All Episodes
Displaying 181 - 210 of 221 in total
Episode 181: Incident Response Policies and Procedures (Domain 5)
An effective incident response program starts with well-defined policies and procedures that guide every action, role, and escalation during a security event. In this ...
Episode 182: Security Standards and Physical Controls (Domain 5)
Standards and controls turn high-level policy into actionable, enforceable security, and in this episode, we explore how physical controls and documented standards cre...
Episode 183: Procedures and Playbooks (Domain 5)
Procedures and playbooks are the operational backbone of a mature security program—translating policy into detailed, repeatable steps for responding to specific threat...
Episode 184: External Security Governance Considerations (Domain 5)
Security doesn't operate in a vacuum—organizations must navigate a complex web of external considerations that shape how security is governed. In this episode, we expl...
Episode 185: Monitoring and Revising Governance Policies (Domain 5)
Security policies must evolve with technology, threat landscapes, and business goals—and that’s why continuous monitoring and revision are essential. In this episode, ...
Episode 186: Governance Structures and Roles (Part 1) (Domain 5)
Security governance relies on a clear structure that defines how decisions are made, who enforces them, and how oversight is maintained. In this episode, we explore go...
Episode 187: Governance Structures and Roles (Part 2) (Domain 5)
Having a governance structure is only the beginning—the real value comes from clearly defining roles and responsibilities within that structure. In this episode, we ex...
Episode 188: Risk Management Fundamentals (Domain 5)
Risk management is the engine that drives strategic decision-making in security, helping organizations focus their efforts on what matters most. In this episode, we ex...
Episode 189: Conducting Risk Assessments (Domain 5)
Risk assessments provide the data organizations need to make informed security decisions, and in this episode, we explore the different types of assessments and how th...
Episode 190: Risk Analysis and Scoring (Domain 5)
After risks are identified, they need to be analyzed and prioritized—and that’s where risk scoring comes in. In this episode, we break down both qualitative methods (l...
Episode 191: Risk Registers and Key Risk Indicators (Domain 5)
Managing risk at scale requires tools that provide structure and visibility, and in this episode, we examine two of the most important: risk registers and key risk ind...
Episode 192: Risk Appetite, Tolerance, and Thresholds (Domain 5)
Every organization must decide how much risk it is willing to accept in pursuit of its goals—and this decision informs every security investment, policy, and control. ...
Episode 193: Risk Management Strategies (Domain 5)
Once risks are identified and analyzed, organizations must decide how to respond—and in this episode, we examine the five primary risk management strategies: mitigate,...
Episode 194: Risk Reporting and Communication (Domain 5)
Risk is meaningless if it isn’t communicated effectively—and in this episode, we focus on how risk reporting bridges the gap between technical findings and business le...
Episode 195: Business Impact Analysis (Domain 5)
Business Impact Analysis (BIA) is the foundation of business continuity and disaster recovery planning, helping organizations understand which processes matter most an...
Episode 196: Understanding Recovery Objectives (Domain 5)
Recovery objectives define how quickly and how completely a system must return to functionality after a disruption—and in this episode, we explore two of the most crit...
Episode 197: Mean Time Metrics and System Resilience (Domain 5)
System resilience depends not only on planning but on measurable performance—and in this episode, we explore four key metrics that define how systems behave under fail...
Episode 198: Vendor Risk and Supply Chain Considerations (Domain 5)
A growing portion of cybersecurity risk now comes from outside the organization—specifically, through third-party vendors, suppliers, and service providers. In this ep...
Episode 199: Agreement Types and Contractual Security (Domain 5)
Contracts are one of the most powerful tools in managing cybersecurity obligations, and in this episode, we break down the types of agreements that define roles, respo...
Episode 200: Ongoing Vendor Monitoring and Engagement (Domain 5)
Vendor risk doesn’t stop after the contract is signed—ongoing monitoring and relationship management are critical for maintaining visibility and accountability. In thi...
Episode 201: Effective Compliance Reporting (Domain 5)
Compliance reporting ensures that an organization can demonstrate adherence to regulatory, contractual, and internal security requirements—and in this episode, we expl...
Episode 202: Consequences of Non-Compliance (Domain 5)
Failing to meet regulatory or contractual obligations can carry severe consequences, both financially and reputationally. In this episode, we break down the real-world...
Episode 203: Attestation and Acknowledgement in Compliance (Domain 5)
Attestation and acknowledgement are critical for ensuring that individuals and third parties formally understand and accept their roles in maintaining security and com...
Episode 204: Privacy Laws and Global Compliance (Domain 5)
Data privacy is no longer just a legal issue—it’s a global business imperative, and this episode explores the complex and evolving landscape of privacy laws. We cover ...
Episode 205: Data Inventory, Retention, and the Right to Be Forgotten (Domain 5)
Managing personal data effectively starts with knowing exactly what you have, where it lives, how long you keep it, and what rights users have over it. In this final e...
Episode 206: Privacy and Legal Implications of Compliance (Domain 5)
Privacy and compliance are deeply intertwined, especially as global regulations push organizations to safeguard personal data across jurisdictions. In this episode, we...
Episode 207: Data Management and Compliance (Domain 5)
Effective data management is critical for both operational success and regulatory compliance, and in this episode, we explore how organizations maintain control over w...
Episode 208: Attestation and Internal Audits (Domain 5)
Attestation and internal audits are two of the most powerful tools for ensuring your security program is functioning as intended. In this episode, we start by explorin...
Episode 209: Internal Audit Structures (Domain 5)
The effectiveness of internal audits depends not just on what’s reviewed, but on how the audit function is structured within the organization. In this episode, we exam...
Episode 210: External Audits and Assessments (Domain 5)
External audits provide an independent review of an organization’s security and compliance posture, often driven by regulatory mandates, certification requirements, or...
