Send us a text In this episode, I will discuss three challenging areas where cybersecurity education is falling short in preparing students and professionals to succeed in the field.
Send us a text Today’s episode I will discuss a strategy to identify critical systems in your organization. The steps I will discuss today will make sure your program is objective and repeatable. The eBook mentioned in this podcast can be downloaded here: https://executive-cyber-education.mykajabi.com/risk-identification-ebook Thanks. Dr. B. https://execcybered.com/podcast-1
Send us a text Today’s episode we will discuss how to identify KRIs (key risk indicators). I’ll discuss a simple and effective way to do it; there seems to be a lot of confusion on what to measure and for a long time, subject matter experts believe we can’t measure Cybersecurity.
Send us a text Today’s episode, we will discuss “tail risk” and the impact it may have on organizations when it’s realized. Given our current environment, it seems entirely appropriate for us to have this meaningful discussion.
Send us a text Today’s episode we will discuss the popular risk formula, “Risk = Threat x Vulnerability x Consequence/Impact and its limitations to actually provide accurate information for a cybersecurity investment or tactical decision. I will be leveraging the “Risk Analysis and Management for Critical Asset Protection (RAMCAP) framework that was also used by the Department of Homeland Security.
Send us a text I will discuss “Threat Reports,” specifically eight 2019 reports; the 2019 data breach investigations report by Verizon; 2019 data breach investigations report (executive summary) by Verizon; 2019 annual report, state of cyber security by security in depth; cyber security report by darkmatter; Q2 2019 Cybersecurity threatscape by Positive Technologies; 2019 Cyber Security Risk Report by Aon; the 2019 global threat report by CrowdStrike; and cyber trendscape 2020 by fire...
Send us a text Today’s episode we will discuss a strategy to select controls to assess, this strategy can be used to select any controls for your assessment, as a framework for security control selection, this approach is standard or regulatory standard agnostic. The steps we will discuss today will make sure your control selection is objective and repeatable.
Send us a text Today’s episode we will discuss a strategy to select an environment to assess, this strategy can be used from your first assessment to developing an assessment calendar. The steps we will discuss today will make sure your assessment selection is objective and repeatable. Dr. B. www.execcybered.com
Send us a text In this episode, we discuss an overview of our cybersecurity risk and governance program. Here I'll discuss what we are trying to achieve in the next several podcasts. Starting from choosing an environment and business organizations to establishing a residual risk for your cybersecurity organization that you can trust. Our overview will touch on environment selection, security controls, control assessments, risk identification, and much more.
Send us a text There are six-step in a cybersecurity program assessment framework. I will discuss each step of the framework and how it will help you to achieve a comprehensive assessment. A cybersecurity program assessment is a process, that you will design to provide your company or department with a comprehensive review of the tools, processes they implemented, policies, standards, procedures, and practices in place at your organization. Dr. B. www.execcybered.com
Send us a text In this episode, I will dive into Continuous Threat Exposure Management (CTEM) and how it revolutionizes vulnerability prioritization. I discuss the essential steps—scoping, discovery, prioritization, validation, and mobilization—required for effective risk management. Learn how to align your security efforts with mission-based goals and leverage CTEM to protect your organization's critical assets. Gain insights into overcoming implementation challenges and the necessity of int...
Send us a text Understanding Impact Assessment in Cybersecurity: A Deep Dive In this video, I tackle the questions: Does impact assessment exist in cybersecurity, and how is it conducted? I break down the fundamental formula of cybersecurity risk, which includes threat, vulnerability, and impact. The different types of impact—financial, reputational, and operational—and how to classify them. Discover the importance of context in impact analysis across device-level, application-level, and org...
Send us a text It's a common, yet unsettling, scenario in cybersecurity risk assessment: discovering a crucial component was overlooked after an assessment is complete. The question often arises: "How do you handle missing risks in a risk assessment? What can you do in the situation, and how can you prevent this from happening again?" Let's unpack this compound query, focusing on mission-based cyber risk management and practical prevention strategies. Dr. B.
Send us a text As cybersecurity professionals, we often dive deep into the intricacies of networks, code, and vulnerabilities. We assume that identifying assets, scanning for weaknesses, and generating reports are the core of cybersecurity risk assessment. But if you've ever spent a day in a corporate environment, you know the biggest challenge isn't the technology; it's the people. Today, let's explore two critical points: how we got here and, more importantly, how we get out of it. Dr. B.&n...
Send us a text Cyber Asset Assessment: Understanding the Importance of Sampling In this episode, I dive into the crucial step of sampling in cyber asset assessment. Learn why sampling is essential, especially when dealing with large environments and limited resources. Discover the various types of sampling methods, including probability and non-probability sampling, and understand how to statistically correlate your sample size to the total population of your cyber assets. Perfect for anyone...
Send us a text In this episode, I dive into the essential first steps for a successful cybersecurity risk assessment. Unlike traditional methods, we emphasize the importance of aligning cyber protection with corporate objectives and mission-critical assets. Learn why it's crucial to go beyond regulatory requirements and how to accurately identify and cross-check your assets, from application servers to firewalls. Stay tuned for upcoming videos where we break down the comprehensive process for...
Send us a text How to Aggregate Vulnerability Risks Efficiently for Your IT Environment In this episode, we'll explore the comprehensive approach to scanning and evaluating the entire ecosystem of your application, including databases, firewalls, and routers. Discover a simple yet effective formula to aggregate the risks from hundreds of vulnerabilities and learn how to categorize these risks to support your corporate objectives and mission. This technique is especially useful for small to mi...
Send us a text President Trump Amends Cybersecurity Executive Orders: Key Impacts and Analysis In this episode, we delve into President Trump's recent amendments to Executive Orders 13694 and 14144, primarily focusing on enhancing national cybersecurity. We outline six key areas of impact, including specific threat identification, secure software development, post-quantum cryptography preparations, AI in cyber defense, modernizing federal systems, and defining scope in sanctions and applicati...
Send us a text Optimizing SIEM Storage Costs: Effective Logging Strategies Is storage really as cheap as people think? This episode delves into the true cost of storage in the context of Security Information and Event Management (SIEM) systems. We explore traditional logging practices and their impact on storage, especially with the rise of cloud computing and hybrid environments. The key focus is on identifying critical applications and underlying architectures to optimize logging processes...
Send us a text The Importance of Managerial Controls in Cybersecurity: Insights from 1978 In this episode of Doctor's Advice, Dr. B discusses the critical idea presented by Steward Madnick in 1978, emphasizing that computer security can't rely solely on technical measures. Dr. B explains how operational computer security requires managerial controls, such as policies, standards, and procedures. The conversation highlights the importance of prioritizing the protection of systems that align wit...
Chad Rourke
Vulners.com can be useful in a number of ways, especially for individuals and organizations that are responsible for managing and securing software and systems. Some specific ways in which Vulners.com can be useful include: Identifying vulnerabilities: Vulners.com can be used to search for known vulnerabilities in a wide range of products and services, making it easier to identify potential weaknesses in your systems and applications. Assessing risk: By reviewing the details of a vulnerability, you can use Vulners.com to assess the risk that it poses to your systems and determine whether it is worth addressing. Getting updates: Vulners.com provides updates on new vulnerabilities as they are discovered, so you can use it to stay informed about potential threats to your systems. Finding fixes: Many vulnerabilities have associated fixes or mitigations that can be used to address the issue. Vulners.com can help you find these fixes and determine the best course of action to take. Over