Organizations rely on valid data to make informed decisions. When data integrity is compromised, the veracity of the decision-making process is likewise threatened. In this episode, Dave Zubrow discusses the importance of data quality and research that his team is undertaking in this area. Listen on Apple Podcasts .
Deploy vulnerability exploit prevention and mitigation techniques to thwart attacks and manage the arms race. Related Course Malware Analysis Apprenticeship Listen on Apple Podcasts .
In this episode, Novak discusses misaligned incentives, misaligned people incentives in software acquisition programs, and how the wrong incentives can undermine acquisition programs and produce poor outcomes. Listen on Apple Podcasts .
Typically, people who believe themselves to be Agile, believe that developers realize the best results when they focus on empowered teams, collaboration with stakeholders, avoiding unnecessary work, and receiving frequent feedback. Agilests hate the term "process" because they use the word somewhat differently than we do. The word "process," however, can be defined as something done repeatedly, with some discipline, and to achieve an end. In this podcast, Bill Nichols discusses how a disciplined...
The SEI is focused on reducing the DoD information technology (IT) development cycle currently as long as 81 months to short, incremental approaches that yield results more quickly. One complicating factor is that DoD acquisition programs (like other highly-regulated commercial environments) have a prescribed vision of how IT systems are developed. This podcast explores the SEI's research and work to assist the DoD in Agile acquisition. Listen on Apple Podcasts ....
Managing technical debt, which refers to the rework and degraded quality resulting from overly hasty delivery of software capabilities to users, is an increasingly critical aspect of producing cost-effective, timely, and high-quality software products. A delicate balance is needed between the desire to release new software capabilities rapidly to satisfy users and the desire to practice sound software engineering that reduces rework. In this podcast, Ipek Ozkaya discusses the SEI's research on t...
Soldiers can use handheld mobile computing devices (aka smart-phones) to help with various tasks, such as speech and image recognition, natural language processing, decision making and mission planning. There are challenges to achieving these capabilities such as unreliable networks and bandwidth, lack of computational power, and the toll that computation-intensive tasks take on battery power. In this episode, Grace discusses research that she is leading to overcome these challenges by using clo...
CERT-RMM can be used to establish and meet resilience requirements for a wide range and diverse set of business objectives. Related Courses Introduction to the CERT Resilience Management Model CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Listen on Apple Podcasts .
Implementing CERT-RMM requires well-defined improvement objectives, sponsorship, proper scoping and diagnosis, and defined processes and measures. Related Courses: Introduction to the CERT Resilience Management Model CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Listen on Apple Podcasts .
Security controls, including those for insider threat, are the safeguards necessary to protect information and information systems. Related Course Insider Threat Workshop Listen on Apple Podcasts .
Implementing secure coding standards to reduce the number of vulnerabilities that can escape into operational systems is a sound business decision. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
Protecting the internet and its users against cyber attacks requires a significant increase in the number of skilled cyber warriors. Related Courses Information Security for Technical Staff Fundamentals of Incident Handling Listen on Apple Podcasts .
Electronic health records bring many benefits along with security and privacy challenges. Listen on Apple Podcasts .
Measures of operational resilience should answer key questions, inform decisions, and affect behavior. Related Course Introduction to the CERT Resilience Management Model Listen on Apple Podcasts .
Use of Domain Name System security extensions can help prevent website hijacking attacks. Listen on Apple Podcasts .
Depending on the service model, cloud providers and customers can monitor and implement controls to better protect their sensitive information. Listen on Apple Podcasts .
Analyzing malware is essential to assess the damage and reduce the impact associated with ongoing infection. Related Course Malware Analysis Apprenticeship Listen on Apple Podcasts .
Over 100 electric power utilities are accelerating their transformation to the smart grid by using the Smart Grid Maturity Model. Listen on Apple Podcasts .
Business leaders must address risk at the enterprise, business process, and system levels to effectively protect against today's and tomorrow's threats. Related Courses Assessing Information Security Risk Using the OCTAVE Approach Introduction to the CERT Resilience Management Model Listen on Apple Podcasts .
Scenario-based exercises help organizations, governments, and nations prepare for, identify, and mitigate cyber risks. Listen on Apple Podcasts .
Technical controls may be effective in helping prevent, detect, and respond to insider crimes. Related Course Insider Threat Workshop Listen on Apple Podcasts .
Use the CERT Resilience Management Model (CERT-RMM) to help ensure that critical assets and services perform as expected in the face of stress and disruption. Related Course Introduction to the CERT Resilience Management Model Listen on Apple Podcasts .
Government agencies and private industry must build effective partnerships to secure national critical infrastructures. Listen on Apple Podcasts .
Knowledge about software assurance is essential to ensure that complex systems function as intended. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
Organizations can benchmark their software security practices against 109 observed activities from 30 organizations. Related Course Secure Coding in C and C++ Listen on Apple Podcasts .
Internet-connected mobile devices are becoming increasingly attractive targets Listen on Apple Podcasts .
A national CSIRT is essential for protecting national and economic security, and ensuring the continuity of government agencies and critical infrastructures. Related Courses Creating a Computer Security Incident Response Team Managing Computer Security Incident Response Teams Listen on Apple Podcasts .
Securing systems that control physical switches, valves, pumps, meters, and manufacturing lines as these systems connect to the internet is critical for service continuity. Listen on Apple Podcasts .
To help identify and eliminate security vulnerabilities, subject all software that you build and buy to fuzz testing. Listen on Apple Podcasts .
Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses. Listen on Apple Podcasts .
