Subscribe: CERT's Podcast Series: Security for Business Leaders
Added By: Feedage Forager Feedage Grade B rated
Language: English
business  cert  cyber  explains  information  participants  podcast participants  podcast  risk  secure  security  software 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CERT's Podcast Series: Security for Business Leaders

CERT's Podcast Series: Security for Business Leaders

In this series of podcasts, CERT provides both general principles and specific starting points for business leaders who want to launch an enterprise-wide security effort or make sure their existing security program is as good as it can be.


Becoming a CISO: Formal and Informal Requirements

Wed, 19 Oct 2016 15:42:45 GMT

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field.

Media Files:

Global Value Chain – An Expanded View of the ICT Supply Chain

Mon, 18 Jul 2016 18:10:14 GMT

In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain.

Media Files:

Intelligence Preparation for Operational Resilience

Tue, 21 Jun 2016 18:42:04 GMT

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR.

Media Files:

Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations

Wed, 03 Feb 2016 16:59:00 GMT

In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations.

Media Files:

Structuring the Chief Information Security Officer Organization

Wed, 23 Dec 2015 17:06:00 GMT

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.

Media Files:

How Cyber Insurance Is Driving Risk and Technology Management

Mon, 09 Nov 2015 14:53:00 GMT

In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies.

Media Files:

How the University of Pittsburgh Is Using the NIST Cybersecurity Framework

Thu, 01 Oct 2015 18:21:51 GMT

In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).

Media Files:

Capturing the Expertise of Cybersecurity Incident Handlers

Thu, 27 Aug 2015 19:31:54 GMT

In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident.

Media Files:

Supply Chain Risk Management: Managing Third Party and External Dependency Risk

Thu, 26 Mar 2015 14:16:28 GMT

In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)."

Media Files:

A Workshop on Measuring What Matters

Fri, 20 Feb 2015 12:59:00 GMT

This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop and identifying improvements for future offerings.

Media Files:

Cyber Insurance and Its Role in Mitigating Cybersecurity Risk

Thu, 08 Jan 2015 20:20:00 GMT

In this podcast, Jim Cebula and David White discuss cyber insurance and its potential role in reducing operational and cybersecurity risk.

Media Files:

A Taxonomy of Operational Risks for Cyber Security

Tue, 07 Oct 2014 13:13:19 GMT

In this podcast, James Cebula describes how to use a taxonomy to increase confidence that your organization is identifying cyber security risks.

Media Files:

Characterizing and Prioritizing Malicious Code

Thu, 29 May 2014 12:10:59 GMT

In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first.

Media Files:

Comparing IT Risk Assessment and Analysis Methods

Tue, 25 Mar 2014 13:25:00 GMT

In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting methods that are a good fit for your organization.

Media Files:

The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)

Tue, 11 Feb 2014 18:40:05 GMT

ES-C2M2 helps improve the operational resilience of the U.S. power grid.

Media Files:

Raising the Bar - Mainstreaming CERT C Secure Coding Rules

Tue, 07 Jan 2014 17:45:00 GMT

In this podcast, Robert Seacord describes the CERT-led effort to publish an ISO/IEC technical specification for secure coding rules for compilers and analyzers.

Media Files:

Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience

Tue, 26 Nov 2013 17:12:01 GMT

In this podcast, the presenters explain how CRRs allow critical infrastructure owners to compare their cybersecurity performance with their peers.

Media Files:

Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions

Tue, 27 Aug 2013 19:05:08 GMT

In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.

Media Files:

DevOps - Transform Development and Operations for Fast, Secure Deployments

Tue, 30 Jul 2013 16:52:11 GMT

In this podcast, Gene Kim explains how the "release early, release often" approach significantly improves software performance, stability, and security.

Media Files:

Managing Disruptive Events - CERT-RMM Experience Reports

Tue, 11 Jun 2013 16:14:37 GMT

In this podcast, the participants describe four experience reports that demonstrate how the CERT-RMM can be applied to manage operational risks.

Media Files:

Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity

Thu, 09 May 2013 17:42:57 GMT

In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding to better analyze malicious code.

Media Files:

Securing Mobile Devices aka BYOD

Tue, 26 Mar 2013 18:08:03 GMT

In this podcast, Joe Mayes discusses how to ensure the security of personal mobile devices that have access to enterprise networks.

Media Files:

Mitigating Insider Threat - New and Improved Practices Fourth Edition

Thu, 28 Feb 2013 20:22:27 GMT

In this podcast, participants explain how 371 cases of insider attacks led to 4 new and 15 updated best practices for mitigating insider threats.

Media Files:

Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk

Thu, 31 Jan 2013 16:47:53 GMT

In this podcast, Nader Mehravari describes how governments and markets are calling for the integration of plans for and responses to disruptive events.

Media Files:

Managing Disruptive Events: Making the Case for Operational Resilience

Wed, 19 Dec 2012 19:54:13 GMT

In this podcast, Nader Mehravari describes how today's high-risk, global, fast, and very public business environment demands a more integrated approach.

Media Files:

Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities

Tue, 23 Oct 2012 14:25:44 GMT

In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses.

Media Files:

How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them

Tue, 25 Sep 2012 14:27:00 GMT

In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.

Media Files:

U.S. Postal Inspection Service Use of the CERT Resilience Management Model

Tue, 21 Aug 2012 18:57:30 GMT

In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.

Media Files:

Insights from the First CERT Resilience Management Model Users Group

Tue, 17 Jul 2012 18:59:46 GMT

In this podcast, Lisa Young explains that implementing CERT-RMM requires well-defined improvement objectives, sponsorship, and more.

Media Files:

NIST Catalog of Security and Privacy Controls, Including Insider Threat

Tue, 24 Apr 2012 18:51:57 GMT

In this podcast, participants discuss why security controls, including those for insider threat, are necessary to protect information and information systems.

Media Files:

Cisco's Adoption of CERT Secure Coding Standards

Tue, 28 Feb 2012 20:03:23 GMT

In this podcast, Martin Sebor explains how implementing secure coding standards is a sound business decision.

Media Files:

How to Become a Cyber Warrior

Tue, 31 Jan 2012 19:14:45 GMT

In this podcast, Dennis Allen explains that protecting the internet and its users against cyber attacks requires more skilled cyber warriors.

Media Files:

Considering Security and Privacy in the Move to Electronic Health Records

Tue, 20 Dec 2011 18:27:16 GMT

In this podcast, participants discuss how using electronic health records bring many benefits along with security and privacy challenges.

Media Files:

Measuring Operational Resilience

Tue, 04 Oct 2011 16:51:48 GMT

In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform decisions, and affect behavior.

Media Files:

Why Organizations Need a Secure Domain Name System

Tue, 06 Sep 2011 14:28:38 GMT

Use of Domain Name System security extensions can help prevent website hijacking attacks.

Media Files:

Controls for Monitoring the Security of Cloud Services

Tue, 02 Aug 2011 15:32:11 GMT

In this podcast, participants explain that it depends on the service model how cloud providers and customers can use controls to protect sensitive information.

Media Files:

Building a Malware Analysis Capability

Tue, 12 Jul 2011 19:44:49 GMT

In this podcast, Jeff Gennari explains that analyzing malware is essential to assessing the damage and reducing the impact associated with ongoing infection.

Media Files:

Using the Smart Grid Maturity Model (SGMM)

Thu, 05 May 2011 13:12:34 GMT

In this podcast, David White describes how over 100 electric power utilities are using the Smart Grid Maturity Model.

Media Files:

Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM

Tue, 29 Mar 2011 13:20:31 GMT

In this podcast, participants explain why and how business leaders must address risk at the enterprise, business process, and system levels.

Media Files:

Conducting Cyber Exercises at the National Level

Tue, 22 Feb 2011 14:50:31 GMT

In this podcast, participants discuss exercises that help organizations, governments, and nations prepare for, identify, and mitigate cyber risks.

Media Files:

Indicators and Controls for Mitigating Insider Threat

Tue, 25 Jan 2011 14:22:24 GMT

In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and respond to insider crimes.

Media Files:

How Resilient Is My Organization?

Thu, 09 Dec 2010 14:56:51 GMT

In this podcast, Richard Caralli explains how CERT-RMM can ensure that critical assets and services perform as expected in the face of stress and disruption.

Media Files:

Public-Private Partnerships: Essential for National Cyber Security

Tue, 30 Nov 2010 19:58:42 GMT

In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex systems function as intended.

Media Files:

Software Assurance: A Master's Level Curriculum

Tue, 26 Oct 2010 18:31:51 GMT

In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended.

Media Files:

How to Develop More Secure Software - Practices from Thirty Organizations

Tue, 28 Sep 2010 19:18:28 GMT

In this podcast, participants discuss how organizations can benchmark their software security practices against 109 observed activities from 30 organizations.

Media Files:

Mobile Device Security: Threats, Risks, and Actions to Take

Tue, 31 Aug 2010 15:38:48 GMT

In this podcast, Jonathan Frederick explains how internet-connected mobile devices are becoming increasingly attractive targets.

Media Files:

Establishing a National Computer Security Incident Response Team (CSIRT)

Thu, 19 Aug 2010 19:08:56 GMT

In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity.

Media Files:

Securing Industrial Control Systems

Tue, 27 Jul 2010 15:40:15 GMT

In this podcast, Julia Allen how critical it is to secure systems that control physical switches, valves, pumps, meters, and manufacturing lines.

Media Files:

TJX, Heartland, and CERT's Forensics Analysis Capabilities

Tue, 29 Jun 2010 18:36:57 GMT

In this podcast, participants recount complex, distributed, multi-year investigations of computer crimes using sophisticated methods, techniques, and tools.

Media Files:

The Power of Fuzz Testing to Reduce Security Vulnerabilities

Tue, 25 May 2010 19:21:04 GMT

In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate security vulnerabilities.

Media Files:

Protect Your Business from Money Mules

Tue, 27 Apr 2010 13:24:43 GMT

Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses.

Media Files:

Train for the Unexpected

Wed, 03 Mar 2010 14:58:30 GMT

In this podcast, Matthew Meyer explains that being able to respond effectively when faced with a disruptive event requires becoming more resilient.

Media Files:

The Role of the CISO in Developing More Secure Software

Tue, 02 Mar 2010 20:22:52 GMT

In this podcast, Pravir Chandra warns that CISOs must leave no room for doubt that they understand what is expected of them when developing secure software.

Media Files:

Computer and Network Forensics: A Master's Level Curriculum

Tue, 02 Feb 2010 19:42:37 GMT

In this podcast, Kris Rush describes how students learn to combine multiple facets of digital forensics and draw conclusions to support investigations.

Media Files:

Introducing the Smart Grid Maturity Model (SGMM)

Tue, 12 Jan 2010 15:00:56 GMT

In this podcast, Ray Jones explains how the SGMM provides a roadmap to guide an organization's transformation to the smart grid.

Media Files:

Leveraging Security Policies and Procedures for Electronic Evidence Discovery

Sat, 09 Jan 2010 20:15:03 GMT

In this podcast, John Christiansen explains that effectively responding to e-discovery requests depends on well-defined policies, procedures, and processes.

Media Files:

Integrating Privacy Practices into the Software Development Life Cycle

Tue, 22 Dec 2009 19:23:33 GMT

In this podcast, participants explain that addressing privacy during software development is just as important as addressing security.

Media Files:

Using the Facts to Protect Enterprise Networks: CERT's NetSA Team

Tue, 01 Dec 2009 16:41:29 GMT

In this podcast, Timothy Shimeall describes how network defenders and business leaders can use NetSA measures to protect their networks.

Media Files:

Ensuring Continuity of Operations When Business Is Disrupted

Tue, 10 Nov 2009 15:02:57 GMT

In this podcast, Gary Daniels explains that providing critical services during times of stress depends on documented, tested business continuity plans.

Media Files:

Managing Relationships with Business Partners to Achieve Operational Resiliency

Tue, 20 Oct 2009 14:19:36 GMT

In this podcast, David White explains why a defined, managed process for third party relationships is essential, particularly when business is disrupted.

Media Files:

The Smart Grid: Managing Electrical Power Distribution and Use

Tue, 29 Sep 2009 13:51:21 GMT

In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges.

Media Files:

Electronic Health Records: Challenges for Patient Privacy and Security

Tue, 08 Sep 2009 18:26:16 GMT

In this podcast, Robert Charette explains why electronic health records (EHRs) are possibly the most complicated area of IT today.

Media Files:

Mitigating Insider Threat: New and Improved Practices

Tue, 18 Aug 2009 13:26:23 GMT

Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.

Media Files:

Rethinking Risk Management

Tue, 07 Jul 2009 13:59:53 GMT

In this podcast, Christopher Alberts urges business leaders to adopt new approaches to addressing risks across the life cycle and supply chain.

Media Files:

The Upside and Downside of Security in the Cloud

Tue, 16 Jun 2009 15:48:16 GMT

In this podcast, Tim Mather advises business leaders considering cloud services to weigh the economic benefits against the security and privacy risks.

Media Files:

More Targeted, Sophisticated Attacks: Where to Pay Attention

Tue, 26 May 2009 13:31:25 GMT

In this podcast, Martin Linder urges business leaders to take action to better mitigate sophisticated social engineering attacks.

Media Files:

Is There Value in Identifying Software Security "Never Events?"

Tue, 05 May 2009 19:25:50 GMT

In this podcast, Robert Charette suggests when to examine responsibilities when developing software with known, preventable errors.

Media Files:

Cyber Security, Safety, and Ethics for the Net Generation

Tue, 14 Apr 2009 13:47:07 GMT

In this podcast, Rodney Peterson explains why capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs.

Media Files:

An Experience-Based Maturity Model for Software Security

Tue, 31 Mar 2009 19:27:49 GMT

In this podcast, participants discuss how observed practice, represented as a maturity model, can serve as a basis for developing more secure software.

Media Files:

Mainstreaming Secure Coding Practices

Tue, 17 Mar 2009 19:31:09 GMT

In this podcast, Robert Seacord explains how requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities.

Media Files:

Security: A Key Enabler of Business Innovation

Tue, 03 Mar 2009 15:01:15 GMT

In this podcast, participants describe how making security strategic to business innovation involves seven strategies.

Media Files:

Better Incident Response Through Scenario Based Training

Tue, 17 Feb 2009 19:37:47 GMT

In this podcast, Christopher May explains how teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine.

Media Files:

An Alternative to Risk Management for Information and Software Security

Tue, 03 Feb 2009 15:08:11 GMT

In this podcast, Brian Chess explain how standards, compliance, and process are better than risk management for ensuring information and software security.

Media Files:

Tackling Tough Challenges: Insights from CERT’s Director Rich Pethia

Tue, 20 Jan 2009 14:49:58 GMT

In this podcast, Rich Pethia reflects on the CERT Division's 20-year history and discusses its future IT and security challenges.

Media Files:

Climate Change: Implications for Information Technology and Security

Tue, 09 Dec 2008 14:51:14 GMT

In this podcast, Richard Power explains how climate change requires new strategies for dealing with traditional IT and information security risks.

Media Files:

Using High Fidelity, Online Training to Stay Sharp

Tue, 25 Nov 2008 19:39:11 GMT

In this podcast, Jim Wrubel explains how virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime.

Media Files:

Integrating Security Incident Response and e-Discovery

Tue, 11 Nov 2008 14:52:57 GMT

In this podcast, Julia Allen explains how responding to an e-discovery request involves many of the same steps and roles as responding to a security incident.

Media Files:

Concrete Steps for Implementing an Information Security Program

Tue, 28 Oct 2008 15:57:54 GMT

In this podcast, Jennifer Bayuk explains how successful security programs are based on strategy, policy, awareness, implementation, monitoring, and remediation.

Media Files:

Virtual Communities: Risks and Opportunities

Tue, 14 Oct 2008 13:56:12 GMT

In this podcast, Jan Wolynski advises business leaders to evaluate risks and opportunities when considering conducting business in online, virtual communities.

Media Files:

Developing Secure Software: Universities as Supply Chain Partners

Tue, 30 Sep 2008 19:33:20 GMT

In this podcast, Mary Ann Davidson explains how integrating security into university curricula is a key solution to developing more secure software.

Media Files:

Security Risk Assessment Using OCTAVE Allegro

Tue, 16 Sep 2008 14:11:36 GMT

In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services.

Media Files:

Getting to a Useful Set of Security Metrics

Tue, 02 Sep 2008 16:54:02 GMT

Well-defined metrics are essential to determine which security practices are worth the investment.

Media Files:

How to Start a Secure Software Development Program

Wed, 20 Aug 2008 19:36:34 GMT

In this podcast, Gary McGraw explains how to achieve software security by thinking like an attacker and integrating practices into the development lifecycle.

Media Files:

Managing Risk to Critical Infrastructures at the National Level

Tue, 05 Aug 2008 19:22:40 GMT

In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life.

Media Files:

Analyzing Internet Traffic for Better Cyber Situational Awareness

Mon, 28 Jul 2008 15:45:59 GMT

In this podcast, Derek Gabbard discusses automation, innovation, reaction, and expansion as the foundation for meaningful network traffic intelligence.

Media Files:

Managing Security Vulnerabilities Based on What Matters Most

Tue, 22 Jul 2008 15:59:45 GMT

In this podcast, Art Manion explains that determining which security vulnerabilities to address should be based on the importance of the information asset.

Media Files:

Identifying Software Security Requirements Early, Not After the Fact

Tue, 08 Jul 2008 19:37:57 GMT

In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack.

Media Files:

Making Information Security Policy Happen

Tue, 24 Jun 2008 19:52:48 GMT

In this podcast, Paul Love argues that targeted, innovative communications and a robust lifecycle are keys for security policy success.

Media Files:

Becoming a Smart Buyer of Software

Tue, 10 Jun 2008 19:54:58 GMT

Managing software that is developed by an outside organization can be more challenging than building it yourself.

Media Files:

Building More Secure Software

Tue, 27 May 2008 19:39:08 GMT

In this podcast, Julia Allen explains how software security is about building more defect-free software to reduce vulnerabilities targeted by attackers.

Media Files:

Connecting the Dots Between IT Operations and Security

Tue, 13 May 2008 16:01:22 GMT

In this podcast, Gene Kim describes how high performing organizations must integrate information security controls into their IT operational processes.

Media Files:

Getting in Front of Social Engineering

Tue, 29 Apr 2008 13:34:20 GMT

In this podcast, Betsy Nichols tells us how benchmark results can compare results with peers, drive performance, and help determine how much security is enough.

Media Files:

Using Benchmarks to Make Better Security Decisions

Tue, 15 Apr 2008 16:56:51 GMT

In this podcast, Betsy Nichols describes how benchmark results can be used to help determine how much security is enough.

Media Files:

Protecting Information Privacy - How To and Lessons Learned

Tue, 01 Apr 2008 18:31:34 GMT

In this podcast, Kim Hargraves describes three keys to ensuring information privacy in an organization.

Media Files:

Initiating a Security Metrics Program: Key Points to Consider

Tue, 18 Mar 2008 17:11:32 GMT

In this podcast, Samuel Merrell explains that a sound security metrics program should select data relevant to consumers from repeatable processes.

Media Files:

Insider Threat and the Software Development Life Cycle

Tue, 04 Mar 2008 14:37:26 GMT

In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle.

Media Files:

Tackling the Growing Botnet Threat

Tue, 19 Feb 2008 14:38:47 GMT

In this podcast, Nicholas Ianelli cautions business leaders to understand the risks to their organizations caused by the proliferation of botnets.

Media Files:

Building a Security Metrics Program

Tue, 05 Feb 2008 18:24:20 GMT

In this podcast, Betsy Nichols explains that reporting meaningful security metrics depends on topic selection, context definition, and data access.

Media Files:

Inadvertent Data Disclosure on Peer-to-Peer Networks

Tue, 22 Jan 2008 14:41:16 GMT

In this podcast, participants discuss how peer-to-peer networks are being used to unintentionally disclose government, commercial, and personal information.

Media Files:

Information Compliance: A Growing Challenge for Business Leaders

Tue, 08 Jan 2008 15:14:15 GMT

In this podcast, Tom Smedinghoff reminds directors and executives that they are personally accountable for protecting information entrusted to their care.

Media Files: