CSA CCM Update

The Cloud Security Alliance (CSA) just published Version 4 of the Cloud Controls Matrix (CCM). If you are involved with securing a cloud environment, I cannot recommend this tool highly enough; it works for any type of organization, in any kind of cloud deployment. Best of all, it’s my favorite price: free.

Go download it here: https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4

42. Safing: Fighting Surveillance with Raphael Fiedler

Join us in exploring a new way to control your personal privacy online in a conversation with the CEO of Safing, Raphael Fiedler. You know it’s going to be a great episode when their website header is “Fight surveillance because you love Freedom.”

Raphael’s company, Safing: https://safing.io/

Raphael’s podcast: https://safing.io/podcast/


37. Referen-duh

Should the police need a search warrant to look at the data on your phone? If your car creates tracking data about your driving behavior, habits, and location, should you have access to it?

The voters in the US states of Michigan and Massachusetts certainly think so.

This week, we do a roundup of some recent changes to the legal landscape associated with INFOSEC, made by referenda.

The Michigan change to the state constitution: https://ballotpedia.org/Michigan_Proposal_2,_Search_Warrant_for_Electronic_Data_Amendment_(2020)

The Massachusetts law: https://ballotpedia.org/Massachusetts_Question_1,_%22Right_to_Repair_Law%22_Vehicle_Data_Access_Requirement_Initiative_(2020)

35. Craig Unger with Hyperproof

Our very first product review! Founder and CEO of Hyperproof Craig Unger joins us to talk about audits and how to streamline them with his company’s compliance operations platform. Not sponsored, just a fascinating chat about the ever-exciting world of audits. You can learn more about Hyperproof at their website: https://hyperproof.io/

You may notice some sound quality issues in the episode. Remember when we talked about how having a lot of security can sometimes have drawbacks? Like if you need to open your door quickly but there are five deadbolts on it? Or...if you need to stream audio but have serious endpoint security? That sort of happened here. We still think it was a great episode, and hope you agree because we would love to have Craig back soon.


28. Audits with Roger Ison-Haug - Small Business Security - Part 7

Roger Ison-Haug is the head of Berigo AS, a Norwegian audit and consulting firm. [https://www.berigo.as/?lang=en] We also consider him a good friend, and he is one of the three people who listen to the show.

International audit/standards organizations mentioned during the episode:

- ISO (the International Organization for Standardization, which is odd, considering how it’s abbreviated) [https://www.iso.org/home.html]: a global standards body that publishes standards for performing just about every kind of human activity possible. Standards discussed on the show include:

-- The 9000 series: The Total Quality standards (sometimes referred to as “Total Quality Management (TQM),” or “Quality Management Systems (QMS),” collectively)

-- The 27000 series: Standards for information security, often referred to as the “Information Security Management System (ISMS),” which is actually the name of one of the standards in that series, 27001

- ISACA (originally the Information Systems Audit and Control Association, but has now legally changed its name to the abbreviation) [isaca.org]: Originally an American standards body that addressed information systems audit and security for manufacturing systems, but has since evolved into an international IT security and management standards body. Famous for:

-- Professional certifications, such as the CISA (certified information systems auditor) and CISM (certified information security manager) [full disclosure: Ben has the CISM certification]

-- Audit and governance standards, particularly the (unfortunately named) COBIT 19 standard (control objectives for information and related technologies)

The Sensuous Sounds Of INFOSEC - Episode 13 - Ryan Skelton

This week we talk with INFOSEC professional Ryan Skelton about information security training and awareness programs, tools used in live environments, and how Robin sounds like an NPR interviewer.

The tool mentioned by Ryan during the episode: https://www.knowbe4.com/

The Saturday Night Live sketch Ryan references (and yes, Robin does sound like that!): https://www.youtube.com/watch?v=RoysmfRxPLc

Podcast Episode 6: A Real Attack

This week, we were extremely excited to have our very first guest on the show: Tachic Hickman-Piazza of Allured By Design. We had talked about Tachic’s experience briefly in Episode 2; her Instagram account had been hacked, and she lost three years of work overnight. In this episode, we got to talk to Tachic, hear about what she went through from her experience, and hear her advice and opinions about security of online platforms in the wake of the attack. It’s a much longer episode than normal, simply because the conversation got so fascinating. We think you’ll really enjoy it— please feel free to leave comments/questions/responses!

Tachic’s website: alluredbydesign.com

Tachic’s Instagram: https://www.instagram.com/alluredbydesign/

Tachic’s Facebook: https://www.facebook.com/alluredbydesign/

The link to Farah Merhi, the other designer Tachic mentions in the show: https://inspiremehomedecor.com

Tachic’s original message about the attack, which led us to finding her: https://www.alluredbydesign.com/post/introducing-allured-by-design-home-lifestyle?fbclid=IwAR2OAmT-SDOXD3N063vZH8aJgz9qqlZ6YUM6q3ZwzkfTkLK6lN3eSlN6xY0

We’re also posting images of the messages from the hacker to Tachic, and finally a photo of Tachic representing her brand! Thanks again to our guest— it was truly a pleasure having her on the show!

Tachic Hack msg 1.jpg
Tachic Hack msg 2.jpg
Tachic Hack msg 3.jpg
Tachic Hack msg 4.jpg
Tachic Hack msg 5.jpg
Tachic Hack msg 6.jpg
image001.jpg