S2 - Episode 002 – 2022 Breaches and Some Retrospection

In this exciting second episode of the new season, we're offering up a buffet of delicious options to feast your incessant little cybersecurity appetites on!

BREACHES

We start by spending time on 5 of the top breaches that took place in 2022, but shift into some real world thoughts and ideas on what concepts could have helped in preventing those types of breaches.

FRAMEWORKS

Jason and Kevin dig deep into their CISSP bag of tricks to discuss cybersecurity frameworks and do a bit of a shallow dive into NIST, and then migrate into the CIS Top 18 cyber controls for effective cyber defense.

GAP ASSESSMENTS and MATURITY ASSESSMENTS

The guys hit on two very important aspects of how to leverage a framework for your business, for both analyzing your security overlap and your gaps. Then, they take a look at how you can use that same framework to monitor growth and maturity over time. They use hypothetical company 'XYZ Company' to show real-world examples of gap matrices and maturity matrices. These types of critical elements in your security program are items that should be assessed annually or even more frequently.

A LOOK AT KPIs

The guys move from leveraging the frameworks into looking at KPIs (Key Performance Indicators) and how you can pull KPIs from your controls to determine if you controls are actually working for you! What good is a robust framework if you can't measure its success?

3^RD PARTY RISK

Lastly, the guys take a look at the importance of 3^rd-party risk and how your partners, customers, vendors, and joint ventures might play a part in your overall security posture. Not only how they play a part, but WHAT you can do to take actionable steps around 3^rd party risk.

This one is VERY action packed and we cover a lot of ground. Jump on the rollercoaster as we hit ALL the rides in the cyber theme park on this one!

CITATIONS:

All about the NIST Cyber Framework

https://www.nist.gov/cyberframework

CIS Top 18 Cyber Controls

https://www.cisecurity.org/controls/v8

Training for using the Frameworks offered by SANS

https://www.sans.org/blog/cis-controls-v8/

YouTube Training Videos on each of the 18 Controls

https://www.youtube.com/@TheCISecurity

https://www.youtube.com/watch?v=pGZViAZlg1k&list=PLpNN1VAyNhovvTU6pye4cNYZksP5CLTyy