All Episodes
Displaying 1 - 20 of 83 in total
Episode 1 — What are the CIS Critical Security Controls?
The CIS Critical Security Controls, often referred to as the CIS 18, represent a prioritized and prescriptive set of cybersecurity best practices designed to help orga...
Episode 2 — How to use CIS 18 in your organization
Implementing the CIS 18 effectively begins with understanding how the Controls fit into your organization’s governance, risk management, and compliance efforts. The fr...
Episode 3 — What is a “control” and what is a “safeguard”?
In the context of the CIS framework, a “control” is a broad security domain representing a strategic objective, while a “safeguard” refers to a specific, actionable me...
Episode 4 — Glossary of common cybersecurity terms
Understanding cybersecurity language is fundamental to applying the CIS Controls effectively. Many terms describe foundational components of systems, threats, and defe...
Episode 5 — Glossary of common cybersecurity terms
As cybersecurity practices mature, professionals encounter more specialized terminology that connects operational tactics to governance and technical architecture. Mul...
Episode 6 — Overview – Why asset management is foundational
Asset management is the cornerstone of every effective cybersecurity program because you cannot protect what you do not know exists. Control 1 of the CIS framework—Inv...
Episode 7 — Safeguard 1.1 – Inventory of assets
Safeguard 1.1 directs organizations to establish and maintain a detailed inventory of all enterprise assets capable of storing or processing data. This includes not ju...
Episode 8 — Safeguard 1.2 – Address unauthorized assets
Safeguard 1.2 emphasizes the importance of identifying and responding to unauthorized assets that appear within the enterprise environment. Unapproved devices can rang...
Episode 9 — Remaining safeguards summary (Control 1)
The remaining safeguards under Control 1 build upon the foundation of asset inventory and unauthorized asset management by introducing proactive detection and continuo...
Episode 10 — Overview – Managing the software landscape
Just as organizations must maintain visibility into their hardware, they must also control the software that runs on it. Control 2 of the CIS framework—Inventory and C...
Episode 11 — Safeguard 2.1 – Maintain a software inventory
Safeguard 2.1 focuses on creating and maintaining a detailed, authoritative inventory of all software within an organization’s environment. This includes operating sys...
Episode 12 — Safeguard 2.2 – Only allow authorized software
Safeguard 2.2 builds on inventory management by enforcing the principle that only approved and supported software should exist within the enterprise environment. Unaut...
Episode 13 — Remaining safeguards summary (Control 2)
The remaining safeguards under Control 2 emphasize automation, enforcement, and continuous verification of software integrity. Safeguards 2.3 through 2.7 outline the o...
Episode 14 — Overview – Protecting sensitive data
Data protection is the third pillar of the CIS Controls, and it addresses one of the most critical aspects of cybersecurity: safeguarding the organization’s most valua...
Episode 15 — Safeguard 3.1 – Data classification and inventory
Safeguard 3.1 instructs organizations to establish and maintain a structured data management process, beginning with classification and inventory. This process determi...
Episode 16 — Safeguard 3.2 – Data retention and disposal
Safeguard 3.2 ensures that organizations implement structured, defensible practices for retaining and disposing of data. Every enterprise accumulates vast amounts of i...
Episode 17 — Safeguard 3.3 – Data encryption at rest and in transit
Safeguard 3.3 requires organizations to protect sensitive data through encryption, both when stored (at rest) and when moving across networks (in transit). Encryption ...
Episode 18 — Remaining safeguards summary (Control 3)
The remaining safeguards under Control 3 extend data protection across its entire lifecycle, ensuring that sensitive information is both managed and monitored. These i...
Episode 19 — Overview – Why secure configs matter
Secure configuration management forms the backbone of system hardening and operational stability. Control 4—Secure Configuration of Enterprise Assets and Software—addr...
Episode 20 — Safeguard 4.1 – Establish secure configuration baselines
Safeguard 4.1 requires organizations to establish and maintain formal, secure configuration processes for all enterprise assets and software. This means defining stand...