BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Player FM - Internet Radio Done Right
Checked 7M ago
Tilføjet four år siden
Indhold leveret af Andrew Morgan. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Andrew Morgan eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Minder om The CyberCast
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
))
Daily Deals
CIS Control 16 - Application Software Security - Sponsored by Manicode
Manage episode 357969932 series 2935158
Indhold leveret af Andrew Morgan. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Andrew Morgan eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
CIS Control 16 - Application Software Security
The way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data. NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors.
**Jim Manico at minute 52:40 - do not miss!!**
Our sponsor: Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices.
Contact Jim here: https://manicode.com/
Co-hosts:
Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
Wes Spencer: https://www.linkedin.com/in/wesspencer/
'
20 episoder
DelManage episode 357969932 series 2935158
Indhold leveret af Andrew Morgan. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Andrew Morgan eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
CIS Control 16 - Application Software Security
The way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data. NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors.
**Jim Manico at minute 52:40 - do not miss!!**
Our sponsor: Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices.
Contact Jim here: https://manicode.com/
Co-hosts:
Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
Wes Spencer: https://www.linkedin.com/in/wesspencer/
'
20 episoder
Alle episoder
×
T
The CyberCast
1 CIS Controls - Version 8.1 Update Overview 52:09
52:09 
Afspil senere 
Afspil senere 
Lister 
Like 
Liked52:09
Afspil senere Afspil senere Lister Like LikedWith the release of NIST Cybersecurity Framework 2.0, CIS felt strongly that an update to The Controls was necessary to crossmap to CSF 2.0. Specifically the strongest driver, was the release of the Govern function. Co-hosts : Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Brian Blakely : https://www.linkedin.com/in/bblakley/ Eric Woodard : https://www.linkedin.com/in/eric-woodard/ Sponsored by Right of Boom cybersecurity conference : https://www.rightofboom.com/…
T
The CyberCast
1 CIS Control 18 - Penetration Testing - Sponsored by Hacket Cyber 1:06:26
1:06:26 Afspil senere Afspil senere Lister Like Liked1:06:26
Afspil senere Afspil senere Lister Like LikedPenetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations external network, internal network, applications, or systems. They provide a valuable insight on how your digital and human assets perform. In this episode we review the criticality of scoping a Pen Test, along with differences between Pen Testing, Red Teaming and Vulnerability Assessment. Why should you choose one over the other and when would one proceed the other. Sponsored by : Hacket Cyber and post game interview with Founder James Carroll. Hacket Cyber is a security consulting firm specializing in penetration testing, ethical hacking, and industry-leading cybersecurity services. Our offerings are purpose-built for the MSP, MSSP, and VAR channels. https://hacketcyber.com/partner/ James Carroll LinkedIn: https://www.linkedin.com/in/jchax/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 17 - Incident Response Management - Sponsored by Exigence 53:38
53:38 Afspil senere Afspil senere Lister Like Liked53:38
Afspil senere Afspil senere Lister Like LikedThe biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident . The longer an intruder has access to your network, the more time they’ve had to embed themselves into your systems. Communicating with everyone involved can help limit the duration between attack and clean-up. Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack. Our sponsor : Exigence ( https://www.exigence.io ) is a multi-tenant, Incident Readiness, Incident Response platform, built for MSP/MSSPs. Drive new revenue streams and meet cyber insurance & regulatory requirements for Incident Response plans and tabletops. The Exigence platform gives you full control of critical incidents by uniquely addressing every aspect of the incident – turning an unstructured situation into one that is structured and easy to manage. It coordinates all stakeholders and systems all the time, orchestrates complex workflows from trigger to resolution, simplifies the post-mortem, and always leverages lessons learned for doing it even better next time. Contact Noam here : noam@exigence.io Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/ '…
T
The CyberCast
1 CIS Control 16 - Application Software Security - Sponsored by Manicode 1:06:54
1:06:54 Afspil senere Afspil senere Lister Like Liked1:06:54
Afspil senere Afspil senere Lister Like LikedCIS Control 16 - Application Software Security The way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data. NOTE: Crowdstrike notes that Cloud based attacks and initial access via these systems has increased 112%, therefore SaaS applications, their potential vulnerabilities and misconfigurations along with initial access are all being focused on by threat actors. ** Jim Manico at minute 52:40 - do not miss!! ** Our sponsor : Jim Manico, Founder of Manicode is considered the "Godfather" of the OWASP Top 10 and trains software development teams around the globe. His firm helps organizations building secure code and creates programs to address the primary cause of insecurity, which is the lack of secure software development practices. Contact Jim here : https://manicode.com/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/ '…
T
The CyberCast
1 CIS Control 15 - Service Provider Management 1:02:48
1:02:48 Afspil senere Afspil senere Lister Like Liked1:02:48
Afspil senere Afspil senere Lister Like LikedLastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!! Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately. Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed. Organize and monitor all services providers that are associated with your business. Keeping an inventory of all services providers will enable you to monitor them in case they update their policies. Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 14 - Security Awareness and Skills Training - sponsored by Phin Security 1:17:30
1:17:30 Afspil senere Afspil senere Lister Like Liked1:17:30
Afspil senere Afspil senere Lister Like LikedMSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recent security incidents. Training should also reiterate the necessity of using strong passwords, spotting and reporting phishing attacks, as well as properly handling personal information. Security awareness training should include frequent phishing tests. Phishing tests allow users to learn from their mistakes and utilize their training to spot actual phishing attacks. These phishing tests should be specially crafted for different departments within an enterprise. Specially crafted phishing tests are harder to detect and demonstrate the value of security awareness training. 👏 Special thanks to Phin Security for their sponsorship and interview . Connor Swalm : https://www.linkedin.com/in/connor-swalm/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 13 - Network Monitoring and Defense - sponsor by ConnectWise 1:06:16
1:06:16 Afspil senere Afspil senere Lister Like Liked1:06:16
Afspil senere Afspil senere Lister Like LikedNetwork monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8. This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of continuous improvement that involves people, process, and technology. Service providers need a well-trained staff that executes on their network monitoring, detection, logging, correlation of events in order to thwart malicious attacks. 👏 Special thanks for ConnectWise sponsorship and interview . Drew Sanford : https://www.linkedin.com/in/drewsanford/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 12 - Network Infrastructure Management - sponsored by Domotz! 57:28
57:28 Afspil senere Afspil senere Lister Like Liked57:28
Afspil senere Afspil senere Lister Like LikedAbstract : Network Infrastructure Management - Establish, implement, and actively manage network devices, in order to prevent attackers from exploiting vulnerable network services and access points. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default” configuration settings and passwords that, if deployed as-is, can significantly weaken an organization’s network infrastructure. Even if network devices are hardened with non-default configurations and strong passwords, over time these devices will be targeted by new vulnerabilities that are discovered by security researchers. MSPs should ensure that their teams implementing and operating the network infrastructure have processes and procedures in place that include capabilities for having a secure network infrastructure. 👏 Special thanks for Domotz sponsorship and interview . ONLY $21 per Network!! Incredible for MSP COGS!! Key areas Domotz helps MSPs : Control 1 | Continuous Discovery of new devices | checking for default passwords | Alerting on changes (ports, protocols, configurations) | being able to revert back (backup) | logging and auditing of changes and much more!! 🙌 JB Fowler : https://www.linkedin.com/in/jb-fowler-1302023/ & Giancarlo Fanelli https://www.linkedin.com/in/giancarlofanelli/ 👉 Domotz's Security Standards : https://www.domotz.com/knowledge-base/Domotz-Security-Standards-2021-March.pdf Domotz MSP : https://www.domotz.com/msp.php Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 11 - Data Recovery - sponsored by Datto! 1:04:20
1:04:20 Afspil senere Afspil senere Lister Like Liked1:04:20
Afspil senere Afspil senere Lister Like LikedAbstract : Data loss can be a consequence of a variety of factors from malicious ransomware, threat actors using "Double Extortion" and exfiltration, human error and natural disasters like hurricanes. Regardless of the reason for data loss, we need to have a process established (RPO/RTO) to recover our data. Key Takeaways for Control 11 Prioritize your data and come up with a data recovery plan. Protect your backed up data. (See Control 3: Data Protection.) Practice and Test restoring your data. Restore your data after any compromise. 👉 Datto's BCDR Resource Center : https://www.datto.com/resources?page=4&categories=BCDR 🙌 Rob Rae: https://www.linkedin.com/in/robtrae/ - special thanks for Datto's sponsorship and interview. Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 10 - Malware Defenses - sponsored by Malwarebytes! 48:34
48:34 Afspil senere Afspil senere Lister Like Liked48:34
Afspil senere Afspil senere Lister Like LikedAbstract : With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing your MSP and clients. Malware defenses must be able to operate in a dynamic environment through automation, timely and rapid updating, and integrate with other processes like vulnerability management and incident response. Anti-Malware technologies have become an after thought in many organizations, a technology that they’ve always had, always used, and never really thought about. Effective malware protection includes traditional endpoint malware prevention and detection suites, along with enrichment from vendor, vulnerability or threat data. 👉 MSP Partner Growth Program : https://www.malwarebytes.com/partners/managed-service-providers - email Roane Tucker for assistance - rtucker@malwarebytes.com. 🙌 Claudio Tosi : https://www.linkedin.com/in/claudiotosi/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 9 - Email & Web Browser Protections - sponsored by Cisco Secure MSP 56:13
56:13 Afspil senere Afspil senere Lister Like Liked56:13
Afspil senere Afspil senere Lister Like LikedAbstract : Web browsers and email clients are very common points of entry for attackers because of their direct interaction with users inside an organization. Content can be crafted to entice or spoof users into disclosing credentials, providing sensitive data, or providing an open channel to allow attackers to gain access, thus increasing risk to your MSP or client's business. Since email and web are the main means that users interact with external and untrusted users and environments, these are prime targets for both malicious code and social engineering. 😎 Cisco Secure MSP Interview : with Steve Steinberg, Sales Engineer for Cisco Umbrella. 👉 Cisco Secure Managed Service Provider : https://www.cisco.com/c/en/us/products/security/secure-msp-center.html 🙌 Steve Steinberg : https://www.linkedin.com/in/stevesteinberg/ Interested in learning more: msp@cisco.com Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 8 - Audit Log Management - sponsored by Blackpoint Cyber 59:43
59:43 Afspil senere Afspil senere Lister Like Liked59:43
Afspil senere Afspil senere Lister Like LikedAbstract : Log collection and analysis is critical for an organization's ability to detect malicious activity quickly. Sometimes audit logs are the only evidence of a successful attack. Attackers know that many organizations keep audit logs for compliance purposes, but rarely analyze them. Due to poor log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing. In this episode, learn about using logs in incident management, analyzing what to log and the numerous factors to establish a successful audit log management process. S ponsor : Blackpoint Cyber interview with Travis Brittain, Director of Product Enablement. Logging & Compliance : https://blackpointcyber.com/logic/ Travis Brittain: https://www.linkedin.com/in/tbrittain/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 7 - Continuous Vulnerability Management - sponsored by CyberCNS 54:37
54:37 Afspil senere Afspil senere Lister Like Liked54:37
Afspil senere Afspil senere Lister Like LikedNote we discuss Log4j as this is a very timely topic to this control. Abstract : Cyber defenders are constantly being challenged from attackers who are looking for vulnerabilities within their infrastructure to exploit and gain access. Defenders must have timely threat information available to them about: software updates, patches, security advisories, threat bulletins, etc., and they should regularly review their environment to identify these vulnerabilities before the attackers do. Understanding and managing vulnerabilities is a continuous activity, requiring focus of time, attention, and resources. S ponsor : CyberCNS interview with Shiva Shankar, CTO & Founder at minute 45:22. Learn more here: https://www.cybercns.com/ (free trial) Shiva Shankar: https://www.linkedin.com/in/shivashankarj/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 6 - Access Control Management - sponsored by Appgate 52:06
52:06 Afspil senere Afspil senere Lister Like Liked52:06
Afspil senere Afspil senere Lister Like LikedAbstract : It is easier for an external or internal threat actor to gain unauthorized access to assets or data through using valid user credentials than through "hacking" the environment. There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the organization, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded in applications for scripts, a user having the same password as the one they use for an online account which was compromised in a public password dump. Listen as our hosts break down the people, process and technology to implement effective and secure account management. S ponsor : Appgate interview with Tina Gravel, SVP Channels and Alliances at minute 37:20. Learn more here: https://www.appgate.com/ Tina Gravel: https://www.linkedin.com/in/tinagravel/ Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 CIS Control 5 - Account Management - sponsored by Keeper Security 1:04:31
1:04:31 Afspil senere Afspil senere Lister Like Liked1:04:31
Afspil senere Afspil senere Lister Like LikedAbstract : There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the enterprise, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded in applications for scripts, a user having the same password as one they used for an online account. Learn how CIS Control 5 can mitigate some of the most common ways credentials are compromised. S ponsor : Keeper Security interview with Marcia Dempster, Sr. Director of Channel Sales at minute 48:21. Learn more here: https://www.keepersecurity.com/ Marcia Dempster: https://www.linkedin.com/in/marcia-dempster-03280914/ Sponsor : CIS CIS-CAT (https://learn.cisecurity.org/cis-cat-lite) Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 Control 4: Secure Configuration of Enterprise Assets - sponsored by ThreatLocker 45:36
45:36 Afspil senere Afspil senere Lister Like Liked45:36
Afspil senere Afspil senere Lister Like LikedAbstract : Learn why the number one thing organizations can do to defend their networks against top attacks, is to implement secure configurations! Azure Breach (8/26/2021): According To Wiz who found the CosmosDB Vulnerability, they quote: "Database exposures have become alarmingly common in recent years as more companies move to the cloud, and the culprit is usually a misconfiguration in the customer’s environment." https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases Sponsor : ThreatLocker interview with CEO, Danny Jenkins at minute 31:58. Learn more here: https://www.threatlocker.com/ Sponsor : CIS CIS-CAT (https://learn.cisecurity.org/cis-cat-lite) Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/…
T
The CyberCast
1 Control 3: Data Protection (part 2) - Sponsored by Datto 31:15
31:15 Afspil senere Afspil senere Lister Like Liked31:15
Afspil senere Afspil senere Lister Like LikedAbstract : CIS Control 3 is Data Protection and data is pretty much what's at stake for a high percentage of cyber attacks. Data is more valuable than oil and it fuels many organizations. Many of the baseline security recommendations from all of the security frameworks out there now recommend, or REQUIRE if you’re in a regulated industry such as healthcare, that certain things like full disk encryption are simply put into place no matter your risk profile. Much of what’s in the Data Protection Control represents the modern reality of cybersecurity. Note : we split up Data Protection into two shorter podcasts (about 20 minutes each) and therefore, you will see a "part 1 & part 2". Part 2 focuses in depth into CIS Control 3 and the Safeguards 3 - 7 (formerly called sub controls). Co-hosts in part 2 are: Ryan Weeks, CISO of Datto and Wes Spencer, CISO of Perch Security. Ryan Weeks: https://www.linkedin.com/in/ryanweeks/ Wes Spencer: https://www.linkedin.com/in/wesspencer/ Sponsor : Datto - https://www.datto.com/ Rob Rae , SVP of Business Development: https://www.linkedin.com/in/robtrae/ DattoCon : https://seattle.dattocon.com/…
T
The CyberCast
1 Control 3: Data Protection (part 1) - Sponsored by Netwrix 25:16
25:16 Afspil senere Afspil senere Lister Like Liked25:16
Afspil senere Afspil senere Lister Like LikedAbstract : CIS Control 3 is Data Protection and data is pretty much what's at stake for a high percentage of cyber attacks. Data is more valuable than oil and it fuels many organizations. Many of the baseline security recommendations from all of the security frameworks out there now recommend, or REQUIRE if you’re in a regulated industry such as healthcare, that certain things like full disk encryption are simply put into place no matter your risk profile. Much of what’s in the Data Protection Control represents the modern reality of cybersecurity. Note : we split up Data Protection into two shorter podcasts (about 20 minutes each) and therefore, you will see a "part 1 & part 2". Part 1 focuses in depth into CIS Control 3 and the Safeguards 1 -3 (formerly called sub controls) . Co-hosts in part 1 are: Josh Franklin, Sr. Cybersecurity Engineer at Center for Internet Security (CIS) and Brian Blakely, who leads a team of fractional CISOs, where they focus on building security programs for small to medium businesses. Josh Franklin : https://www.linkedin.com/in/joshuamichaelfranklin/ Brian Blakely : https://www.linkedin.com/in/bblakley/ Sponsor : https://www.netwrix.com/ Ken Tripp : https://www.linkedin.com/in/kentripp/…
T
The CyberCast
1 Control 1 & 2: Inventory Control of Enterprise Hardware & Software Assets - Sponsored by CyberCNS 39:34
39:34 Afspil senere Afspil senere Lister Like Liked39:34
Afspil senere Afspil senere Lister Like LikedAbstract : There is a cybersecurity saying; “you can’t protect what you don’t know about.” Without visibility into your information assets, their value, where they live, how they relate to each other and who has access to them, any strategy for protection would be inherently incomplete and ineffective. Note sponsors are at the end at minute 28:30 The Why might an MSP want to listen? Most MSPs only capture 50% of the assets on a client's network. Min 2:30 - 8:46 (Ryan Weeks, CISO of Datto discusses) Importance of asset management. What defines an asset. What defines good asset management. What are common assets missed in an MSPs inventory. Min 8:47 - 16:06 (Wes Spencer, CISO of Perch Security) The repercussions of poor asset management. Importance of Asset Management, as it pertains to Incident Response. How asset management help with IR plans & Tabletops. Min 16:08 - 23:05 (Brian Blakely, Fractional CISO of Cosant Cybersecurity) What your policy statement should include. Learn the importance of Data Flow Diagrams (DFDs). Control objectives and standards MSPs need to consider. Asset considerations on the Right & Left side of "Boom". Min 23:06 - 28:30 (Phyllis Lee, Sr. Director of Controls for CIS) Why CIS and most frameworks start with asset management. The progression of sub-controls as an organization moves from IG1 - IG3 in CIS. What actionable steps should MSPs take to successfully implement Control 1 & 2. Sponsors : Center for Internet Security : Phyllis Lee (28:30 - 30:58) CSAT Pro - learn more here: https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/ Netalytics Security : Shiva Shankar (31:00 - 38:50) CyberCNS: https://www.cybercns.com/…
T
The CyberCast
1 Multifactor Authentication (MFA) - sponsored by Cisco Duo 36:19
36:19 Afspil senere Afspil senere Lister Like Liked36:19
Afspil senere Afspil senere Lister Like LikedGoogle reports that Multifactor Authentication (MFA) prevents more than 96% of bulk phishing attempts and more than 76% of targeted attacks that are credential based. In this episode, learn how MFA maps to the different security frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends. Note: Sponsors Cisco Duo and Center for Internet Security (CIS) are at the end of the episode starting at minute 26:00. msp@duo.com to sign up for Duo NFR. https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/ andrew@thecybernation.com - Andrew Morgan (host) Co-hosts : Ryan Weeks : https://www.linkedin.com/in/ryanweeks/ Phyllis Lee : https://www.linkedin.com/in/phyllis-lee-21b58a1a4/ Wes Spencer : https://www.linkedin.com/in/wesspencer/ Brian Blakely : https://www.linkedin.com/in/bblakley/ Consant Cybersecurity : https://cosant.com/…
Velkommen til Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Minder om The CyberCast
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
What is the internet doing to us? The Times tech columnist Kevin Roose discovers what happens when our lives move online. Unlock full access to New York Times podcasts and explore everything from politics to pop culture. Subscribe today at nytimes.com/podcasts or on Apple Podcasts and Spotify.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Redefining AI is the 2024 New York Digital Award winning tech podcast! Discover a whole new take on Artificial Intelligence in joining host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
))
