Podcasts about vendorrisk

In this episode of the Risk Management Show, we explore how AI is revolutionizing compliance and risk management as we look ahead to 2025. Our guest, Jag Lamba, founder and CEO of Certa.ai, shares his expertise on leveraging AI and automation to enhance third-party risk management, sustainability, and compliance programs. With a background as a Wharton alumnus and ex-McKinsey, Jab leads a company that's raised over $50 million to transform how organizations manage procurement and ESG requirements. We discussed upcoming regulatory challenges like supply chain resilience, sustainability mandates, and the evolving enforcement of anti-bribery and corruption laws. Jab also provided practical steps for organizations to prepare for new compliance requirements and demonstrated how AI tools can streamline operations, improve scalability, and ensure accuracy in managing third-party relationships. This episode is packed with insights on the productivity revolution driven by AI and its impact on roles in risk and compliance. If you want to be our guest or suggest someone for the Risk Management Show, send your email to info@globalriskconsult.com with the subject line “Guest Proposal.” Stay ahead in the world of Risk Management, Cyber Security, and Sustainability by subscribing to our channel today!

In this episode of the Risk Management Show, we sit down with seasoned expert Craig Calle, CEO of Source Calle LLC. With a rich background as Chief Strategic Officer and previous roles in top-tier companies like Amazon, Craig brings a wealth of knowledge in cyber security, third-party risk, GRC, and privacy.  We delve into the necessity of automating third-party risk management processes to handle the complexity and scale of today's cyber threats effectively. Craig shares insights on the challenges organizations face, the evolution of risk management strategies over the past decade, and the crucial role of cutting-edge technologies in enhancing security frameworks. If you're keen on understanding how to prioritize risks and integrate robust cybersecurity measures within your business, this discussion will equip you with actionable strategies and a deeper understanding of regulatory compliance's impact on cyber strategies. For more insights and to be part of our expert discussions on risk-related topics, visit our channel regularly. Interested in sharing your expertise or suggesting a guest for our podcast? Send your email to info@globalriskconsult.com with the subject "Podcast Guest Suggestion". Join us to contribute to crucial conversations around risk management and cyber security!

Engaging IT and other technical stakeholders to support cybersecurity initiatives can be a daunting task for security professionals. We are often the bearers of bad news or can be perceived as adding to the workloads of already overburdened IT teams. In short, it can be hard to make friends.  Join us for this episode of the CyberPHIx podcast where we hear from David Jones, Director of Information Security for RxBenefits, Inc.   David has held leadership roles in security, infrastructure, engineering, and networking for a variety of organizations inside and outside of healthcare. He has lived through security program implementations and learned how to work across IT functional groups to break down barriers and achieve mutual objectives.   David provides practical insights and guidance for making friends with various IT groups and teams to reduce cybersecurity risks while advancing IT objectives.  Topics covered in this session include:   Explanation of the different technical stakeholder groups that security most commonly needs to engage in support of the delivery of security programs  How to prevent and resolve tension between security teams and server admins, network engineers, help desk, development teams, and more Best practices for engaging server admins and engineers through common security functions such as patching and configuration management  Network administrator touchpoints with security and ways to communicate effectively  Strategies for embedding security resources with infrastructure teams and vice versa to improve collaboration  Leading practices for engaging software development, DevOps, and helpdesk teams  How to manage audit fatigue and coordinate efficient audits with IT groups   Industry resources including conferences and training sources for emerging security and IT personnel     

Breaches continue to balloon for healthcare applications as the industry continues to drive innovations in virtual care, personalized medicine, and digital healthcare. Organizations that deploy robust application development security programs create the opportunity to identify and correct security weaknesses before products hit the market.  Software Development Lifecycle (SDLC) security programs provide the tools, processes, and training required to design products with security in mind to reduce the likelihood of breaches of sensitive information.  Join us for this episode of the CyberPHIx podcast where we hear from Ed Adams, CEO for Security Innovation. Security Innovation provides application security services, training, testing, and consulting to healthcare and other industries.  Topics covered in this session include:   Application development security trends  The latest threats and vulnerabilities impacting healthcare application development  Best practices for securing AppDev, DevOps, and DevSecOps teams and processes  Common development misconceptions and missteps that lead to security exposures Security training approaches for healthcare app developers  Frameworks and external resources for SDLC security including OWASP and others  Healthcare-specific vulnerabilities and risk exposures identified during application development  Third-party and fourth-party risks including open-sourced code and IoT devices Budget priorities for SDLC security investments 

Hello and welcome to the new episode of the Risk Management Show brought to you by Global Risk Community. Here are some major points that we have discussed. 1. Why it's important to provide evidence about your vendor governance and that both you and your vendor's users are following policies. 2. Why questionnaires are not sufficient and how to provide evidence that you have risk ranked and identified the top tier and second tier of your vendors; 3. What are the Important Trends in the after COVID business environment; You can check the Risk Maturity Model template on our site Globariskcommunity.com at the tools tab If you want to be our guest, or you know some one who would be a great guest on our show, just send your email to info@globalriskconsult.com with a subject line “Global Risk Community Show” and give a brief explanation of what topic you would like to to talk about and we will be in touch with you asap.  

Who can be trusted to protect sensitive healthcare information and systems amidst a daily barrage of breach events? Healthcare cybersecurity and risk leaders must identify innovative ways to establish and maintain trust in the healthcare ecosystem through cybersecurity programs and functions. This includes being transparent about risk exposures, building relationships internally and externally, responding effectively to breaches, and adopting certification models like HITRUST and SOC 2. In this episode of The CyberPHIx, we hear from Ed Dame, Chief Information Security Officer for Dasher Services, Inc. Ed provides insights and wisdom from his years of experience as a CISO in building relationships and establishing trust. Questions covered in this session include: Why is trust important in healthcare settings? How can cybersecurity programs support and sustain trust? What role does transparency play in building or eroding trust? What are the boundaries of accountability for trust for healthcare CISOs including third- and fourth-party vendors? What role do cybersecurity certifications like HITRUST play in establishing trust with the market? What happens when trust is lost or damaged? Is there a right and wrong way to respond to breaches that impacts trust? What is the different between reacting and responding to cybersecurity incidents? What is the role of emerging “zero trust” models and terminology in healthcare?

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry.  In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:  Details and analysis of the new CISA incident response and vulnerability response playbooks  Cloud Security Alliance (CSA) and healthcare CISOs publish a detailed medical device security playbook Medical device security best practices and program development High-risk alert for Siemens medical device vulnerabilities impacting thousands of devices Emerging trends on healthcare Application Programming Interface (API) adoption, attacks, and mitigation recommendations Ohio hospital diverts ambulances and patients due to ransomware outage International partnerships and agreements with the US, EU, France, and Israel are enacted to address cyberattacks and ransomware US charges two major ransomware operators in continued takedown of REvil ransomware gang and other international prosecutions of cybercriminals 

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry leading practices, specifically for the healthcare industry.  In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:  Highlights of 25+ Cyber Breaches to Payers, Providers, & Healthcare Vendors in the Last Two Weeks  UPMC Hacker Gets 7 Years in Prison  HITRUST Deploys a New Certification Option  Google Launches AI Pilot with NJ Healthcare Provider  Microsoft Launches New Privacy Management Framework for Office365  Tips for Managing Remote and Hybrid Security Teams  Russians Continue Aggressive Attacks Despite US Sanctions and Intervention  State Department's Plans for New Cybersecurity Office  Ransomware Disclosure Act Bill Introduced with 48-hour Reporting Timeframe 

Breaches and ransomware infections are hitting healthcare hard alongside the critical supply chain that helps keep healthcare operations running. The federal government has been issuing a flurry of guidance, executive orders, draft regulations, diplomacy, and more to try to kickstart our national response to the cyber crisis. We are calling in the cavalry, but will it help?  In this episode of The CyberPHIx, we hear from Steve Dunkle, Chief Information Security Officer for Geisinger Health System.   Steve is one of the country's leading cybersecurity healthcare leaders and we get his perspective on some of these federal updates and proposed changes to see how they fare in terms of providing meaningful support and guidance for healthcare organizations.  We discuss new federal and standards guidance and related trends including:  NIST's “Bad Practices” cybersecurity guide for end-of-life devices, default passwords, and single-factor authentication  Ransomware guidance from the NSA, FBI, and CISA on stopransomware.gov  Third-party risk and supply chain risk guidance and pending regulations  Strategies for CISO executive success include a focus on customer service, strategic thinking and planning, networking, and continuous learning Incident response and cyber-resilience guidance  OCR enforcement focus areas and HIPAA Security Rule compliance 

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Key takeaways from The Annual Cybersecurity Attitudes and Behaviors Report 2021 US Securities and Exchange Commission (SEC) fines for breaches and related news on the focus of third-party risk in stock exchange investments Analysis of a new report from RiskRecon and Cyentia on measuring the ongoing impact of multi-party breaches Discussion of Mandiant's detailed report on the FIN12 criminal gang that is actively targeting the healthcare industry The latest FBI and CISA alerts on the Conti ransomware attacks and recommendations for protecting healthcare organizations

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry leading practices, specifically for the healthcare industry.  In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:  OCR's announcement of new director, Lisa J. Pino  FTC expands the Healthcare Breach Rule; implications for healthcare entities and enforcement  Healthcare breach highlights including Apple Healthkit, FitBit, GoogleFit, Walgreens, Fortinet, and more  Details on “irrecoverable” EHR ransomware event for an Arizona-based healthcare provider  Summary of new Cloud Security Alliance guidance on ransomware protections  U.S. Treasury takes action against cryptocurrency in a counter-ransomware initiative 

Cyber hurricanes have been coming in fast and furious for healthcare organizations over the last several years. Their destructive force has left organizations with operational disruptions, financial loss, and reputational damage that may take years to clean up. It is incumbent upon healthcare entities to take advantage of the tame periods between cyber incidents to make investments in preparation and response capabilities. In this episode of The CyberPHIx, we tap into the extensive emergency management experience of Patrick Hinnant, Director of IT Operations, Facilities, and Emergency Management for Trillium Health Resources. We discuss approaches for cyber emergency preparedness and several other topics including: Incident response and continuity from the ground level staff perspective all the way up to the executive level IT help desk and support best practices for incident response Common pitfalls and best practices for emergency response programs IT-specific challenges and approaches to emergency response including dealing with hybrid and cloud hosted infrastructures Grappling with cyber incidents and outages involving third-party vendors in the supply chain Evolving models of behavioral health and how to maintain these critical services during the pandemic External resources and guidance for cyber emergency management best practices and standards

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Details of 15+ breaches of business associate vendors servicing healthcare organizations that occurred in the last two weeks alone Evolving cybercrime business models and the emergence of Initial Access Brokers (IABs) Top cybersecurity and IT certifications that drive the highest salaries for security professionals in the industry Recent OCR enforcement activity and fines for HIPAA Privacy Rule violations Analysis of the cybersecurity “Bad Practices” catalog from the CISA and implications for healthcare entities

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Big tech firms including Google and Apple make major moves to exit the healthcare industry Amazon moves full steam ahead into healthcare, but is struggling to scale solutions due to IT and cyber staffing skill set shortages Cybersecurity staffing and talent shortage trends and new initiatives from the White House and CISA designed to build the cyber workforce Details of $30b+ cybersecurity investment commitments from President Biden's summit with ADP, IBM, Apple, Google, Microsoft, Amazon, and other big tech firms New targeting of healthcare business associates and outpatient practices by cyber criminals California breach notification bulletin details from California's Attorney General and implications for state regulatory enforcement across the country

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Suing the CISO: analysis of a lawsuit against SolarWinds CISO Details of Scripps Healthcare's $113m reported revenue loss due to ransomware Cyber liability protection cost increases Analysis of a new report citing $47k per hour downtime costs for breaches Cyber security highlights from the HIMSS 2021 conference Newly updated guidance from NIST on developing cyber resilient systems CSO Magazine's 15 top strategic priorities for CISOs Universal decryption key for Kaseya ransomware leaked in hacker forum Accenture's breach of 6 terabytes of data and $50m ransom demand from hackers

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Analysis of IBM's new 2021 Data Breach Report including: Impacts to healthcare organizations Healthcare's breach costs and benchmarks against other industries HIPAA compliance implications for breach costs Cloud security breach trends Top sources of breaches and highest risk security domains Ways to reduce breach costs with targeted investments Nine critical vulnerabilities identified for the “Pwned Piper” medical device vulnerability issue and related recommendations Details of President Biden's proposed $9.8b cybersecurity budget President Biden's commentary on the likelihood of cyberwars leading to physical wars The new cybersecurity memorandum released by the White House this week Trends and predictions for new federal and state cybersecurity regulations targeting healthcare

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: The new DHS CIO speaks out on plans for supply chain risk management        PracticeFirst healthcare vendor breach impacting 1.2 million individuals U.S. government launches one-stop shop for ransomware guidance (StopRansomware.gov) CISA publishes cybersecurity guidance for managed services providers in the wake of the Kaseya breach Former NSA director's preview of HIMSS21 presentation on ransomware and cyber risks China formerly accused by the EU, UK, US, and others of attacks against Microsoft Exchange New SolarWinds zero-day exploit being used by attackers (second SolarWinds incident) Urgent security warning for SonicWall supply chain solution and patching details HITRUST announces the timing for release of HITRUST CSF version 10 Class action lawsuit updates against a PACs vendor, Kroger pharmacy, and Blackbaud

This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Finally, we wrap up the show with two micro interviews from RSAC featuring Deepika Gajaria of Tala Security and Scott Scheferman from Eclypsium!   Show Notes: https://securityweekly.com/esw234 Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://securityweekly.com/talasecurity to learn more about them! To learn more about ExtraHop, visit: https://securityweekly.com/extrahop   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, we welcome Rajiv Thomas, Sr Systems Engineer at Gas South LLC, to discuss Gas South and ExtraHop- A Journey of Security Partnership! In the Enterprise News, Contrast Security partners with Secure Code Warrior, Bandura releases the Cyber Intelligence Marketplace, Illumio beefs up zero-trust security with automated policy enforcement, Rapid7 Launches InsightCloudSec to Automate Continuous Security and Compliance, Leaked email shows Tanium just lost its fourth chief marketing officers in five years, Bitdefender launches eXtended EDR platform, ThycoticCentrify Releases a new version of Server Suite, Outpost24 acquires threat intelligence solution Blueliv, Microsoft acquires RiskIQ, Cybereason raises $275 million led by Steven Mnuchin's VC fund, and Arctic Wolf triples valuation and raises an additional $150m! Finally, we wrap up the show with two micro interviews from RSAC featuring Deepika Gajaria of Tala Security and Scott Scheferman from Eclypsium!   Show Notes: https://securityweekly.com/esw234 Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://securityweekly.com/talasecurity to learn more about them! To learn more about ExtraHop, visit: https://securityweekly.com/extrahop   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of "Verify, then trust". Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim's downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house. This segment is sponsored by Eclypsuim. Visit https://securityweekly.com/eclypsium to learn more about them!   Data privacy and Web security teams are converging across enterprises and we are seeing more Privacy use cases like cookie banner consent and limiting data sharing (vendors like Facebook, Google etc. are capturing sensitive user data, accessing cameras, microphones, geolocation etc.) via security policies, under the security teams purview. At Tala we offer a Privacy scan that gives enterprises a full view of which vendors have access to sensitive data and how this data is being shared. This in turn helps set the right security controls in place. This segment is sponsored by Tala Security. Visit https://securityweekly.com/talasecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

Another colossal cyber-attack on the global supply chain took place this month, which saw over 1,500 businesses infected with ransomware via a breach of a third-party vendor, Kaseya. The breach comes on the heels of other large-scale supply chain attacks against SolarWinds, Microsoft, and other major third-party vendors. This brings critical questions to the forefront for our industry: who is accountable for supply chain breaches and who owns the risk? In this CyberPHIx episode, we attempt to answer these questions during this engaging podcast interview with Eric Zematis, Chief Information Security Officer of Lehigh University. Eric discusses approaches for managing liability for supply chain attacks including business accountability and communication, cyber liability insurance, third-party vendor obligations, and government intervention. Highlights of the discussion include: Managing and communicating third party risk with the business Accountability for the business in oversight and management of vendor risk The history and evolution of cyber liability insurance Cyber liability policies and coverage considerations Supply chain vendor accountability before, during, and after breach events Government accountability and roles in combatting supply chain cyber attacks Standards organizations and resources for managing supply chain risks

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of "Verify, then trust". Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim's downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house. This segment is sponsored by Eclypsuim. Visit https://securityweekly.com/eclypsium to learn more about them!   Data privacy and Web security teams are converging across enterprises and we are seeing more Privacy use cases like cookie banner consent and limiting data sharing (vendors like Facebook, Google etc. are capturing sensitive user data, accessing cameras, microphones, geolocation etc.) via security policies, under the security teams purview. At Tala we offer a Privacy scan that gives enterprises a full view of which vendors have access to sensitive data and how this data is being shared. This in turn helps set the right security controls in place. This segment is sponsored by Tala Security. Visit https://securityweekly.com/talasecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw234

Every day brings news of more breaches and ransomware attacks. Why are organizations failing to protect themselves, and what can we do to combat these cybersecurity threats? Technological advances, such as XDR and AI-driven threat monitoring, offer a way to thwart attackers in an ever-evolving security landscape. In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!   Show Notes: https://securityweekly.com/bsw223 Visit https://www.securityweekly.com/bsw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Every day brings news of more breaches and ransomware attacks. Why are organizations failing to protect themselves, and what can we do to combat these cybersecurity threats? Technological advances, such as XDR and AI-driven threat monitoring, offer a way to thwart attackers in an ever-evolving security landscape. In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!   Show Notes: https://securityweekly.com/bsw223 Visit https://www.securityweekly.com/bsw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

The crown jewels are those assets representing the highest value to the organization and deserve the greatest investment to protect. Join this podcast to learn the importance of protecting these crown jewels throughout the information life cycle. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Steve_Durbin_Article.pdf Durbin,S. 2019. Protecting the “Crown Jewels”. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 77. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleadersFollow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw223  

In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw223

This week in the Security Weekly News: The Revenge of the AI Beer Bots, NIST Software definitions, Printspooler, LinkedIn leaked out, Cybersecurity legislation, and more along with the show Wrap Ups for this week!   Show Notes: https://securityweekly.com/swn132 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security Weekly News: The Revenge of the AI Beer Bots, NIST Software definitions, Printspooler, linkedin leaked out, Cybersecurity legislation, and more along with the show Wrap Ups for this week!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn132

This week in the Security Weekly News: The Revenge of the AI Beer Bots, NIST Software definitions, Printspooler, LinkedIn leaked out, Cybersecurity legislation, and more along with the show Wrap Ups for this week!   Show Notes: https://securityweekly.com/swn132 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security Weekly News, Number one in the charts, the cyber charts that is, Binance receives the ban hammer from UK's FCA, Lawmakers introduce American Cybersecurity Literacy Act – Marines this does not apply, you keep chomping on your crayons, key vulnerabilities in the Atlassian project and software development platform, GitHub bug bounties: payouts surge past $1.5 million mark – sounds like rooky numbers to me, the UK MoD giving away secrets for free, if you ride the bus, and the return of Jason Wood for Expert Commentary!   Show Notes: https://securityweekly.com/swn131 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security Weekly News, Number one in the charts, the cyber charts that is, Binance receives the ban hammer from UK's FCA, Lawmakers introduce American Cybersecurity Literacy Act – Marines this does not apply, you keep chomping on your crayons, key vulnerabilities in the Atlassian project and software development platform, GitHub bug bounties: payouts surge past $1.5 million mark – sounds like rooky numbers to me, the UK MoD giving away secrets for free, if you ride the bus, and the return of Jason Wood for Expert Commentary!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn131

This week in the Security Weekly News, Number one in the charts, the cyber charts that is, Binance receives the ban hammer from UK's FCA, Lawmakers introduce American Cybersecurity Literacy Act – Marines this does not apply, you keep chomping on your crayons, key vulnerabilities in the Atlassian project and software development platform, GitHub bug bounties: payouts surge past $1.5 million mark – sounds like rooky numbers to me, the UK MoD giving away secrets for free, if you ride the bus, and the return of Jason Wood for Expert Commentary!   Show Notes: https://securityweekly.com/swn131 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week in the SWN Wrap Up, Dr. Doug talks: NYC Department of Health, Windows 11, John McAfee, Dell UEFI, Zyxel, DarkRadiation, and of course the Wrap Ups of all the shows from this week!   Show Notes: https://securityweekly.com/swn130 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week in the SWN Wrap Up, Dr. Doug talks: NYC Department of Health, Windows 11, John McAfee, Dell UEFI, Zyxel, DarkRadiation, and of course the Wrap Ups of all the shows from this week!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn130

This week in the SWN Wrap Up, Dr. Doug talks: NYC Department of Health, Windows 11, John McAfee, Dell UEFI, Zyxel, DarkRadiation, and of course the Wrap Ups of all the shows from this week!   Show Notes: https://securityweekly.com/swn130 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Ben Higgins and Ted Driggs of ExtraHop join Security Weekly to explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise! Then, in the Leadership and Communications section, What is the hidden cost of maintaining legacy systems?, 10 Leadership Habits of Highly Effective Leaders, 5 Key Ingredients to Finding Satisfaction and Fulfillment in Your Work, and more! Segment Resources: https://www.extrahop.com/behaviortransparency This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them or visit https://www.extrahop.com/behaviourtransparency to learn more about behavior transparency! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw221

This week in the Security Weekly News: Aaran Leyland guest hosts and talks Oddball, BDSM Videos, iPhone wifi hacks, South Korea, Russia, Carnival, and Google. All this and the returning Expert Commentary of Jason Wood! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn129

This week, Ben Higgins and Ted Driggs of ExtraHop join Security Weekly to explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise! Then, in the Leadership and Communications section, What is the hidden cost of maintaining legacy systems?, 10 Leadership Habits of Highly Effective Leaders, 5 Key Ingredients to Finding Satisfaction and Fulfillment in Your Work, and more! Segment Resources: https://www.extrahop.com/behaviortransparency This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them or visit https://www.extrahop.com/behaviourtransparency to learn more about behavior transparency! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw221

This week in the Security Weekly News: Aaran Leyland guest hosts and talks Oddball, BDSM Videos, iPhone wifi hacks, South Korea, Russia, Carnival, and Google. All this and the returning Expert Commentary of Jason Wood! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn129

This week in the AppSec Weekly News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155

This week, we welcome Nuno Loureiro & Tiago Mendo from Probely to discuss some Challenges of DAST Scanners, and their Adoption by Developers! Then, in the AppSec News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more! This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155

This week in the Security Weekly News: Aaran Leyland guest hosts and talks Oddball, BDSM Videos, iPhone wifi hacks, South Korea, Russia, Carnival, and Google. All this and the returning Expert Commentary of Jason Wood!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn129

This week in the AppSec Weekly News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155

The Biden Cyber Executive Order includes a Software Bill of Materials that is a critical and necessary first measure for protecting the software supply chain. To defend against cyber attacks, such as the ones that impacted SolarWinds and the Colonial Pipeline, organizations also need transparency about the behaviors of the software in their supply chain––how, and with whom, they are engaging in and outside of their networks. Ben Higgins and Ted Driggs of ExtraHop join Security Weekly to explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them or visit https://www.extrahop.com/behaviourtransparency to learn more about behavior transparency!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw221

This week, we welcome Nuno Loureiro & Tiago Mendo from Probely to discuss some Challenges of DAST Scanners, and their Adoption by Developers! Then, in the AppSec News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more! This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155

The Biden Cyber Executive Order includes a Software Bill of Materials that is a critical and necessary first measure for protecting the software supply chain. To defend against cyber attacks, such as the ones that impacted SolarWinds and the Colonial Pipeline, organizations also need transparency about the behaviors of the software in their supply chain––how, and with whom, they are engaging in and outside of their networks. Ben Higgins and Ted Driggs of ExtraHop join Security Weekly to explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise.   This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them or visit https://www.extrahop.com/behaviourtransparency to learn more about behavior transparency!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw221

This week, Dr. Doug talks: Pinchy Spider, Drones, Biden and Putin, Microsoft, CVS, along with the Show Wrap Ups & his Favorite Threat of the Week!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn128

Security and risk teams have been overwhelmed by the tsunami of requests for vendor security risk assessments as the digital health movement continues to shift data to third-party platforms. Constraints on human capital and time have never been tighter. Leading organizations are looking for ways to focus their teams on true risk management activities rather than perpetually collecting and formatting risk data. Information security and risk leaders have turned to services, technology and automation to help keep pace with this unprecedented demand for third-party security assessments. However, the volume and variety of solutions hitting the market has some heads spinning trying to make sense of it all. In this episode of The CyberPHIx, we speak with Siobhan Hunter, Vice President of Strategic Solutions for CORL Technologies. CORL provides tech-enabled managed services for third-party vendor security risk management for healthcare entities. Highlights of the discussion include: Pros and cons of solutions available on the market include GRC platforms, cyber risk scoring, survey automation, third-party risk exchanges, and tech-enabled managed services Characteristics of third-party risk program maturity ranging from low-maturity to industry-leading programs How to strike the right balance of people, process, and technology to extract value and reduce cost for vendor security programs Lessons learned from leading third-party security risk programs inside and outside of healthcare

Episode 4 of the podcast focuses on the CISO's perspective on the importance of understanding the corporate network environment and features Anthony Johnson, Managing Partner of Delve Risk. Outline: (00:22) Introductions (01:07) Question 1  – As a CISO, if I don't have clear or accurate insight into the state of my assets and infrastructure, what immediate risks am I incurring? (02:23) Question 2 – You've started a role as a CISO at a new company - how do you test the information your presented with around the the network, the current state of the security team and tech stack, and when do you trust it? (03:21) Question 3 – In your experience, what percentage of the network do you think the average CISO and team have a good handle on and are there trends in the gaps? (05:51) Question 4 – Are there any trivial gaps - How complete should a CISO's knowledge and insight into their environment be; IE If they're confident on 80% of the network, is that enough? (08:43) Question 5 – How has the emphasis on maintaining a meaningful understanding of your network impacted your strategy around the staffing/teams that you've built? (10:53) Recap & Takeaways