All Episodes
Displaying 181 - 200 of 222 in total
Episode 181: Incident Response Policies and Procedures (Domain 5)
An effective incident response program starts with well-defined policies and procedures that guide every action, role, and escalation during a security event. In this ...
Episode 182: Security Standards and Physical Controls (Domain 5)
Standards and controls turn high-level policy into actionable, enforceable security, and in this episode, we explore how physical controls and documented standards cre...
Episode 183: Procedures and Playbooks (Domain 5)
Procedures and playbooks are the operational backbone of a mature security program—translating policy into detailed, repeatable steps for responding to specific threat...
Episode 184: External Security Governance Considerations (Domain 5)
Security doesn't operate in a vacuum—organizations must navigate a complex web of external considerations that shape how security is governed. In this episode, we expl...
Episode 185: Monitoring and Revising Governance Policies (Domain 5)
Security policies must evolve with technology, threat landscapes, and business goals—and that’s why continuous monitoring and revision are essential. In this episode, ...
Episode 186: Governance Structures and Roles (Part 1) (Domain 5)
Security governance relies on a clear structure that defines how decisions are made, who enforces them, and how oversight is maintained. In this episode, we explore go...
Episode 187: Governance Structures and Roles (Part 2) (Domain 5)
Having a governance structure is only the beginning—the real value comes from clearly defining roles and responsibilities within that structure. In this episode, we ex...
Episode 188: Risk Management Fundamentals (Domain 5)
Risk management is the engine that drives strategic decision-making in security, helping organizations focus their efforts on what matters most. In this episode, we ex...
Episode 189: Conducting Risk Assessments (Domain 5)
Risk assessments provide the data organizations need to make informed security decisions, and in this episode, we explore the different types of assessments and how th...
Episode 190: Risk Analysis and Scoring (Domain 5)
After risks are identified, they need to be analyzed and prioritized—and that’s where risk scoring comes in. In this episode, we break down both qualitative methods (l...
Episode 191: Risk Registers and Key Risk Indicators (Domain 5)
Managing risk at scale requires tools that provide structure and visibility, and in this episode, we examine two of the most important: risk registers and key risk ind...
Episode 192: Risk Appetite, Tolerance, and Thresholds (Domain 5)
Every organization must decide how much risk it is willing to accept in pursuit of its goals—and this decision informs every security investment, policy, and control. ...
Episode 193: Risk Management Strategies (Domain 5)
Once risks are identified and analyzed, organizations must decide how to respond—and in this episode, we examine the five primary risk management strategies: mitigate,...
Episode 194: Risk Reporting and Communication (Domain 5)
Risk is meaningless if it isn’t communicated effectively—and in this episode, we focus on how risk reporting bridges the gap between technical findings and business le...
Episode 195: Business Impact Analysis (Domain 5)
Business Impact Analysis (BIA) is the foundation of business continuity and disaster recovery planning, helping organizations understand which processes matter most an...
Episode 196: Understanding Recovery Objectives (Domain 5)
Recovery objectives define how quickly and how completely a system must return to functionality after a disruption—and in this episode, we explore two of the most crit...
Episode 197: Mean Time Metrics and System Resilience (Domain 5)
System resilience depends not only on planning but on measurable performance—and in this episode, we explore four key metrics that define how systems behave under fail...
Episode 198: Vendor Risk and Supply Chain Considerations (Domain 5)
A growing portion of cybersecurity risk now comes from outside the organization—specifically, through third-party vendors, suppliers, and service providers. In this ep...
Episode 199: Agreement Types and Contractual Security (Domain 5)
Contracts are one of the most powerful tools in managing cybersecurity obligations, and in this episode, we break down the types of agreements that define roles, respo...
Episode 200: Ongoing Vendor Monitoring and Engagement (Domain 5)
Vendor risk doesn’t stop after the contract is signed—ongoing monitoring and relationship management are critical for maintaining visibility and accountability. In thi...