Sign up to save your podcasts
Or
Share #2 - Practical uses of the Secure Controls Framework
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#2 - Practical uses of the Secure Controls Framework
Cybersecurity Growth
- livestream and podcast
Duration: Weekly, 90 minutes
Title: Cybersecurity Growth #2 - Practical uses of the Secure Controls Framework
Opening- When You Arrived instrumental as theme song
Welcome to Cybersecurity Growth. A show for aspiring and existing cybersecurity leaders. I’m your host Shawn Valle, Exec Director and CISO of Cybersecurity Growth
Former Chief Security Officer of Rapid7 and former CISO of Tricentis
Musician here on Twitch and elsewhere, MusicBySV (more on that later)
Top News Storieshttps://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_campaign=sm-blog&utm_source=linkedin&utm_medium=organic-social
New emergent threat response: "CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability."
Glenn Thorpe of Rapid7 “This has kept us busy over the past 24+ hours. If you’re running ManageEngine software you should:
1. Patch it always no questions asked just do it.
2a. Keep it as segmented as possible from the public internet regardless of its function.
2b. Migrate away from it.”
Dozens of products impacted.
Access Manager Plus*
Active Directory 360**
ADAudit Plus**
ADManager Plus**
ADSelfService Plus**
Analytics Plus*
Application Control Plus*
Asset Explorer**
Browser Security Plus*
Device Control Plus*
Endpoint Central*
Endpoint Central MSP*
Endpoint DLP*
Key Manager Plus*
OS Deployer*
PAM 360*
Password Manager Pro*
Patch Manager Plus*
Remote Access Plus*
Remote Monitoring and Management (RMM)*
ServiceDesk Plus**
ServiceDesk Plus MSP**
SupportCenter Plus**
Vulnerability Manager Plus*
https://www.csoonline.com/article/3684850/11-top-xdr-tools-and-how-to-evaluate-them.html
By Tim Ferrill CSO Online
11 top XDR tools and how to evaluate themExtended detection and response tools provide a deeper and more automated means to identify and respond to threats. These are some of the most popular options.XDR is a relatively new class of security tool that combines and builds on the strongest elements of security incident and event management (SIEM), endpoint detection and response (EDR), and even security orchestration and response (SOAR).
Trend Micro,
Microsoft XDR,
Palo Alto Networks Cortex XDR,
Crowdstrike Falcon Insight XDR,
Bitdefender GravityZone Business Security Enterprise,
SentinelOne Singularity XDR,
Cybereason XDR,
VMware Carbon Black XDR,
Elastic Security for XDR,
Trellix XDR Platform,
Cynet 360 AutoXDR
https://www.csoonline.com/article/3685670/attackers-deploy-sophisticated-linux-implant-on-fortinet-network-security-devices.html
By Lucian Constantin
Attackers deploy sophisticated Linux implant on Fortinet network security devicesThe exploit allows attackers to remotely execute arbitrary code and commands without authentication.Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details…
…the original zero-day attack was highly targeted to government-related entities…
… CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.
Patch your Fortinet gear.
- Practical uses of the Secure Controls Framework
What’chu Listening To or Creating- Talk about music
That’s a Wrap- Concluding topics
- Thank you for listening
- Web address, socials
- I’m Shawn Valle, creator of this show and the music here on Cybersecurity Growth
- Cybersecuritygrowth.com and cybersecuritygrowth.com/webcasts
- @cybersecuritygrowth
- If you like the show, please tell your friends. If you hate it, tell your adversaries. Like/subscribe and leave 5-stars and a review like “great show, I learned something new to help me in my cybersecurity career.”
- This week we covered
- Practical application of the Secure Controls Framework. Picking up from where we left off last week. My takeaway is, if you are dealing with 3 or more security/privacy frameworks, it’s worth investing time into SCF and possibly a tool that uses SCF as an overarching security framework, for all your compliance/security/privacy frameworks. It may save you time, and provides a wholistic framework for just about any control you could imagine. But, it could be overwhelming, if you are just getting started...so, if you are just getting started on your compliance/security/privacy journey, you may want to wait a year or two before you jump into SCF.
- Plans for next week
- [My approach for the first 100 days as a security leader (this could be as a CISO, but also as a Director of team reporting to the CISO – like GRC Dir, SecOps Dir, ProdSec Dir, etc.)]
- Live on Twitch weekly, Fridays at 10:30 AM EST, 7:30 AM PST, 3:30 PM GMT in your pod feeds a few days later.
🔐 Hire a cybersecurity consultant or vCISO: https://cybersecuritygrowth.com/services
🟢 Free Blogs, Videos and Podcasts: https://cybersecuritygrowth.com/webcasts/
------------------------------------------------------------------------------------
CYBERSECURITY GROWTH SOCIALS
Website: https://cybersecuritygrowth.com
Tik Tok: https://www.tiktok.com/@cybersecgrowth
Facebook: https://www.facebook.com/100066411043800/
Linkedin: https://www.linkedin.com/company/cybersecurity-growth
SHAWN'S MUSIC SOCIALS
Website: https://musicbysv.com/
Spartan Valley (Shawn's artist site): https://spartanvalley.band/
Octavate (Shawn's other music project): https://www.octavate.band/
Spotify: https://open.spotify.com/playlist/6SN1n1xhWt0ztYaJbGSwgu
Instagram: https://www.instagram.com/musicbysv_
https://www.instagram.com/spartanvalleysv/
https://www.instagram.com/octavate.band/
Tik Tok: https://www.tiktok.com/@musicbysv_
https://www.tiktok.com/@octavate
Facebook: https://www.facebook.com/ShawnValleMusic
https://www.facebook.com/SpartanValley
Linkedin: https://www.linkedin.com/in/musicbysv/
Twitter: https://x.com/SpartanValleySV
https://x.com/MusicBySV
YouTube: https://www.youtube.com/@SpartanValley
https://www.youtube.com/@musicbysv_
https://www.youtube.com/@octavateband
View all episodes
By Cybersecurity GrowthCybersecurity Growth
- livestream and podcast
Duration: Weekly, 90 minutes
Title: Cybersecurity Growth #2 - Practical uses of the Secure Controls Framework
Opening- When You Arrived instrumental as theme song
Welcome to Cybersecurity Growth. A show for aspiring and existing cybersecurity leaders. I’m your host Shawn Valle, Exec Director and CISO of Cybersecurity Growth
Former Chief Security Officer of Rapid7 and former CISO of Tricentis
Musician here on Twitch and elsewhere, MusicBySV (more on that later)
Top News Storieshttps://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/?utm_campaign=sm-blog&utm_source=linkedin&utm_medium=organic-social
New emergent threat response: "CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability."
Glenn Thorpe of Rapid7 “This has kept us busy over the past 24+ hours. If you’re running ManageEngine software you should:
1. Patch it always no questions asked just do it.
2a. Keep it as segmented as possible from the public internet regardless of its function.
2b. Migrate away from it.”
Dozens of products impacted.
Access Manager Plus*
Active Directory 360**
ADAudit Plus**
ADManager Plus**
ADSelfService Plus**
Analytics Plus*
Application Control Plus*
Asset Explorer**
Browser Security Plus*
Device Control Plus*
Endpoint Central*
Endpoint Central MSP*
Endpoint DLP*
Key Manager Plus*
OS Deployer*
PAM 360*
Password Manager Pro*
Patch Manager Plus*
Remote Access Plus*
Remote Monitoring and Management (RMM)*
ServiceDesk Plus**
ServiceDesk Plus MSP**
SupportCenter Plus**
Vulnerability Manager Plus*
https://www.csoonline.com/article/3684850/11-top-xdr-tools-and-how-to-evaluate-them.html
By Tim Ferrill CSO Online
11 top XDR tools and how to evaluate themExtended detection and response tools provide a deeper and more automated means to identify and respond to threats. These are some of the most popular options.XDR is a relatively new class of security tool that combines and builds on the strongest elements of security incident and event management (SIEM), endpoint detection and response (EDR), and even security orchestration and response (SOAR).
Trend Micro,
Microsoft XDR,
Palo Alto Networks Cortex XDR,
Crowdstrike Falcon Insight XDR,
Bitdefender GravityZone Business Security Enterprise,
SentinelOne Singularity XDR,
Cybereason XDR,
VMware Carbon Black XDR,
Elastic Security for XDR,
Trellix XDR Platform,
Cynet 360 AutoXDR
https://www.csoonline.com/article/3685670/attackers-deploy-sophisticated-linux-implant-on-fortinet-network-security-devices.html
By Lucian Constantin
Attackers deploy sophisticated Linux implant on Fortinet network security devicesThe exploit allows attackers to remotely execute arbitrary code and commands without authentication.Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details…
…the original zero-day attack was highly targeted to government-related entities…
… CVE-2022-42475, is in the SSL-VPN functionality of FortiOS and can be exploited by remote attackers without authentication. Successful exploitation can result in the execution of arbitrary code and commands.
Patch your Fortinet gear.
- Practical uses of the Secure Controls Framework
What’chu Listening To or Creating- Talk about music
That’s a Wrap- Concluding topics
- Thank you for listening
- Web address, socials
- I’m Shawn Valle, creator of this show and the music here on Cybersecurity Growth
- Cybersecuritygrowth.com and cybersecuritygrowth.com/webcasts
- @cybersecuritygrowth
- If you like the show, please tell your friends. If you hate it, tell your adversaries. Like/subscribe and leave 5-stars and a review like “great show, I learned something new to help me in my cybersecurity career.”
- This week we covered
- Practical application of the Secure Controls Framework. Picking up from where we left off last week. My takeaway is, if you are dealing with 3 or more security/privacy frameworks, it’s worth investing time into SCF and possibly a tool that uses SCF as an overarching security framework, for all your compliance/security/privacy frameworks. It may save you time, and provides a wholistic framework for just about any control you could imagine. But, it could be overwhelming, if you are just getting started...so, if you are just getting started on your compliance/security/privacy journey, you may want to wait a year or two before you jump into SCF.
- Plans for next week
- [My approach for the first 100 days as a security leader (this could be as a CISO, but also as a Director of team reporting to the CISO – like GRC Dir, SecOps Dir, ProdSec Dir, etc.)]
- Live on Twitch weekly, Fridays at 10:30 AM EST, 7:30 AM PST, 3:30 PM GMT in your pod feeds a few days later.
🔐 Hire a cybersecurity consultant or vCISO: https://cybersecuritygrowth.com/services
🟢 Free Blogs, Videos and Podcasts: https://cybersecuritygrowth.com/webcasts/
------------------------------------------------------------------------------------
CYBERSECURITY GROWTH SOCIALS
Website: https://cybersecuritygrowth.com
Tik Tok: https://www.tiktok.com/@cybersecgrowth
Facebook: https://www.facebook.com/100066411043800/
Linkedin: https://www.linkedin.com/company/cybersecurity-growth
SHAWN'S MUSIC SOCIALS
Website: https://musicbysv.com/
Spartan Valley (Shawn's artist site): https://spartanvalley.band/
Octavate (Shawn's other music project): https://www.octavate.band/
Spotify: https://open.spotify.com/playlist/6SN1n1xhWt0ztYaJbGSwgu
Instagram: https://www.instagram.com/musicbysv_
https://www.instagram.com/spartanvalleysv/
https://www.instagram.com/octavate.band/
Tik Tok: https://www.tiktok.com/@musicbysv_
https://www.tiktok.com/@octavate
Facebook: https://www.facebook.com/ShawnValleMusic
https://www.facebook.com/SpartanValley
Linkedin: https://www.linkedin.com/in/musicbysv/
Twitter: https://x.com/SpartanValleySV
https://x.com/MusicBySV
YouTube: https://www.youtube.com/@SpartanValley
https://www.youtube.com/@musicbysv_
https://www.youtube.com/@octavateband