Sign up to save your podcasts
Or
Share Understanding Cybersecurity Frameworks and Certifications with Scott Schlimmer, Trava
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Understanding Cybersecurity Frameworks and Certifications with Scott Schlimmer, Trava
“Find a compliance platform, it'll make life a lot easier. Then I would develop the policies and procedures, if you don't already have those, and then collect evidence to justify, to prove everything you're doing that's in the framework. It's going to be important for audits and just internal or external audits.” - Scott Schlimmer
In this episode, host Jara Rowe is once again joined by cyber risk specialist Scott Schlimmer with a deep dive into the world of compliance frameworks and certifications. Listen as we explain the challenges of compliance and non-compliance with certification programs in cybersecurity.
Learn which regulated industries must follow specific frameworks and how noncompliance can affect business opportunities and your bottom line. We also unravel Fedramp, CMMC, CCPA, and CPRA, offering a clearer understanding of their cybersecurity roles.
In this episode, you’ll learn:
- How to follow a compliance framework without having the certification, though having the certification can demonstrate to partners and customers that your organization has strong cybersecurity measures.
- The significance of certifications and the value of the NIST framework as a reliable source for general cybersecurity best practices.
- What the legal and financial consequences of noncompliance for different industries may be, such as failing to follow frameworks like Fedramp or CMMC when working with the government.
Confused by CMMC, FedRAMP, and NIST? Read Trava's Security Frameworks 101 guide to clearly understand the difference between voluntary frameworks and mandatory regulations, and learn how to build your compliance roadmap: https://travasecurity.com/frameworks101
Things to listen for:
[00:47 - 01:27] The relationship between compliance frameworks and certification programs
[01:27 - 02:54] The difference between regulated and non-regulated industries
[02:54 - 04:40] Explanation of the NIST framework and insights into other compliance acronyms
[04:40 - 08:59] Multiple compliance frameworks, compliance audits, and non-compliance issues
[08:59 - 10:54] Improving cybersecurity posture, security assessment, and maturity models
[10:54 - 13:56] Preparation for compliance audits and the importance of a compliance platform
[13:56 - 14:31] How to become compliant or get certified and reasons for external assistance
[14:38 - 17:20] Jara’s receipts
Resources:
Cracking the Code: Understanding Cybersecurity Compliance Frameworks
What is the NIST Framework?
Conquer Compliance Jargon: Download the Free Cybersecurity Compliance Glossary
Connect with the Guest:
Scott Schlimmer's LinkedIn
Connect with the host:
Jara Rowe’s LinkedIn
Connect with Trava:
Website www.travasecurity.com
Blog www.travasecurity.com/blog
LinkedIn @travasecurity
YouTube @travasecurity
View all episodes
By Trava Security“Find a compliance platform, it'll make life a lot easier. Then I would develop the policies and procedures, if you don't already have those, and then collect evidence to justify, to prove everything you're doing that's in the framework. It's going to be important for audits and just internal or external audits.” - Scott Schlimmer
In this episode, host Jara Rowe is once again joined by cyber risk specialist Scott Schlimmer with a deep dive into the world of compliance frameworks and certifications. Listen as we explain the challenges of compliance and non-compliance with certification programs in cybersecurity.
Learn which regulated industries must follow specific frameworks and how noncompliance can affect business opportunities and your bottom line. We also unravel Fedramp, CMMC, CCPA, and CPRA, offering a clearer understanding of their cybersecurity roles.
In this episode, you’ll learn:
- How to follow a compliance framework without having the certification, though having the certification can demonstrate to partners and customers that your organization has strong cybersecurity measures.
- The significance of certifications and the value of the NIST framework as a reliable source for general cybersecurity best practices.
- What the legal and financial consequences of noncompliance for different industries may be, such as failing to follow frameworks like Fedramp or CMMC when working with the government.
Confused by CMMC, FedRAMP, and NIST? Read Trava's Security Frameworks 101 guide to clearly understand the difference between voluntary frameworks and mandatory regulations, and learn how to build your compliance roadmap: https://travasecurity.com/frameworks101
Things to listen for:
[00:47 - 01:27] The relationship between compliance frameworks and certification programs
[01:27 - 02:54] The difference between regulated and non-regulated industries
[02:54 - 04:40] Explanation of the NIST framework and insights into other compliance acronyms
[04:40 - 08:59] Multiple compliance frameworks, compliance audits, and non-compliance issues
[08:59 - 10:54] Improving cybersecurity posture, security assessment, and maturity models
[10:54 - 13:56] Preparation for compliance audits and the importance of a compliance platform
[13:56 - 14:31] How to become compliant or get certified and reasons for external assistance
[14:38 - 17:20] Jara’s receipts
Resources:
Cracking the Code: Understanding Cybersecurity Compliance Frameworks
What is the NIST Framework?
Conquer Compliance Jargon: Download the Free Cybersecurity Compliance Glossary
Connect with the Guest:
Scott Schlimmer's LinkedIn
Connect with the host:
Jara Rowe’s LinkedIn
Connect with Trava:
Website www.travasecurity.com
Blog www.travasecurity.com/blog
LinkedIn @travasecurity
YouTube @travasecurity