Artwork

内容由Chris Lindsey提供。所有播客内容(包括剧集、图形和播客描述)均由 Chris Lindsey 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal
Player FM -播客应用
使用Player FM应用程序离线!

Auditing Your Security Program

31:14
 
分享
 

Manage episode 449791359 series 3589650
内容由Chris Lindsey提供。所有播客内容(包括剧集、图形和播客描述)均由 Chris Lindsey 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal

In this episode of "Secrets of AppSec Champions," titled "Auditing Your Security Program," host Chris Lindsey converses with Roddy Bergeron, a cybersecurity fellow at SherWeb. They tackle several pressing topics in the realm of cybersecurity auditing, starting with the financial repercussions of poor data management. A friend's experience underscores the importance of sending condensed data rather than raw data to avoid increased cloud storage costs. This leads to a broader discussion about data lifecycle policies, retention, and the necessity of consulting legal teams to navigate varying regulatory requirements. They emphasize the importance of proper data integrity measures, like using tamper-proof formats and effective backup strategies such as the three, two, one methodology and worm media.
The conversation then shifts towards the evolving regulatory landscape, highlighting Cybersecurity Maturity Model Certification (CMMC) and its mandate for third-party auditors to certify companies accessing government contracts. Roddy underscores the benefits of external audits in identifying blind spots and ensuring compliance, a practice likened to the financial industry's audit requirements. He shares his rich background in government auditing, nonprofit work, and managed service providers, providing a nuanced perspective on the interconnected risks in IT environments. Roddy offers insights into key cybersecurity practices, stressing how external audits can mitigate risks, identified as crucial in a complex digital landscape.
The episode wraps up with a focus on the human element in cybersecurity. Roddy Bergeron emphasizes the need for emotional intelligence and continuous learning in incident response, pointing out that technical prowess alone is insufficient. He shares his hardest lesson: the necessity of prioritizing the human side of incident response, recognizing the profound impact of cybersecurity incidents on people's lives and careers. The conversation concludes with an invitation from Chris for listeners to subscribe and review the podcast, as they reflect on the importance of humility and ongoing improvement in the ever-evolving cybersecurity field.

Key TimeStamps:
00:00 Evolving Financial Regulations: A Varied Career Perspective
04:32 Importance of Comprehensive Auditing for Business Cybersecurity
07:43 The Impact of Interconnected Systems on Liability
10:32 The Significance of Purposeful Data Collection for Security
12:18 Maximizing Security Visibility without Overload
15:26 Effective Data Management for Businesses
19:23 The Impact of Cybersecurity Legislation and CMMC
24:23 Improving Risk Posture through Third-Party Assessments
28:10 The Crucial Role of Human Empathy in Incident Response
29:10 The Importance of Employee Care During Incidents

For more amazing application security information, please visit the following LinkedIn communities:
https://www.linkedin.com/company/appsec-hive

Provided by Mend.io (https://mend.io)

  continue reading

12集单集

Artwork
icon分享
 
Manage episode 449791359 series 3589650
内容由Chris Lindsey提供。所有播客内容(包括剧集、图形和播客描述)均由 Chris Lindsey 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal

In this episode of "Secrets of AppSec Champions," titled "Auditing Your Security Program," host Chris Lindsey converses with Roddy Bergeron, a cybersecurity fellow at SherWeb. They tackle several pressing topics in the realm of cybersecurity auditing, starting with the financial repercussions of poor data management. A friend's experience underscores the importance of sending condensed data rather than raw data to avoid increased cloud storage costs. This leads to a broader discussion about data lifecycle policies, retention, and the necessity of consulting legal teams to navigate varying regulatory requirements. They emphasize the importance of proper data integrity measures, like using tamper-proof formats and effective backup strategies such as the three, two, one methodology and worm media.
The conversation then shifts towards the evolving regulatory landscape, highlighting Cybersecurity Maturity Model Certification (CMMC) and its mandate for third-party auditors to certify companies accessing government contracts. Roddy underscores the benefits of external audits in identifying blind spots and ensuring compliance, a practice likened to the financial industry's audit requirements. He shares his rich background in government auditing, nonprofit work, and managed service providers, providing a nuanced perspective on the interconnected risks in IT environments. Roddy offers insights into key cybersecurity practices, stressing how external audits can mitigate risks, identified as crucial in a complex digital landscape.
The episode wraps up with a focus on the human element in cybersecurity. Roddy Bergeron emphasizes the need for emotional intelligence and continuous learning in incident response, pointing out that technical prowess alone is insufficient. He shares his hardest lesson: the necessity of prioritizing the human side of incident response, recognizing the profound impact of cybersecurity incidents on people's lives and careers. The conversation concludes with an invitation from Chris for listeners to subscribe and review the podcast, as they reflect on the importance of humility and ongoing improvement in the ever-evolving cybersecurity field.

Key TimeStamps:
00:00 Evolving Financial Regulations: A Varied Career Perspective
04:32 Importance of Comprehensive Auditing for Business Cybersecurity
07:43 The Impact of Interconnected Systems on Liability
10:32 The Significance of Purposeful Data Collection for Security
12:18 Maximizing Security Visibility without Overload
15:26 Effective Data Management for Businesses
19:23 The Impact of Cybersecurity Legislation and CMMC
24:23 Improving Risk Posture through Third-Party Assessments
28:10 The Crucial Role of Human Empathy in Incident Response
29:10 The Importance of Employee Care During Incidents

For more amazing application security information, please visit the following LinkedIn communities:
https://www.linkedin.com/company/appsec-hive

Provided by Mend.io (https://mend.io)

  continue reading

12集单集

所有剧集

×
 
Loading …

欢迎使用Player FM

Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。

 

快速参考指南

边探索边听这个节目
播放