Cybersecurity Risk
Feeling overwhelmed by cyber risk? You're not alone. In today's digital world, cyber threats are a complex issue and a strategic opportunity to strengthen your organization's resilience.
This podcast dives deep into the world of cyber governance and risk management. We'll have open conversations with experts to help you take your organization's cybersecurity posture from "as-is" to the next level.
Here's what you'll learn:
- Program and control assessments: Identify weaknesses in your current defenses.
- Risk identification and mitigation: Proactively address threats before they strike.
- Building a risk register: Track and prioritize your organization's vulnerabilities.
- Crafting effective mitigation plans: Develop strategies to minimize cyber risk.
- And much more!
Join us and learn how to navigate the ever-evolving cyber landscape with confidence.
- Update frequency
- every 6 days
- Average duration
- 7 minutes
- Episodes
- 108
- Years Active
- 2019 - 2025
Risk Owners
There are many stakeholders in cybersecurity, and it makes sense to outline roles and responsibilities in terms of how each role impacts cyber resiliency.
- The board of directors
- F…
NISTIR 8286D
The initial public draft of NIST IR 8286D provides comprehensive asset confidentiality and integrity impact analyses to accurately identify and manage asset risk propagation fro…
Cyber Frameworks - 3 Common Pitfalls
Choosing a Cybersecurity Framework
Three common pitfalls of cybersecurity or risk frameworks:
- Finding the “perfect” framework. No single framework fits an organization’s risk prof…
Cybersecurity - 5 Measures & Metrics
There are several measurements or metrics an organization can put in place to monitor; some of them can be turned into Key Risk Indicators (KRIs) and Key Performance Indicators …
Risk Assessment - What to Assess
These 3 steps you can take to perform a risk assessment:
- Identify and document the scope and assets to be assessed. I suggest starting with your critical assets.
- Identify and coll…
What to Focus First
What to Focus on FIRST
Mission-based cybersecurity
- Systems supporting the mission, vision, and services
- Regulatory systems - PCI, HIPAA, SOX, GDPR
Prioritizing remediation is based …
Improving Risk Program - 5 Tips
There are some simple rules that you can start today to ensure improvements to your cyber risk program.
- Define the problem
- Define risk
- Define critical
- Identify and inventory critica…
Tackling Risk Probability and Impact
Today I’ll discuss risk probability and impact and give you some examples to build your own impact and probability table.
- Probability
- Impact
Thanks.
Dr. Bill Souza
CEO/Founder
E|CE - …
5 Cybersecurity Challenges
Today I’ll touch on the topic of Cyber Risk & Cyber Investment challenges.
- Improving
- Exploits
- Attack paths
- Attacker behavior
- Investment
Thanks.
Dr. Bill Souza
CEO/Founder
E|CE - Executiv…
Lacking Basic Cybersecurity Practices
The show today is based on an article titled, “Global utilities lacking basic cybersecurity practices.” Although the article was focused on utilities, the guidance is applicable…
Cybersecurity Basics - What you Need to Know
We are so focused on the threats and the vulnerabilities that allowed a hack to occur, that we forget the basics. The protection necessary to prevent or slow down these attacks …
Cybersecurity Exceptions - Part 3 (FINAL)
In today's episode, I will discuss exceptions tracking and expirations. This is the last episode in a three-part series on cybersecurity standard exceptions.
Thanks.
Dr. Bill Souz…
Cybersecurity Exceptions - Part 2
As I mentioned in my previous episode, there’s much more to discuss on cybersecurity exceptions, such as the risk they pose to the organization and the hidden dangers of cumulat…
Cybersecurity Exceptions - Part 1
If your cybersecurity standards were written to protect the organization, why do you have security exceptions? Your standard development team writes an excellent standard; it fo…
Cybersecurity - Asset Classification
Asset classification is the foundation of everything else to come in cybersecurity; it will help your organization, for example, small or large, to better understand, manage, id…
Zero-Sum Game
In this episode, I will discuss three challenging areas where cybersecurity education is falling short in preparing students and professionals to succeed in the field.
Cybersecurity Investment & Risk Strategy
In this episode, I discuss how to leverage your risk framework to make sound cybersecurity investment decisions. I addressed two critical questions that you will need to know th…
Critical Systems: Asking the Right Questions
To get results you need to ask the right question, collect the data, analyze, and develop a robust and factual interpretation. This episode will guide you through the thought pr…
Cyber Risk Identification
Today’s episode I will discuss a strategy to identify critical systems in your organization. The steps I will discuss today will make sure your program is objective and repeatab…
Key Risk Indicators
Today’s episode we will discuss how to identify KRIs (key risk indicators). I’ll discuss a simple and effective way to do it; there seems to be a lot of confusion on what to mea…