Artwork

Contenuto fornito da Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Player FM - App Podcast
Vai offline con l'app Player FM !

CCT 180: Failing Securely, Separation of Duties, and System Resilience for the CISSP (Domain 3.5-8)

45:19
 
Condividi
 

Manage episode 442769461 series 3464644
Contenuto fornito da Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

Send us a text

What if your organization's security posture could withstand any cyber threat? This episode of the CISSP Cyber Training Podcast promises to equip you with actionable insights from CISSP Domain 3, emphasizing the critical principle of failing securely. We tackle the intricacies of separation of duties, zero trust, and the benefits of maintaining simplicity in your systems. Plus, I share my firsthand experience with virtual CISO roles, providing a roadmap for hiring a security professional, from conducting gap assessments to understanding risk profiles and developing robust mitigation strategies.
Next, we dive deep into data security and management essentials. Discover why data classification and separation of duties are paramount in preventing fraud and protecting sensitive information. We'll cover the importance of data loss prevention measures, network segmentation, and change management to safeguard your systems from unauthorized modifications. Learn the significance of monitoring, logging, and process isolation techniques like virtualization and sandboxing to detect anomalies and limit the damage from breaches. And don't miss our discussion on capability-based security, application whitelisting, and the strategic application of these controls based on thorough gap assessments.
Lastly, we explore the facets of system resilience and security measures that ensure reliability. Understand the concept of graceful degradation and the pivotal role of error handling and logging in troubleshooting. We highlight the importance of redundancy, fault tolerance techniques, and the principle of security by design. Proper testing and auditing are emphasized to ensure systems fail securely, and we provide strategies for addressing both soft and hard failures. Additionally, the roles of job rotation, dual control, and mandatory vacations in error detection and risk management are examined, along with a comparison of on-premise versus cloud networks to help you maintain critical servers and applications. This episode is a treasure trove of practical knowledge to elevate your cybersecurity readiness.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

  continue reading

Capitoli

1. CISSP Cyber Training and Security Strategies (00:00:00)

2. Process Isolation and Access Controls (00:08:57)

3. Security Principles and Best Practices (00:20:22)

4. System Resilience and Security Measures (00:28:38)

5. Job Rotation and Security Practices (00:34:33)

6. Cloud vs on-Prem Network Considerations (00:43:36)

202 episodi

Artwork
iconCondividi
 
Manage episode 442769461 series 3464644
Contenuto fornito da Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

Send us a text

What if your organization's security posture could withstand any cyber threat? This episode of the CISSP Cyber Training Podcast promises to equip you with actionable insights from CISSP Domain 3, emphasizing the critical principle of failing securely. We tackle the intricacies of separation of duties, zero trust, and the benefits of maintaining simplicity in your systems. Plus, I share my firsthand experience with virtual CISO roles, providing a roadmap for hiring a security professional, from conducting gap assessments to understanding risk profiles and developing robust mitigation strategies.
Next, we dive deep into data security and management essentials. Discover why data classification and separation of duties are paramount in preventing fraud and protecting sensitive information. We'll cover the importance of data loss prevention measures, network segmentation, and change management to safeguard your systems from unauthorized modifications. Learn the significance of monitoring, logging, and process isolation techniques like virtualization and sandboxing to detect anomalies and limit the damage from breaches. And don't miss our discussion on capability-based security, application whitelisting, and the strategic application of these controls based on thorough gap assessments.
Lastly, we explore the facets of system resilience and security measures that ensure reliability. Understand the concept of graceful degradation and the pivotal role of error handling and logging in troubleshooting. We highlight the importance of redundancy, fault tolerance techniques, and the principle of security by design. Proper testing and auditing are emphasized to ensure systems fail securely, and we provide strategies for addressing both soft and hard failures. Additionally, the roles of job rotation, dual control, and mandatory vacations in error detection and risk management are examined, along with a comparison of on-premise versus cloud networks to help you maintain critical servers and applications. This episode is a treasure trove of practical knowledge to elevate your cybersecurity readiness.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

  continue reading

Capitoli

1. CISSP Cyber Training and Security Strategies (00:00:00)

2. Process Isolation and Access Controls (00:08:57)

3. Security Principles and Best Practices (00:20:22)

4. System Resilience and Security Measures (00:28:38)

5. Job Rotation and Security Practices (00:34:33)

6. Cloud vs on-Prem Network Considerations (00:43:36)

202 episodi

All episodes

×
 
Loading …

Benvenuto su Player FM!

Player FM ricerca sul web podcast di alta qualità che tu possa goderti adesso. È la migliore app di podcast e funziona su Android, iPhone e web. Registrati per sincronizzare le iscrizioni su tutti i tuoi dispositivi.

 

Guida rapida