Decoding CMMC: Navigating Levels 1, 2, and 3

CISO Insights: Voices in Cybersecurity

Player FM - Internet Radio Done Right

اضافه شده در thirty-three هفته پیش

محتوای ارائه شده توسط CISO Marketplace. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط CISO Marketplace یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/we-have-the-receipts">We Have The Receipts</a></span>

1
We Have The Receipts

لغو اشتراک

۷ روز پیش۷d ago

لغو اشتراک

ماهیانه+

Hosted by Chris Burns, We Have The Receipts is a bi-weekly all-access deep dive into Netflix Unscripted Reality! Each episode will bring you closer to the people behind the reality, with the free-flowing depth of podcast conversations and viral elements of TV’s best talk shows. We Have The Receipts is an upbeat, fan-first destination to uncover more insider secrets, more expert hot takes, and more off-the-rails drama from their favorite Netflix reality stars.

حدود یک سال پیش 16:19

MP3•خانه قسمت

This podcast breaks down the complexities of the Department of Defense's Cybersecurity Maturity Model Certification (CMMC) framework. We delve into the fundamental differences between Level 1's basic safeguarding requirements, Level 2's alignment with NIST SP 800-171 Rev 2, and Level 3's enhanced security based on NIST SP 800-172 and government assessment. Understand the distinct security requirements, assessment processes (self-assessment vs. certification by C3PAOs or DIBCAC), and prerequisites for each level to ensure your organization can confidently navigate the CMMC landscape.

www.compliancehub.wiki/navigating-cmmc-compliance-for-your-defense-contractor-website

146 قسمت

#Tech #News #Tech News #CISO Marketplace

Decoding CMMC: Navigating Levels 1, 2, and 3

CISO Insights: Voices in Cybersecurity

published حدود یک سال پیش

اشتراک گذاری

MP3•خانه قسمت

www.compliancehub.wiki/navigating-cmmc-compliance-for-your-defense-contractor-website

146 قسمت

#Tech #News #Tech News #CISO Marketplace

همه قسمت ها

CISO Insights: Voices in Cybersecurity

1
The Resilient CISO: Navigating Stress and Sustaining Security Leadership 12:47

19 hours پیش12:47

12:47

The role of the Chief Information Security Officer (CISO) is more critical and demanding than ever, placing leaders in a persistent high-stress environment. This podcast delves into the unique pressures faced by CISOs and cybersecurity professionals, including the immense responsibility and potential for blame, resource constraints, excessive workload, and the relentless "always-on" nature of the job. We explore the significant mental health impacts, such as anxiety, burnout, and the psychological toll of managing data breaches, which can include feelings of violation and loss of control. More than just identifying the challenges, this podcast offers insights and strategies for building resilience and fostering well-being, drawing on experiences from security leaders. Learn how supportive organizational culture and leadership, prioritizing well-being, building strong teams, and effective stress management techniques are crucial for not only personal health but also for maintaining optimal professional performance and sustaining a vital career in cybersecurity leadership. Join us to understand how to thrive, not just survive, in the CISO's crucible. www.securitycareers.help/the-cisos-crucible-how-organizational-culture-and-leadership-shape-well-being-and-tenure www.cisomarketplace.services…

CISO Insights: Voices in Cybersecurity

1
Converging Worlds: Securing IoT, OT, and Critical Infrastructure 27:32

۲ روز پیش27:32

27:32

The digital transformation journey in critical infrastructure organizations and other sectors like healthcare is increasingly connecting operational technology (OT) and integrating Internet of Things (IoT) devices. While this convergence of OT and IT creates efficiencies, it also introduces new vulnerabilities and expands the attack surface for cybersecurity threats. Cyber actors are actively exploiting internet-accessible OT assets against critical infrastructure, and these cyberattacks are growing in size, sophistication, and prevalence. Securing OT presents additional complexities compared to traditional IT security, partly due to differences in priorities (Availability, Integrity, Confidentiality in OT versus Confidentiality, Integrity, Availability in IT) and the mix of old and new technology used. Threats can range from insider risks and nation-state attacks to ransomware. In healthcare, integrating IoT devices offers benefits but exposes patients to unique cybersecurity threats, where compromising devices like implantable devices could cause harm The lines between physical security and cybersecurity have become blurred, as physical security systems are increasingly connected and cyber-physical systems bridge the digital and physical realms10. Siloed security functions, treating physical and cyber security separately, mean security leaders lack a holistic view of threats, creating blind spots and hindering rapid identification, prevention, mitigation, and response to complex threats. For example, an unsecured IoT device can serve as a backdoor into enterprise networks, allow unauthorized physical access, or disrupt operations by hijacking physical systems, as seen in the casino fish tank hack. Addressing these challenges requires a shift towards integrated security functions and a holistic approach that aligns physical and cybersecurity efforts. This includes unified risk assessments, enhancing visibility of unmanaged devices, implementing specific security measures like segmentation and hardening, employing robust authentication and secure design principles, establishing continuous monitoring, and developing comprehensive incident response plans, guided by frameworks such as the NIST Cybersecurity Framework, IEC 62443, and C2M2. Leveraging AI and machine learning can further enhance threat detection and anomaly detection. Ultimately, effective integrated security protects cyber-physical infrastructure and enhances resilience against hybrid threats. www.securitycareers.help/securing-the-converged-frontier-why-integrated-security-is-paramount-in-the-age-of-iot-and-ot www.secureiotoffice.world/securing-the-smart-office-why-integrated-security-is-no-longer-optional 25% off - ' LAUNCH ' https://securecheck.tools https://policyquest.diy…

CISO Insights: Voices in Cybersecurity

1
Zero Trust for Critical Infrastructure: Securing the OT/ICS Backbone 35:28

۳ روز پیش35:28

35:28

Delve into the essential and intricate application of Zero Trust (ZT) principles within Operational Technology (OT) and Industrial Control Systems (ICS) environments. This episode explores the unique challenges of securing critical infrastructure, where safety, reliability, and availability are primary objectives, and legacy systems, unique protocols, and often unencrypted communications present distinct complexities compared to traditional IT security models. We'll discuss how the increasing convergence of IT and OT, driven by digital transformation, is reshaping the threat landscape and exposing previously isolated systems. Learn about the tailored roadmap for implementing Zero Trust in these vital sectors, employing a systematic five-step process: defining Protect Surfaces, mapping operational flows, building a Zero Trust Architecture (ZTA), creating policies, and ongoing monitoring and maintenance. Discover how established frameworks like the ISA/IEC 62443 Zone and Conduit Model and the SANS Top 5 Critical Controls for OT/ICS integrate with and are fortified by a Zero Trust approach to enhance security and resilience in the face of evolving threats. www.securitycareers.help/securing-the-industrial-heartbeat-why-zero-trust-is-imperative-and-different-for-ot-ics…

CISO Insights: Voices in Cybersecurity

1
Cyber Resilience Through Bundling: The Regulatory Challenge 17:53

۴ روز پیش17:53

17:53

Explore the emerging practice of bundling cyber insurance with security products and services, a strategy aimed at enhancing cyber resilience by incentivizing policyholders to adopt proactive security measures from the outset. This episode delves into the potential benefits, such as encouraging better cyber hygiene, aligning the long-term goals of insurers and policyholders to reduce incident frequency and impact, improving risk mitigation, providing deeper risk insights through real-time data, offering guidance on effective security controls, and making security more accessible and affordable for SMEs and SLTTs. We also examine the significant concerns and barriers preventing wider adoption. These include historical worries about insolvency, potential impairment of risk assessment and pricing, the risk of discriminatory practices in partnering with security vendors, and inherent conflicts of interest in business-to-business relationships between insurers and service providers. A major hurdle is the complex and varied regulatory landscape across different states, where differing interpretations of anti-inducement, anti-rebating, and anti-bundling laws create uncertainty and a "chilling effect" that hinders innovation and widespread implementation. Discover why navigating these concerns requires careful oversight and regulation to balance cybersecurity effectiveness with market choice www.securitycareers.help/a-cisos-guide-leveraging-cyber-insurance-for-enhanced-resilience-across-the-enterprise www.breached.company/beyond-the-breach-how-cyber-insurance-can-drive-proactive-cybersecurity https://cyberinsurancecalc.com…

CISO Insights: Voices in Cybersecurity

1
Beyond the URL: Decoding Domain Intelligence Threats in 2024 14:40

۵ روز پیش14:40

14:40

In the ever-evolving digital landscape, security teams face the immense challenge of evaluating over a hundred million newly observed domains registered each year. This episode dives into how analytical methods are providing crucial insights into domain intelligence threats. We explore techniques like domain attribute analysis to identify patterns used by threat actors, risk scoring to quantify the likelihood of a domain being malicious, and DGA detection to uncover domains generated by automated systems used in malware and botnets. We also discuss the importance of keyword and topic analysis for identifying domains used in credential harvesting, malware delivery, and scams, and how analyzing new TLDs and likeness to high-profile events helps spot emerging threats and deceptive tactics like typosquatting. Furthermore, we touch upon analyzing webpage attributes to understand attack infrastructure and using anomaly detection to investigate spikes in domain registrations. Ultimately, building a shared knowledge base and fostering community collaboration by sharing insights and observed techniques is essential for strengthening our collective defenses against external threats and making the internet safer. This episode draws insights from an analysis comparing 106 million newly observed domains from 2024 against a large reference set of known malicious domains. breached.company/decoding-the-digital-deluge-how-domain-intelligence-informs-cybersecurity-defenses-in-2024 https://policyquest.diy -> Coupon 15% off -> 'podcast'…

CISO Insights: Voices in Cybersecurity

1
US State Privacy Laws: Navigating the Expanding Consumer Rights Patchwork 45:55

۶ روز پیش45:55

45:55

Explore the complex and rapidly evolving landscape of US state data privacy laws, drawing on insights from recent legislative developments across states like California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, and Texas, plus Washington's focused health data act. We break down the core consumer rights becoming standard nationwide – including the right to access, delete, correct, and opt out of data sales, targeted advertising, and certain profiling. Learn about the heightened focus on sensitive data, such as health information and data from children and teens, often requiring explicit opt-in consent. We discuss key differences like scope thresholds, variations in the definition of "sale", and the emergence of mandatory universal opt-out signals. Understand the differing enforcement approaches by state Attorneys General, the role of cure periods (and their sunsetting in many states), and the limited private rights of action. This episode helps untangle the intricate patchwork, highlights the practical implications for businesses implementing compliance systems, and touches on how consumer expectations and trust are shaped by these new regulations. www.compliancehub.wiki/navigating-the-patchwork-an-in-depth-look-at-u-s-state-comprehensive-privacy-laws/ https://globalcompliancemap.com/ https://generatepolicy.com/…

CISO Insights: Voices in Cybersecurity

1
Beyond Encryption: Ransomware's New Game & Top Exploits of 2024 18:22

۷ روز پیش18:22

18:22

Tune in to explore the rapidly evolving cyber threat landscape of 2024 from Huntress 2025 global Cyber Threat Report, where attackers standardized sophisticated techniques across businesses of all sizes. We dissect the significant shifts in ransomware strategies, including the fragmentation of major groups following takedowns like LockBit, Dharma, Hive, and Phobos. Discover how agile affiliate networks like RansomHub and INC/Lynx emerged, offering high payouts and dominating the landscape. Learn about the pivot from traditional encryption to data theft and extortion as a cost-saving tactic due to improved defenses. We'll also break down the most impactful vulnerabilities exploited, including the critical ConnectWise ScreenConnect flaws (CVE-2024-1709 & CVE-2024-1708) that spurred a major campaign, the zero-day CrushFTP vulnerability (CVE-2024-4040), and the continued exploitation of the older ProxyShell Exchange vulnerability (CVE-2021-31207). Finally, we'll cover the pervasive use of abused tools like RATs, RMM software, malicious scripts, LOLBins, and sophisticated phishing techniques that defined attacker methodologies throughout the year. This episode provides crucial insights for defenders navigating this complex and challenging environment breached.company/navigating-the-new-frontier-key-cyber-threats-exploits-and-tools-of-2024…

CISO Insights: Voices in Cybersecurity

1
The Accelerating Threat Landscape: Inside Modern Cybercrime 15:39

۸ روز پیش15:39

15:39

Delve into the complex and rapidly transforming world of cyber threats. This episode examines notorious ransomware groups like Black Basta, LockBit, BlackCat/ALPHV, Phobos/8Base, Medusa, and Clop, exploring their Ransomware-as-a-Service (RaaS) models and distinctive tactics, techniques, and procedures (TTPs). We also discuss state-sponsored cyber warfare, such as the activities of Iran's APT42 and its impact on critical infrastructure, hacking groups like Scattered Spider, and the individual hacker USDoD, as well as significant law enforcement disruptions like Operation Cronos against LockBit and the arrests of key figures behind Phobos and 8Base. We'll touch upon the emerging challenges of AI-enabled crime and the continuous escalation in the scale and sophistication of cyberattacks. breached.company/global-cybercrime-crackdown-major-law-enforcement-operations-of-2024-2025…

CISO Insights: Voices in Cybersecurity

1
Cybersecurity Unpacked: Breaches, Billions, and AI's Double Edge 10:34

۸ روز پیش10:34

10:34

In this episode, we dive into the recent developments shaping the cybersecurity landscape as of May 2025. We discuss major incidents like the significant breach of the LockBit ransomware gang, which exposed sensitive data including negotiation messages and user credentials. We'll also explore the growing sophistication of financial cyberattacks, highlighted by the uncovering of the "industrial-scale" FreeDrain cryptocurrency phishing operation targeting digital wallets with sophisticated methods. The episode examines landmark legal actions, such as Meta's $168 million victory against spyware firm NSO Group, signaling a pushback against surveillance abuses. We explore the evolving role of AI, which offers speed in threat detection but also introduces risks from vulnerabilities in AI-generated code and "shadow AI". Finally, we look at how governments and corporations are responding with new initiatives to bolster defenses, including the UK's Cyber Resilience programs, CISA's advisories for critical infrastructure, and corporate innovations like HPE's Secure Gateway for small businesses and Microsoft's patching of critical cloud vulnerabilities. Join us as we unpack these challenges and responses in a dynamic digital world. www.compliancehub.wiki/cybersecurity-frontlines-recent-breaches-legal-battles-and-the-double-edged-sword-of-ai…

CISO Insights: Voices in Cybersecurity

1
The Accelerating Adversary: Inside the 2025 Threat Landscape 13:52

۹ روز پیش13:52

13:52

Join us for a deep dive into the Global Threat Landscape Report 2025 by FortiGuard Labs. This episode explores the dramatic escalation in cyberattacks, revealing how adversaries are moving faster than ever, leveraging automation, commoditized tools, and AI to gain advantage. We'll shed light on the surge in automated reconnaissance, the evolving darknet ecosystem where credentials and corporate access are traded, and how AI is supercharging cybercrime through tools like FraudGPT and deepfakes. Discover the trends in exploitation volumes targeting exposed systems and IoT devices, the stealthy nature of post-exploitation tactics including lateral movement and C2, and the persistent challenges in securing cloud environments plagued by misconfigurations and identity compromise. We'll also break down the changing adversary landscape, from fragmented ransomware groups and the rise of RaaS on the darknet to the dangerous convergence of hacktivism and ransomware and the ongoing operations of state-sponsored actors. Finally, we'll discuss the critical need for organizations to shift from reactive defense to proactive Continuous Threat Exposure Management (CTEM) to counter this accelerating threat. breached.company/navigating-the-accelerating-threat-landscape-proactive-defense-in-the-era-of-adversary-acceleration…

CISO Insights: Voices in Cybersecurity

1
2025 Cyber Attack Playbooks: Navigating the Future Threat Landscape 42:13

10 روز پیش42:13

42:13

This podcast delves into the critical insights found within the 2025 Cybersecurity Attacks Playbooks, exploring the diverse and evolving threat landscape organizations face. We examine playbooks covering threats from AI-enhanced phishing and advanced ransomware to the complexities of supply chain compromises, zero-day exploits, and AI-powered malware. We also discuss emerging threats like deepfake social engineering, quantum computing vulnerabilities, and securing IoT devices. Each episode breaks down the essential stages outlined in the playbooks for specific attacks: Preparation to build foundational defenses, Detection to identify threat indicators, Analysis to understand the attack's scope and methods, Containment/Eradication tailored to the specific threat vector, and Recovery to restore operations and resilience. Gain a deeper understanding of modern attack vectors like credential stuffing, fileless malware, rogue access points, SQL injection, steganography-based data exfiltration, and cache poisoning, as well as network attacks like homograph attacks, Denial-of-Service (DoS), and watering hole attacks, and complex infiltrations like island hopping and Advanced Persistent Threats (APTs). Tune in to learn how the playbooks guide organizations through detection, response, and the vital Lessons Learned process to continuously improve their cybersecurity posture. www.securitycareers.help/navigating-the-2025-threat-landscape-preparing-for-and-responding-to-advanced-cyber-attacks…

CISO Insights: Voices in Cybersecurity

1
Beyond the Scan: Unmasking Hidden Risks and Unfixed Flaws in the Age of AI 20:13

11 روز پیش20:13

20:13

In this episode, we dive deep into the findings of the State of Pentesting Report 2025 to explore the real state of cybersecurity. Organizations may feel confident, but pentesting consistently reveals hidden, exploitable vulnerabilities that automated scanners miss. We'll uncover the most significant risks identified through human-led pentests, from common web and mobile application flaws like Server Security Misconfiguration and Missing Access Control to the rapidly emerging and uniquely challenging security issues in AI and Large Language Models (LLMs). Learn why AI/LLM tests have a significantly higher proportion of serious findings and the specific threats like Insecure Output Handling, Prompt Injection, and Unbounded Consumption. More critically, we'll address the disconnect between perceived security and reality by examining why less than half of all findings ever get resolved and how even serious vulnerabilities often remain open for months or years, far exceeding targeted SLAs. We'll explore the factors influencing this remediation struggle, including criticality, pentest type, organizational size, industry, and internal processes. Tune in to understand the critical need for a programmatic approach to offensive security and the challenges teams face in fixing what pentesters find. www.securitycareers.help/beyond-the-scan-the-hidden-reality-of-unfixed-security-risks-revealed-by-pentesting-data…

CISO Insights: Voices in Cybersecurity

1
Building Cyber Warriors: The Evolving Cyber Professional 33:42

12 روز پیش33:42

33:42

In the dynamic world of cybersecurity, professionals face constant challenges that demand adherence to strict ethical and legal guidelines. This episode delves into the key ethical and legal considerations, such as protecting individual privacy, ensuring robust data protection, maintaining confidentiality, and complying with relevant laws and regulations like GDPR and CCPA. We discuss responsible practices like vulnerability disclosure and the ethical use of cybersecurity tools. Given the ever-evolving landscape of cybersecurity threats and technologies, staying updated is not optional; it's an imperative for success. Join us as we explore why continuous education and professional development are essential strategies for cybersecurity professionals to navigate this complex terrain, adapt to emerging trends, maintain expertise, and uphold trust. https://cisomarketplace.services/careers www.securitycareers.help/building-cyber-warriors-the-imperative-of-the-evolving-cyber-professional…

CISO Insights: Voices in Cybersecurity

1
The Iceberg Impact: Unpacking the Hidden Costs of Cyber Attacks 16:24

13 روز پیش16:24

16:24

Join us as we delve into the complex and pervasive world of cyber risk, exploring the threats, vulnerabilities, and far-reaching consequences for organizations today. Drawing on insights from experts, we'll discuss how cyber attacks can lead to outcomes ranging from regulatory fines and reputational loss to the complete failure of a business. Go beyond the headlines of data breaches and understand the full "iceberg impact" of cyber losses, including significant uninsurable costs like reputational damage, loss of customers, stock devaluation, and devaluation of intellectual property that often exceed the direct financial costs. We'll explore how attacks threaten critical corporate data, intellectual property, and customer details, potentially causing financial loss and damage to market value, share price, and competitive advantage. The conversation will touch upon the challenges posed by mobile devices, social media, and supply chain vulnerabilities, and the critical need for organizations to accurately assess their cyber risk exposure, identify their "crown jewels" of critical data, and prepare for inevitable incidents through robust incident management and layered defenses. www.securitycareers.help/the-iceberg-impact-navigating-the-full-scope-of-cyber-risk-in-the-digital-age www.compliancehub.wiki/cyber-risk-through-a-compliance-lens-navigating-the-regulatory-landscape…

CISO Insights: Voices in Cybersecurity

1
The MAESTRO Framework: Layering Up Against MAS Security Threats 44:05

14 روز پیش44:05

44:05

Multi-Agent Systems (MAS), characterized by multiple autonomous agents coordinating to achieve shared goals, introduce additional complexity and expand the attack surface compared to single-agent systems. This episode delves into the unique security challenges presented by MAS, drawing on the OWASP Agentic Security Initiative's MAESTRO (Multi-Agent Environment, Security, Threat, Risk, and Outcome) framework. We explore how MAESTRO provides a layered and architectural methodology for structured threat modeling in MAS. The framework breaks down MAS security into seven distinct architectural layers, each with specific concerns, from the Foundation Model to the Agent Ecosystem. Crucially, we examine the cross-layer risks and emergent behaviors unique to MAS environments, highlighting how vulnerabilities don't just exist within layers but manifest through complex interactions between them. Furthermore, we discuss the key agentic factors—Non-Determinism, Autonomy, Agent Identity Management, and Agent-to-Agent Communication—that MAESTRO emphasizes as significantly contributing to these threat scenarios and amplifying risks across layers. Tune in to understand how applying MAESTRO helps uncover and mitigate these multifaceted security challenges in real-world MAS deployments, as detailed in the OWASP Multi-Agentic system Threat Modelling Guide. www.hackernoob.tips/navigating-the-labyrinth-structured-threat-modeling-in-multi-agent-systems-with-the-owasp-maestro-framework www.securitycareers.help/securing-the-autonomous-frontier-a-cisos-guide-to-protecting-multi-agent-systems-and-building-a-specialized-team…

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

به بیش از 500 موضوع گوش کنید

Amazon eGift Card - Amazon Logo (Animated)

Bounty Paper Towels Quick Size, White, 16 Family Rolls = 40 Regular Rolls (Packaging May Vary)

USANOOKS Microfiber Cleaning Cloth Grey - 12 Pcs (12.5"x12.5") - High Performance - 1200 Washes, Ultra Absorbent Microfiber Towel Weave Grime & Liquid for Streak-Free Mirror Shine - Car Washing Cloth

پادکست هایی که ارزش شنیدن دارند

CISO Insights: Voices in Cybersecurity « » Decoding CMMC: Navigating Levels 1, 2, and 3

Decoding CMMC: Navigating Levels 1, 2, and 3

پادکست هایی که ارزش شنیدن دارند

به Player FM خوش آمدید!

Norton 360 Deluxe 2025, Antivirus software for 5 Devices with Auto-Renewal – Includes Advanced AI Scam Protection, VPN, Dark Web Monitoring & PC Cloud Backup [Download]

Apple 2025 MacBook Air 13-inch Laptop with M4 chip: Built for Apple Intelligence, 13.6-inch Liquid Retina Display, 16GB Unified Memory, 256GB SSD Storage, 12MP Center Stage Camera, Touch ID; Sky Blue

Camco Tastepure RV Water Filter - New & Advanced RV Inline Water Filter with Flexible Hose Protector - GAC & KDF Filtration - Made in USA - Camping Essentials for Fresh Drinking Water (40043)

H&R Block Tax Software Deluxe + State 2024 with Refund Bonus Offer (Amazon Exclusive) Win/Mac [PC/Mac Online Code]

راهنمای مرجع سریع

CISO Insights: Voices in Cybersecurity « »
Decoding CMMC: Navigating Levels 1, 2, and 3