All Episodes
Displaying 181 - 210 of 221 in total
Incident Response Policies and Procedures (Domain 5)
An effective incident response program starts with well-defined policies and procedures that guide every action, role, and escalation during a security event. In this ...
Security Standards and Physical Controls (Domain 5)
Standards and controls turn high-level policy into actionable, enforceable security, and in this episode, we explore how physical controls and documented standards cre...
Procedures and Playbooks (Domain 5)
Procedures and playbooks are the operational backbone of a mature security program—translating policy into detailed, repeatable steps for responding to specific threat...
External Security Governance Considerations (Domain 5)
Security doesn't operate in a vacuum—organizations must navigate a complex web of external considerations that shape how security is governed. In this episode, we expl...
Monitoring and Revising Governance Policies (Domain 5)
Security policies must evolve with technology, threat landscapes, and business goals—and that’s why continuous monitoring and revision are essential. In this episode, ...
Governance Structures and Roles (Part 1) (Domain 5)
Security governance relies on a clear structure that defines how decisions are made, who enforces them, and how oversight is maintained. In this episode, we explore go...
Governance Structures and Roles (Part 2) (Domain 5)
Having a governance structure is only the beginning—the real value comes from clearly defining roles and responsibilities within that structure. In this episode, we ex...
Risk Management Fundamentals (Domain 5)
Risk management is the engine that drives strategic decision-making in security, helping organizations focus their efforts on what matters most. In this episode, we ex...
Conducting Risk Assessments (Domain 5)
Risk assessments provide the data organizations need to make informed security decisions, and in this episode, we explore the different types of assessments and how th...
Risk Analysis and Scoring (Domain 5)
After risks are identified, they need to be analyzed and prioritized—and that’s where risk scoring comes in. In this episode, we break down both qualitative methods (l...
Risk Registers and Key Risk Indicators (Domain 5)
Managing risk at scale requires tools that provide structure and visibility, and in this episode, we examine two of the most important: risk registers and key risk ind...
Risk Appetite, Tolerance, and Thresholds (Domain 5)
Every organization must decide how much risk it is willing to accept in pursuit of its goals—and this decision informs every security investment, policy, and control. ...
Risk Management Strategies (Domain 5)
Once risks are identified and analyzed, organizations must decide how to respond—and in this episode, we examine the five primary risk management strategies: mitigate,...
Risk Reporting and Communication (Domain 5)
Risk is meaningless if it isn’t communicated effectively—and in this episode, we focus on how risk reporting bridges the gap between technical findings and business le...
Business Impact Analysis (Domain 5)
Business Impact Analysis (BIA) is the foundation of business continuity and disaster recovery planning, helping organizations understand which processes matter most an...
Understanding Recovery Objectives (Domain 5)
Recovery objectives define how quickly and how completely a system must return to functionality after a disruption—and in this episode, we explore two of the most crit...
Mean Time Metrics and System Resilience (Domain 5)
System resilience depends not only on planning but on measurable performance—and in this episode, we explore four key metrics that define how systems behave under fail...
Vendor Risk and Supply Chain Considerations (Domain 5)
A growing portion of cybersecurity risk now comes from outside the organization—specifically, through third-party vendors, suppliers, and service providers. In this ep...
Agreement Types and Contractual Security (Domain 5)
Contracts are one of the most powerful tools in managing cybersecurity obligations, and in this episode, we break down the types of agreements that define roles, respo...
Ongoing Vendor Monitoring and Engagement (Domain 5)
Vendor risk doesn’t stop after the contract is signed—ongoing monitoring and relationship management are critical for maintaining visibility and accountability. In thi...
Effective Compliance Reporting (Domain 5)
Compliance reporting ensures that an organization can demonstrate adherence to regulatory, contractual, and internal security requirements—and in this episode, we expl...
Consequences of Non-Compliance (Domain 5)
Failing to meet regulatory or contractual obligations can carry severe consequences, both financially and reputationally. In this episode, we break down the real-world...
Attestation and Acknowledgement in Compliance (Domain 5)
Attestation and acknowledgement are critical for ensuring that individuals and third parties formally understand and accept their roles in maintaining security and com...
Privacy Laws and Global Compliance (Domain 5)
Data privacy is no longer just a legal issue—it’s a global business imperative, and this episode explores the complex and evolving landscape of privacy laws. We cover ...
Data Inventory, Retention, and the Right to Be Forgotten (Domain 5)
Managing personal data effectively starts with knowing exactly what you have, where it lives, how long you keep it, and what rights users have over it. In this final e...
Privacy and Legal Implications of Compliance (Domain 5)
Privacy and compliance are deeply intertwined, especially as global regulations push organizations to safeguard personal data across jurisdictions. In this episode, we...
Data Management and Compliance (Domain 5)
Effective data management is critical for both operational success and regulatory compliance, and in this episode, we explore how organizations maintain control over w...
Attestation and Internal Audits (Domain 5)
Attestation and internal audits are two of the most powerful tools for ensuring your security program is functioning as intended. In this episode, we start by explorin...
Internal Audit Structures (Domain 5)
The effectiveness of internal audits depends not just on what’s reviewed, but on how the audit function is structured within the organization. In this episode, we exam...
External Audits and Assessments (Domain 5)
External audits provide an independent review of an organization’s security and compliance posture, often driven by regulatory mandates, certification requirements, or...
