NEWEST CONVERSATIONS

TJX, Heartland, and CERT's Forensics Analysis Capabilities

In this podcast, participants recount complex, distributed, multi-year investigations of computer crimes using sophisticated methods, techniques, and tools.

Computer and Network Forensics: A Master's Level Curriculum

In this podcast, Kris Rush describes how students learn to combine multiple facets of digital forensics and draw conclusions to support investigations.

Computer Forensics for Business Leaders: Building Robust Policies and Processes

In this podcast, participants discuss how business leaders can play a key role in computer forensics by establishing and testing strong policies.

Computer Forensics for Business Leaders: A Primer

In this podcast, participants discuss how computer forensics is often overlooked when planning an incident response strategy.

Characterizing and Prioritizing Malicious Code

In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first.

Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity

In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding to better analyze malicious code.

Building a Malware Analysis Capability

In this podcast, Jeff Gennari explains that analyzing malware is essential to assessing the damage and reducing the impact associated with ongoing infection.

Structuring the Chief Information Security Officer Organization

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.

Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions

In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.

Public-Private Partnerships: Essential for National Cyber Security

In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex systems function as intended.

Establishing a National Computer Security Incident Response Team (CSIRT)

In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity.

Leveraging Security Policies and Procedures for Electronic Evidence Discovery

In this podcast, John Christiansen explains that effectively responding to e-discovery requests depends on well-defined policies, procedures, and processes.

A Workshop on Measuring What Matters

This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop and identifying improvements for future offerings.

Measuring Operational Resilience

In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform decisions, and affect behavior.

Getting to a Useful Set of Security Metrics

Well-defined metrics are essential to determine which security practices are worth the investment.

Using Benchmarks to Make Better Security Decisions

In this podcast, Betsy Nichols describes how benchmark results can be used to help determine how much security is enough.

Initiating a Security Metrics Program: Key Points to Consider

In this podcast, Samuel Merrell explains that a sound security metrics program should select data relevant to consumers from repeatable processes.

Considering Security and Privacy in the Move to Electronic Health Records

In this podcast, participants discuss how using electronic health records bring many benefits along with security and privacy challenges.

Integrating Privacy Practices into the Software Development Life Cycle

In this podcast, participants explain that addressing privacy during software development is just as important as addressing security.

Electronic Health Records: Challenges for Patient Privacy and Security

In this podcast, Robert Charette explains why electronic health records (EHRs) are possibly the most complicated area of IT today.

Protecting Information Privacy - How To and Lessons Learned

In this podcast, Kim Hargraves describes three keys to ensuring information privacy in an organization.

The Value of De-Identified Personal Data

In this podcast, participants discuss the complex legal compliance landscape and how de-identification can help organizations share data more securely.

Global Value Chain – An Expanded View of the ICT Supply Chain

In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain.

Intelligence Preparation for Operational Resilience

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR.

How Cyber Insurance Is Driving Risk and Technology Management

In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies.

How the University of Pittsburgh Is Using the NIST Cybersecurity Framework

In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).

Supply Chain Risk Management: Managing Third Party and External Dependency Risk

In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)."

Cisco's Adoption of CERT Secure Coding Standards

In this podcast, Martin Sebor explains how implementing secure coding standards is a sound business decision.

How to Become a Cyber Warrior

In this podcast, Dennis Allen explains that protecting the internet and its users against cyber attacks requires more skilled cyber warriors.

Train for the Unexpected

In this podcast, Matthew Meyer explains that being able to respond effectively when faced with a disruptive event requires becoming more resilient.

Using the Facts to Protect Enterprise Networks: CERT's NetSA Team

In this podcast, Timothy Shimeall describes how network defenders and business leaders can use NetSA measures to protect their networks.

Cyber Security, Safety, and Ethics for the Net Generation

In this podcast, Rodney Peterson explains why capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs.

Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations

In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations.

How to Develop More Secure Software - Practices from Thirty Organizations

In this podcast, participants discuss how organizations can benchmark their software security practices against 109 observed activities from 30 organizations.

The Role of the CISO in Developing More Secure Software

In this podcast, Pravir Chandra warns that CISOs must leave no room for doubt that they understand what is expected of them when developing secure software.

Is There Value in Identifying Software Security "Never Events?"

In this podcast, Robert Charette suggests when to examine responsibilities when developing software with known, preventable errors.

An Experience-Based Maturity Model for Software Security

In this podcast, participants discuss how observed practice, represented as a maturity model, can serve as a basis for developing more secure software.

Protect Your Business from Money Mules

Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses.

More Targeted, Sophisticated Attacks: Where to Pay Attention

In this podcast, Martin Linder urges business leaders to take action to better mitigate sophisticated social engineering attacks.

Getting in Front of Social Engineering

In this podcast, Betsy Nichols tells us how benchmark results can compare results with peers, drive performance, and help determine how much security is enough.

Insider Threat and the Software Development Life Cycle

In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle.

Tackling the Growing Botnet Threat

In this podcast, Nicholas Ianelli cautions business leaders to understand the risks to their organizations caused by the proliferation of botnets.

Capturing the Expertise of Cybersecurity Incident Handlers

In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident.

How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them

In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.

Establishing a National Computer Security Incident Response Team (CSIRT)

In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity.

Better Incident Response Through Scenario Based Training

In this podcast, Christopher May explains how teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine.

Integrating Security Incident Response and e-Discovery

In this podcast, Julia Allen explains how responding to an e-discovery request involves many of the same steps and roles as responding to a security incident.

Becoming a CISO: Formal and Informal Requirements

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field.

Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions

In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.

DevOps - Transform Development and Operations for Fast, Secure Deployments

In this podcast, Gene Kim explains how the "release early, release often" approach significantly improves software performance, stability, and security.

Securing Mobile Devices aka BYOD

In this podcast, Joe Mayes discusses how to ensure the security of personal mobile devices that have access to enterprise networks.

Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities

In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses.