All Episodes
Displaying 61 - 80 of 83 in total
Episode 61 — Safeguard 13.3 – Anomaly detection
Safeguard 13.3 focuses on detecting anomalies within network activity that may signal emerging threats or compromised systems. Traditional defenses rely on predefined ...
Episode 62 — Remaining safeguards summary (Control 13)
The remaining safeguards under Control 13 enhance monitoring precision, response efficiency, and overall situational awareness. They include collecting network traffic...
Episode 63 — Overview – Human factor in cyber defense
Control 14—Security Awareness and Skills Training—addresses the most variable element in cybersecurity: human behavior. Technology can block many attacks, but user act...
Episode 64 — Safeguard 14.1 – Security awareness program
Safeguard 14.1 requires organizations to establish and maintain a formal security awareness program that educates the workforce on secure behaviors and threat recognit...
Episode 65 — Safeguard 14.2 – Phishing simulations
Safeguard 14.2 emphasizes the use of phishing simulations to test, measure, and improve employee awareness of social engineering attacks. Phishing remains the most pre...
Episode 66 — Safeguard 14.3 – Role-based training for admins and developers
Safeguard 14.3 focuses on providing targeted, role-based training to employees whose responsibilities involve elevated privileges or specialized technical duties—such ...
Episode 67 — Remaining safeguards summary (Control 14)
The remaining safeguards under Control 14 extend awareness beyond general staff by emphasizing continuous reinforcement, contextual learning, and cultural integration....
Episode 68 — Overview – Third-party and vendor risks
Control 15—Service Provider Management—addresses the growing reliance on third-party vendors and the risks that accompany it. In today’s interconnected ecosystems, ext...
Episode 69 — Safeguard 15.1 – Inventory of service providers
Safeguard 15.1 requires organizations to establish and maintain a complete inventory of all service providers that store, process, or access enterprise data. This inve...
Episode 70 — Safeguard 15.2 – Security requirements in contracts
Safeguard 15.2 ensures that contracts with service providers explicitly define security expectations and obligations, creating enforceable accountability. Every vendor...
Episode 71 — Remaining safeguards summary (Control 15)
The remaining safeguards in Control 15 round out a complete third-party risk program by adding structured assessment, continuous monitoring, and secure decommissioning...
Episode 72 — Overview – Secure software lifecycle
A secure software lifecycle integrates security activities into every stage of building and operating applications—planning, design, development, testing, deployment, ...
Episode 73 — Safeguard 16.1 – Secure coding practices
This safeguard directs organizations to formalize a secure application development process and set explicit standards for how code is designed, written, reviewed, and ...
Episode 74 — Safeguard 16.2 – Static and dynamic testing
This safeguard advances assurance by requiring a structured process to accept and address reported vulnerabilities and by embedding testing that sees both code and beh...
Episode 75 — Remaining safeguards summary (Control 16)
The remaining safeguards under this control expand beyond coding and testing to address the full ecosystem in which applications live. They include maintaining an inve...
Episode 76 — Overview – Incident response principles
Control 17—Incident Response Management—defines how an organization prepares for, detects, responds to, and learns from security incidents. Even the most robust defens...
Episode 77 — Safeguard 17.1 – IR plan and playbooks
Safeguard 17.1 requires organizations to establish and maintain a comprehensive incident response process that defines scope, roles, responsibilities, and communicatio...
Episode 78 — Safeguard 17.2 – Tabletop exercises
Safeguard 17.2 emphasizes the importance of testing the incident response plan through structured tabletop exercises. These simulations bring together key personnel—fr...
Episode 79 — Remaining safeguards summary (Control 17)
The remaining safeguards in Control 17 reinforce the full lifecycle of incident response—spanning preparation, communication, testing, and continuous improvement. Thes...
Episode 80 — Overview – Why penetration testing validates defenses
Control 18—Penetration Testing—closes the CIS framework by validating how well all other controls perform under real-world conditions. While vulnerability scanning ide...