Sign up to save your podcasts
Or
Share CCT 340: Anthropic Mythos - Risk Management Concepts (Domain 1.10)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CCT 340: Anthropic Mythos - Risk Management Concepts (Domain 1.10)
Send us Fan Mail
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
An AI model that can uncover thousands of zero-days and potentially chain multiple vulnerabilities into an automated exploit is not just a scary headline, it’s a stress test for every risk program on the planet. I open with what the Mythos news implies for real-world defense: attacker behavior may shift from human pace to machine speed, and many SIEM and EDR detections are still tuned for human patterns. That’s why we talk candidly about what security teams may need to do next, including tightening externally facing systems and moving faster toward a zero trust architecture.
Then we pivot into CISSP Domain 1 risk management concepts, translating exam language into decisions you’ll actually make in a business. We define the core terminology like assets, threats, vulnerabilities, exposure, safeguards, attacks and breaches, then walk through control categories (technical, administrative, physical) and control types (preventive, detective, corrective, deterrent, recovery and compensating). If you’ve ever wondered why risk conversations go sideways, we also dig into the difference between risk appetite, risk capacity, and risk tolerance, and why you can’t set these without business leaders in the room.
We also tackle quantitative risk analysis versus qualitative risk analysis, including CISSP formulas such as AV, EF, SLE, ARO and ALE, plus a critical reality check on “fake precision” and how to apply a cost-benefit analysis that holds up. Finally, we cover security control assessments, monitoring and measurement, building a risk register safely, and how maturity models and risk frameworks like CMMI, ISO 31000, NIST approaches, ISO 27005, COBIT, SABSA and PCI DSS fit into a defensible cybersecurity risk management program. Subscribe, share this with a CISSP study partner, and leave a review so more security pros can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
View all episodes
By Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
4.5
3333 ratings
Send us Fan Mail
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
An AI model that can uncover thousands of zero-days and potentially chain multiple vulnerabilities into an automated exploit is not just a scary headline, it’s a stress test for every risk program on the planet. I open with what the Mythos news implies for real-world defense: attacker behavior may shift from human pace to machine speed, and many SIEM and EDR detections are still tuned for human patterns. That’s why we talk candidly about what security teams may need to do next, including tightening externally facing systems and moving faster toward a zero trust architecture.
Then we pivot into CISSP Domain 1 risk management concepts, translating exam language into decisions you’ll actually make in a business. We define the core terminology like assets, threats, vulnerabilities, exposure, safeguards, attacks and breaches, then walk through control categories (technical, administrative, physical) and control types (preventive, detective, corrective, deterrent, recovery and compensating). If you’ve ever wondered why risk conversations go sideways, we also dig into the difference between risk appetite, risk capacity, and risk tolerance, and why you can’t set these without business leaders in the room.
We also tackle quantitative risk analysis versus qualitative risk analysis, including CISSP formulas such as AV, EF, SLE, ARO and ALE, plus a critical reality check on “fake precision” and how to apply a cost-benefit analysis that holds up. Finally, we cover security control assessments, monitoring and measurement, building a risk register safely, and how maturity models and risk frameworks like CMMI, ISO 31000, NIST approaches, ISO 27005, COBIT, SABSA and PCI DSS fit into a defensible cybersecurity risk management program. Subscribe, share this with a CISSP study partner, and leave a review so more security pros can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
More shows like CISSP Cyber Training Podcast - CISSP Training Program
View all
Stuff You Should Know
78,688 Listeners
TED Talks Daily
11,099 Listeners
The Ben Shapiro Show
153,989 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Software Engineering Daily
626 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,028 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
688 Listeners
Reduce Cyber Risk Podcast - Cyber Security Made Simple
0 Listeners