A short form (15-20 minute) weekly podcast hosted by SecurityStudio's Ryan Cloutier and Evan Francen. SIMPLE information security tips and tricks are discussed for experts and non-experts alike.
Co-hosts Ryan Cloutier and Evan Francen share their real world experiences about what works and what doesn't in the world of cybersecurity.
Episode 15 - Common Incident Response Questions (Incident Management Series)
Episode 15 is the 4th installment in the Security Simplified Incident Management Series. Over the course of dozens of years and 100s of incidents we've heard a lot of questions, and some are more common than others. When we're in the middle of an information security incident, just about every question is valid.
Tune in to this episode to hear some of the most common questions incident response clients have asked us. We'll share our common responses too.
At SecurityStudio, our mission is: "Simplify Information Security For ALL".
Episode 14 - Common Incident Management Mistakes (Incident Management Series)
The 3rd installment in the Security Simplified Incident Management Series. In this episode, Ryan and Evan have a good discussion about the most common mistakes we've seen over the years with incident response/management.
Maybe you're prone to one (or more) of these mistakes, or you've certainly heard about them. Regardless, these guys have already paid the "dumb tax". Learn how to avoid common mistakes and adopt the best plan for your organization!
All this while staying true to our motto: "Simplify Information Security For ALL". It's our mission. #MissionBeforeMoney.
Episode 13 - Busting Incident Management Myths (Incident Management Series)
This is #2 of 9 in the Security Simplified Incident Management Series. In this episode (#13), Evan and Ryan bust the top incident response planning myths. This is a MUST LISTEN episode where the guys break it down using simple logic.
Despite the fact that information security incidents are certain to happen, most organizations do NOT do proper planning.
Episode 12 - Building Support for Incident Management (Incident Management Series)
The Security Simplified Podcast is back, and we're introducing the Incident Management Series! For the next nine episodes, Evan and Ryan will simplify Incident Management for the Security Simplified Podcast audience.
We start the series with this episode (Episode 12), tackling how to build support for an Incident Management Program. Despite the fact that information security incidents are certain to happen, most organizations do NOT do proper planning.
Maybe we (information security professionals) haven't done a good job communicating the importance of an incident management program. Maybe we don't know the importance ourselves. Whatever the reason, we MUST do better!
Episode 11 - Guidelines, Standards, and Procedures
The 5th installment in the Information Security Governance Simplified Series, "Guidelines, Standards, and Procedures".
In case you haven't noticed yet, Evan and Ryan have taken you from top to bottom with governance. It's not nearly as complicated as we tend to make it! In episode 10, the topic of information security policies was covered, and our policies need some tactical support. This is where guidelines, standards, and procedures are used.
- What is a "guideline"?
- What is a "standard"?
- What is a "procedure"?
- The purpose for each document type.
- Approvals for each document type.
Next week, we wrap up the series with "Maintaining Effective Governance".
Hope you enjoy!
Episode 10 - Information Security Policies
The next installment in the Information Security Governance Simplified Series.
After covering the definition of information security governance (Ep. 7), the importance of aligning governance with the organization's mission (Ep. 8), and information security roles and responsibilities (Ep. 9), Ryan and Evan tackle information security policies in this episode (Ep. 10).
- What are policies used for?
- Who approves policies and policy changes?
- Who maintains policies?
- Which policies are considered "standard" policies?
- Policy status tracking.
Information security policies are critical to the success of an information security program, BUT only if they're done and used properly.