POPULARITY
Whether you are aligning your cybersecurity to CIS Top 18, the Cybersecurity Trustmark, or any of the many other frameworks, you are bound to get stuck in an attempt to achieve perfection. I sit down with Charles Love of Showtech Solutions to tackle the challenges of progress in the face of paralysis. Stay to the end to get the Ten Commandments of Framework Implementation. --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support
Last week we talked about playbooks and runbooks... This week we are back in the CIS Top 18 controls, #17 and while the timing might be coincidental it is a perfect fit. What we have learned going through the first 16 controls to get to here. Listen to Matt Lee of Pax8 unpack the safeguards and perhaps here a bit of a tussle as we grapple with Yellow Brick Road or Wizard of OZ... you decide! --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support
The CIS Top 18 is widely used in IT, and Jack Bliss of 1898 & Co. has adapted that list for OT/industrial, adding a lot of industrial context and lists of related OT-centric tools and technology.
The CIS Top 18 is widely used in IT, and Jack Bliss of 1898 & Co. has adapted that list for OT/industrial, adding a lot of industrial context and lists of related OT-centric tools and technology.
We find ourselves getting closer to the end of CIS Top 18. In this episode, Matt Lee of Pax8 and I discuss Service Provider Management. Matt does an excellent job of laying out a success path for any MSP to implement. You should note that this is a non-technical control. --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support
In this episode of Best SEO Podcast, join us for an enlightening conversation with cybersecurity expert Clayton Riness of 16 years as we navigate the complex landscape of cyber threats in digital marketing. Clayton sheds light on common risks like email and text phishing attacks, ransomware, card swipers, QR codes, and social engineering targeting individuals, marketers, and businesses offering practical preventive measures. We explored social media security risks such as account hijacking and fake profiles, highlighting effective de-risking practices.We delve into the critical importance of data privacy and GDPR compliance, discussing the implications of breaches and strategies to secure customer data and based practices for data storage for businesses of all sizes. Clayton also goes into concerns and recommendations with integrating WordPress plugins and website security, along with essential considerations for secure e-commerce payment processing. If you manage IT for a business or a web developer and cyber security has been on your mind this is the “101” podcast for you!Guest's Contact Informationhttps://www.linkedin.com/in/clayton-riness/https://www.tevora.com/Additional RESOURCES: Learn about cybersecurity governance, risk, and compliance: https://www.isaca.orgFind online courses for cloud computing, blockchain, AI, and more: https://www.isaca.org/training-and-events/online-training/online-review-coursesImprove security controls with the CIS Top 18 framework: [CIS Critical Security Controls]- https://www.cisecurity.orgAccess free cybersecurity training from CISA: https://www.cisa.govEnroll in Cyber Hygiene Services for vulnerability scanning: https://www.cisa.gov/cyber-hygiene-servicesPlease like, review, and comment if you got value!—More from EWR and Matt: Leave a Review if it was content you enjoyed: https://g.page/r/CccGEk37CLosEB0/reviewFree SEO Consultation: https://www.ewrdigital.com/discovery-callOne-on-One Consulting: https://www.ewrdigital.com/digital-strategy-consulting/private-consulting-session—The Unknown Secrets of Internet Marketing podcast is a podcast hosted by Internet marketing expert Matthew Bertram. The show provides insights and advice on digital marketing, SEO, and online business. Topics covered include keyword research, content optimization, link building, local SEO, and more. The show also features interviews with industry leaders and experts who share their experiences and tips. Additionally, Matt shares his own experiences and strategies, as well as his own successes and failures, to help listeners learn from his experiences and apply the same principles to their businesses. The show is designed to help entrepreneurs and business owners become successful online and get the most out of their digital marketing efforts.Find more great episodes here: bestseopodcast.com/Support the Show.
Security Awareness and Skills Training is CIS Top 18 Control 14 is where Matt Lee of Pax8 and I sit down in our home offices to discuss the ins and outs of all nine safeguards. The importance of them and how they help your organization mature your workforce. --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support
About this episode In this episode, Kip Boyle and Jason Dion discuss the importance of cybersecurity in the current digital landscape and focus on comparing two different standards: The NIST Cybersecurity Framework and the CIS Top 18. The NIST Framework was created to assist organizations in becoming cyber resilient and offers an adaptable and comprehensive approach to cyber risks. The CIS Top 18, on the other hand, provides an actionable and practical checklist of controls that is prioritized and sequenced. Both of these frameworks provide us with cybersecurity measures that can be used for different applications. They can be used individually, or they can work together by complementing each other in a comprehensive cybersecurity strategy. It is important to realize that the CIS Top 18 can end up being quite expensive for smaller organizations to operate, though, which is why many people are choosing the NIST CSF instead. You should always consider various factors, such as organizational size and specific needs, the type of threats faced, and the budget available for implementation when selecting the framework for your organization. Relevant websites for this episode The NIST Cyber Security Framework (CSF) - https://www.nist.gov/cyberframework The 18 CIS Critical Security Controls - https://www.cisecurity.org/controls/cis-controls-list Other Relevant Episodes EP 62 – The NIST Cybersecurity Framework EP 79 – Mid-Career Transition Success Story with Steve McMichael EP 83 – Automating NIST Risk Management Frameowrk with Rebecca Onuskanich
We have made it halfway through the CIS Top 18 and Matt Lee of Pax8 delivers again with a compelling argument for Control 9's demanding our undivided attention. --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support
We are 1/3 of the way through the CIS Top 18 and I think Control 5 might be my favorite. Matt Lee joins me as we dive into all six safeguards and how important they are in the journey toward cyber resilience. --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support
Over the past few months we have spent time on policies, how to tackle controls and safeguards in CIS Top 18, and we have even pointed out cybersecurity areas that might be overlooked. In this episode, as we all look at maturing our cybersecurity practice we look at how one might show evidence to support all of the efforts in creating policies, processes, and procedures. Thanks to Chase Griffin for highlighting that sometimes you do need some tools. --- Support this podcast: https://podcasters.spotify.com/pod/show/msp1337/support
In 2020, Security Magazine listed Sounil Yu as one of the most Influential People in Security in 2020, in part because of his work on the Cyber Defense Matrix, a framework for understanding and navigating your cybersecurity environments. The Cyber Defense Matrix started as a project when Sounil was the Chief Security Scientist at Bank of America. The initial problem he focused on with the matrix was how to evaluate and categorize vendors and the solutions they provided. The Cyber Defense Matrix is a structured framework that allows a company to understand who their vendors are, what they do, how they work along side one another, what problem they profess to solve, and ultimately to find gaps in the company’s portfolio of capabilities. In the seven years Sounil has been working on the project, he has developed use cases that make the Cyber Defense Matrix practical for purposes such as rationalizing technology purchases, defining metrics and measurements, and identifying control gaps and opportunities. The matrix has been adopted by the OWASP Foundation as a community project. Elements of the matrix have been incorporated into the Center for Internet Security’s (CIS) Top 20 Critical Security Controls. I talked with Sounil to hear how the project was going, what his plans are for the future of the matrix, and what help he can use from the community for expanding its usefulness. ABOUT SOUNIL YU Before Sounil Yu joined JupiterOne as CISO and Head of Research, he was the CISO-in-Residence for YL Ventures, where he worked closely with aspiring entrepreneurs to validate their startup ideas and develop approaches for hard problems in cybersecurity. Prior to that role, Yu served at Bank of America as their Chief Security Scientist and at Booz Allen Hamilton where he helped improve security at several Fortune 100 companies and government agencies.
I recently had an opportunity to sit down with a long-time friend and colleague, Jason LeDuc of AccessIT Group, and discuss CIS Top 20 and a walk-through of the critical 6. We spend a few minutes on each control, and that while there is no "easy button," it doesn't mean this has to be difficult. Stay tuned through the end to hear about which control is as important, if not more important, than all the other controls!
How do you secure your assets if you don't know what assets you have? Join us today as we talk to Lenny Giller of RTS and discuss implementing CIS Top 20 Control one that focuses entirely on Hardware Asset Management (HAM).
In this episode, Fred and Garrett discuss the last CIS Control, Penetration Tests and Red Team Exercises. This control focuses on testing the security measures already in place within your organization. Penetration Tests and Red Team Exercises are most impactful when a company has taken action against the first 19 CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Garrett discuss the third Organizational CIS Control, Incident Response and Management. This control focuses on creating an incident response plan to protect your organization's information and reputation. Incident Response and Management is most impactful when a company has taken action against the first 18 CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Garrett discuss the second Organizational CIS Control, Application Software Security. This control is used to manage the security life cycle of your software. This control is used to prevent, detect, and correct security weaknesses. Application Software Security is most impactful when a company has taken action against the first 16 CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss the first Organizational CIS Control, Implement a Security Awareness and Training Program. This control is used to develop and execute a plan for a security awareness and training program. This control is useful for those at all levels of an organization. Implementing a Security Awareness and Training Program is most impactful when a company has taken action against the first 16 CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss the tenth Foundational CIS Control, Account Monitoring and Control. This control is used to actively manage and control user accounts-such as that of employees or contractors-from creation to deletion. Account Monitoring and Control is most impactful when a company has taken action against the first 15 CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Tim discuss the ninth Foundational CIS Control, Wireless Access Control. This control is used to track, control, prevent, and correct the way you use your wireless local area networks, access points, and wireless client systems. Wireless Access Control is most impactful when a company has taken action against the first 14 CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss the eighth Foundational CIS Control, Controlled Access Based on the Need to Know. This control is used to track, control, prevent, and correct secure access to sensitive systems and data. Controlled Access Based on the Need to Know is most impactful when a company has taken action against the first 13 CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Tim discuss how you can protect your data. Data protection is the seventh Foundational CIS Control and is used to prevent your data from being exploited, lessen the effects if it is exploited, and ensure your sensitive information is kept intact. Data Protection is most impactful when a company has taken action against the first twelve CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Tim discuss how you can detect, prevent, and correct the way your information is shared between networks. This is the sixth Foundational CIS Control and is used to secure your network perimeter. Boundary Defense is most impactful when a company has taken action against the first eleven CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss how you can secure network devices. This is the fourth Foundational CIS Control and is used to secure the configuration for network devices such as Firewalls, Routers, and Switches. Secure configuration for network devices is most impactful when a company has taken action against the first ten CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss Data Recovery Capability, the processes and tools used to back up your data. This is the fourth Foundational CIS Control and focuses on backing up and recovering your data as quickly as possible. Data Recovery Capability is most impactful when a company has taken action against the first nine CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Garrett discuss how you can manage ports, protocols, and services on devices connected to your company's network. This control focuses on minimizing your vulnerability to cyber-attackers. This is the third Foundational CIS Control and is used to minimize your vulnerability to attackers. The Limitation and Control of Network Ports, Protocols, and Services control is most impactful when a company has taken action against the first six Basic CIS Controls and first two Foundational CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Garrett discuss how you can adopt defenses to deflect Malicious Software (AKA Malware). This is the second Foundational CIS Control and is crucial for your personal and business security. The Malware Defenses control is most impactful when a company has taken action against the first six Basic CIS Controls and the first Foundational CIS Control (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss how you can protect your email and web browsers. This is the first Foundational CIS Control and is used to minimize your vulnerability to attackers. The Email and Web Browser Protections control is most impactful when a company has taken action against the first six Basic CIS Controls (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss how to collect, manage, and analyze audit logs that help a corporation detect, understand, and recover from a cyber-attack. The maintenance, monitoring, and analysis of audit logs is most impactful when a company first has taken an inventory of Hardware Assets and Software Assets, practices Continuous Vulnerability Management, has Controlled Use of Administrative Privileges, and has Secured Configuration of Hardware/Software (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss how to establish, implement, and manage security arrangements of hardware and software on devices. This helps prevent cyber attackers from getting control of vulnerable settings and services. The secure configuration for hardware and software is most impactful when a company first has taken an inventory of Hardware Assets and Software Assets, practices Continuous Vulnerability Management, and has Controlled Use of Administrative Privileges (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Rob discuss controlling the use of administrative privileges, the process of managing privileges on computers, networks, and applications. The controlled use of administrative privileges is most impactful when a company first has taken an inventory of Hardware Assets and Software Assets, and practices Continuous Vulnerability Management (following the CIS Top 20 Cybersecurity Controls).
In this episode, Fred and Chad discuss continuous vulnerability management, the practice of regularly scanning and cleaning devices and the applications being used on those devices. Vulnerability Management is most impactful when a company first has an inventory of Hardware Assets and Software Assets (following the CIS Top 20 Cybersecurity Controls).
Today I'm joined by Matt Duench (LinkedIn / Twitter), who has a broad background in technology and security - from traveling to over 40 countries around the world working with telecom services, to his current role at Arctic Wolf where he leads product marketing for their managed risk solution. Matt chatted with me over Skype about a wide variety of security topics, including: Corporate conversations around security have changed drastically in such a short time - specifically, security is generally no longer perceived as a cost center. So why are so many organizations basically still in security diapers as far as their maturity? Why is it still so hard to find “bad stuff” on the network? What are some common security mistakes you wish you could wave a magic wand and fix for all companies? The beauty of the CIS Top 20 and how following even the top 5 controls can stop 85% of attacks. Low-hanging hacker fruit that all organizations should consider addressing, such as: Disabling IPv6 Using a password manager Turning on multi-factor authentication Don’t write down your passwords! Have a mail transport rule that marks external mail as “EXTERNAL” so it jumps out to people Consider an additional rule to stop display name spoofing (h/t to Rob on Slack!) Why you should be concerned about corporate account takeover, and how to better protect yourself and your company against this attack vector I also asked Matt a slew of questions that many of you submitted via Slack: More info under the show notes for this episode at 7ms.us!
The CIS Top 20 is the defacto standard to build an effective security program. This epsiode talks about the controls you should implement first. Source. Old Podcast Episodes. Be aware, be safe. Become A Patron! Patreon Page *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five Don't forget to subscribe to the Security In Five Newsletter. —————— Where you can find Security In Five —————— Security In Five Reddit Channel r/SecurityInFive Binary Blogger Website Security In Five Website Security In Five Podcast Page - Podcast RSS Twitter @securityinfive iTunes, YouTube, TuneIn, iHeartRadio,
*This is a special edition of Cyber Speaks LIVE, recovered from the archives.* In this episode we are joined by 34-year veteran of the NSA and now Center for Internet Security (CIS) Senior VP & Chief Evangelist, Tony Sager to discuss the history and formation of SANS Top 20 and how it's evolved into today's CIS Top 20 Security Controls and what Tony and the organization (along with hundreds of volunteers around the globe) are doing to help organizations of all sizes help protect and defend themselves. --- Send in a voice message: https://anchor.fm/cyberspeakslive/message
Get insight into the CIS Top 20 Security Controls straight from the source, Center for Internet Security® Senior Vice President and Chief Evangelist Tony Sager.
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-037-asset_management.mp3 We started off the show talking to Mr. Boettcher about what DDE is and how malware is using this super legacy Windows component (found in Windows 2) to propogate malware in MS Office docs and spreadsheets. We also talk about how to protect your Windows users from this. We then get into discussing why it's so important to have proper asset management in place. Without knowing what is in your environment, you could suffer gaps in coverage of your anti-virus/EDR software, unable to patch systems properly and even make it easier for lateral movement. Finally, we discuss our recent "Introduction to Reverse Engineering" course with Tyler Hudak (@secshoggoth), and Ms. Berlin's upcoming trip to New Zealand. RSS: http://www.brakeingsecurity.com/rss Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast Join our #Slack Channel! Sign up at https://brakesec.slack.com/join/shared_invite/enQtMjY2NDAyMzgxNjAwLWFjZTc1YzVlYWExM2U5ZjhiNDYwZTIzN2UxNjM1OWIwYzBkMjgzYmY4ZjA2MzViNzQ2ZTUzMGQ2YWYwYWY3NTM or DM us on Twitter, or email us. #iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ SHOW NOTES: Oreilly con report Malware report from Mr. Boettcher DDE (Dynamic Data Exchange), all the rage https://en.wikipedia.org/wiki/Windows_2.0 https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27325/en_US/McAfee_Labs_Threat_Advisory-W97MMacroLess.pdf http://home.bt.com/tech-gadgets/computing/10-facts-about-windows-2-11364027546216 https://www.ghacks.net/2017/10/23/disable-office-ddeauto-to-mitigate-attacks/ Why asset management? Know what’s in your environment CIS Top 20...no wait, it’s the TOP THREE of the 20. It all builds on this… Know what’s in your environment http://www.open-audit.org/ https://metacpan.org/pod/App::Netdisco
Continuing the CIS Top 20 series we have reached the half way point with number 10. Data recovery. Your business may have backups but CIS 10 goes into the necessity of testing and proving your recovery from those backups work. This episode goes into the details and why testing your recovery processes is so important. Be aware, be safe. ------------------------------------ Website - https://www.binaryblogger.com Twitter - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 Podcast RSS - http://securityinfive.libsyn.com/rss YouTube - https://www.youtube.com/binaryblogger TuneIn Radio -
Continuing the breakdown of the CIS Top 20 Critical Security Controls the next one on the list is number 5, Controlling Administrative Accounts. The admin accounts have all the access in your environment, if a hacker gets those keys they can go anywhere they wish. CIS 5 drives for controlling those keys in your environment. Listen how you can work toward making sure those are not lost or misused. Be aware, be safe. ------------------------------------ Website - https://www.binaryblogger.com Twitter - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 Podcast RSS - http://securityinfive.libsyn.com/rss YouTube - https://www.youtube.com/binaryblogger Email - contactme@binaryblogger.com Music in this episode: Greenhorn by Mystery Mammal is licensed under a Attribution-ShareAlike License.
Moving on in the CIS Top 20 the next up is number 4. Continuous Vulnerability Assessments. Monitoring your environment and systems for holes is a critical aspect of any security practice. The continuous part is the most challenging. This episode talks about why it's so high on the list. Be aware, be safe. Reference article - https://binaryblogger.com/2016/11/09/breaking-critical-security-controls-csc-4-continuous-vulnerability-assessments/ ------------------------------------ Website - https://www.binaryblogger.com Twitter - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 Podcast RSS - http://securityinfive.libsyn.com/rss YouTube - https://www.youtube.com/binaryblogger Email - contactme@binaryblogger.com Music in this episode: Greenhorn by Mystery Mammal is licensed under a Attribution-ShareAlike License.
Security professionals don't make policies and rules for the fun of it. There's a method to their madness. The Center of Internet Security created a list of 20 Critical Security Controls to help companies be a baseline of best practices in cybersecurity. This is the intro episode to the CIS and the Top 20 controls. Be aware, be safe. Website - https://www.binaryblogger.com Twitter - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 Podcast RSS - http://securityinfive.libsyn.com/rss Email - contactme@binaryblogger.com Music in this episode: Starchild by Mystery Mammal is licensed under a Attribution-ShareAlike License.