Software Engineering Institute (SEI) Podcast Series

Students learn how to combine multiple facets of digital forensics and draw conclusions to support full-scale investigations. Related Training Advanced Incident Handling Advanced Information Security for Technical Staff Listen on Apple Podcasts.

The SGMM provides a roadmap to guide an organization's transformation to the smart grid. Listen on Apple Podcasts.

Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes. Listen on Apple Podcasts.

Addressing privacy during software development is just as important as addressing security. Listen on Apple Podcasts.

Network defenders and business leaders can use NetSA measures and evidence to better protect their networks. Listen on Apple Podcasts.

Providing critical services during times of stress depends on documented, tested business continuity plans. Related Course Introduction to CERT Resiliency Management Model Listen on Apple Podcasts.

A defined, managed process for third party relationships is essential, particularly when business is disrupted. Related Course Introduction to CERT Resiliency Management Model Listen on Apple Podcasts.

The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. Listen on Apple Podcasts.

Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. Listen on Apple Podcasts.

Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat. Listen on Apple Podcasts.

Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. Related Courses Assessing Information Security Risk Using the OCTAVE Practical Risk Management: Framework and Methods Listen on Apple Podcasts.

When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. Listen on Apple Podcasts.

Business leaders need to take action to better mitigate sophisticated social engineering attacks. Listen on Apple Podcasts.

Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. Listen on Apple Podcasts.

Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Listen on Apple Podcasts.

Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Listen on Apple Podcasts.

Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.

Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. Related Courses Assessing Information Security Risk Using the OCTAVE Approach Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts.

Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. Related Courses Advanced Incident Handling Advanced Information Security for Technical Staff Listen on Apple Podcasts.

Standard, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. Related Course Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts.

Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Listen on Apple Podcasts.

Climate change requires new strategies for dealing with traditional IT and information security risks. Listen on Apple Podcasts.

Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. Related Courses Managing Enterprise Information Security Information Security for Technical Staff Listen on Apple Podcasts.

Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Related Course Managing Computer Security Incident Response Teams Listen on Apple Podcasts.

A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.

When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. Listen on Apple Podcasts.

Integrating security into university curricula is one of the key solutions to developing more secure software. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.

OCTAVE® Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. Related Course OCTAVE Listen on Apple Podcasts.

Well-defined metrics are essential to determine which security practices are worth the investment. Listen on Apple Podcasts.

Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Listen on Apple Podcasts.

Protecting critical infrastructures and the information they use are essential for preserving our way of life. Listen on Apple Podcasts.

Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Related Courses Information Security for Technical Staff Advanced Information Security for Technical Staff Listen on Apple Podcasts.

Determining which security vulnerabilities to address should be based on the importance of the information asset. Related Course Information Security for Technical Staff Listen on Apple Podcasts.

During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.

Targeted, innovative communications and a robust life cycle are keys for security policy success. Related Course Managing Enterprise Information Security Listen on Apple Podcasts.

Managing software that is developed by an outside organization can be more challenging than building it yourself. Related Course Software Acquisiton Survival Skills Course Listen on Apple Podcasts.

Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.

High performing organizations effectively integrate information security controls into mainstream IT operational processes. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.

Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. Listen on Apple Podcasts.

Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Listen on Apple Podcasts.

Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Listen on Apple Podcasts.

A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. Listen on Apple Podcasts.

Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. Listen on Apple Podcasts.

Business leaders need to understand the risks to their organizations caused by the proliferation of botnets. Listen on Apple Podcasts.

Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Listen on Apple Podcasts.

Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. Listen on Apple Podcasts.

Directors and senior executives are personally accountable for protecting information entrusted to their care. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.

Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there. Listen on Apple Podcasts.

Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees? Listen on Apple Podcasts.

Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome. Related Course Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts.