisdiction. There are also many tools security professionals can use in this space that allow for a relatively consistent application of controls. We are looking for your thoughts and ideas on information security in the healthcare space.
Articles Due: 7/22/17
October: Addressing Malware
For almost as long as there have been computing platforms in use, there have been inherent threats associated with them. One of the most prevalent is malicious software. From the Cascade and Brian viruses to the XcodeGhost exploit, malware has been an inevitable part of the computing landscape. As technology matured and became more sophisticated, so did the malware variations and the damage it has caused to millions of computers around the world. This month's issue of the ISSA Journal will explore the types of malicious software in the wild and how it has evolved as well as the techniques used by cyber-security professionals to mitigate the risks posed by it.
Articles Due: 8/22/17
November: Cryptography & Quantum Computing
Quantum computing offers great promise, the potential for us to solve problems that were not feasible to solve on classical computers. But there's a downside to this promise. In the quantum computer future, attackers will enjoy improved cryptanalysis capabilities. These improvements will make some of our existing cryptographic security controls more vulnerable to attack and make it much harder to defend our systems. This issue of the Journal seeks articles that can help security professionals navigate the quantum future. Topics of interest include, but are not limited to, Quantum Computers, Quantum Random Number Generators (QRNG), standardization activities, Quantum Safe Computing, and Quantum Cryptography (e.g., Lattice-based unique key exchange, McEliece code-based encryption, Leighton-Micali signatures, etc.).
Articles Due: 9/22/17
December: Social Media, Gaming, and Security
Based on 2016 statistics, 155 million Americans play online games regularly and 78 percent of the population has a social networking profile. With staggering numbers like this, these industries will probably thrive for the foreseeable future. Being interconnected with others in the community and around the world through these vehicles can be exciting but also poses numerous risks such as predators, addiction, identity theft, malware intrusion, and social engineering. These issues require both the vendors and consumers to become more vigilant to effectively protect themselves. Furthermore, tackling them can be complicated and time consuming and will inevitably impact this landscape. What research, experience, or best practices do you have to share in this area? The ISSA Journal is interested in hearing from you.
Articles Due: 10/22/17
December: Security Architecture
November: Practical Application and Use of Cryptography
October: Cybersecurity Careers & Guidance
September: Payment Security
August: Internet of Things
July: Social Media Impact
June: Legal, Privacy, Regulation
May: Breach Reports - Compare/Contrast
April: Malware Threat Evolution
March: Mobile Apps
February: Big Data / Data Mining & Analytics
January: Securing the Cloud
November: Social Media and Security
October: Infosec Career Path
September: Academia and Research
July: Malware and How to Deal with It?
June: The Internet of Things
May: Infosec Tools
April: Security Architecture / Security Management
March: Physical Security
February: The State of Cybersecurity
January: Legal and Regulatory Issues
November: Cyber Security / Cyber Defense
October: Data Protection Strategies and Controls
September: History of Information Security
August: Big Data: Use and Security Ramifications
July: Practical Use of Infosec Tools
June: Identity Management
May: Healthcare Threats and Controls