S2 - Episode 002 – 2022 Breaches and Some Retrospection

In this exciting second episode of the new season, we're offering up a buffet of delicious options to feast your incessant little cybersecurity appetites on! BREACHES We start by spending time on 5 of the top breaches that took place in 2022, but shift into some real world thoughts and ideas on what concepts could have helped in preventing those types of breaches. FRAMEWORKS Jason and Kevin dig deep into their CISSP bag of tricks to discuss cybersecurity frameworks and do a bit of a shallow dive into NIST, and then migrate into the CIS Top 18 cyber controls for effective cyber defense. GAP ASSESSMENTS and MATURITY ASSESSMENTS The guys hit on two very important aspects of how to leverage a framework for your business, for both analyzing your security overlap and your gaps. Then, they take a look at how you can use that same framework to monitor growth and maturity over time. They use hypothetical company 'XYZ Company' to show real-world examples of gap matrices and maturity matrices. These types of critical elements in your security program are items that should be assessed annually or even more frequently. A LOOK AT KPIs The guys move from leveraging the frameworks into looking at KPIs (Key Performance Indicators) and how you can pull KPIs from your controls to determine if you controls are actually working for you! What good is a robust framework if you can't measure its success? 3RD PARTY RISK Lastly, the guys take a look at the importance of 3rd-party risk and how your partners, customers, vendors, and joint ventures might play a part in your overall security posture. Not only how they play a part, but WHAT you can do to take actionable steps around 3rd party risk. This one is VERY action packed and we cover a lot of ground. Jump on the rollercoaster as we hit ALL the rides in the cyber theme park on this one!   CITATIONS: All about the NIST Cyber Framework https://www.nist.gov/cyberframework CIS Top 18 Cyber Controls https://www.cisecurity.org/controls/v8 Training for using the Frameworks offered by SANS https://www.sans.org/blog/cis-controls-v8/ YouTube Training Videos on each of the 18 Controls https://www.youtube.com/@TheCISecurity https://www.youtube.com/watch?v=pGZViAZlg1k&list=PLpNN1VAyNhovvTU6pye4cNYZksP5CLTyy

There are no comments yet.

Please log in to write the first comment.