Cyber Compliance & Beyond

Kratos
  • 5.0 (1)
  • TECHNOLOGY
  • UPDATED MONTHLY
Cyber Compliance & Beyond

Welcome to “Cyber Compliance and Beyond,” a Kratos podcast that will bring clarity to compliance, helping put you in control of cybersecurity compliance in your organization. Kratos is a leading cybersecurity compliance advisory and assessment organization, providing services to both government and commercial clients across varying sectors including defense, space, satellite, financial services, and health care. Through "Cyber Compliance and Beyond," our cyber team of experts will share their insights on the latest compliance issues. We want to hear from you! What unanswered question would you like us to tackle? Is there a topic you’d like us to discuss? Or do you just have some feedback for us? Let us know on Linked and Twitter at Kratos Defense or by email at ccbeyond@kratosdefense.com.

  1. 13 - Cybercrime – Credential Theft – Part 2/4

    1D AGO

    13 - Cybercrime – Credential Theft – Part 2/4

    Nothing introduces more complexity to an organization than access control as with access comes privileges. Privileges are needed for many activities within an organization. Couple the need for privileges with the complexity organizational structures and the usual personnel churn and an already complex problem becomes nearly unmanageable. Attackers target credentials for this very reason. Compromising an end-user with no privileges may seem trivial and unlikely to cause harm. However, as we discuss in this episode, if a privileged user logged in on that end-user’s machine, their privileged credentials are now comprised, allowing the attackers to exploit other parts of the organization’s network. While the problem can reach a place of being unmanageable, there are methods and solutions available to tackle this problem. Links: Enterprise Access Model Credential Harvesting and Mitigations (PDF) Point of Entry: Why Hackers Target Stolen Credentials for Initial Access The Growing Threat from Infostealers

    51 min
  2. 12 - Mobile Platform Security

    MAR 11

    12 - Mobile Platform Security

    Mobile devices have become an extension of ourselves, seamlessly integrated into our daily lives like never before. But as we prioritize convenience—wanting our devices to “just work”—we often overlook security. This episode dives into the growing cybersecurity challenges that come with mobile adoption and what individuals and organizations can do to stay protected. We’ll go over: Why reliance on convenience creates security vulnerabilities (hint: it isn’t primarily vulnerabilities in the technical sense, more in the human sense) Key technical and compliance components driving mobile device security Technologies organizations can leverage to balance security and usability Links: https://www.hypori.com/use-cases

    50 min
  3. 11 - CMMC Rollout – Q&A

    FEB 13

    11 - CMMC Rollout – Q&A

    Rolling out a new program always comes with challenges and CMMC has been no exception. Fortunately, we’ve moved into the implementation phase, with assessments now underway. This milestone not only helps organizations see the real value of the program but also gives us the chance to address lingering questions and clarify uncertainties that could only be resolved through full implementation. With this progress, we’re encountering fresh challenges and questions we hadn’t anticipated — while still fielding many of the same inquiries we’ve heard from the beginning. The good news? Full implementation means we can now provide more concrete, experience-backed answers to both new and long-standing concerns.

    29 min
  4. 10 - The CMMC Training and Certification Ecosystem

    JAN 7

    10 - The CMMC Training and Certification Ecosystem

    The CMMC training and certification ecosystem is ambitious as it aims to support training material development and certification of both instructors and assessors. It is currently on a path to providing a strong foundation for CMMC as a whole. In this episode our cybersecurity experts dive into the details and nuances of the training and certification requirements in the CMMC ecosystem. Hear them define the terms, discuss the requirements, contrast CMMC training and certification with other compliance frameworks, grapple with challenges and finally address what lies ahead. Joining host Cole French is Joe Lissenden, CEO of Precision Execution, provider of CMMC training and certification services. Joe has more than 25 years of consulting, training, and auditing experience over a wide range of systems and standards. Reference material: Acronyms: APP: Approved Publishing Partner (formerly Licensed Publishing Partner) ATP: Approved Training Provider (formerly Licensed Training Provider) CCI: CMMC Certified Instructor (formerly Provisional Instructor) CAICO: Cybersecurity Assessor & Instructor Certification Organization CAP: CMMC Assessment Process CATM: CAICO Approved Training Material CCP: CMMC Certified Professional CCA: CMMC Certified Assessor OSC: Organization Seeking Certification RPO: Registered Provider Organization Links: Cybersecurity Assessor & Instructor Certification Organization (CAICO) CMMC Assessment Process (CAP)

    50 min
  5. 9 - Cybercrime–The Landscape – Part 1/4

    12/03/2024

    9 - Cybercrime–The Landscape – Part 1/4

    The news about cybercrime is overwhelming to those who fight to secure our organizations. Cybercrime organizations are sophisticated and constantly changing. But there’s a hidden truth in cybercrime attacks: cybercriminals exploit the same weaknesses they’ve been exploiting for years. This should give us some hope; we know where our organizations are weakest, which gives us a good place to start. But these weaknesses are often hard to address. They require not just technical solutions, but a lot of thought, coordination, planning, and continual re-evaluation. Most often thought of as technical problems, compliance frameworks provide a solid starting point for properly framing the thought, coordination, planning, and continual re-evaluation that is necessary. Our guest, Terry McGraw will walk us through these solutions and the support that compliance frameworks provide to ensure continued success. Terry is a retired Lieutenant Colonel from the United States Army and now serves the CEO of Cape Endeavors, Inc, with over 20 years of providing expertise in cyber security threat analysis, security architectural design, network operations and incident response for both commercial and government sectors. Links: Ransomware Stages of Grief 2024 State of the Threat – A Year in Review Detecting Top Initial Attack Vectors in 2024 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns Meeting a Greater Demand for Cybersecurity

    52 min
  6. 8 - The CMMC Rule … Finally

    11/05/2024

    8 - The CMMC Rule … Finally

    CMMC’s security requirements are not new. What is new about CMMC is the level of rigor. With the recent publication of the CMMC rule, DoD is ever closer to requiring contractors to comply with CMMC security requirements and back them up with an assessment. The CMMC Rule, like any new regulation, is packed with details. Details that have been rumored, speculated, and drafted. Now that they’re known and final, we’re here to help you see clearer. In today’s episode, our host, Cole French becomes the expert guest. As Director of Cybersecurity Services and CMMC Capability Lead at Kratos, Cole answers all the questions you might still have about CMMC and its impact on your organization: ·       When will assessments start? ·       What can my organization do now? ·       When will CMMC be required in DoD contracts? ·       How does the rule impact my use of external service providers? ·       Can I qualify for a self-assessment or must I go through a C3PAO assessment? And more! Links: The Rule Kratos’ CMMC Services Data Sheet DoD’s CMMC Overview CMMC’s New Rule Has Finally Arrived: 7 Key Takeaways to Help You Move Forward

    26 min

  7. 10/01/2024

    7 - AI and Cyber Compliance

    AI is bringing speed and velocity never seen before. Some studies show that the output is the equivalent to what 35-40 humans can produce. This speed and velocity is applied to countless use cases across just about every economic sector. Cybersecurity compliance is laden with repetitive, redundant, and time-consuming manual tasks. While humans bring nuanced ingenuity and problem-solving capabilities, we are prone to errors, especially across such repetitive, redundant, and time-consuming tasks. Worse, cybersecurity compliance requirements are far from standardized, though there is a tremendous amount of overlap. In these circumstances, humans take short cuts. It’s not a matter of whether short cuts result in errors, only how many errors. The real power of AI in the world of cybersecurity compliance is the ability to bridge all gaps of compliance documentation with minimal to no errors. Furthermore, AI can then be trained to leverage compliance documentation to code and perform actual tasks within a system. In the world of cybersecurity, AI opens the doors to a world in which security truly is baked in from the beginning. Today’s guest is Nic Chaillan, technology entrepreneur, software developer, cyber expert and inventor. He has over 23 years of domestic and international experience with strong technical and subject matter expertise in cybersecurity, software development, product innovation, governance, risk management and compliance. Specifically, these fields include Cloud computing, Cybersecurity, DevSecOps, Big Data, multi-touch, mobile, IoT, Mixed Reality, VR, and wearables. Resources: ·         AskSage Training Materials: https://chat.asksage.ai

    46 min

  8. 09/03/2024

    6 - Supply Chain Security

    Supply chain security is not new, though it certainly feels as though it is. Thanks to globalization, supply chains are ever growing in their depth, complexity, and interconnectedness. Unfortunately, like so many other systems, security of supply chains hasn’t been at the top of the list of things to consider when evaluating supply chains. Understandably, economics led the way. A supply chain exists to foster economic growth and profit-making. None of these are bad but there’s a painful irony: the less security is considered, the greater the costs, which drives down growth and profit-making. Costs aren’t just financial, either. The cost of losing a competitive edge is significant but almost impossible to quantify in dollars. It runs much deeper. As data theft has proliferated on an unprecedented scale, the need for securing supply chains has begun it’s rise to the top of our consciousness. The intriguing thing about supply chain security is that it isn’t all that different than traditional risk management activities. Today’s guest is John Santore, Director of Cybersecurity Services here at Kratos. Together, we’ll dive into supply chain security. We’ll outline what a supply chain is, what to consider when evaluating your supply chain, some of the challenges you might encounter along the way and we’ll outline a basic supply chain risk management approach. Resources: The core tenants of a supply chain risk management approach: Inventory your supply chain Ensure strong relationships are in place with those in your supply chain Develop criteria for evaluating the risk of suppliers within your organization Work with your suppliers to obtain the information necessary to perform the evaluation Develop a process for scrutinizing suppliers that are identified as high-risk Repeat the process on a defined frequency Ensure that it is applied as part of any supplier intake Links: NIST SP 800-161: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations C-SCRM Factsheet NIST SP 800-218: Secure Software Development Framework Executive Order 14028 OMB M-22-18 OMB M-23-16

    40 min
See All (13)

    About

    Welcome to “Cyber Compliance and Beyond,” a Kratos podcast that will bring clarity to compliance, helping put you in control of cybersecurity compliance in your organization. Kratos is a leading cybersecurity compliance advisory and assessment organization, providing services to both government and commercial clients across varying sectors including defense, space, satellite, financial services, and health care. Through "Cyber Compliance and Beyond," our cyber team of experts will share their insights on the latest compliance issues. We want to hear from you! What unanswered question would you like us to tackle? Is there a topic you’d like us to discuss? Or do you just have some feedback for us? Let us know on Linked and Twitter at Kratos Defense or by email at ccbeyond@kratosdefense.com.

    Information

    • Creator
      Kratos
    • Years Active
      2024 - 2025
    • Episodes
      13
    • Rating
      Clean
    • Copyright
      © Kratos Defense & Security Solutions
    • Show Website
      Cyber Compliance & Beyond

    Content Restricted

    This episode can’t be played on the web in your country or region.

    To listen to explicit episodes, sign in.

    Stay up to date with this show

    Sign in or sign up to follow shows, save episodes, and get the latest updates.
    Select a country or region

    Africa, Middle East, and India

    Asia Pacific

    Europe

    Latin America and the Caribbean

    The United States and Canada