http://www.cert.org/podcast en-us Fresh discussions on the importance of security within organizations CERT no In this series of podcasts, CERT provides both general principles and specific starting points for business leaders who want to launch an enterprise-wide security effort or make sure their existing security program is as good as it can be. CERT podcast@cert.org Ron Ross http://www.cert.org/podcast/mp3/2/20120424ross-full.mp3 http://www.cert.org/podcast/mp3/20120424ross-full.mp3> Security controls, including those for insider threat, are the safeguards necessary to protect information and information systems. Tue, 24 Apr 2012 10:56:37 -0400 28:09 Martin Sebor http://www.cert.org/podcast/mp3/2/20120228sebor-full.mp3 http://www.cert.org/podcast/mp3/20120228sebor-full.mp3> Implementing secure coding standards to reduce the number of vulnerabilities that can escape into operational systems is a sound business decision. Tue, 28 Feb 2012 13:51:04 -0500 24:40 Dennis Allen http://www.cert.org/podcast/mp3/2/20120131allen2-full.mp3 http://www.cert.org/podcast/mp3/20120131allen2-full.mp3> Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors. Tue, 31 Jan 2012 13:12:32 -0500 25:35 Deborah Lafky http://www.cert.org/podcast/mp3/2/20111220lafky-full.mp3 http://www.cert.org/podcast/mp3/20111220lafky-full.mp3> Electronic health records bring many benefits along with security and privacy challenges. Tue, 20 Dec 2011 13:26:02 -0500 28:26 Julia Allen http://www.cert.org/podcast/mp3/2/20111004allen-full.mp3 http://www.cert.org/podcast/mp3/20111004allen-full.mp3> Measures of operational resilience should answer key questions, inform decisions, and affect behavior. Tue, 04 Oct 2011 11:48:44 -0400 25:31 Alex Nicoll http://www.cert.org/podcast/mp3/2/20110906nicoll-full.mp3 http://www.cert.org/podcast/mp3/20110906nicoll-full.mp3> Use of Domain Name System security extensions can help prevent website hijacking attacks. Tue, 06 Sep 2011 12:41:48 -0400 20:50 Jonathan Spring http://www.cert.org/podcast/mp3/2/20110802spring-full.mp3 http://www.cert.org/podcast/mp3/20110802spring-full.mp3> Depending on the service model, cloud providers and customers can monitor and implement controls to better protect their sensitive information. Tue, 02 Aug 2011 10:43:13 -0400 19:18 Jeff Gennari http://www.cert.org/podcast/mp3/2/20110712gennari-full.mp3 http://www.cert.org/podcast/mp3/20110712gennari-full.mp3> Analyzing malware is essential to assess the damage and reduce the impact associated with ongoing infection. Tue, 12 Jul 2011 11:31:09 -0400 24:46 David White http://www.cert.org/podcast/mp3/2/20110505white-full.mp3 http://www.cert.org/podcast/mp3/20110505white-full.mp3> Over 100 electric power utilities are accelerating their transformation to the smart grid by using the Smart Grid Maturity Model. Thu, 05 May 2011 12:37:22 -0400 29:40 Ron Ross http://www.cert.org/podcast/mp3/2/20110329ross-full.mp3 http://www.cert.org/podcast/mp3/20110329ross-full.mp3> BuBusiness l leaders must address risk at the enterprise, business process, and system levels to effectively protect against today's and tomorrow's threats. Tue, 29 Mar 2011 16:15:04 -0400 28:05 Brett Lambo http://www.cert.org/podcast/mp3/2/20110222lambo-full.mp3 http://www.cert.org/podcast/mp3/20110222lambo-full.mp3> Scenario-based exercises help organizations, governments, and nations prepare for, identify, and mitigate cyber risks. Tue, 22 Feb 2011 15:31:12 -0500 23:14 Michael Hanley http://www.cert.org/podcast/mp3/2/20110125hanley-full.mp3 http://www.cert.org/podcast/mp3/20110125hanley-full.mp3> Technical controls may be effective in helping prevent, detect, and respond to insider crimes. Tue, 25 Jan 2011 11:27:39 -0500 23:25 Rich Caralli http://www.cert.org/podcast/mp3/2/20101209caralli-full.mp3 http://www.cert.org/podcast/mp3/20101209caralli-full.mp3> Use the CERT Resilience Management Model (CERT-RMM) to help ensure that critical assets and services perform as expected in the face of stress and disruption. Thu, 09 Dec 2010 13:27:23 -0500 39:01 Sam Merrell http://www.cert.org/podcast/mp3/2/20101130merrell-full.mp3 http://www.cert.org/podcast/mp3/20101130merrell-full.mp3> Government agencies and private industry must build effective partnerships to secure national critical infrastructures. Tue, 30 Nov 2010 13:50:00 -0500 31:23 Nancy Mead http://www.cert.org/podcast/mp3/2/20101026mead-full.mp3 http://www.cert.org/podcast/mp3/20101026mead-full.mp3> Knowledge about software assurance is essential to ensure that complex systems function as intended. Tue, 26 Oct 2010 13:27:43 -0400 34:36 Gary McGraw http://www.cert.org/podcast/mp3/2/20100928mcgraw-full.mp3 http://www.cert.org/podcast/mp3/20100928mcgraw-full.mp3> Organizations can benchmark their software security practices against 109 observed activities from 30 organizations. Tue, 28 Sep 2010 10:31:31 -0400 29:26 Jonathan Frederick http://www.cert.org/podcast/mp3/2/20100831frederick-full.mp3 http://www.cert.org/podcast/mp3/20100831frederick-full.mp3> Internet-connected mobile devices are becoming increasingly attractive targets. Tue, 31 Aug 2010 10:52:04 -0400 26:14 John Haller http://www.cert.org/podcast/mp3/2/20100819haller-full.mp3 http://www.cert.org/podcast/mp3/20100819haller-full.mp3> A national CSIRT is essential for protecting national and economic security, and ensuring the continuity of government agencies and critical infrastructures. Thu, 19 Aug 2010 08:10:25 -0400 27:55 Art Manion http://www.cert.org/podcast/mp3/2/20100727manion-full.mp3 http://www.cert.org/podcast/mp3/20100727manion-full.mp3> Securing systems that control physical switches, valves, pumps, meters, and manufacturing lines as these systems connect to the internet is critical for service continuity. Tue, 27 Jul 2010 10:32:02 -0400 23:08 Kevin Moore http://www.cert.org/podcast/mp3/2/20100629kmoore-full.mp3 http://www.cert.org/podcast/mp3/20100629kmoore-full.mp3> Complex, distributed, multi-year investigations of computer crimes require sophisticated methods, techniques, and tools. Tue, 29 Jun 2010 10:34:31 -0400 35:13 Will Dormann http://www.cert.org/podcast/mp3/2/20100525dormann-full.mp3 http://www.cert.org/podcast/mp3/20100525dormann-full.mp3> To help identify and eliminate security vulnerabilities, subject all software that you build and buy to fuzz testing. Tue, 25 May 2010 14:18:39 -0400 26:01 Chad Dougherty http://www.cert.org/podcast/mp3/2/20100427dougherty-full.mp3 http://www.cert.org/podcast/mp3/20100427dougherty-full.mp3> Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses. Tue, 27 Apr 2010 10:14:14 -0400 19:01 Matthew Meyer http://www.cert.org/podcast/mp3/2/20100330meyer-full.mp3 http://www.cert.org/podcast/mp3/20100330meyer-full.mp3> Being able to respond effectively when faced with a disruptive event requires that staff members learn to become more resilient. Tue, 30 Mar 2010 10:39:24 -0400 25:31 Pravir Chandra http://www.cert.org/podcast/mp3/2/20100302chandra-full.mp3 http://www.cert.org/podcast/mp3/20100302chandra-full.mp3> CISOs must leave no room for anyone to deny that they understand what is expected of them when developing secure software. Tue, 02 Mar 2010 09:37:05 -0500 26:55 Kristopher Rush http://www.cert.org/podcast/mp3/2/20100202rush-full.mp3 http://www.cert.org/podcast/mp3/20100202rush-full.mp3> Students learn how to combine multiple facets of digital forensics and draw conclusions to support full-scale investigations. Tue, 02 Feb 2010 09:12:08 -0500 24:45 Ray Jones http://www.cert.org/podcast/mp3/2/20100112jones-full.mp3 http://www.cert.org/podcast/mp3/20100112jones-full.mp3> The SGMM provides a roadmap to guide an organization's transformation to the smart grid. Tue, 12 Jan 2010 09:47:58 -0500 25:55 Ralph Hood http://www.cert.org/podcast/mp3/2/20091222hood-full.mp3 http://www.cert.org/podcast/mp3/20091222hood-full.mp3> Addressing privacy during software development is just as important as addressing security. Tue, 22 Dec 2009 09:36:04 -0500 17:27 Timothy Shimeall http://www.cert.org/podcast/mp3/2/20091201shimeall-full.mp3 http://www.cert.org/podcast/mp3/20091201shimeall-full.mp3> Network defenders and business leaders can use NetSA measures and evidence to better protect their networks. Tue, 01 Dec 2009 09:42:22 -0500 22:00 Gary Daniels http://www.cert.org/podcast/mp3/2/20091110daniels-full.mp3 http://www.cert.org/podcast/mp3/20091110daniels-full.mp3> Providing critical services during times of stress depends on documented, tested business continuity plans. Tue, 10 Nov 2009 10:17:41 -0500 21:22 David White http://www.cert.org/podcast/mp3/2/20091020white-full.mp3 http://www.cert.org/podcast/mp3/20091020white-full.mp3> A defined, managed process for third party relationships is essential, particularly when business is disrupted. Tue, 20 Oct 2009 14:44:42 -0400 27:07 James Stevens http://www.cert.org/podcast/mp3/2/20090929stevens-full.mp3 http://www.cert.org/podcast/mp3/20090929stevens-full.mp3> The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. Tue, 29 Sep 2009 10:23:08 -0400 20:15 Robert Charette http://www.cert.org/podcast/mp3/2/20090908charette-full.mp3 http://www.cert.org/podcast/mp3/20090908charette-full.mp3> Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. Tue, 08 Sep 2009 10:46:07 -0400 26:01 Dawn Cappelli http://www.cert.org/podcast/mp3/2/20090818cappelli-full.mp3 http://www.cert.org/podcast/mp3/20090818cappelli-full.mp3> Preventing and detecting insider threat is greatly improved by implementing 16 best practices based on 282 cases. Tue, 18 Aug 2009 11:08:53 -0400 36:21 Derek Gabbard http://www.cert.org/podcast/mp3/2/20090728gabbard-full.mp3 http://www.cert.org/podcast/mp3/20090728gabbard-full.mp3> Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Tue, 28 Jul 2009 09:51:58 -0400 29:33 Chris Alberts http://www.cert.org/podcast/mp3/2/20090707alberts-full.mp3 http://www.cert.org/podcast/mp3/20090707alberts-full.mp3> Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. Tue, 07 Jul 2009 12:23:43 -0400 29:36 Tim Mather http://www.cert.org/podcast/mp3/2/20090616mather-full.mp3 http://www.cert.org/podcast/mp3/20090616mather-full.mp3> When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. Tue, 16 Jun 2009 10:31:19 -0400 27:40 Marty Lindner http://www.cert.org/podcast/mp3/2/20090526lindner-full.mp3 http://www.cert.org/podcast/mp3/20090526lindner-full.mp3> Business leaders need to take action to better mitigate sophisticated social engineering attacks. Tue, 26 May 2009 10:16:34 -0400 20:40 Robert Charette http://www.cert.org/podcast/mp3/2/20090505charette-full.mp3 http://www.cert.org/podcast/mp3/20090505charette-full.mp3> Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. Tue, 05 May 2009 09:46:59 -0400 20:21 Rodney Petersen http://www.cert.org/podcast/mp3/2/20090414petersen-full.mp3 http://www.cert.org/podcast/mp3/20090414petersen-full.mp3> Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Tue, 14 Apr 2009 09:24:12 -0400 20:13 Gary McGraw http://www.cert.org/podcast/mp3/2/20090331mcgraw-full.mp3 http://www.cert.org/podcast/mp3/20090331mcgraw-full.mp3> Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Tue, 31 Mar 2009 14:06:33 -0400 21:48 Robert Seacord http://www.cert.org/podcast/mp3/2/20090317seacord-full.mp3 http://www.cert.org/podcast/mp3/20090317seacord-full.mp3> Requiring secure coding practices when building of Tue, 17 Mar 2009 10:38:38 -0400 20:02 Roland Cloutier http://www.cert.org/podcast/mp3/2/20090303cloutier-full.mp3 http://www.cert.org/podcast/mp3/20090303cloutier-full.mp3> Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. Tue, 03 Mar 2009 10:24:41 -0500 23:53 Chris May http://www.cert.org/podcast/mp3/2/20090217may-full.mp3 http://www.cert.org/podcast/mp3/20090217may-full.mp3> Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. Tue, 17 Feb 2009 11:00:34 -0500 22:55 Brian Chess http://www.cert.org/podcast/mp3/2/20090203chess-full.mp3 http://www.cert.org/podcast/mp3/20090203chess-full.mp3> Standard, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. Tue, 03 Feb 2009 10:58:03 -0500 25:52 Rich Pethia http://www.cert.org/podcast/mp3/2/20090120pethia-full.mp3 http://www.cert.org/podcast/mp3/20090120pethia-full.mp3> Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Tue, 20 Jan 2009 10:44:14 -0500 17:32 John Christiansen http://www.cert.org/podcast/mp3/2/20090106christiansen-full.mp3 http://www.cert.org/podcast/mp3/20090106christiansen-full.mp3> Being able to effectively respond to e-discovery requests depends on well-defined, enatcted policies, procedures, and processes. Tue, 06 Jan 2009 11:22:14 -0500 25:44 Richard Power http://www.cert.org/podcast/mp3/2/20081209power-full.mp3 http://www.cert.org/podcast/mp3/20081209power-full.mp3> Climate change requires new strategies for dealing with traditional IT and information security risks. Tue, 09 Dec 2008 10:37:35 -0500 23:44 James Wrubel http://www.cert.org/podcast/mp3/2/20081125wrubel-full.mp3 http://www.cert.org/podcast/mp3/20081125wrubel-full.mp3> Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. Tue, 25 Nov 2008 14:52:26 -0500 26:38 David Matthews http://www.cert.org/podcast/mp3/2/20081111matthews-full.mp3 http://www.cert.org/podcast/mp3/20081111matthews-full.mp3> Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Tue, 11 Nov 2008 10:05:05 -0500 25:33 Jennifer Bayuk http://www.cert.org/podcast/mp3/2/20081028bayuk-full.mp3 http://www.cert.org/podcast/mp3/20081028bayuk-full.mp3> A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. Tue, 28 Oct 2008 12:08:48 -0400 21:28 Jan Wolynski http://www.cert.org/podcast/mp3/2/20081014wolynski-full.mp3 http://www.cert.org/podcast/mp3/20081014wolynski-full.mp3> When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. Tue, 14 Oct 2008 10:56:54 -0400 18:05 Mary Ann Davidson http://www.cert.org/podcast/mp3/2/20080930davidson-full.mp3 http://www.cert.org/podcast/mp3/20080930davidson-full.mp3> Integrating security into university curricula is one of the key solutions to developing more secure software. Tue, 30 Sep 2008 15:20:45 -0400 23:21 Lisa Young http://www.cert.org/podcast/mp3/2/20080916young-full.mp3 http://www.cert.org/podcast/mp3/20080916young-full.mp3> OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. Tue, 16 Sep 2008 10:17:33 -0400 18:09 Clint Kreitner http://www.cert.org/podcast/mp3/2/20080902kreitner-full.mp3 http://www.cert.org/podcast/mp3/20080902kreitner-full.mp3> Well-defined metrics are essential to determine which security practices are worth the investment. Tue, 02 Sep 2008 10:11:12 -0400 18:49 Gary McGraw http://www.cert.org/podcast/mp3/2/20080820mcgraw-full.mp3 http://www.cert.org/podcast/mp3/20080820mcgraw-full.mp3> Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Wed, 20 Aug 2008 09:48:58 -0400 20:01 Bradford Willke http://www.cert.org/podcast/mp3/2/20080805willke-full.mp3 http://www.cert.org/podcast/mp3/20080805willke-full.mp3> Protecting critical infrastructures and the information they use are essential for preserving our way of life. Tue, 05 Aug 2008 13:14:01 -0400 22:12 Art Manion http://www.cert.org/podcast/mp3/2/20080722manion-full.mp3 http://www.cert.org/podcast/mp3/20080722manion-full.mp3> Determining which security vulnerabilities to address should be based on the importance of the information asset. Tue, 22 Jul 2008 11:37:06 -0400 23:27 Nancy Mead http://www.cert.org/podcast/mp3/2/20080708mead-full.mp3 http://www.cert.org/podcast/mp3/20080708mead-full.mp3> During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Tue, 08 Jul 2008 10:49:09 -0400 22:57 Paul Love http://www.cert.org/podcast/mp3/2/20080624love-full.mp3 http://www.cert.org/podcast/mp3/20080624love-full.mp3> Targeted, innovative communications and a robust life cycle are keys for security policy success. Tue, 24 Jun 2008 10:47:32 -0400 24:17 Brian Gallagher http://www.cert.org/podcast/mp3/2/20080610gallagher-full.mp3 http://www.cert.org/podcast/mp3/20080610gallagher-full.mp3> Managing software that is developed by an outside organization can be more challenging than building it yourself. Tue, 10 Jun 2008 11:12:49 -0400 21:11 Julia Allen http://www.cert.org/podcast/mp3/2/20080527allen-full.mp3 http://www.cert.org/podcast/mp3/20080527allen-full.mp3> Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Tue, 27 May 2008 11:47:16 -0400 16:43 Gene Kim http://www.cert.org/podcast/mp3/2/20080513kim-full.mp3 http://www.cert.org/podcast/mp3/20080513kim-full.mp3> High performing organizations effectively integrate information security controls into mainstream IT operational processes. Tue, 13 May 2008 11:02:16 -0400 24:39 Gary Hinson http://www.cert.org/podcast/mp3/2/20080429hinson-full.mp3 http://www.cert.org/podcast/mp3/20080429hinson-full.mp3> Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. Tue, 29 Apr 2008 14:27:50 -0400 23:33 Betsy Nichols http://www.cert.org/podcast/mp3/2/20080415nichols-full.mp3 http://www.cert.org/podcast/mp3/20080415nichols-full.mp3> Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Tue, 15 Apr 2008 12:42:50 -0400 20:07 Kim Hargraves http://www.cert.org/podcast/mp3/2/20080401hargraves-full.mp3 http://www.cert.org/podcast/mp3/20080401hargraves-full.mp3> Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Tue, 01 Apr 2008 12:35:48 -0400 22:12 Sam Merrell http://www.cert.org/podcast/mp3/2/20080318merrell-full.mp3 http://www.cert.org/podcast/mp3/20080318merrell-full.mp3> A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. Tue, 18 Mar 2008 09:54:13 -0400 12:04 Dawn Cappelli http://www.cert.org/podcast/mp3/2/20080304cappelli-full.mp3 http://www.cert.org/podcast/mp3/20080304cappelli-full.mp3> Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. Tue, 04 Mar 2008 10:21:53 -0500 23:33 Nicholas Ianelli http://www.cert.org/podcast/mp3/2/20080219ianelli-full.mp3 http://www.cert.org/podcast/mp3/20080219ianelli-full.mp3> Business leaders need to understand the risks to their organizations caused by the proliferation of botnets. Tue, 19 Feb 2008 11:15:36 -0500 20:33 Betsy Nichols http://www.cert.org/podcast/mp3/2/20080205nichols-full.mp3 http://www.cert.org/podcast/mp3/20080205nichols-full.mp3> Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Tue, 05 Feb 2008 10:44:57 -0500 22:33 M. Eric Johnson http://www.cert.org/podcast/mp3/2/20080122johnson-full.mp3 http://www.cert.org/podcast/mp3/20080122johnson-full.mp3> Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. Tue, 22 Jan 2008 10:12:16 -0500 20:13 Tom Smedinghoff http://www.cert.org/podcast/mp3/2/20080108smedinghoff-full.mp3 http://www.cert.org/podcast/mp3/20080108smedinghoff-full.mp3> Directors and senior executives are personally accountable for protecting information entrusted to their care. Tue, 08 Jan 2008 10:17:09 -0500 21:53 Dan Swanson http://www.cert.org/podcast/mp3/2/20071210swanson-full.mp3 http://www.cert.org/podcast/mp3/20071210swanson-full.mp3> Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there. Mon, 10 Dec 2007 22:16:22 -0500 14:25 Sean Beggs http://www.cert.org/podcast/mp3/2/20071127beggs-full.mp3 http://www.cert.org/podcast/mp3/20071127beggs-full.mp3> Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees? Tue, 27 Nov 2007 12:10:19 -0500 18:29 Bill Wilson http://www.cert.org/podcast/mp3/2/20071113wilson-full.mp3 http://www.cert.org/podcast/mp3/20071113wilson-full.mp3> Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome. Tue, 13 Nov 2007 12:03:01 -0500 26:17 Cal Waits http://www.cert.org/podcast/mp3/2/20071030waits-full.mp3 http://www.cert.org/podcast/mp3/20071030waits-full.mp3> Business Leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations. Tue, 30 Oct 2007 11:50:34 -0400 12:21 Scott Dynes http://www.cert.org/podcast/mp3/2/20071016dynes-full.mp3 http://www.cert.org/podcast/mp3/20071016dynes-full.mp3> A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders. Tue, 16 Oct 2007 11:02:38 -0400 24:33 Lisa Young http://www.cert.org/podcast/mp3/2/20071015young-full.mp3 http://www.cert.org/podcast/mp3/20071015young-full.mp3> By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their organizations stand up to known and unknown threats. Mon, 15 Oct 2007 15:42:04 -0400 18:23 G. Newby, S. Losi http://www.cert.org/podcast/mp3/2/28Newby.mp3 http://www.cert.org/podcast/mp3/2/28Newby.mp3 It's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort. Tue, 18 Sep 2007 11:30:00 -0400 27:14 P. Morrison, B. Boni, J. Allen http://www.cert.org/podcast/mp3/2/27MorrisonBoni.mp3 http://www.cert.org/podcast/mp3/2/27MorrisonBoni.mp3 Given that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution. Tue, 04 Sep 2007 15:45:00 -0400 26:20 J. Carpenter, J. Allen http://www.cert.org/podcast/mp3/2/26Carpenter.mp3 http://www.cert.org/podcast/mp3/2/26Carpenter.mp3 Business leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope. Tue, 21 Aug 2007 11:45:00 -0400 22:18 C. Kreitner, J. Allen http://www.cert.org/podcast/mp3/2/25Kreitner.mp3 http://www.cert.org/podcast/mp3/2/25Kreitner.mp3 Information security costs can be significantly reduced by enforcing standard configurations for widely deployed systems. Tue, 07 Aug 2007 11:30:00 -0400 25:08 P. Fusco, W. Pollak http://www.cert.org/podcast/mp3/2/24Fusco.mp3 http://www.cert.org/podcast/mp3/2/24Fusco.mp3 Security is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business. Tue, 24 Jul 2007 15:30:00 -0400 20:26 W. Wilson, J. Allen http://www.cert.org/podcast/mp3/2/23WilsonAllen.mp3 http://www.cert.org/podcast/mp3/2/23WilsonAllen.mp3 Business leaders can use international standards to create a business- and risk-based information security program. Tue, 10 Jul 2007 11:30:00 -0400 27:51 J. Allen, S. Losi http://www.cert.org/podcast/mp3/2/22LosiAllen.mp3 http://www.cert.org/podcast/mp3/2/22LosiAllen.mp3 Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities. Tue, 26 Jun 2007 11:30:00 -0400 19:23 B. Crowell, B. Contos http://www.cert.org/podcast/mp3/2/21CrowellContos.mp3 http://www.cert.org/podcast/mp3/2/21CrowellContos.mp3 Deploying common solutions for physical and IT security is a cost-effective way to reduce risk and save money. Tue, 12 Jun 2007 11:30:00 -0400 28:43 S. Huth http://www.cert.org/podcast/mp3/2/20HuthKalinowski.mp3 http://www.cert.org/podcast/mp3/2/20HuthKalinowski.mp3 Organizations occasionally may need to redefine their IT infrastructures - but to succeed, they must be prepared to handle tricky situations. Tue, 29 May 2007 10:30:00 -0400 22:33 S. Ganow http://www.cert.org/podcast/mp3/2/19Ganow.mp3 http://www.cert.org/podcast/mp3/2/19Ganow.mp3 As the legal compliance landscape grows increasingly complex, de-identification can help organizations share data more securely. Tue, 15 May 2007 10:30:00 -0400 31:24 R. Caralli http://www.cert.org/podcast/mp3/2/18Caralli.mp3 http://www.cert.org/podcast/mp3/2/18Caralli.mp3 Business leaders need to ensure that their organizations can keep critical business processes and services up and running in the face of the unexpected. Tue, 1 May 2007 10:30:00 -0400 24:44 R. Nolan http://www.cert.org/podcast/mp3/2/17Nolan.mp3 http://www.cert.org/podcast/mp3/2/17Nolan.mp3 Computer forensics is often overlooked when planning an incident response strategy; however, it is a critical part of incident response, and business leaders need to understand how to tackle it. Tue, 17 Apr 2007 10:30:00 -0400 16:31 G. Killcrece http://www.cert.org/podcast/mp3/2/16KillcreceRuefle.mp3 http://www.cert.org/podcast/mp3/2/16KillcreceRuefle.mp3 Incident management is not just about technical response. It is a cross-enterprise effort that requires good communication and informed risk management. Tue, 3 Apr 2007 10:30:00 -0400 21:16 J. Westby http://www.cert.org/podcast/mp3/2/15Westby.mp3 http://www.cert.org/podcast/mp3/2/15Westby.mp3 Business leaders, including legal counsel, need to understand how to tackle complex security issues for a global enterprise. Tue, 20 Mar 2007 10:30:00 -0400 25:55 L. Rogers http://www.cert.org/podcast/mp3/2/14Rogers.mp3 http://www.cert.org/podcast/mp3/2/14Rogers.mp3 System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. Tue, 6 Mar 2007 10:30:00 -0400 17:51 K. Kimberland http://www.cert.org/podcast/mp3/2/13Kimberland.mp3 http://www.cert.org/podcast/mp3/2/13Kimberland.mp3 Business leaders need to be prepared to communicate with the media and their staff during a high-profile security incident or crisis. Tue, 20 Feb 2007 10:30:00 -0400 13:41 C. Alberts http://www.cert.org/podcast/mp3/2/12Alberts.mp3 http://www.cert.org/podcast/mp3/2/12Alberts.mp3 Analysis tools are needed for assessing complex organizational and technological issues that are well beyond traditional approaches. Tue, 6 Feb 2007 10:30:00 -0400 17:48 A. Acquisti http://www.cert.org/podcast/mp3/2/11Acquisti.mp3 http://www.cert.org/podcast/mp3/2/11Acquisti.mp3 A trend toward more and more data disclosure, as seen in online social networks, may be causing users to become desensitized to privacy breaches in general. Tue, 23 Jan 2007 10:30:00 -0400 17:41 B. Laswell http://www.cert.org/podcast/mp3/2/10Laswell.mp3 http://www.cert.org/podcast/mp3/2/10Laswell.mp3 Practical specifications and guidelines now exist that define necessary knowledge, skills, and competencies for staff members in a range of security positions - from practitioners to managers. Tue, 9 Jan 2007 10:30:00 -0400 21:55 K. Rush http://www.cert.org/podcast/mp3/2/9Rush.mp3 http://www.cert.org/podcast/mp3/2/9Rush.mp3 Defense-in-Depth is one path toward enterprise resilience - the ability to withstand threats and failures. The foundational aspects of compliance management and risk management serve as stepping-stones to and supports for other, more technical aspects. Tue, 19 Dec 2006 10:30:00 -0400 15:43 T. Longstaff http://www.cert.org/podcast/mp3/2/8Longstaff.mp3 http://www.cert.org/podcast/mp3/2/8Longstaff.mp3 Business models are evolving. This has challenging implications as security threats become more covert and technologies facilitate information migration. Tue, 12 Dec 2006 10:30:00 -0400 21:39 D. Cappelli http://www.cert.org/podcast/mp3/2/7Cappelli.mp3 http://www.cert.org/podcast/mp3/2/7Cappelli.mp3 The threat of attack from insiders is real and substantial. Insiders have a significant advantage over others who might want to harm an organization. Tue, 28 Nov 2006 10:30:00 -0400 27:08 G. Kim http://www.cert.org/podcast/mp3/2/6Losi_Kim.mp3 http://www.cert.org/podcast/mp3/2/6Losi_Kim.mp3 In a recent survey of organizations' security posture, one factor separated high performers from the rest of the pack: change management. Tue, 14 Nov 2006 10:30:00 -0400 18:37 R. Pethia http://www.cert.org/podcast/mp3/2/5Pethia_Discussion.mp3 http://www.cert.org/podcast/mp3/2/5Pethia_Discussion.mp3 Learn more about the future of CERT and Rich Pethia's view of the Internet security landscape. Tue, 31 Oct 2006 10:30:00 -0400 23:34 J. Allen http://www.cert.org/podcast/mp3/2/1Why_Leaders_Should_Care_About_Security.mp3 http://www.cert.org/podcast/mp3/2/1Why_Leaders_Should_Care_About_Security.mp3 Leaders need to be security conscious and to treat adequate security as a non-negotiable requirement of being in business. Tue, 17 Oct 2006 12:58:20 -0400 17:52 S. Losi http://www.cert.org/podcast/mp3/2/2The_ROI_of_Security.mp3 http://www.cert.org/podcast/mp3/2/2The_ROI_of_Security.mp3 ROI is a useful tool because it enables comparison among investments in a consistent way. Tue, 17 Oct 2006 12:58:20 -0400 21:19 M. Lindner http://www.cert.org/podcast/mp3/2/3Proactive_Remedies_for_Rising_Threats.mp3 http://www.cert.org/podcast/mp3/2/3Proactive_Remedies_for_Rising_Threats.mp3 Threats to information security are increasingly stealthy, but they are on the rise and must be mitigated through sound policy and strategy. Tue, 17 Oct 2006 12:58:20 -0400 19:32 J. Allen http://www.cert.org/podcast/mp3/2/4Compliance_vs_Buy-In.mp3 http://www.cert.org/podcast/mp3/2/4Compliance_vs_Buy-In.mp3 Integrating security into standard business operating processes and procedures is more effective than treating security as a compliance exercise. Tue, 17 Oct 2006 12:58:20 -0400 8:41