Getting to a Useful Set of Security Metrics
Well-defined metrics are essential to determine which security practices are worth the investment. Listen on Apple Podcasts .
Sep 02, 2008•19 min
Software Engineering Institute (SEI) Podcast Series
The SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
Last refreshed: ⓘ
Follow this podcast in the Metacast mobile app to refresh it and see new episodes.
Podcasts are better in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episodes
How to Start a Secure Software Development Program
Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Listen on Apple Podcasts .
Aug 20, 2008•20 min
Managing Risk to Critical Infrastructures at the National Level
Protecting critical infrastructures and the information they use are essential for preserving our way of life. Listen on Apple Podcasts .
Aug 05, 2008•22 min
Analyzing Internet Traffic for Better Cyber Situational Awareness
Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Related Courses Information Security for Technical Staff Advanced Information Security for Technical Staff Listen on Apple Podcasts .
Jul 28, 2008•30 min
Managing Security Vulnerabilities Based on What Matters Most
Determining which security vulnerabilities to address should be based on the importance of the information asset. Related Course Information Security for Technical Staff Listen on Apple Podcasts .
Jul 22, 2008•23 min
Identifying Software Security Requirements Early, Not After the Fact
During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
Jul 08, 2008•23 min
Making Information Security Policy Happen
Targeted, innovative communications and a robust life cycle are keys for security policy success. Related Course Managing Enterprise Information Security Listen on Apple Podcasts .
Jun 24, 2008•24 min
Becoming a Smart Buyer of Software
Managing software that is developed by an outside organization can be more challenging than building it yourself. Related Course Software Acquisiton Survival Skills Course Listen on Apple Podcasts .
Jun 10, 2008•21 min
Building More Secure Software
Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
May 27, 2008•17 min
Connecting the Dots Between IT Operations and Security
High performing organizations effectively integrate information security controls into mainstream IT operational processes. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .
May 13, 2008•25 min
Getting in Front of Social Engineering
Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. Listen on Apple Podcasts .
Apr 29, 2008•24 min
Using Benchmarks to Make Better Security Decisions
Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Listen on Apple Podcasts .
Apr 15, 2008•20 min
Protecting Information Privacy - How To and Lessons Learned
Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Listen on Apple Podcasts .
Apr 01, 2008•22 min
Initiating a Security Metrics Program: Key Points to Consider
A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. Listen on Apple Podcasts .
Mar 18, 2008•12 min
Insider Threat and the Software Development Life Cycle
Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. Listen on Apple Podcasts .
Mar 04, 2008•24 min
Tackling the Growing Botnet Threat
Business leaders need to understand the risks to their organizations caused by the proliferation of botnets. Listen on Apple Podcasts .
Feb 19, 2008•21 min
Building a Security Metrics Program
Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Listen on Apple Podcasts .
Feb 05, 2008•23 min
Inadvertent Data Disclosure on Peer-to-Peer Networks
Peer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. Listen on Apple Podcasts .
Jan 22, 2008•20 min
Information Compliance: A Growing Challenge for Business Leaders
Directors and senior executives are personally accountable for protecting information entrusted to their care. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .
Jan 08, 2008•22 min
Internal Audit's Role in Information Security: An Introduction
Internal Audit can serve a key role in putting an effective information security program in place, and keeping it there. Listen on Apple Podcasts .
Dec 10, 2007•14 min
What Business Leaders Can Expect from Security Degree Programs
Information security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees? Listen on Apple Podcasts .
Nov 27, 2007•19 min
The Path from Information Security Risk Assessment to Compliance
Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome. Related Course Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts .
Nov 13, 2007•26 min
Computer Forensics for Business Leaders: Building Robust Policies and Processes
Business leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations. Related Training Computer Forensics for Technical Staff Listen on Apple Podcasts .
Oct 30, 2007•12 min
Business Resilience: A More Compelling Argument for Information Security
A business resilience argument can bridge the communication gap that often exists between information security officers and business leaders. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts .
Oct 16, 2007•25 min
Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity
By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their organizations stand up to known and unknown threats. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts .
Oct 15, 2007•18 min
The Human Side of Security Trade-Offs
It's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort. Listen on Apple Podcasts .
Sep 18, 2007•27 min
Dual Perspectives: A CIO's and CISO's Take on Security
Given that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution. Listen on Apple Podcasts .
Sep 04, 2007•26 min
Reducing Security Costs with Standard Configurations: U.S. Government Initiatives
Information security costs can be significantly reduced by enforcing standard configurations for widely deployed systems. Listen on Apple Podcasts .
Aug 07, 2007•25 min
Tackling Security at the National Level: A Resource for Leaders
Business leaders can use national CSIRTs (Computer Security Incident Response Teams) as a key resource when dealing with incidents with a national or worldwide scope. Related Courses Creating a Computer Security Incident Response Team Managing Computer Security Incident Response Teams Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Listen on Apple Podcasts .
Aug 07, 2007•22 min
Real-World Security for Business Leaders
Security is not an option - but it may be time to start viewing it as a business enabler, rather than just a cost of doing business. Related Courses Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts .
Jul 24, 2007•20 min
Hosted on Libsyn
For the best experience, listen in Metacast app for iOS or Android