Software Engineering Institute (SEI) Podcast Series

Business leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations. Related Training Computer Forensics for Technical Staff Listen on Apple Podcasts.

A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts.

By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their organizations stand up to known and unknown threats. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts.

It's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort. Listen on Apple Podcasts.

Given that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution. Listen on Apple Podcasts.

Information security costs can be significantly reduced by enforcing standard configurations for widely deployed systems. Listen on Apple Podcasts.

Business leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope. Related Courses Creating a Computer Security Incident Response Team Managing Computer Security Incident Response Teams Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Listen on Apple Podcasts.

Security is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business. Related Courses Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.

Business leaders can use international standards to create a business- and risk-based information security program. Listen on Apple Podcasts.

Enterprise security governance is not just a vague idea - it can be achieved by implementing a defined, repeatable process with specific activities. Related Courses Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.

Deploying common solutions for physical and IT security is a cost-effective way to reduce risk and save money. Listen on Apple Podcasts.

Organizations occasionally may need to redefine their IT infrastructures - but to succeed, they must be prepared to handle tricky situations. Related Courses Information Security for Technical Staff Advanced Information Security for Technical Staff Listen on Apple Podcasts.

As the legal compliance landscape grows increasingly complex, de-identification can help organizations share data more securely. Listen on Apple Podcasts.

Business leaders need to ensure that their organizations can keep critical business processes and services up and running in the face of the unexpected. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts.

Computer forensics is often overlooked when planning an incident response strategy; however, it is a critical part of incident response, and business leaders need to understand how to tackle it. Related Courses Computer Forensics for Technical Staff Listen on Apple Podcasts.

Incident management is not just about technical response. It is a cross-enterprise effort that requires good communication and informed risk management. Related Courses Creating a Computer Security Incident Response Team Managing Computer Security Incident Response Teams Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Listen on Apple Podcasts.

Business leaders, including legal counsel, need to understand how to tackle complex security issues for a global enterprise. Listen on Apple Podcasts.

System administrators increasingly need business savvy in addition to technical skills, and IT training courses must try to keep pace with this trend. Listen on Apple Podcasts.

Business leaders need to be prepared to communicate with the media and their staff during high-profile security incident or crisis. Listen on Apple Podcasts.

Analysis tools are needed for assessing complex organizational and technological issues that are well beyond traditional approaches. Related Courses Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts.

A trend toward more and more data disclosure, as seen in online social networks, may be causing users to become desensitized to privacy breaches in general. Listen on Apple Podcasts.

Practical specifications and guidelines now exist that define necessary knowledge, skills, and competencies for staff members in a range of security positions - from practitioners to managers. Listen on Apple Podcasts.

Business models are evolving. This has challenging implications as security threats become more covert and technologies facilitate information migration. Listen on Apple Podcasts.

Defense-in-Depth is one path toward enterprise resilience - the ability to withstand threats and failures. The foundational aspects of compliance management and risk management serve as stepping-stones to and supports for other, more technical aspects. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.

The threat of attack from insiders is real and substantial. Insiders have a significant advantage over others who might want to harm an organization. Listen on Apple Podcasts.

In a recent survey of organizations' security posture, one factor separated high performers from the rest of the pack: change management. Listen on Apple Podcasts.

Learn more about the future of CERT and Rich Pethia's view of the Internet security landscape. Listen on Apple Podcasts.

ROI is a useful tool because it enables comparison among investments in a consistent way. Listen on Apple Podcasts.

Integrating security into standard business operating processes and procedures is more effective than treating security as a compliance exercise. Listen on Apple Podcasts.

Threats to information security are increasingly stealthy, but they are on the rise and must be mitigated through sound policy and strategy. Listen on Apple Podcasts.

Leaders need to be security conscious and to treat adequate security as a non-negotiable requirement of being in business. Listen on Apple Podcasts.