This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Advanced Persistent Security
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Critical Security Controls: Part 1 (with Brian Ventura)
Archived series ("Inactive feed" status)
When?
This feed was archived on July 28, 2021 12:26 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 164022671 series 173009
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Critical Security Controls: Part 1 (with Brian Ventura) (WITH BRIAN VENTURA)
ADVANCED PERSISTENT SECURITY PODCAST
EPISODE 23
GUEST: BRIAN VENTURA
October 24, 2016
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
NOTE: This series was originally intended to be a single episode. Because we recorded in excess of three hours of content, we decided (after the fact) to split this into 2 episodes.
Critical Security Controls: Part 1 SHOW NOTES
PART 1
We talk about National Cyber Security Awareness Month (NCSAM) and some of the initiatives that we have observed to work and not work as well as what some organizations are doing to help. We touch on what the SANS and Center for Internet Security (CIS) Critical Security Controls (Formerly SANS Top 20) are. We then compare and contrast them briefly to other lists, like the Australian Signals Directorate 35 Strategies to Mitigate Cyber Intrusions, Cloud Security Alliance (CSA) Treacherous 12, Open Web Application Security Project (OWASP) Top 10, and OWASP Application Security Validation Standard (ASVS).
PART 2
Controls:
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
We discuss the beginning of the Critical Security Controls. Starting with control number 1, we discuss the importance of knowing what devices and assets are on the network as well as maintaining an inventory management tool. We discuss using inventory management as a means of accountability in management. We transition into control 2 which deals with authorized and unauthorized software.
PART 3
Controls:
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation
5. Controlled Use of Administrative Accounts
We discuss developing secure environments, benchmarking, and baselining. We discuss the cross correlation of the US DOD’s (DISA) STIGs (Security Technical Implementation Guides) and CIS Benchmarks and assessing it using Secure Content Assessment Protocol (SCAP). A discussion about golden images ensues and we discuss methods for patching golden images. We discuss vulnerability scanning versus assessment, mobile vulnerabilities, and scanning strategies. Finally, we discuss the importance of limiting who has administrative privileges and when they should be used.
ABOUT BRIAN
Brian has 20+ years in Information Technology, ranging from systems administration to project management and information security. He is an Information Security Architect in Portland, Oregon and volunteers as the Director of Education for the Portland ISSA Chapter. Brian holds his CISSP and GCCC, as well as other industry certifications. As the Director of Education, Brian coordinates relevant local and online training opportunities.
CONTACTING BRIAN:
Twitter: @brianwifaneye
Brian’s SANS Instructor Profile
Brian’s SANS Courses:
SEC440: Critical Security Controls: Planning, Implementing and Auditing (2 day course in Pittsburgh, PA: February 1 and 2, 2017)
SEC566: Implementing and Auditing the Critical Security Controls – In-Depth (5 day course in Seattle, WA: February 6 through 10, 2017)
Links to Resources mentioned:
Australian Signals Directorate 35 Strategies to Mitigate Cyber Intrusions
CSA Treacherous 12 (PDF)
OWASP Top 10
OWASP ASVS 3.0 (PDF)
National Cyber Security Awareness Month (Stay Safe Online)
CIS Critical Security Controls
Gary McGraw Books
Software Security: Building Security In
Building Secure Software: How to Avoid Security Problems the Right Way
Exploiting Online Games: Cheating Massively Distributed Systems
Software Security Library Boxed Set, First Edition
PASSWORD BLOG LINKS:
AlienVault
Hosted Locally on Advanced Persistent Security
WI-FI BLOG LINK:
AlienVault
Hosted Locally on Advanced Persistent Security
POWERSHELL LINK:
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Enter your email address:Delivered by FeedBurner
SUBSCRIBE TO OUR MAILING LIST
* indicates required
Email Address *
First Name
Last Name
50 episodes
Share
Archived series ("Inactive feed" status)
When?
This feed was archived on July 28, 2021 12:26 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 164022671 series 173009
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Critical Security Controls: Part 1 (with Brian Ventura) (WITH BRIAN VENTURA)
ADVANCED PERSISTENT SECURITY PODCAST
EPISODE 23
GUEST: BRIAN VENTURA
October 24, 2016
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
NOTE: This series was originally intended to be a single episode. Because we recorded in excess of three hours of content, we decided (after the fact) to split this into 2 episodes.
Critical Security Controls: Part 1 SHOW NOTES
PART 1
We talk about National Cyber Security Awareness Month (NCSAM) and some of the initiatives that we have observed to work and not work as well as what some organizations are doing to help. We touch on what the SANS and Center for Internet Security (CIS) Critical Security Controls (Formerly SANS Top 20) are. We then compare and contrast them briefly to other lists, like the Australian Signals Directorate 35 Strategies to Mitigate Cyber Intrusions, Cloud Security Alliance (CSA) Treacherous 12, Open Web Application Security Project (OWASP) Top 10, and OWASP Application Security Validation Standard (ASVS).
PART 2
Controls:
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
We discuss the beginning of the Critical Security Controls. Starting with control number 1, we discuss the importance of knowing what devices and assets are on the network as well as maintaining an inventory management tool. We discuss using inventory management as a means of accountability in management. We transition into control 2 which deals with authorized and unauthorized software.
PART 3
Controls:
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation
5. Controlled Use of Administrative Accounts
We discuss developing secure environments, benchmarking, and baselining. We discuss the cross correlation of the US DOD’s (DISA) STIGs (Security Technical Implementation Guides) and CIS Benchmarks and assessing it using Secure Content Assessment Protocol (SCAP). A discussion about golden images ensues and we discuss methods for patching golden images. We discuss vulnerability scanning versus assessment, mobile vulnerabilities, and scanning strategies. Finally, we discuss the importance of limiting who has administrative privileges and when they should be used.
ABOUT BRIAN
Brian has 20+ years in Information Technology, ranging from systems administration to project management and information security. He is an Information Security Architect in Portland, Oregon and volunteers as the Director of Education for the Portland ISSA Chapter. Brian holds his CISSP and GCCC, as well as other industry certifications. As the Director of Education, Brian coordinates relevant local and online training opportunities.
CONTACTING BRIAN:
Twitter: @brianwifaneye
Brian’s SANS Instructor Profile
Brian’s SANS Courses:
SEC440: Critical Security Controls: Planning, Implementing and Auditing (2 day course in Pittsburgh, PA: February 1 and 2, 2017)
SEC566: Implementing and Auditing the Critical Security Controls – In-Depth (5 day course in Seattle, WA: February 6 through 10, 2017)
Links to Resources mentioned:
Australian Signals Directorate 35 Strategies to Mitigate Cyber Intrusions
CSA Treacherous 12 (PDF)
OWASP Top 10
OWASP ASVS 3.0 (PDF)
National Cyber Security Awareness Month (Stay Safe Online)
CIS Critical Security Controls
Gary McGraw Books
Software Security: Building Security In
Building Secure Software: How to Avoid Security Problems the Right Way
Exploiting Online Games: Cheating Massively Distributed Systems
Software Security Library Boxed Set, First Edition
PASSWORD BLOG LINKS:
AlienVault
Hosted Locally on Advanced Persistent Security
WI-FI BLOG LINK:
AlienVault
Hosted Locally on Advanced Persistent Security
POWERSHELL LINK:
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Enter your email address:Delivered by FeedBurner
SUBSCRIBE TO OUR MAILING LIST
* indicates required
Email Address *
First Name
Last Name
50 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Advanced Persistent Security
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
