This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Andy Willingham, Martin Fisher, Steve Ragan, Joseph Sokoly, and Yvette Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Andy Willingham, Martin Fisher, Steve Ragan, Joseph Sokoly, and Yvette Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to The Southern Fried Security Podcast
A free-ranging set of discussions on matters of interest to people involved in user experience design, website design, and usability in general.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Episode 95: Episode 203 - Evaluating Your Security Program: Threat Mapping
Archived series ("Inactive feed" status)
When?
This feed was archived on October 02, 2020 00:10 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 197973508 series 12330
Content provided by Andy Willingham, Martin Fisher, Steve Ragan, Joseph Sokoly, and Yvette Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Andy Willingham, Martin Fisher, Steve Ragan, Joseph Sokoly, and Yvette Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Show Notes
Episode 203 - Evaluating Your Security Program: Threat Mapping
- Why Evaluate Your Program
-
- Part of annual policy review
- If you don’t evaluate you will never improve
- Continual review will help protect your budget
- Awareness and Education is how most people in your org know the program
- Threat Mapping maps the outside threats to your inside controls & tech
- Communications is that final turn from the inside out
- Start At The Outside and Move Your Way In
- How is this different from threat modeling?
- Threat modeling is listing what could happen to you.
- Threat mapping is mapping the holes in your program.
- What is “Threat Mapping”?
- Must have a assessment management program
-
- you can’t protect what you don’t know about
- This isn’t “I have a CMDB”. It’s actually taking actions based on what you know about what you have
- Map assets to known threats
- industry
- entry points
- technology
- Online threat maps
- What are you doing to know this?
- What controls do you currently have in place to mitigate or reduce the risk?
- Understand what your “real” threats are
- Apps
- Infrastructure
- 3rd parties
- etc
- Scope and prioritize - break down into areas to tackle
- How To Get Started
- Scorecard (KRI)
-
- What is important and helpful
- Risk Registry
- How To Measure
- Use your risk registry or GRC tool to track progress and keep management updated. You need them onboard to improve.
- once you have some areas mapped don’t ignore them
- implement solid change control and change management processes
- keep risk scores updated so you aren’t focusing on unimportant things
- How To Improve/Modify
105 episodes
Share
Archived series ("Inactive feed" status)
When?
This feed was archived on October 02, 2020 00:10 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 197973508 series 12330
Content provided by Andy Willingham, Martin Fisher, Steve Ragan, Joseph Sokoly, and Yvette Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Andy Willingham, Martin Fisher, Steve Ragan, Joseph Sokoly, and Yvette Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Show Notes
Episode 203 - Evaluating Your Security Program: Threat Mapping
- Why Evaluate Your Program
-
- Part of annual policy review
- If you don’t evaluate you will never improve
- Continual review will help protect your budget
- Awareness and Education is how most people in your org know the program
- Threat Mapping maps the outside threats to your inside controls & tech
- Communications is that final turn from the inside out
- Start At The Outside and Move Your Way In
- How is this different from threat modeling?
- Threat modeling is listing what could happen to you.
- Threat mapping is mapping the holes in your program.
- What is “Threat Mapping”?
- Must have a assessment management program
-
- you can’t protect what you don’t know about
- This isn’t “I have a CMDB”. It’s actually taking actions based on what you know about what you have
- Map assets to known threats
- industry
- entry points
- technology
- Online threat maps
- What are you doing to know this?
- What controls do you currently have in place to mitigate or reduce the risk?
- Understand what your “real” threats are
- Apps
- Infrastructure
- 3rd parties
- etc
- Scope and prioritize - break down into areas to tackle
- How To Get Started
- Scorecard (KRI)
-
- What is important and helpful
- Risk Registry
- How To Measure
- Use your risk registry or GRC tool to track progress and keep management updated. You need them onboard to improve.
- once you have some areas mapped don’t ignore them
- implement solid change control and change management processes
- keep risk scores updated so you aren’t focusing on unimportant things
- How To Improve/Modify
105 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to The Southern Fried Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
A free-ranging set of discussions on matters of interest to people involved in user experience design, website design, and usability in general.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
It takes more than great code to be a great engineer. Soft Skills Engineering is a weekly advice podcast for software developers about the non-technical stuff that goes into being a great software developer.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
