![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
19 episodes
![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
The CyberCast Andrew Morgan
-
- Technology
-
-
4.7 • 15 Ratings
-
The CyberCast is purpose built for MSPs, MSSPs and IT Practitioners.In each episode you will learn about a new security control, how it maps to the different frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends.Sponsors:Datto - CIS Control 3 - Data ProtectionNetwrix - CIS Control 3 - Data ProtectionDuo - CIS Control - Multifactor Authentication
-
CIS Control 18 - Penetration Testing - Sponsored by Hacket Cyber
Penetration testing is something that more companies and organizations should be considering a necessary expense. Pen Testing is an important aspect of discovery and identifying potential critical vulnerabilities within your organizations external network, internal network, applications, or systems. They provide a valuable insight on how your digital and human assets perform.In this episode we review the criticality of scoping a Pen Test, along with differences between Pen Testing, Red ...
-
CIS Control 17 - Incident Response Management - Sponsored by Exigence
The biggest takeaway from CIS Control 17 is that planning and communication are critical when responding to an incident. The longer an intruder has access to your network, the more time they’ve had to embed themselves into your systems. Communicating with everyone involved can help limit the duration between attack and clean-up.Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare...
-
CIS Control 16 - Application Software Security - Sponsored by Manicode
CIS Control 16 - Application Software SecurityThe way in which we interact with applications has changed dramatically over years. Organizations use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network security controls and compromise sensitive data. NOTE: Crowdstrike notes...
-
CIS Control 15 - Service Provider Management
LastPass and the recent Rackspace Exchange incident are two prime examples of "why" this Control is Critical!!Develop a process to evaluate service providers who hold sensitive data, or are responsible for critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.Identify your business needs and create a set of standards that can be used to grade services providers that are being proposed. Organize and monitor all services provide...
-
CIS Control 14 - Security Awareness and Skills Training - sponsored by Phin Security
MSP/MSSPs should offer solutions to provide users with frequent security awareness training to increase its overall security posture. The information provided by the security awareness training should be relevant and provide insights into recent security incidents. Training should also reiterate the necessity of using strong passwords, spotting and reporting phishing attacks, as well as properly handling personal information. Security awareness training should include frequent phishing t...
-
CIS Control 13 - Network Monitoring and Defense - sponsor by ConnectWise
Network monitoring and defense is one of only two controls that does not contain any Implementation Group 1 Safeguards in Controls version 8. This control is geared towards mature MSPs, MSSPs & organizations who have a mindset of continuous improvement that involves people, process, and technology. Service providers need a well-trained staff that executes on their network monitoring, detection, logging, correlation of events in order to thwart malicious attac...
Customer Reviews
Every MSP needs to listen to this.
The title says it all.
Excellent
Great podcast for the folks in the MSP space! Heck of a host too.