Cybersecurity Sense

A Technology and Business podcast
 1 person rated this podcast

Episodes of Cybersecurity Sense

Mark All
Search Episodes...
Learn how a few members of the LBMC Information Security team got started in their careers, and what you should consider when going into the field. 
In this episode, Caryn Wooley joins us to discuss the Cybersecurity Maturity Model Certification (CMMC). Learn why the Department of Defense created the model to improve security for government contractors and subcontractors. Hear what you can do to start preparing for CMMC today.
Nancy Spizzo, Senior Manager at LBMC Information Security, joins Bill Dean to talk about HITRUST and the new LBMC Information Security HITRUST Guide being released later this fall. 
In this episode Bill Dean and Stewart Fey discuss penetration testing for PCI compliance. Learn about the differences between penetration testing and vulnerability assessments, and what is needed to meet requirements for PCI compliance.
In this episode Nancy Spizzo joins Bill Dean to discuss re-entry to the workplace. They'll discuss what items you should consider from a security and technology perspective as organizations plan to reopen their facilities. 
In this episode, Chelsea Smith talks with Bill Dean about the impact of remote work on IT audits during the COVID-19 pandemic. 
Zoom is soaring in popularity as a large population of remote workers are using it for video conferencing. With it's surging popularity, the platform's loose security protocols made it an easy target for hackers to take advantage and disrupt calls. "Zoombombing" allowed anyone to login to unprotected links to intrude on the calls often sharing lewd photos and videos. Listen to our most recent podcast to hear what you can do to use Zoom securely. 
In this episode, LBMC's cybersecurity experts discuss the topic of social engineering via phishing. Learn the difference in using phishing software solutions versus penetration testing services for your cybersecurity program.
LBMC Cybersecurity expert, Derek Rush, joins Bill Dean as they discuss the benefits and limitations of multi-factor authentication. 
The LBMC Information Security team recaps the 2019 HITRUST conference that was held in Texas in May. The team talks about the latest news on third-party assurance, HITRUST CSF adoption and controls implementation, SOC 2 + HITRUST, and the latest initiatives in the quality sub committee.
In this podcast, LBMC Information Security’s Mark Burnette offers a summary and perspective on the council’s insights—specifically addressing the three likely changes for the next version of the PCI DSS.
In this podcast, LBMC Information Security’s Bill Dean and John Dorling discuss some of the new tools available to help merchants who are trying to achieve PCI compliance.
2018 was one of the biggest years for data breaches to date, with more than 6,500 data breaches reported throughout the year. In this podcast, LBMC Information Security’s Bill Dean dives deeper into these recent data breach statistics and why it’s important to keep investing in the hard work involved with combating cyber-attacks to prevent data breaches in the days to come.
All companies are subject to opportunistic attacks, but do you know if you are subject to a targeted attack based on the data you generate or maintain? In this podcast, LBMC Information Security’s Bill Dean addresses this question while diving deeper into the key differences between targeted attacks and opportunistic attacks.
Since incident response issues are no longer just an IT issue and can often involve legal issues, it is important for organizations to develop an incident response team, seek outside expertise, and have an overall action plan in the event of an incident. In this podcast, LBMC Information Security’s Bill Dean discusses how a complex situation like incident response can be purely based on common sense.
In a previous podcast, we discussed purple-teaming as it compares to a conventional penetration test. Let’s now build on that approach, starting with the differences between attack simulation and conventional penetration tests. The methodology of attack simulation is the assumption that the network or a system will become compromised and the current controls will not prevent the infection. So, how does attack simulation differ from purple-teaming? With purple-teaming, everyone know what controls are being tested and when. The attack simulation is a bit different, asthe focus is the emulation of a specific attacker group and their methods of obtaining sensitive data. In this podcast, LBMC Information Security’s Bill Dean discusses attack simulation, or what some people label adversary simulation.
Most penetration testers are considered “red team,” while most defenders are considered “blue team.” Thus, the irony of a conventional penetration test is that these two groups are typically pitted against each other. When the red teams and blue teams are working together, you have what’s called a “purple team.” While purple-teaming has not always been a thing, it can be a win for both groups. Purple-teaming has now become somewhat of a buzzword. However, the effort behind it has great merit and value. In this podcast, LBMC Information Security’s Bill Dean helps purple-teaming, as well some of the benefits involved with the practice.
The EU’s General Data Protection Regulation (GDPR) permits users certain rights (referred to as “data subject access rights” or “DSARs” in the documentation) that organizations will need to be prepared to accommodate if they must comply with GDPR. For organizations to be prepared to respond, it’s important to have a clear understanding of DSARs before you risk consuming too much time, money, and resources in efforts to remain compliant. In this podcast, LBMC Information Security’s Drew Hendrickson shares some considerations for how to prepare and respond when a customer chooses to request action on one of their new rights under GDPR.
As organizations determine whether the E.U.’s General Data Protection Regulation (GDPR) is applicable to them, there are several important things to consider when it comes to compliance. Among those things involves preparing for and responding to personal data breaches which is not just a requirement of the GDPR; it’s a good business practice in general), data consent, and how you are protecting our data (like data pseudonymisation). With GDPR, personal data is defined a bit differently, which means there’s potentially much more data for organizations to protect. In this podcast, LBMC Information Security’s Drew Hendrickson highlights a list of things to consider when it comes to GDPR compliance.
As the May 25, 2018 GDPR enforcement date fast approaches, many organizations are asking, “How does the GDPR will apply to my organization?” As the GDPR extends to U.S. organizations that offer services to or monitor behaviors of E.U. citizens, it’s important to understand how to classify your organization’s data to determine GDPR applicability. While the GDPR presents new challenges for organizations storing or processing personal data, maintaining compliance with the proper guidance is essential. In this podcast, LBMC Information Security’s Drew Hendrickson explains GDPR, how it can apply to you, and why GDPR compliance matters.
The question is not, “Will your employees will get your company hacked?” but rather “When will your employees get your company hacked?” A recent article from HITECH Answers highlights this sad reality of human-error being the most common reason for a cyber intrusion and data compromise. So, while employee actions can circumvent most every security control you have invested in, security awareness training is critical to prevent your employees from being your number one risk. Users are often the last line in your cyber-defense efforts, and there is no patch for people wanting to be helpful or wanting to do the right thing. In this podcast, LBMC Information Security’s Bill Dean explains why ongoing employee security training is crucial to ensuring employees know how to spot a hacking attempt, ultimately protecting your organization from a potential cyber-attack. Listen, and discover these key takeaways:  Reasons why employees often do not realize how important they are to the process How not enabling multi-factor authentication on remote access to email allows hackers to easily access employee email accounts Why 91% of cyberattacks begin with a spear phishing email The importance of having strong passwords for employees Why backing up data is a must for protecting against cyber-attacks
In a recent report from Wombat Security Technologies based on data from millions of simulated phishing attacks, it was found that 76% of organizations said they experienced phishing attacks in 2017, and nearly half of information security professionals said that the rate of attacks increased from 2016 to 2017. F-Secure also recently released research data indicating that over one-third of security incidents start with phishing emails or malicious attachments sent to company employees. In this podcast, LBMC Information Security’s Bill Dean digs into these research findings and shares some reasons why training employees to spot phishing emails, messages, and pre-texting calls can’t be done just once or once a year. Listen, and discover these key takeaways: Fascinating new research findings about phishing attacks Reasons for training employees about phishing attacks on an ongoing basis Why it only takes one user to follow the link in a phishing email for your network to be compromised New approaches that may be implemented into our menu of phishing schemes
When cloud-managed security was first introduced, there was some concern about the levels of security as compared to the security of data on an organization’s premises. Today, security professionals have implemented the appropriate controls to help could-based data management be safe and effective. As many organizations are now embracing and migrating to the cloud, it is important to know the risks and proper controls associated with the movement. In this podcast from the Institute of Internal Audit meeting in Knoxville, LBMC Information Security’s Bill Dean and Sese Bennett discuss the effectiveness and concerns surrounding migrating to cloud-managed security measures and what organizations today should know. Listen, and discover these key takeaways: Why you should evaluate your current security frameworks and compare with cloud-managed controls A brief explanation of FedRAMP and FISMA Reasons to consider moving to cloud-managed security The potential risks associated with cloud frameworks if not implemented properly Why not to stop at the assessment phase
No matter the industry—government, healthcare, financial, or even smaller, mom-and-pop businesses—each deal with some type of sensitive customer information, and each has decisions to make when it comes to managing risk. Most security and audit frameworks (HIPAA, ISO, PCI, NIST, SOC 2, etc.) have requirements for risk assessment, making them one of the first things auditors or regulators ask for. Many companies are still using spreadsheets when it comes to performing risk assessments, which can be ineffective and insecure. Such a lack of functionality can keep a company from moving beyond assessment and into true risk management. In this podcast from the Institute of Internal Audit meeting in Knoxville, LBMC Information Security’s Bill Dean and Mark Fulford discuss the importance of risk management, including the effectiveness of risk assessments and how BALLAST can help organizations automate the risk assessment process. Listen, and discover these key takeaways: Understanding what’s important to your organization when it comes to managing risks Reasons to consider more targeted risk assessments Why you shouldn’t just do gap assessments How to automate the risk assessment process Why not to stop at the assessment phase
In the information security world, we all wish we had more access to senior executives. Following that logic, if you’re responsible for security at your organization, and you are lucky enough to ride on the same elevator with a senior executive from your company, you should be prepared with your “elevator pitch” on what to say about improving the cybersecurity posture of the organization. When asked, you want to have your message fine-tuned and be able to communicate it clearly and succinctly (before the elevator reaches the parking garage).  In this podcast, LBMC Information Security’s Mark Burnette discusses his elevator pitch to President Donald Trump with podcast host Bill Dean. While Mark hasn’t ridden on an elevator with the President, he doesn’t let that stop him from finding a way to articulate what the President should be doing to address cybersecurity issues at the federal level.  Listen, and discover these key takeaways: Reasons cybersecurity initiatives at the federal government level are important Former and current administration actions on cybersecurity Reasons for establishing a national cybersecurity advisory committee The need for enforcing existing cybersecurity laws Why the ease and proliferation of cyber-attacks is too much to ignore
Rate Podcast

Share This Podcast

Recommendation sent

Join Podchaser to...

  • Rate podcasts and episodes
  • Follow podcasts and creators
  • Create podcast and episode lists
  • & much more

Podcast Details

Created by
Karen Griffin
Podcast Status
Potentially Inactive
Jul 26th, 2017
Latest Episode
Oct 21st, 2020
Release Period
Avg. Episode Length
13 minutes

Podcast Tags

Do you host or manage this podcast?
Claim and edit this page to your liking.
Are we missing an episode or update?
Use this to check the RSS feed immediately.