Get A Podcast - CERT's Podcast Series: Security for Business Leaders - Fresh discussions on the importance of security within organizations

CERT's Podcast Series: Security for Business Leaders
Released:	6/30/2008 1:33:13 PM
RSS Link:	http://www.cert.org/podcast/exec_podcast.rss
Last View:	12/2/2008 9:53:26 PM
Last Refresh:	12/4/2008 10:53:53 PM
Page Views:	57
Comments:	Talk About It (0)
Report violation	Report a violation or adult content
Description: Fresh discussions on the importance of security within organizations 40 Podcasts: 1. 20080624love-full.mp3 (played 17 times) 2. 20080610gallagher-full.mp3 (played 25 times) 3. 20080527allen-full.mp3 (played 26 times) 4. 20080513kim-full.mp3 (played 16 times) 5. 20080429hinson-full.mp3 (played 17 times) 6. 20080415nichols-full.mp3 (played 18 times) 7. 20080401hargraves-full.mp3 (played 25 times) 8. 20080318merrell-full.mp3 (played 16 times) 9. 20080304cappelli-full.mp3 (played 25 times) 10. 20080219ianelli-full.mp3 (played 26 times) 11. 20080205nichols-full.mp3 (played 17 times) 12. 20080122johnson-full.mp3 (played 19 times) 13. 20080108smedinghoff-full.mp3 (played 17 times) 14. 20071210swanson-full.mp3 (played 25 times) 15. 20071127beggs-full.mp3 (played 11 times) 16. 20071113wilson-full.mp3 (played 16 times) 17. 20071030waits-full.mp3 (played 25 times) 18. 20071016dynes-full.mp3 (played 13 times) 19. 20071015young-full.mp3 (played 13 times) 20. 28Newby.mp3 (played 13 times) 21. 27MorrisonBoni.mp3 (played 17 times) 22. 26Carpenter.mp3 (played 25 times) 23. 25Kreitner.mp3 (played 15 times) 24. 24Fusco.mp3 (played 9 times) 25. 23WilsonAllen.mp3 (played 22 times) 26. 22LosiAllen.mp3 (played 26 times) 27. 21CrowellContos.mp3 (played 17 times) 28. 20HuthKalinowski.mp3 (played 26 times) 29. 19Ganow.mp3 (played 25 times) 30. 18Caralli.mp3 (played 25 times) 31. 17Nolan.mp3 (played 26 times) 32. 16KillcreceRuefle.mp3 (played 15 times) 33. 15Westby.mp3 (played 13 times) 34. 14Rogers.mp3 (played 14 times) 35. 13Kimberland.mp3 (played 25 times) 36. 12Alberts.mp3 (played 25 times) 37. 11Acquisti.mp3 (played 25 times) 38. 10Laswell.mp3 (played 25 times) 39. 9Rush.mp3 (played 14 times) 40. 8Longstaff.mp3 (played 26 times) Content: (Play It) Using High Fidelity, Online Training to Stay Sharp Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. (Play It) Integrating Security Incident Response and e-Discovery Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. (Play It) Concrete Steps for Implementing an Information Security Program A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. (Play It) Virtual Communities: Risks and Opportunities When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. (Play It) Developing Secure Software: Universities as Supply Chain Partners Integrating security into university curricula is one of the key solutions to developing more secure software. (Play It) Security Risk Assessment Using OCTAVE Allegro OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. (Play It) Getting to a Useful Set of Security Metrics Well-defined metrics are essential to determine which security practices are worth the investment. (Play It) How to Start a Software Development Program Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. (Play It) Managing Risk to Critical Infrastructures at the National Level Protecting critical infrastructures and the information they use are essential for preserving our way of life. (Play It) Managing Security Vulnerabilites Based on What Matters Most Determining which security vulnerabilities to address should be based on the importance of the information asset. (Play It) Identifying Software Security Requirements Early, Not After the Fact During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. (Play It) Making Information Security Policy Happen Targeted, innovative communications and a robust life cycle are keys for security policy success. (Play It) Becoming a Smart Buyer of Software Managing software that is developed by an outside organization can be more challenging than building it yourself. (Play It) Building More Secure Software Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. (Play It) Connecting the Dots Between IT Operations and Security High performing organizations effectively integrate information security controls into mainstream IT operational processes. (Play It) Getting in Front of Social Engineering Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. (Play It) Using Benchmarks to Make Better Security Decisions Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. (Play It) Protecting Information Privacy - How To and Lessons Learned Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. (Play It) Initiating a Security Metrics Program: Key Points to Consider A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. (Play It) Insider Threat and the Software Development Life Cycle Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. (Play It) Tackling the Growing Botnet Threat Business leaders need to understand the risks to their organizations caused by the proliferation of botnets. (Play It) Building a Security Metrics Program Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. (Play It) Inadvertent Data Disclosure on Peer-to-Peer Networks Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. (Play It) Information Compliance: A Growing Challenge for Business Leaders Directors and senior executives are personally accountable for protecting information entrusted to their care. (Play It) Internal Audit's Role in Information Security: An Introduction Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there. (Play It) What Business Leaders Can Expect from Security Degree Programs Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees? (Play It) The Path from Information Security Risk Assessment to Compliance Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome. (Play It) Computer Forensics for Business Leaders: Building Robust Policies and Processes Business Leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations. (Play It) Business Resilience: A More Compelling Argument for Information Security A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders. (Play It) Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their organizations stand up to known and unknown threats. (Play It) The Human Side of Security Trade-Offs It's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort. (Play It) Dual Perspectives: A CIO's and CISO's Take on Security Given that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution. (Play It) Tackling Security at the National Level: A Resource for Leaders Business leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope. (Play It) Reducing Security Costs with Standard Configurations: U.S. Government Initiatives Information security costs can be significantly reduced by enforcing standard configurations for widely deployed systems. (Play It) Real-World Security for Business Leaders Security is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business. (Play It) Using Standards to Build an Information Security Program Business leaders can use international standards to create a business- and risk-based information security program. (Play It) Getting Real About Security Governance Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities. (Play It) Convergence: Integrating Physical and IT Security Deploying common solutions for physical and IT security is a cost-effective way to reduce risk and save money. (Play It) IT Infrastructure: Tips for Navigating Tough Spots Organizations occasionally may need to redefine their IT infrastructures - but to succeed, they must be prepared to handle tricky situations. (Play It) The Value of De-Identified Personal Data As the legal compliance landscape grows increasingly complex, de-identification can help organizations share data more securely. (Play It) Adapting to Changing Risk Environments: Operational Resilience Business leaders need to ensure that their organizations can keep critical business processes and services up and running in the face of the unexpected. (Play It) Computer Forensics for Business Leaders: A Primer Computer forensics is often overlooked when planning an incident response strategy; however, it is a critical part of incident response, and business leaders need to understand how to tackle it. (Play It) The Real Secrets of Incident Management Incident management is not just about technical response. It is a cross-enterprise effort that requires good communication and informed risk management. (Play It) The Legal Side of Global Security Business leaders, including legal counsel, need to understand how to tackle complex security issues for a global enterprise. (Play It) A New Look at the Business of IT Education System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. (Play It) Crisis Communications During a Security Incident Business leaders need to be prepared to communicate with the media and their staff during a high-profile security incident or crisis. (Play It) Assuring Mission Success in Complex Environments Analysis tools are needed for assessing complex organizational and technological issues that are well beyond traditional approaches. (Play It) Privacy: The Slow Tipping Point A trend toward more and more data disclosure, as seen in online social networks, may be causing users to become desensitized to privacy breaches in general. (Play It) Building Staff Competence in Security Practical specifications and guidelines now exist that define necessary knowledge, skills, and competencies for staff members in a range of security positions - from practitioners to managers. (Play It) Inside Defense-in-Depth Defense-in-Depth is one path toward enterprise resilience - the ability to withstand threats and failures. The foundational aspects of compliance management and risk management serve as stepping-stones to and supports for other, more technical aspects. (Play It) Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology Business models are evolving. This has challenging implications as security threats become more covert and technologies facilitate information migration. (Play It) Protecting Against Insider Threat The threat of attack from insiders is real and substantial. Insiders have a significant advantage over others who might want to harm an organization. (Play It) Change Management: The Security 'X' Factor In a recent survey of organizations' security posture, one factor separated high performers from the rest of the pack: change management. (Play It) CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT Learn more about the future of CERT and Rich Pethia's view of the Internet security landscape. (Play It) Why Leaders Should Care About Security Leaders need to be security conscious and to treat adequate security as a non-negotiable requirement of being in business. (Play It) The ROI of Security ROI is a useful tool because it enables comparison among investments in a consistent way. (Play It) Proactive Remedies for Rising Threats Threats to information security are increasingly stealthy, but they are on the rise and must be mitigated through sound policy and strategy. (Play It) Compliance vs. Buy-in Integrating security into standard business operating processes and procedures is more effective than treating security as a compliance exercise. Home

Home Podcast Map Submit Podcast Link to Us Contact