Sign up to save your podcasts
Or
Share CCT 334: CISA and Stryker Attack and AI GRC Foundational Concepts
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CCT 334: CISA and Stryker Attack and AI GRC Foundational Concepts
Send us Fan Mail
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
The fastest way to lose control of your security program is to ignore the systems that control everything else. I start with a timely CISA warning: attackers went after an endpoint management system, the kind of “one system that touches many” platform that can turn a single compromise into enterprise-wide fallout. We talk through practical hardening moves like multi-factor authentication, limiting where admins can log in from, and adding extra checks for high-impact access, because centralized management consoles are prime targets for nation-state and supply chain motivated attacks.
Then we pivot to the bigger wave: AI GRC (governance, risk, and compliance) in the age of artificial intelligence. AI adoption is exploding while AI governance lags, and that gap is where regulatory fines, privacy failures, and reputational damage tend to show up. I break down GRC in clear terms, explain why traditional audits and sample-based testing struggle with always-on AI decisions, and lay out what AI governance needs to add: an AI inventory, explainable AI requirements, named model owners, fairness and bias assessments, model lifecycle governance, and third-party AI risk management.
We also map the AI regulatory landscape you need to know, including the EU AI Act, the NIST AI RMF, and ISO 42001 as an emerging certifiable AI management system. From there, I walk through seven risks companies must understand: algorithmic discrimination, non-compliance, model drift, data governance and GDPR privacy exposure, black box accountability gaps, vendor and supply chain AI risk, and shadow AI from unauthorized employee tool use.
You’ll leave with an eight-step roadmap you can apply immediately, plus next actions like downloading the NIST AI RMF, running a quick AI inventory, assessing EU exposure, and updating vendor due diligence for AI. Subscribe, share this with your GRC or security team, and leave a review so more CISSP learners can find the training.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
View all episodes
By Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
4.5
3333 ratings
Send us Fan Mail
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
The fastest way to lose control of your security program is to ignore the systems that control everything else. I start with a timely CISA warning: attackers went after an endpoint management system, the kind of “one system that touches many” platform that can turn a single compromise into enterprise-wide fallout. We talk through practical hardening moves like multi-factor authentication, limiting where admins can log in from, and adding extra checks for high-impact access, because centralized management consoles are prime targets for nation-state and supply chain motivated attacks.
Then we pivot to the bigger wave: AI GRC (governance, risk, and compliance) in the age of artificial intelligence. AI adoption is exploding while AI governance lags, and that gap is where regulatory fines, privacy failures, and reputational damage tend to show up. I break down GRC in clear terms, explain why traditional audits and sample-based testing struggle with always-on AI decisions, and lay out what AI governance needs to add: an AI inventory, explainable AI requirements, named model owners, fairness and bias assessments, model lifecycle governance, and third-party AI risk management.
We also map the AI regulatory landscape you need to know, including the EU AI Act, the NIST AI RMF, and ISO 42001 as an emerging certifiable AI management system. From there, I walk through seven risks companies must understand: algorithmic discrimination, non-compliance, model drift, data governance and GDPR privacy exposure, black box accountability gaps, vendor and supply chain AI risk, and shadow AI from unauthorized employee tool use.
You’ll leave with an eight-step roadmap you can apply immediately, plus next actions like downloading the NIST AI RMF, running a quick AI inventory, assessing EU exposure, and updating vendor due diligence for AI. Subscribe, share this with your GRC or security team, and leave a review so more CISSP learners can find the training.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
More shows like CISSP Cyber Training Podcast - CISSP Training Program
View all
Stuff You Should Know
78,688 Listeners
TED Talks Daily
11,099 Listeners
The Ben Shapiro Show
153,989 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Software Engineering Daily
626 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,028 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
688 Listeners
Reduce Cyber Risk Podcast - Cyber Security Made Simple
0 Listeners