Artwork

Το περιεχόμενο παρέχεται από το Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.
Player FM - Εφαρμογή podcast
Πηγαίνετε εκτός σύνδεσης με την εφαρμογή Player FM !

CCT 180: Failing Securely, Separation of Duties, and System Resilience for the CISSP (Domain 3.5-8)

45:19
 
Μοίρασέ το
 

Manage episode 442769461 series 3464644
Το περιεχόμενο παρέχεται από το Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

Send us a text

What if your organization's security posture could withstand any cyber threat? This episode of the CISSP Cyber Training Podcast promises to equip you with actionable insights from CISSP Domain 3, emphasizing the critical principle of failing securely. We tackle the intricacies of separation of duties, zero trust, and the benefits of maintaining simplicity in your systems. Plus, I share my firsthand experience with virtual CISO roles, providing a roadmap for hiring a security professional, from conducting gap assessments to understanding risk profiles and developing robust mitigation strategies.
Next, we dive deep into data security and management essentials. Discover why data classification and separation of duties are paramount in preventing fraud and protecting sensitive information. We'll cover the importance of data loss prevention measures, network segmentation, and change management to safeguard your systems from unauthorized modifications. Learn the significance of monitoring, logging, and process isolation techniques like virtualization and sandboxing to detect anomalies and limit the damage from breaches. And don't miss our discussion on capability-based security, application whitelisting, and the strategic application of these controls based on thorough gap assessments.
Lastly, we explore the facets of system resilience and security measures that ensure reliability. Understand the concept of graceful degradation and the pivotal role of error handling and logging in troubleshooting. We highlight the importance of redundancy, fault tolerance techniques, and the principle of security by design. Proper testing and auditing are emphasized to ensure systems fail securely, and we provide strategies for addressing both soft and hard failures. Additionally, the roles of job rotation, dual control, and mandatory vacations in error detection and risk management are examined, along with a comparison of on-premise versus cloud networks to help you maintain critical servers and applications. This episode is a treasure trove of practical knowledge to elevate your cybersecurity readiness.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

  continue reading

Κεφάλαια

1. CISSP Cyber Training and Security Strategies (00:00:00)

2. Process Isolation and Access Controls (00:08:57)

3. Security Principles and Best Practices (00:20:22)

4. System Resilience and Security Measures (00:28:38)

5. Job Rotation and Security Practices (00:34:33)

6. Cloud vs on-Prem Network Considerations (00:43:36)

201 επεισόδια

Artwork
iconΜοίρασέ το
 
Manage episode 442769461 series 3464644
Το περιεχόμενο παρέχεται από το Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

Send us a text

What if your organization's security posture could withstand any cyber threat? This episode of the CISSP Cyber Training Podcast promises to equip you with actionable insights from CISSP Domain 3, emphasizing the critical principle of failing securely. We tackle the intricacies of separation of duties, zero trust, and the benefits of maintaining simplicity in your systems. Plus, I share my firsthand experience with virtual CISO roles, providing a roadmap for hiring a security professional, from conducting gap assessments to understanding risk profiles and developing robust mitigation strategies.
Next, we dive deep into data security and management essentials. Discover why data classification and separation of duties are paramount in preventing fraud and protecting sensitive information. We'll cover the importance of data loss prevention measures, network segmentation, and change management to safeguard your systems from unauthorized modifications. Learn the significance of monitoring, logging, and process isolation techniques like virtualization and sandboxing to detect anomalies and limit the damage from breaches. And don't miss our discussion on capability-based security, application whitelisting, and the strategic application of these controls based on thorough gap assessments.
Lastly, we explore the facets of system resilience and security measures that ensure reliability. Understand the concept of graceful degradation and the pivotal role of error handling and logging in troubleshooting. We highlight the importance of redundancy, fault tolerance techniques, and the principle of security by design. Proper testing and auditing are emphasized to ensure systems fail securely, and we provide strategies for addressing both soft and hard failures. Additionally, the roles of job rotation, dual control, and mandatory vacations in error detection and risk management are examined, along with a comparison of on-premise versus cloud networks to help you maintain critical servers and applications. This episode is a treasure trove of practical knowledge to elevate your cybersecurity readiness.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

  continue reading

Κεφάλαια

1. CISSP Cyber Training and Security Strategies (00:00:00)

2. Process Isolation and Access Controls (00:08:57)

3. Security Principles and Best Practices (00:20:22)

4. System Resilience and Security Measures (00:28:38)

5. Job Rotation and Security Practices (00:34:33)

6. Cloud vs on-Prem Network Considerations (00:43:36)

201 επεισόδια

Alle episoder

×
 
Loading …

Καλώς ήλθατε στο Player FM!

Το FM Player σαρώνει τον ιστό για podcasts υψηλής ποιότητας για να απολαύσετε αυτή τη στιγμή. Είναι η καλύτερη εφαρμογή podcast και λειτουργεί σε Android, iPhone και στον ιστό. Εγγραφή για συγχρονισμό συνδρομών σε όλες τις συσκευές.

 

Οδηγός γρήγορης αναφοράς