Contact Us   |   Print Page   |   Sign In   |   Register
ISSA Journal Call for Articles


The ISSA Editorial Advisory Board seeks article submissions from information security professionals throughout the industry. Security experts in the enterprise, academia, and government are encouraged to share their expertise to the advancement of our industry. ISSA members and non-members are welcome to contribute. Please submit articles to the ISSA Journal Editor and review in advance the Editorial Guidelines. Include the copyright release and submission checklist with your article. Note that accepted articles may be eligible for CPE credits.

Note: If you have an infosec topic in mind that does not align with the monthly themes, please submit. All articles will be considered.

The Open Forum

The Open Forum is a vehicle for individuals to provide opinions or commentaries on infosec ideas, technologies, strategies, legislation, standards, and other topics of interest to the ISSA community. Open Forum articles are not intended for reporting news; they must provide insight, opinion, or commentary to initiate a dialog as to be expected from an editorial. The views expressed in this column are the author’s and do not reflect the position of the ISSA, the ISSA Journal, or the Editorial Advisory Board. Columns should be 800 words maximum and include a title, a short bio, and a photo.


January: Best of 2017

February: Legal, Regulations, Ethics

For all the work we put into develop secure systems which follow standards and the law sometimes the worst happens and you, or your clients, suffer a breach. There a many different laws from the state to national level dependent on the type of system and type of data released as to who to notify and possible financial consequences. Information shared with customers and law enforcement must be balanced against the needs of the business. Few people have worked closely with law enforcement during breach investigations and there are lessons that can be shared about what to do, and not do, operationally. Identifying a team legal, business, and technical skills prior to the breach as well as processes and action plan may be difficult depending on the size of the organization and the type of breach that occurs. We are looking for authors to share experiences and knowledge in responding to breaches.

March: Operational Security - The Basics of Infosec

Operations Security engages all personnel in the implementation of established policies and procedures to protect organizational resources (such as data, personnel, facilities, and products and services) while meeting the defined business and stakeholder objectives. Operations actions are based upon the physical environment; technological resources, their configuration and management; data sensitivity/confidentiality, criticality, and integrity; personnel need-to-know and associated access controls, document marking, and handling and storage; business objectives; customer confidence; and organizational risks. There is no "one size fits all" but the sharing of [generalized] successful business, information technology, and security practices can allow our readers to expand their understanding of key concepts, processes, and technologies that might apply to their organizations. What have you learned or implemented that others may apply to their own organizations regarding appropriate operations security?

April: Internet of Things

As the networked world evolves, it's only natural that our interactions with machines and other inanimate objects become more complex. The Internet of Things is quickly transforming into the Network of Things, making our lives better, faster and more efficient. However, the increased connections open up new opportunities for cyber criminals to wreak havoc (think medical devices, utility grids, automobiles, etc.). Are we ready to meet the growing challenges in designing and delivering secure, impenetrable devices? How do we prepare for and guide our organizations in the safe adoption of this wave of new technology? If you are an information security thought leader who is willing to lead the discussion on how IoT technology can become a trusted participant in our information world, we would like to hear from you.

May: Health Care & Security Management

The healthcare attack surface is large, considering it includes personal health information (PHI), personally identifiable information (PII) and financial information which can provide a one-stop shopping opportunity for hackers. Similarly to other industries, risks to that data can come from IOT devises, mobile devices as well as network intrusion. Add in the regulatory requirements for protecting PHI and this task becomes even more challenging. Keeping that in mind, there are also many tools security professionals can use in this space to defend against these threats. We would like to know how you have implemented solutions for protecting PHI and what challenges you have faced in your efforts.

June: Practical Application & Use of Cryptography

Cryptography is an indispensable tool used in the protection of data in transit and at rest. It is a fundamental building block in information security. In this issue of the Journal, we seek articles to broadly cover various aspects of cryptography, both applied and theoretical, which highlight emerging trends and challenges. Potential topics include but are not limited to the following: Advanced applications of cryptography in network security, case studies, cloud cryptography, cryptographic protocols (design/cryptanalysis/efficient implementations), distributed cryptography, examples of successful and failed cryptographic implementations, high assurance of cryptographic solutions, human factors issues related to cryptographic solutions, leakage resilient cryptography, problems that arise from deploying cryptographic solutions, secure multiparty computation, and tutorials.

July: Standards Affecting Infosec

From the earliest days of computing, standards have provided structure and details to allow a set of common concepts to emerge. The internet was codified through a string of design decisions and technical standards called Request for Comments, or RFCs. The United States Government published the Rainbow Series that provided early computer security standards and guidelines. International organizations, industry associations, and corporations have added to the litany of standards that now impact the field of Information Security. This is a call for article in the ISSA journal on Standards Affecting Infosec - where did they come from? what standards are out there? how do they impact computer security? are they good/bad? how are they evolving our field?

August: Foundations of Blockchain Security

Blockchain, as a cryptography-based mechanism, has many potential uses including the distributed ledger underlying the Bitcoin architecture. There are also many different blockchain versions from a variety of sources. Because it uses cryptography many feel it is inherently secure. But for information security practitioners there are many aspects of blockchain that may present opportunities for adversaries to attack it: the underlying cryptography, key management, the security architecture within which the blockchain application runs, and the operational and administrative mechanisms used. There is also the perennial issue of what standards exist or should exist to ensure interoperability. In short, blockchain is a technology that information security practitioners should be focused on sooner than later.

September: Privacy

Every year seems to be noted as “the worst year in online privacy.” Globally, big breaches continue to occur (Equifax in 2017), we see an increase in government privacy laws (GDPR, government censorship and surveillance increase), more people are online and through more devices (mobile devices in even the youngest hands), and companies can’t get to the cloud fast enough (AWS v. Azure). All of these trends effect online privacy which in turn effects our individual online privacy. Do fewer hacks give us privacy? Do more laws give us privacy? Is the private cloud any more private than your publicly-connected mobile phone? This is a call for articles in the ISSA Journal on Privacy - Examples; GDPR, mobile ransomware, Cloud privacy, IoT malware.

October: Security Challenges in the Cloud

No matter where you are in your migration to the cloud - public, private or hybrid - it is almost universally accepted that the security of data, along with the underlying system and network components, is a work in progress. In addition to the use of different virtualization techniques that are the foundation for the different cloud forms, there are technical as well as legal, regulatory and governance aspects to the data protection models that make things quite complicated. Do you "speak cloud?" If so, we are looking for your input, ideas, experience and observations as to what works and what doesn't. Avoiding the cloud is not the answer. Therefore, here's your chance to weigh in regarding what standards should be applied and what considerations a security practitioner should keep in mind. What practical solutions do you have to help meet the business requirements while keeping your organization secure?

November: Impact of Malware

For almost as long as there have been computing platforms in use, there have been inherent threats associated with them. One of the most prevalent is malicious software. From the Cascade and Brian viruses to the XcodeGhost exploit and WannaCry ransomware, malware has been an inevitable part of the computing landscape. As technology matured and became more sophisticated, so did the malware variations and the damage caused to millions of computers around the world. This month's issue of the ISSA Journal will explore the impacts of malicious software in the wild and how it has evolved as well as the techniques used by cybersecurity professionals to mitigate the risks posed by it.

December: The Next 10 Years

Information security has come a long way in the last 30-40 years. What will the next 10 years look like? Will we see even more widespread use of cryptography? Will the cloud ever be truly secure? Will AI, neural nets and machine learning really be able to anticipate zero day attacks? What will new disruptive technologies look like and how will they impact us? From a policy standpoint, will we ever sort out an individual’s rights to control access to their data? How will we balance national security and other considerations against those rights? This is a call for articles to publish in the ISSA Journal from you pundits, definers, analysts, and insightful practitioners.


Past Topics

October: Addressing Malware

September: Health Care

August: Disruptive Technologies

July: Cybersecurity in World Politics

June: Big Data/Machine Learning/Adaptive Systems

May: The Cloud

April: New Technologies in Security

March: Internet of Things

February: Legal, Privacy, Regulation, Ethics

Community Search
Sign In


HackIstanbul 2018 CTF - Grand Final Stage

ISSA International Series: Latest & Greatest Security Attacks & Why They Happen

Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information