The ISSA Editorial Advisory Board seeks article submissions from information security professionals throughout the industry. Security experts in the enterprise, academia, and government are encouraged to share their expertise to the advancement of our industry. ISSA members and non-members are welcome to contribute. Please submit articles to the ISSA Journal Editor and review in advance the Editorial Guidelines. Include the copyright release and submission checklist with your article. Note that accepted articles may be eligible for CPE credits.
We occasionally revisit past topics for inclusion when space permits: see below.
The Open Forum
The Open Forum is a vehicle for individuals to provide opinions or commentaries on infosec ideas, technologies, strategies, legislation, standards, and other topics of interest to the ISSA community. Open Forum articles are not intended for reporting news; they must provide insight, opinion, or commentary to initiate a dialog as to be expected from an editorial. The views expressed in this column are the author’s and do not reflect the position of the ISSA, the ISSA Journal, or the Editorial Advisory Board. Columns should be 800 words maximum and include a title, a short bio, and a photo.
November: Practical Application and Use of Cryptography
Cryptography is a core requirement for secure, reliable communications. Its applications allow us to identify each other over a network, control access to our applications and data, and protect the confidentiality, integrity, and authenticity of our information. Articles accepted for this issue of the ISSA Journal can include any topic related to cryptography, including security techniques, cryptographic protocols, entity authentication, public key infrastructure, key exchange, cryptocurrency, data confidentiality, message authenticity, entropy, digital signatures, key generation, security proofs and tools, the key management life cycle, and cryptanalysis.
December: Security Architecture
Developing a security architecture is tantamount to developing an architecture for a building. Like a building, security is meant to support and protect the environment in which activities transpire. In order to successfully establish a security architecture an organization needs to fully understand what is being supported and protected, and what threats may be present, both currently and in the future. Because the environment and threats are dynamic in nature, a security architecture needs to incorporate enough flexibility to allow changes to the framework, without ever compromising the ability to support and protect. Until recently, security architecture was an activity undertaken by network engineers and security professionals who had minimal collaboration with the business operations professionals in the organization, resulting in rigid architectures that were challenged by business changes and business operations that felt burdened when the security architecture forced a change in workflow. Organizations are now beginning to collaborate better and this has led to security architecture implementations that can grow with the changing environment, without threatening business operations. The ISSA Journal would like to hear about your experiences in developing security architectures, and understand what you have learned from challenged implementations, and what you have learned from implementing architectures that you deem successful.
Articles Due: 10/22/16
October: Cybersecurity Careers & Guidance
September: Payment Security
August: Internet of Things
July: Social Media Impact
June: Legal, Privacy, Regulation
May: Breach Reports - Compare/Contrast
April: Malware Threat Evolution
March: Mobile Apps
February: Big Data / Data Mining & Analytics
January: Securing the Cloud
November: Social Media and Security
October: Infosec Career Path
September: Academia and Research
July: Malware and How to Deal with It?
June: The Internet of Things
May: Infosec Tools
April: Security Architecture / Security Management
March: Physical Security
February: The State of Cybersecurity
January: Legal and Regulatory Issues
November: Cyber Security / Cyber Defense
October: Data Protection Strategies and Controls
September: History of Information Security
August: Big Data: Use and Security Ramifications
July: Practical Use of Infosec Tools
June: Identity Management
May: Healthcare Threats and Controls