POPULARITY
As a Principal in the DenSecure team at Wolf & Company, P.C., Sean Goodwin leads and executes cybersecurity projects for clients across various industries, including healthcare, financial services, and retail. He has over a decade of experience in cybersecurity and information security and holds several credentials, such as GSE #271, CISSP, CISA, GIACx13, QSA, and PCIP. His mission is to help organizations improve their security posture and resilience against cyber threats. We touch on many topics including the need to properly understand PCI DSS CDE scope, compliance versus security, and how trust may be the most important element when effecting positive changes in the information security program.
As most in the industry know, a QSA must get certified by the PCI Security Standards Security Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. Created in 2004 by major credit card brands, such as Visa and American Express, the council acts as a form of self-regulation. So, how did Weaver become an expert on PCI, and what types of solutions does it offer its clients? On this episode of Weaver: Beyond The Numbers, host Tyler Kern talked with Trip Hillman, Director of Cyber Security Services at Weaver, and Kyle Morris, Manager of IT at Advisory Services at Weaver. The trio dug into insights from Weaver's Quality Security Assessor and explored how Weaver dove headfirst into PCI. The PCI DSS applies to organizations that store, process, transmit or could affect the security of cardholder data. Companies that fall under this standard could do a variety of things, such as an annual self-assessment questionnaire, or bring in a third-party, independent QSA to do a full-blown report on compliance audit. Morris is a QSA and started at Weaver about eight years ago. A few years into his career, they had a client, a service provider, start getting asked by their customers if they knew anything about PCI and the report on compliance. At the time, they hadn't done anything with it, but decided to figure it out. That morphed into Weaver diving headfirst into PCI. “We help people with self-assessment questionnaires or SAQs and everything from full-on ROCs for Fortune 50 Cloud Providers to small merchants to SaaS solutions,” Morris said.
As part of its Pan European expansion plan Integrity360 has acquired leading European PCI QSA (Payment Card Industry Qualified Security Assessor) and cyber security services company Adsigo. The terms of the transaction were not disclosed. The acquisition will enable Integrity360 to expand further into continental Europe and provides additional skilled resources to its existing substantial PCI and cyber security compliance teams. Adsigo is a highly respected and well-established consultancy founded in 2013, and serves customers in Germany, Austria and Switzerland. It operates out of Stuttgart, Hamburg and Zurich from which it provides services to a wide range of financial, industrial, and services organisations. Adsigo has a leading position in PCI compliance and operates as one of the leading Qualified Security Assessor ("QSA") organisations in Europe having completed over 1,500 assessments. Adsigo will complement Integrity360's existing substantial PCI practice which operates as the No. 1 most chosen QSA organisation by Visa and Mastercard service provider organisations across Europe. Integrity360 has also been a proud member of the PCI GEAR (Global Executive Assessor Roundtable) since 2018 helping to refine and define PCI standards for the benefit of the industry. Adsigo will also compliment Integrity360's existing regulatory and cyber framework services capability including ISO27001, cyber security strategy, and third-party risk management. Integrity360 will invest further in Adsigo to become a regional hub for the full suite of Integrity360 services during 2025 including the addition of a new SOC ("Security Operations Centre") based in Germany, which will be combined with the existing circa 130 people Integrity360 SOC resources based out of Dublin, Stockholm, Naples and Sofia. The SOC teams deliver a wide-ranging set of managed services for customers including EDR, XDR and MDR (Endpoint Detection and Response, Extended Detection and Response, and Managed Detection and Response). Integrity360's innovative range of services have been recognised on multiple occasions by Gartner, namely as a Representative Vendor in the Gartner market guide for Managed Detection and Response services. Ian Brown, Executive Chairman at Integrity360 commented: "We are delighted to be welcoming the team from Adsigo to Integrity360. We have known Ralph and Stephan for some time and both organisations share the same passion for technical excellence and customer service as we do. "The enhanced group will now significantly expand our existing activities and cyber services across the DACH region (Germany, Austria and Switzerland) as well as offering the wider range of Integrity360 services to the existing customers of Adsigo. With the addition of Adsigo, group revenues in 2024 will exceed €135m significantly up on 2023, and group resources to approx. 550 employees." Ralph Woern, Founder and Chief Executive Officer of Adsigo commented: "I am really delighted that Adsigo is joining Integrity360 and continuing the journey that we started some 20 years ago. Thanks to the support of our customers and employees, Adsigo has become a leading QSA and provider of cyber services in Germany, Austria and Switzerland. Adsigo is excited to continue that journey but also with Integrity360's support, allowing us to further expand our team, our services, and our market coverage. "Our skills, combined with those of Integrity360, will provide an extension of our portfolio of professional, support and managed services. This is great news for employees, customers, and partners. I look forward to working closely with Ian and the wider Integrity360 team over the coming years." See more stories here.
Join Jen Stone as she chats with DevOps engineer and Day Two DevOps podcaster Kyler Middleton about her unique journey from a rural upbringing to becoming a DevOps expert. Discover how Kyler's passion for teaching led her to a career in technology, and learn about the importance of automation and documentation in building secure and efficient cloud environments.This episode dives deep into DevOps practices, the role of Terraform, Azure vs AWS, and the challenges organizations face when adopting cloud technologies. Kyler shares valuable insights on overcoming common hurdles, fostering a blameless culture, and the future of DevOps. Don't miss this engaging conversation!Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place
Worried about hotel hacking? This episode unveils the cybersecurity protocols of resorts like Atlantis. ️Dive deep into the unique challenges of cybersecurity in hospitality, from balancing guest convenience with ironclad defenses to training a diverse workforce.Tsega Thompson, Executive Director of Cybersecurity and Data Privacy at Atlantis Resorts, shares her insights on:Getting into CybersecuritySpecial Challenges of Cyber in the Hotel IndustryTraining your workforce effectivelyThis is your essential guide to cybersecurity in the hospitality industry, packed with valuable tips for travelers and hospitality professionals alike.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place
Is your penetration testing just a compliance formality? This episode of the SecurityMetrics Podcast redefines pen testing as a strategic partnership, empowering you to get the most out of your assessments.Join Jen Stone and James Farnsworth as they discuss:The critical role of scoping: Learn how to align business needs with technical assessments for a truly impactful pen test.The difference between a vulnerability scan and a penetration testUnlocking report potential: Discover how to leverage pen testing reports for maximum security benefit.Tips for fostering a successful collaboration with your pen testing service.Stop seeing penetration testing as a checkbox exercise and transform it into a powerful tool for boosting your organization's security posture.Bonus Resources:PenTest FAQs:https://www.youtube.com/watch?v=EECUTDMn43U James' Previous Episode: Hacking Your Career: How to Become a Penetration Tester | SecurityMetrics Podcast 95Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Netball Victoria announced last week that it is levelling up on its continued inclusion for our LGBTIQA+ communities by entering a formal partnering with QSA, the Queer Sporting Alliance. QSA... LEARN MORE The post QSA partners with Netball Vic appeared first on JOY Breakfast.
This episode of the SecurityMetrics Podcast is a valuable resource for MSPs who want to learn more about HIPAA compliance and how to better serve their healthcare clients. Join Jen Stone and David Sims to learn more about how Managed Service Providers (MSPs) can empower healthcare organizations to achieve HIPAA compliance.Learn about:The challenges of data discovery and data sprawl in healthcare organizations.The importance of having a documented HIPAA compliance program.The difference between required and addressable HIPAA controls.Choosing the right MSP for your healthcare organizationHow to successfully collaborate with HIPAA compliance officers within healthcare organizations.Why HIPAA Compliance goes beyond a BAABonus Resources:David Sims and Donna Grindle's Podcast: Help Me With HIPAA (@Helpmewithhipaa) https://helpmewithhipaa.com/HIPAA for MSPs: https://www.hipaaformsps.com/American Institute of Healthcare Compliance (AIHC): https://aihc-assn.org/SM Podcast Episodes with Donna Grindle:HHS 405(d) Fundamentals: A Guide for Healthcare Providers and MSPs | SecurityMetrics Podcast 92HIPAA Basics: Where to Start with Practices and Training | SecurityMetrics Podcast 63HHS 405(d) - What You Need To Know | SecurityMetrics Podcast 45Business Continuity during Healthcare Crisis | SecurityMetrics Podcast 6Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
On this episode of Compliance Unfiltered, the guys are graced by the presence of the PCI Guru himself, Jeff Hall! Jeff is a long-time QSA, author, world-renowned blogger and PCI DSS Trailblazer. He and the rest of the PCI Dream Team have an incredibly important new book out, "The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management" (Available for Purchase Here) The CU guys ask Jeff all about it, his life in the compliance space, and much more, on this episode of Compliance Unfiltered! --- Send in a voice message: https://podcasters.spotify.com/pod/show/compliance-unfiltered/message
HITRUST certification can be a significant undertaking. However, with the right guidance and support, organizations can overcome the challenges and establish a strong foundation for data security. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Lee Pierce (Director of Enterprise Sales at SecurityMetrics) and Peter Briel (Founder of Privaxi, CISA, CISO, CISM, CCSFP) to discuss how organizations can better approach HITRUST compliance.Listen to learn:How HITRUST differs from HIPAAHow HITRUST can be beneficial to your organizationHow SecurityMetrics and Privaxi ensure organizations are well-equipped to navigate the HITRUST journey.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Regardless of what version of PCI 4 the council decides to roll out. QSA firms and individual organizations alike can benefit from having a compliance tool where all of their evidence is in one place, that provides a full access to the required team members. Curious about INFI tables or CCW's? Have no fear the TCT Portal has you covered there as well. Questions on formatting and reporting? Rest easy, the CU guys will lay out exactly how to tackle that challenge and more, on this episode of Compliance Unfiltered. --- Send in a voice message: https://podcasters.spotify.com/pod/show/compliance-unfiltered/message
Join us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment highlighting the PCI SSC's TRA Guidance. Next, we delve into Requirement 8 of the PCI DSS, dedicated to identifying users and authenticating access to system components. We'll explore the intricate details of this requirement, covering sub-requirements 8.1 to 8.6. These discussions will include processes for user identification, strict management of user and administrator accounts, strong authentication methods, and the implementation of multi-factor authentication (MFA) to ensure the security of cardholder data environments (CDE). Our QSA Q&A segment then addresses a critical question: Do all accounts need to comply with these requirements? We'll provide clarity on the scope, applicability, and exceptions, helping listeners understand the nuances of compliance. Tune in for a comprehensive review of December's PCI updates, an in-depth analysis of Requirement 8, and valuable insights from our QSA experts. This episode is a must-listen for professionals seeking to stay informed and improve their organization's payment security and compliance.
Join Jen Stone of SecurityMetrics as she sits down with two industry veterans, Gary Glover (VP of Assessments at SecurityMetrics) and Andy Barratt (VP of Assurance Business at Coalfire), for a lively discussion about their careers, the challenges of PCI compliance, and the unique collaboration they share through the PCI Security Standards Council's GEAR program.Listen to learn:How this vital program that brings together leading QSA companies to provide feedback and influence on PCI standards.Get insights into where the PCI landscape is headed and how GEAR is shaping its evolution.Discover how Gary and Andy, despite representing rival companies, find common ground and work together to improve the industry.Filmed at the 2023 PCI Community Meeting in Dublin, Ireland.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
PCI SSC takes great care in working with other key technical bodies, such as EMVCo. Arman Aygen (Master of Science (MSc) in Communication Systems from EPFL (École Polytechnique Fédérale de Lausanne), MSc in Multimedia Communication Systems from EURECOM, and Bachelor of Science (BSc) in Micro Engineering from EPFL), Director of Technology, EMVCo, and Andrew Jamieson, VP, Solutions, PCI Security Standards Council, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:The mission of EMVCo and its key technical initiativesHow PCI SSC and EMVCo collaborate to ensure industry alignmentEMVCo's work on mobile payment acceptance and PCI SSC's work regarding securityHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
The new PCI 4.0 requirements focused on managing payment page scripts are excellent because they can be used to address data leakage risks with other cybersecurity standards and regulations, such as HIPAA. John Elliott, GRC Consultant with a focus on PCI and GDPR, Security Advisor at Jscrambler, Pluralsight Author and Keynote Speaker, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:How malicious actors use scripts to steal informationWhy PCI DSS requirements were added to deal with this threatJscrambler's approach to payment page script management Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Application Programming Interfaces (APIs) are critical targets for malicious actors seeking to steal credit card data and other sensitive information. Any organization that uses APIs needs to learn how to protect them.Dan Barahona, Founder of APIsec University, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:What an API isWhy APIs are targetsHow to keep APIs secureHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Payment page scripts in consumer browsers need to be secured as defined in these new PCI DSS 4.0 requirements. Organizations that are doing their research on the best way to meet these requirements will be interested in this episode.Jeff Zitomer, Senior Director of Product Management, Human Security, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:How to understand PCI DSS 4.0 requirements 6.4.3 and 11.6.1What the risks are to payment page scripts in consumer browsersSome of the solutions available to meet these requirementsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
With the required shift from PCI DSS 3.2.1 to 4.0 upon us, many organizations are concerned about their ability to successfully meet new requirements. Martin Kenney, Senior Systems Engineer/Admin, IT at InfoSend, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:How Infosend approached the shift to being assessed against PCI DSS 4.0Why companies should make the shift to PCI DSS 4.0 nowAdvice offered to others making the transition to PCI DSS 4.0Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Dive into the latest in the PCI landscape with our October update. We kick off with a news segment spotlighting the new SAQ SPOC (Software PIN Entry on COTS) which includes portions of PCI DSS Requirements 3, 8, 9, and 12. Transitioning to Requirement 7, we discuss restricting access to system components and cardholder data based on business necessity, delving into sub-requirements 7.1 to 7.3, and discussing the principles of 'need to know' and 'least privileges.' Our QSA Q&A segment addresses the applicability of Requirement 7 to customer/cardholder accounts, clarifying the scope and the specific entities impacted by this requirement. Join us for a comprehensive exploration of this month's PCI developments, an in-depth look at Requirement 7, and expert insights in our QSA dialogue, paving your way towards enhanced compliance and security.
Ethical hackers and cybercriminals are not the same thing, and it can be beneficial to establish a channel to communicate with hackers trying to alert you to vulnerabilities. Ilona Cohen, Chief Legal and Policy Officer at Hacker One, and Harley Geiger, Counsel at Venable LLP, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at the PCI Community Meeting North America to discuss:Hackers vs. cybercriminalsVulnerability disclosure policies (VDPs) vs. bug bountiesPCI DSS post-disclosure obligations Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)Filmed at the 2023 PCI Community Meeting in Portland, Oregon.[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
rktallk 联动新闻节目,因果律武器神秘出席。有的人做了发声单元却看不到,有的人开了发布会等于没开。这个世界越来越测不准了,各位发烧友,一定要捂紧荷包啊。如果你喜欢「声波飞行员」,请在「爱发电」平台为我们打赏,增加它继续飞行下去的动力,谢谢。时间轴: [00:00:03] BGM#op. Led Zeppelin - That's The Way pt.1 [00:01:35] SONY INZONE Buds / INZONE H5AK; [00:03:54] Astell&Kern KANN Ultra 的新设计和ESS9039;对2.5mm规格的抛弃; [00:06:18] Sennheiser Accentum 降噪头戴式耳机; [00:07:18] Bose Ultra 系列的头戴式耳机和入耳耳机;官网协议介绍的乌龙; [00:10:17] Beyerdynamic 开了发布会,不许笑;Blue BYRD 2 ANC;狗狗戴项圈睡觉;MMX200 游戏耳机;会议麦克风产品; [00:12:24] Shure SM7dB;动圈麦克风的驱动门槛; [00:13:31] Meze 109PRO Primal 限量60副的头戴式大耳机(999USD / 7800HKD); [00:14:14] QSA 的量子科学音响;终于有卖6位数的耳塞了;量子单元是个什么东西;AI生成的文案; [00:16:17] 美国著名品牌法国成都品牌Nobel 的新品FoKus Prestige; [00:17:21] 规模小小的武汉展和本地著名代理沸谷;BQEYZ Wind / Winter / Spring; [00:27:24] AFUL 单动铁的工程样机;Ad Astra 需要一个购买理由;Kinera Freya 2 的中文名问题;Artio CU2; [00:36:33] 某个base 在广西的日本品牌代理;Tago / Intime / Lolite 线材; [00:39:25] 金平面 GoldPlanar 家的气动耳塞AMT-16 以及其他新品;玩平板耳机(特别是DIY品牌)的原则;某白菜耳机的失真翻车事件; [00:48:59] TRN 虎鲸;廉价耳塞的生存之道;SeeAudio 白夜、Neko; [00:54:20] 飞傲 Fiio FT5 头戴式平板耳机; [00:56:31] 水月雨 Moondrop Paradise 头戴式平板耳机;和Verum One 以及FT5 的对比; [01:02:22] 荷兰合作品牌(?) Canpur Joyfull 1&2;CPBA1; [01:04:35] 水月雨 Moondrop DiscDream;5V/1A 的长尾还会影响我们多久; [01:09:49] BGM#op. Led Zeppelin - That's The Way pt.2 [01:11:48] 漫长的怪物放前摇参与录音: rktallk: King Tsui 嘉宾:Jeff / 火娃 飞行员:vineland / 包雪龙
Cybersecurity professionals come from all walks of life, and true professionals find ways to improve their skill sets at each step of the journey. Pentester and Security Consultant Joseph Pierini (CISSP, CISA, PCIP) sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:His unique entry into cybersecurityHow he continually found non-traditional ways to forge forward in his careerHow introspection and communication make him a better technology professionalHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:The role of BT as a PCI Principle Participating Organization (PPO)PCI payment security groups BT is interested in collaborating onBT representation on the PCI Board of AdvisorsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Large organizations are often faced with complex, wide-ranging challenges related to standards and regulations they need to meet. Wes Shattler (CISSP, CISA, CRISC, CGEIT, CDPSE), Vice President, Assurance and Testing at FIS, and Chelsea Lopez (CIA, CISA, CISSP, CRISC, PCI-ISA), Enterprise Risk Director at FIS, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:Elements of a mature regulatory compliance programSteps you can take to create a mature compliance program in your organizationChallenges you might face, and how to resolve themHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
We can more easily understand the impact of artificial intelligence on privacy and security if we start with an explanation of the types of AI models in use and where they exist in applications many of us already use. Paul Starrett, CFE, EnCE of Privacy Labs and Starrett Law, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:-Different types of machine learning-AI governance and cyber risk-Risks and rewards of artificial intelligenceResources:Privacy LabsStarrett LawHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Artificial Intelligence (AI) is a hot topic of the year. People want to understand how it will impact their lives and how they do business. Willy Fabritius, Global Head for Strategy and Business Development - Information Security Assurance at SGS, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:Issues for companies developing or using AIConcerns about privacy, transparency, and accountabilityHow regulations or certifications could be appliedHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
If you're a small or medium business, chances are good that you fill out the Self Assessment Questionnaire (SAQ) for PCI compliance, and you probably have questions. Security Analyst Marcus Call (QSA, CISSP, CISA, Security+) sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:Common questions about PCI DSS requirementsUnderstanding which requirements are applicable to youWhere to go for additional help filling out the SAQHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
If you're a small or medium business, chances are good that you fill out the Self Assessment Questionnaire (SAQ) for PCI compliance, and you probably have questions. Security Analyst Marcus Call (QSA, CISSP, CISA, Security+) sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:Common questions about PCI DSS requirementsUnderstanding which requirements are applicable to you-Where to go for additional help filling out the SAQHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
PCI DSS Version 4.0 includes several large changes and updates to the compliance space, especially for universities. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Michael Simpson (Principal Security Analyst, CISSP, CISA, QSA) do a deep dive on what universities need to know for PCI 4.0. Listen to learn:Updates relating to universities for PCI v4.0 requirementsCybersecurity best practicesTips for universities to stay secureHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Many organizations struggle to translate cyber risk to business risk. When organizations understand how to identify, quantify, and communicate risk, they give senior leadership the tools they need to apply resources to mitigate that risk. Ryan Leirvik, Founder and CEO of Neuvik Solutions and author of Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:What we mean by “risk”How to identify and measure risk across the organizationReal-world examples of how risk can inform decision makingHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
As higher ed institutions continue to implement more digital technologies, data breach tactics have become increasingly sophisticated. Universities and colleges process and store massive amounts of sensitive personal and payments data, which are increasingly the target of cyberattacks. On this week's episode of FOCUS, Sean Davidson, Senior Manager of Security Solutions at Verizon, shares the latest trends in payment security and data breaches. Davidson also imparts wisdom on the best practices of cybersecurity that institutions can follow to keep data safe and under payment card industry (PCI) standards. Verizon in cybersecurity? On the surface, the correlation between Verizon, a telecommunications company, and cybersecurity might not be easy to make. However, Verizon has maintained dedicated cybersecurity services for 23 years. They offer security management and assessment services out of nine global security operation centers. Verizon was an original contributor to the PCI compliance requirements, offering primary forensic investigation (PFI) and qualified security assessor (QSA) services to companies so they can confidently validate that their environment is secure and PCI compliant. Data breach investigations report (DBIR) Verizon's most notable contribution to the cybersecurity industry is the Data Breach Investigation Report (DBIR). It's seen as the foremost authority on data breach investigations and reporting and made up of data gathered by Verizon and 86 partners and industry experts. In 2022, the DBIR confirmed 5,212 data breaches out of the 23,896 security incidents reported under the DBIR's framework. Davidson categorizes an incident as any time sensitive information is exposed, and breaches as anytime that information is then exfiltrated to outside environments. “We analyze that data, and we boil it down and come up with a view of the cybersecurity threat landscape that companies can use to better understand their threats, their attackers, their motives, and the defensive areas that they should bolster to help prevent impact from these attackers,” said Davidson. The DBIR's findings are published annually to the public, with 2022 marking the 15th publication. Trends In Davidson's observations, ransomware is five times more likely to affect education. Ransomware typically refers to sensitive information being compromised and held for a financial ransom. Even if the company pays the ransom, they might not regain access to the data or the data could still be leaked. A human element drives 82% of these breaches, mostly through phishing — which is when a scammer pretends to be a credible person within the victim organization to gain access to protected data. System intrusions are also a rising threat to higher ed institutions. A system intrusion is an instance of hacking through physical means or modems. This type of cyberattack can also take place due to miscellaneous errors like sending valuable details to a third party, leaving ports open on web applications, and other sometimes human mistakes. Web application attacks have decreased across the higher ed sector, possibly due to cloud service adoption. Protecting institutions One best practice to protect institutions is to have a solid security program with a good security posture. Cybersecurity insurance is a necessity, especially in the event of a breach. Davidson believes hiring a cybersecurity advisor is on the list of best practices to aid in cases of ransomware or phishing. Zero-trust environments are quickly becoming a proven safeguard for cybersecurity breaches. The environments are created by sharing data on a need-to-know authorization. This eliminates the amount of access given to data sets, limiting potential leak opportunities. Moving logins to two-factor authentication adds an extra layer of protection to accounts. This second step of identification could be as simple as a security question, or verification codes sent through text, email, or a phone call. Although the threat of cyberattacks never goes away, putting these best practices into action and being vigilant of system weaknesses can make all the difference in security. Resources from episode: Data Breach Investigations Report (DBIR) is available to download for free from Verizon: https://www.verizon.com/business/resources/reports/dbir/ Payment Security Report (PSR) is available to download for free from Verizon: https://www.verizon.com/business/reports/payment-security-report/ Contact Sean Davidson at sean.davidson@verizon.com. Special Guest: Sean Davidson.
Risk assessments are critical to implementing good security controls, but many organizations struggle with where to begin. Josh Hyman, Chief Information Security Officer of Black Talon Security, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:The importance of risk assessments in generalRisk analysis in the healthcare space How to successfully conduct a risk assessmentHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Early detection of unauthorized access to electronic Protected Health Information (ePHI) is critical to preventing breaches and meeting HIPAA requirements. The co-founders of SPHER, Inc., Raymond Ribble, CEO, and Robert Pruter, Chief Revenue Officer, sit down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:-Why it's critical to know who is accessing patient data?-How to know who is accessing critical data-Real-world stories of unauthorized access and what to do about itHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
With the rise of Software-as-a-Service (SaaS), we are hearing more about related supply chain risks. Boris Kieklik, Senior Director of Information Security at MongoDB, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:What SaaS means in the context of the cloudThe risks third parties may introduce in terms of SaaSHow leaders can prepare to handle data leakage in these environmentsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
It is axiomatic in our industry that you can't protect what you don't know about, but assembling a comprehensive asset inventory can be much more difficult than it seems. Chris Kirsch, CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:What asset management is and why it is importantFirst steps any organization should take to implement asset managementA high-level overview of some standard ways to manage asset inventory, and how runZero solves common problemsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Identity management is a critical aspect of any cybersecurity program. Creating the right roles and implementing a mature identity management lifecycle requires thoughtful collaboration between information technology and business operations. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Garret Grajek (CEH, CISSP, certified security engineer, product builder and CEO of YouAttest) sit to discuss:What identity management is and why it is importantFirst steps to take to implement identity managementMulti-factor authentication, governance, and other critical aspects of identity securityHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Heath Adams, aka "The Cyber Mentor," is the Founder and CEO of TCM Security, an ethical hacking and cybersecurity consulting company. Heath is a CISSP and has received numerous credentials including QSA, PNPT, OSCP, Security+, Network+, and A+. And, while he enjoys ethical hacking Heath also loves to teach. His courses have been taken by over 170,000 people on multiple platforms including Udemy, YouTube, Twitch, and INE. In this episode of the Secure Talk Podcast, Heath talks about how he got his start in ethical hacking, what are the essential skills needed to become an ethical hacker, how he developed his online courses. Heath gives advice to those who wish to either learn more about ethical hacking or seek a career as an ethical hacker or penetration tester. He also shares some tips for business owners and consumers on how to improve their cybersecurity posture. TCM Security https://academy.tcm-sec.com/ Heath on Social Media: LinkedIn - https://linkedin.com/in/heathadams Twitter - https://twitter.com/thecybermentor YouTube - https://www.youtube.com/c/thecybermentor Twitch - https://twitch.tv/thecybermentor The Secure Talk Cybersecurity Podcast https://securetalkpodcast.com/
Critical infrastructure is under threat and has historically shown to be vulnerable. Protecting critical infrastructure is a wide-ranging effort that requires careful consideration. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Katie Arrington (Former CISO for the Department of Defense and mother of the CMMC) discuss the current critical infrastructure landscape.Listen to learn:What organizations are critical infrastructureCurrent threats to our critical infrastructureHow can CMMC can help strengthen an organization's cybersecurity stanceKatie ArringtonHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
HIPAA can be a daunting topic. Organizations often wonder where to start when implementing security or what kind of training is most effective. Listen this week as Jen Stone (MCIS, CISSP, CISA, QSA) sits down with Donna Grindle of Kardon and the “Help Me with HIPAA” Podcast to discuss:The work of 405(d) and how it can help your organizationExciting new training available through the PriSec BootcampWhy we start with risk management in the healthcare industryDonna's "Help Me With HIPAA" PodcastHHS WebsiteHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
"In 2021, we had tracked about 5.9M accounts were targeted through data breaches. It's expected that at the end of 2022, we will surpass that number."Tune in this week as Jen Stone and Heff give you the TOP data breaches of 2022. This list includes breaches caused by leaks, phishing, and poor cyber hygiene. Listen to learn:Most common breach types this yearTips to help your employees stay secureHow to respond to a data breachHosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
"A lot of people think they're doing all the right things to keep their data safe. However, there are things I see constantly that people are doing wrong, or not doing at all, to properly keep their data secure."Your personal data that exists online is vast and private. Should a hacker steal your data, you could lose emails, hard drives, bank accounts, or even your business. Tune in this week as Jen Stone and Noah Pack give you the essentials to keep your personal data safe.Listen to learn:-Essentials to keep data safe-How to help employees that are easily phished-Keeping a secure business beyond PCI complianceHosted by Jen Stone (MCIS, CISSP, CISA, QSA) with guest Noah Pack (Threat Hunter/SOC Analyst, Security+, ITF+, Sophos Certified Engineer).[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
"Privacy is not about things we want to hide. Hiding implies that the other side has a right to see what I'm trying to hide. Privacy means I can control what I share."Privacy rights are often unpinned from security, but they're critical to recapture for our personal lives. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) speaks with Adrianus Warmenhoven (Defensive Strategist and Threat Intelligence Manager at NordVPN) in a wide-ranging conversation about privacy, security, risk, and compliance.Listen to learn:-How privacy and security are related-Who should make risk-based decisions-Regaining personal privacy in our increasingly connected world[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and David Monnier (Chief Evangelist and Team Cymru Fellow at Team Cymru) discuss attack surface management.Listen to learn:What is an attack surface?Attack surface management VS vulnerability management VS endpoint security management.How can teams gain contextual awareness of their environments?Subscribe to the SecurityMetrics Podcast Email![Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
"The PCI Security Standards Council oversees a lot more standards than just PCI DSS. The council is very much involved with the payment lifecycle. We have standards to ensure the security of card data from start to finish."There are many standards out there to ensure the security of card data - each with a specific target to protect. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Jeremy King (Regional Head for Europe at PCI Security Standards Council) give you the entire rundown of all the PCI standards, as well as tips from the PCI council.Listen to learn:Comprehensive Review of the PCI StandardsTips on Completing ComplianceHow to Maintain Peak Card Data SecuritySubscribe to the SecurityMetrics Podcast Email![Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/ Microsoft rolling Back Macro Policy Change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Checkmate Ransomware Affected Poorly Configured QNAP NAS https://www.qnap.com/en/security-advisory/QSA-22-21 PyPi Requires 2FA for critical packages https://pypi.org/security-key-giveaway/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/ Microsoft rolling Back Macro Policy Change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Checkmate Ransomware Affected Poorly Configured QNAP NAS https://www.qnap.com/en/security-advisory/QSA-22-21 PyPi Requires 2FA for critical packages https://pypi.org/security-key-giveaway/
WATCH OUR SAN FRAN VLOG IF YOU LOVE US > https://www.youtube.com/watch?v=ulrjs2y_qSA. Kendall Jenner & Devin Booker split (11:11-16:22). Hailey Bieber being sued for trademark infringement (17:31-25:15). Jeff Wittek is suing David Dobrik for $10 million (26:33-32:24). Pilot Pete turned down Bachelor in Paradise over contract (33:57-38:56). NEW SUMMER CITO MERCH > http://bit.ly/citomerch. Subscribe to our YouTube > http://bit.ly/CITOYOUTUBE. Follow us on Instagram @chicksintheoffice and on Twitter @chicksintheoff + subscribe to our Snapchat show > http://bit.ly/thegroupchat.
WATCH OUR SAN FRAN VLOG IF YOU LOVE US > https://www.youtube.com/watch?v=ulrjs2y_qSA. Katie Thurston & John Hersey split (14:59-23:46). Beyoncé releases new song (25:02-29:48). Khloé Kardashian dating rumors (29:50-36:22). Zoey Deutch & Jimmy Tatro + Nina Dobrev & Shaun White (37:32-42:20). The Summer I Turned Pretty recap (43:37-56:45). NEW SUMMER CITO MERCH > http://bit.ly/citomerch. Subscribe to our YouTube > http://bit.ly/CITOYOUTUBE. Follow us on Instagram @chicksintheoffice and on Twitter @chicksintheoff + subscribe to our Snapchat show > http://bit.ly/thegroupchat.
WATCH OUR SAN FRAN VLOG IF YOU LOVE US > https://www.youtube.com/watch?v=ulrjs2y_qSA. Drake drops new album (16:43-24:08). Michelle Young & Nayte Olukoya split (25:23-31:49). Jennifer Aniston's comments make headlines (31:50-37:55). Game 39 of Beat Ria & Fran with Noelle & Freddy (39:51-1:02:17). Interview with Hero Fiennes Tiffin – talking his new movie First Love + more! (1:03:59-1:31:03). NEW SUMMER CITO MERCH > http://bit.ly/citomerch. Subscribe to our YouTube > http://bit.ly/CITOYOUTUBE. Follow us on Instagram @chicksintheoffice and on Twitter @chicksintheoff + subscribe to our Snapchat show > http://bit.ly/thegroupchat.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Trend Micro ServerProtect Authentication Bypass Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-21-1115/ Let's Encrypt Root CA Expiration https://community.letsencrypt.org/t/production-chain-changes/150739 ERMAC Android Malware https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html QNAP Vulnerabilities https://www.qnap.com/en/security-advisory/QSA-21-35