CISO Tradecraft®
286 episodes - English - Latest episode: 7 days ago - ★★★★★ - 46 ratingsWelcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
CISO Tradecraft: Presentation Skills
January 17, 2022 14:29 - 32 minutes - 44.7 MBOn this episode of CISO Tradecraft, we discuss how to give a great presentation. Starting with the Bottom Line Up Front (BLUF) Using pictures to Capture Attention Asking Thought Provoking Questions Succinct Points to tell a story Decision slides that show The problem The proposed solution Cost to implement solution Why alternatives are not as good Next Steps after decision is made We also discuss the Angels Cocktail which is a concept taken from a Ted Talk by JP Phillips Dopami...
#61 - Presentation Skills
January 17, 2022 14:29 - 32 minutes - 44.7 MBOn this episode of CISO Tradecraft, we discuss how to give a great presentation. Starting with the Bottom Line Up Front (BLUF) Using pictures to Capture Attention Asking Thought Provoking Questions Succinct Points to tell a story Decision slides that show The problem The proposed solution Cost to implement solution Why alternatives are not as good Next Steps after decision is made We also discuss the Angels Cocktail which is a concept taken from a Ted Talk by JP Phillips Dopami...
#60 - CISO Knowledge Domains Part 2
January 10, 2022 12:26 - 17 minutes - 24.4 MBOne of the most common questions that we get asked on CISO Tradecraft is what do I need to learn to be a good CISO? After a lot of reflection, CISO Tradecraft put together a Top 10 List of CISO knowledge domains that we believe are the core skills which produce really good CISOs. This episode is a continuation from the previous episode and will go over the 6th -10th knowledge areas. Product Security focuses on ensuring developers write secure code Defensive Technologies focuses on creati...
CISO Tradecraft: CISO Knowledge Domains Part 2
January 10, 2022 12:26 - 17 minutes - 24.4 MBOne of the most common questions that we get asked on CISO Tradecraft is what do I need to learn to be a good CISO? After a lot of reflection, CISO Tradecraft put together a Top 10 List of CISO knowledge domains that we believe are the core skills which produce really good CISOs. This episode is a continuation from the previous episode and will go over the 6th -10th knowledge areas. Product Security focuses on ensuring developers write secure code Defensive Technologies focuses on creati...
CISO Tradecraft: CISO Knowledge Domains Part 1
January 03, 2022 12:50 - 15 minutes - 21.4 MBOne of the most common questions that we get asked on CISO Tradecraft is what do I need to learn to be a good CISO? After a lot of reflection, CISO Tradecraft has put together a Top 10 List of CISO knowledge domains that we believe are the core skills which produce really good CISOs. This episode will go over just the first 5 knowledge areas with the remaining five on a future episode. Product Security focuses on ensuring developers write secure code Defensive Technologies focuses on cre...
#59 - CISO Knowledge Domains Part 1
January 03, 2022 12:50 - 15 minutes - 21.4 MBOne of the most common questions that we get asked on CISO Tradecraft is what do I need to learn to be a good CISO? After a lot of reflection, CISO Tradecraft has put together a Top 10 List of CISO knowledge domains that we believe are the core skills which produce really good CISOs. This episode will go over just the first 5 knowledge areas with the remaining five on a future episode. Product Security focuses on ensuring developers write secure code Defensive Technologies focuses on cre...
#58 - Active Directory is Active with Attacks
December 27, 2021 12:03 - 26 minutes - 36.9 MBAfter bad actors gain an initial foothold into an organization, they often use active directory attacks to gain administrative privileges. On this episode of CISO Tradecraft, we discuss Active Directory. You can learn what it is, how it works, common attacks used against it, and ways you can secure it. References: Stealthbits Active Directory Attacks Wikipedia Active Directory Wikipedia Directory Service Wired Story on Not Petya CIS Hardened Images MS Domain Services Mimikatz K...
CISO Tradecraft: Active Directory is Active with Attacks
December 27, 2021 12:03 - 26 minutes - 36.9 MBAfter bad actors gain an initial foothold into an organization, they often use active directory attacks to gain administrative privileges. On this episode of CISO Tradecraft, we discuss Active Directory. You can learn what it is, how it works, common attacks used against it, and ways you can secure it. References: Stealthbits Active Directory Attacks Wikipedia Active Directory Wikipedia Directory Service Wired Story on Not Petya CIS Hardened Images MS Domain Services Mimikatz K...
CISO Tradecraft: Brace for Audit
December 20, 2021 11:20 - 15 minutes - 20.9 MBYou just got the news that the Cyber Organization is going to be audited. Do you know what an audit is, how best to prepare for it, and how to respond to audit findings? On this episode of CISO Tradecraft, we help you understand key auditing concepts such as: Audit Subject Audit Objective Vulnerability Threat Risk & Impact Audit Scope with Goals & Objectives Audit Plan Audit Response
#57 - Brace for Audit
December 20, 2021 11:20 - 15 minutes - 20.9 MBYou just got the news that the Cyber Organization is going to be audited. Do you know what an audit is, how best to prepare for it, and how to respond to audit findings? On this episode of CISO Tradecraft, we help you understand key auditing concepts such as: Audit Subject Audit Objective Vulnerability Threat Risk & Impact Audit Scope with Goals & Objectives Audit Plan Audit Response
#56 - Say Firewall One More Time
December 13, 2021 13:30 - 31 minutes - 43.2 MBHave you ever heard someone say our firewalls block this type of attack? In this episode, you can increase your understanding of firewalls so it won’t just be another buzzword. 6 Basic categories of firewalls that we discuss on the show include: Packet Filters focus on IP and port blocking Stateful Inspection Firewall looks at active connections and consider context Network Address Translation Firewalls tools that allow private networks to connect to public ones and create secure e...
CISO Tradecraft: Say Firewall One More Time
December 13, 2021 13:30 - 31 minutes - 43.2 MBHave you ever heard someone say our firewalls block this type of attack? In this episode, you can increase your understanding of firewalls so it won’t just be another buzzword. 6 Basic categories of firewalls that we discuss on the show include: Packet Filters focus on IP and port blocking Stateful Inspection Firewall looks at active connections and consider context Network Address Translation Firewalls tools that allow private networks to connect to public ones and create secure e...
#55 - I have more Agents than the FBI
December 03, 2021 12:54 - 16 minutes - 22.7 MBOn this episode of CISO Tradecraft you can learn all about Software Agents. Specifically we discuss: What does an Agent do, Why is an Agent helpful, and the 7 common types of Software Agents you would expect to find in large IT organizations. Also, if you stick to the end you can also learn about Secret Agents (ie Agentless). 7 Common Software Agents are: Endpoint Configuration Agents - Tools like Microsoft Endpoint Manager or SCCM Mobile Device Managers - Tools like Microsoft Intune...
CISO Tradecraft: I have more Agents than the FBI
December 03, 2021 12:54 - 16 minutes - 22.7 MBOn this episode of CISO Tradecraft you can learn all about Software Agents. Specifically we discuss: What does an Agent do, Why is an Agent helpful, and the 7 common types of Software Agents you would expect to find in large IT organizations. Also, if you stick to the end you can also learn about Secret Agents (ie Agentless). 7 Common Software Agents are: Endpoint Configuration Agents - Tools like Microsoft Endpoint Manager or SCCM Mobile Device Managers - Tools like Microsoft Intune...
CISO Tradecraft: The Great Resignation
November 19, 2021 20:22 - 36 minutes - 50 MBThe Great Resignation is upon us, and if some of your top talent hasn't given you their notice, it may be happening soon. Or not, depending on what you choose to do. With plenty of time to contemplate options, people are quitting jobs at a record pace. But wise leaders learn how to listen to their people's needs and desires, create a sense of purpose that motivates far beyond a paycheck, and creates a safe working space by allowing people to be human and make the occasional mistake. Keep...
#54 - The Great Resignation
November 19, 2021 20:22 - 36 minutes - 50 MBThe Great Resignation is upon us, and if some of your top talent hasn't given you their notice, it may be happening soon. Or not, depending on what you choose to do. With plenty of time to contemplate options, people are quitting jobs at a record pace. But wise leaders learn how to listen to their people's needs and desires, create a sense of purpose that motivates far beyond a paycheck, and creates a safe working space by allowing people to be human and make the occasional mistake. Keep...
CISO Tradecraft: Fun and Games to Stop Bad Actors with Dr. Neal Krawetz
November 05, 2021 11:29 - 44 minutes - 60.8 MBIn this episode, you can hear from Dr. Neal Krawetz, creator of Hacker Factor and FotoForensics. Neal's a long-time security practitioner who shares some fascinating insights in terms of how to identify potential bad actors early on (think reconnaissance interception), techniques for detecting bots and malicious entities, and ways to protect your team members from misattributed fake blog entries.
Fun and Games to Stop Bad Actors with Dr. Neal Krawetz
November 05, 2021 11:29 - 44 minutes - 60.8 MBIn this episode, you can hear from Dr. Neal Krawetz, creator of Hacker Factor and FotoForensics. Neal's a long-time security practitioner who shares some fascinating insights in terms of how to identify potential bad actors early on (think reconnaissance interception), techniques for detecting bots and malicious entities, and ways to protect your team members from misattributed fake blog entries.
#53 - Fun and Games to Stop Bad Actors (with Dr. Neal Krawetz)
November 05, 2021 11:29 - 44 minutes - 60.8 MBIn this episode, you can hear from Dr. Neal Krawetz, creator of Hacker Factor and FotoForensics. Neal's a long-time security practitioner who shares some fascinating insights in terms of how to identify potential bad actors early on (think reconnaissance interception), techniques for detecting bots and malicious entities, and ways to protect your team members from misattributed fake blog entries.
#52 - Welcome to the C-Level (with Nate Warfield)
October 29, 2021 10:43 - 47 minutes - 65.3 MBSpecial Thanks to our podcast Sponsor, Prevailion. Some of the best C-level executives start in the technical ranks. This episode features Nate Warfield, CTO of Prevailion, who differentiated himself by creating the CTI-League.com to assist healthcare companies with ransomware. We'll cover some of that organization, how Nate got his first C-level job, and some lessons learned you might appreciate in your own CISO journey. To learn more about Cyber Adversary Intelligence, please check out...
CISO Tradecraft: Welcome to the C-Level with Nate Warfield of Prevailion
October 29, 2021 10:43 - 47 minutes - 65.3 MBSome of the best C-level executives start in the technical ranks. This episode features Nate Warfield, CTO of Prevailion, who differentiated himself by creating the CTI-League.com to assist healthcare companies with ransomware. We'll cover some of that organization, how Nate got his first C-level job, and some lessons learned you might appreciate in your own CISO journey. To learn more about Cyber Adversary Intelligence, please check out Prevailion
#51 - New Kid in Town (with Rebecca Mossman)
October 18, 2021 00:55 - 43 minutes - 59.3 MBWhen you first start a cybersecurity job, or hire someone into a cybersecurity job, there is a window of opportunity to see things with a new perspective. In this episode, we’re privileged to share ideas with Rebecca Mossman, a successful cybersecurity leader who has led successfully a number of teams in her career. We’ll examine relationships, stakeholders, setting priorities, communication, and knowing when to call something “done” and move on to the next task.
CISO Tradecraft: New Kid in Town with Rebecca Mossman
October 18, 2021 00:55 - 43 minutes - 59.3 MBWhen you first start a cybersecurity job, or hire someone into a cybersecurity job, there is a window of opportunity to see things with a new perspective. In this episode, we’re privileged to share ideas with Rebecca Mossman, a successful cybersecurity leader who has led successfully a number of teams in her career. We’ll examine relationships, stakeholders, setting priorities, communication, and knowing when to call something “done” and move on to the next task.
CISO Tradecraft: Border Gateway Protocol (BGP)
October 11, 2021 00:43 - 31 minutes - 43.2 MBA Border Gateway Protocol (BGP) misconfiguration is what took out Facebook on 4 October. Most IT folks don't understand how BGP works. This episode helps you gain a better understanding of the protocol that creates routing tables to move information from one end of the Internet to the other. We'll explain how Autonomous Systems (AS) share BGP route information, what should happen when things go right, and then examine what likely went wrong at Facebook and how you might be able to prepare...
#50 - CISO Tradecraft: Border Gateway Protocol (BGP)
October 11, 2021 00:43 - 31 minutes - 43.2 MBA Border Gateway Protocol (BGP) misconfiguration is what took out Facebook on 4 October. Most IT folks don't understand how BGP works. This episode helps you gain a better understanding of the protocol that creates routing tables to move information from one end of the Internet to the other. We'll explain how Autonomous Systems (AS) share BGP route information, what should happen when things go right, and then examine what likely went wrong at Facebook and how you might be able to prepare...
#50 - Border Gateway Protocol (BGP)
October 11, 2021 00:43 - 31 minutes - 43.2 MBA Border Gateway Protocol (BGP) misconfiguration is what took out Facebook on 4 October. Most IT folks don't understand how BGP works. This episode helps you gain a better understanding of the protocol that creates routing tables to move information from one end of the Internet to the other. We'll explain how Autonomous Systems (AS) share BGP route information, what should happen when things go right, and then examine what likely went wrong at Facebook and how you might be able to prepare...
Cyberlaw Musings with Mark Rasch
October 01, 2021 12:25 - 43 minutes - 59.9 MBThis is a special treat. On this episode of CISO Tradecraft you can hear Mark D. Rasch, JD, discuss legal and security topics that he's encountered in his more than 30 years of experience in cybersecurity law. We look into ransomware, reportable breaches, the appropriateness (or lack thereof) of certain legal statues, and finish with some actionable advice for CISOs and security leaders that you really need to hear.
CISO Tradecraft: Cyberlaw Musings with Mark Rasch
October 01, 2021 12:25 - 43 minutes - 59.9 MBThis is a special treat. On this episode of CISO Tradecraft you can hear Mark D. Rasch, JD, discuss legal and security topics that he's encountered in his more than 30 years of experience in cybersecurity law. We look into ransomware, reportable breaches, the appropriateness (or lack thereof) of certain legal statues, and finish with some actionable advice for CISOs and security leaders that you really need to hear.
#49 - Cyberlaw Musings (with Mark Rasch)
October 01, 2021 12:25 - 43 minutes - 59.9 MBThis is a special treat. On this episode of CISO Tradecraft you can hear Mark D. Rasch, JD, discuss legal and security topics that he's encountered in his more than 30 years of experience in cybersecurity law. We look into ransomware, reportable breaches, the appropriateness (or lack thereof) of certain legal statues, and finish with some actionable advice for CISOs and security leaders that you really need to hear.
#49 - Cyberlaw Musings with Mark Rasch
October 01, 2021 12:25 - 43 minutes - 59.9 MBThis is a special treat. On this episode of CISO Tradecraft you can hear Mark D. Rasch, JD, discuss legal and security topics that he's encountered in his more than 30 years of experience in cybersecurity law. We look into ransomware, reportable breaches, the appropriateness (or lack thereof) of certain legal statues, and finish with some actionable advice for CISOs and security leaders that you really need to hear.
#48 - Effective Meetings
September 24, 2021 12:02 - 33 minutes - 45.9 MBWe've all suffered through horrible meetings that felt like a total waste of time. As a security leader, you'll be convening your fair share of meetings with your staff. Don't be "that boss" who can't run an effective meeting. This episode shows ways you can ensure your meetings are both efficient and effective, result in actionable tasking, and keep people coming back for more because you showed respect for their time and their ideas. And we even practice what we preach -- this episode ...
CISO Tradecraft: Effective Meetings
September 24, 2021 12:02 - 33 minutes - 45.9 MBWe've all suffered through horrible meetings that felt like a total waste of time. As a security leader, you'll be convening your fair share of meetings with your staff. Don't be "that boss" who can't run an effective meeting. This episode shows ways you can ensure your meetings are both efficient and effective, result in actionable tasking, and keep people coming back for more because you showed respect for their time and their ideas. And we even practice what we preach -- this episode ...
CISO Tradecraft: More Risky Business with FAIR
September 17, 2021 13:54 - 42 minutes - 58.9 MBIn our 31 July 2021 Episode 42, Risky Business, we covered the basics of risk and risk assessment. This part 2 episode gets into the practical application of risk management using the FAIR model, or Factor Analysis of Information Risk. We explain key risk terminology and walk through examples of how to express risk using this model, as well as creating a meaningful way to explain to executives that is actionable. Risk Matrix Example: Link One Page FAIR Model: Link Measuring & Managing ...
#47 - More Risky Business with FAIR
September 17, 2021 13:54 - 42 minutes - 58.9 MBIn our 31 July 2021 Episode 42, Risky Business, we covered the basics of risk and risk assessment. This part 2 episode gets into the practical application of risk management using the FAIR model, or Factor Analysis of Information Risk. We explain key risk terminology and walk through examples of how to express risk using this model, as well as creating a meaningful way to explain to executives that is actionable. Risk Matrix Example: Link One Page FAIR Model: Link Measuring & Managing ...
#46 - Crisis Leadership with G Mark Hardy‘s 9/11 Experience
September 10, 2021 12:13 - 45 minutes - 62 MBHave you ever faced a crisis? How well did you do? You should always want to improve your skills in case another happens. On the 20th anniversary of 9/11, G. Mark Hardy shares some of his experiences as the on-scene commander for the military first responders at the World Trade Center, and expands that into a set of skills and attributes that you can cultivate to become a more effective crisis response leader in your role as a cybersecurity professional. References: 5 Leadership Skil...
CISO Tradecraft: Crisis Leadership with G Mark Hardy‘s 9/11 Experience
September 10, 2021 12:13 - 45 minutes - 62 MBHave you ever faced a crisis? How well did you do? You should always want to improve your skills in case another happens. On the 20th anniversary of 9/11, G. Mark Hardy shares some of his experiences as the on-scene commander for the military first responders at the World Trade Center, and expands that into a set of skills and attributes that you can cultivate to become a more effective crisis response leader in your role as a cybersecurity professional. References: 5 Leadership Skil...
CISO Tradecraft: Protecting your Crown Jewels with Roselle Safran
September 03, 2021 12:12 - 45 minutes - 62.9 MBTraditional risk models focus on calculating loss frequency and magnitude, but don't go far enough in terms of modeling the most important assets in our organization, known as "crown jewels." This episode of CISO Tradecraft is a fascinating interview with the CEO and founder of a startup focusing on crown jewel analysis -- Roselle Safran. We'll look into how making this a part of your portfolio helps put the "C" in CISO by showing your understanding of the business in which you work. We'll a...
#45 - Protecting your Crown Jewels (with Roselle Safran)
September 03, 2021 12:12 - 45 minutes - 62.9 MBTraditional risk models focus on calculating loss frequency and magnitude, but don't go far enough in terms of modeling the most important assets in our organization, known as "crown jewels." This episode of CISO Tradecraft is a fascinating interview with the CEO and founder of a startup focusing on crown jewel analysis -- Roselle Safran. We'll look into how making this a part of your portfolio helps put the "C" in CISO by showing your understanding of the business in which you work. We'll a...
#45 - Protecting your Crown Jewels with Roselle Safran
September 03, 2021 12:12 - 45 minutes - 62.9 MBTraditional risk models focus on calculating loss frequency and magnitude, but don't go far enough in terms of modeling the most important assets in our organization, known as "crown jewels." This episode of CISO Tradecraft is a fascinating interview with the CEO and founder of a startup focusing on crown jewel analysis -- Roselle Safran. We'll look into how making this a part of your portfolio helps put the "C" in CISO by showing your understanding of the business in which you work. We'll a...
CISO Tradecraft: Intro to Docker Containers and Kubernetes (K8s)
August 27, 2021 13:03 - 31 minutes - 43 MBContainers are a lightweight technology that allows applications to deploy to a number of different host Operating Systems without having to make any modifications at all to the code. As a result, we're been seeing a big increase in the use of Docker, Kubernetes, and other tools deployed by enterprises. In this episode, we'll cover the fundamentals of containers, Docker, orchestration tools such as Kubernetes, and provide you with knowledge to understand this environment, and maybe even te...
#44 - Intro to Docker Containers and Kubernetes (K8s)
August 27, 2021 13:03 - 31 minutes - 43 MBContainers are a lightweight technology that allows applications to deploy to a number of different host Operating Systems without having to make any modifications at all to the code. As a result, we're been seeing a big increase in the use of Docker, Kubernetes, and other tools deployed by enterprises. In this episode, we'll cover the fundamentals of containers, Docker, orchestration tools such as Kubernetes, and provide you with knowledge to understand this environment, and maybe even te...
CISO Tradecraft: Cyber Deception with Kevin Fiscus
August 20, 2021 13:08 - 44 minutes - 61.7 MBJoin CISO Tradecraft for a fascinating discussion on how to build cyber traps for the bad guys that really work. By creating a deceptive environment that "booby-trap" your networks with fake services, enticing resources, and make-believe traffic, we can create a high-fidelity, low-noise intrusion sensor system -- no legitimate user would ever try these. Improve your SOC efficiency by actively engaging with intruders rather than sifting through false positives. There's a lot to learn here,...
#43 - Cyber Deception with Kevin Fiscus
August 20, 2021 13:08 - 44 minutes - 61.7 MBJoin CISO Tradecraft for a fascinating discussion on how to build cyber traps for the bad guys that really work. By creating a deceptive environment that "booby-trap" your networks with fake services, enticing resources, and make-believe traffic, we can create a high-fidelity, low-noise intrusion sensor system -- no legitimate user would ever try these. Improve your SOC efficiency by actively engaging with intruders rather than sifting through false positives. There's a lot to learn here,...
#43 - Cyber Deception (with Kevin Fiscus)
August 20, 2021 13:08 - 44 minutes - 61.7 MBJoin CISO Tradecraft for a fascinating discussion on how to build cyber traps for the bad guys that really work. By creating a deceptive environment that "booby-trap" your networks with fake services, enticing resources, and make-believe traffic, we can create a high-fidelity, low-noise intrusion sensor system -- no legitimate user would ever try these. Improve your SOC efficiency by actively engaging with intruders rather than sifting through false positives. There's a lot to learn here,...
#42 - Third Party Risk Management
August 13, 2021 11:11 - 52 minutes - 72.1 MBOn today’s episode, we bring in Scott Fairbrother to help tackle key questions with Third Party Risk Management: How do you identify which vendors pose the highest risk to your business? How do you see which vendor’s security controls protect against threats? How do you validate their risk profiles by scanning, dark web monitoring or other techniques to correlate what attackers are seeing and acting upon? Do you have an understanding of how to improve risk mitigation in your third-part...
CISO Tradecraft: Third Party Risk Management
August 13, 2021 11:11 - 52 minutes - 72.1 MBOn today’s episode, we bring in Scott Fairbrother to help tackle key questions with Third Party Risk Management: How do you identify which vendors pose the highest risk to your business? How do you see which vendor’s security controls protect against threats? How do you validate their risk profiles by scanning, dark web monitoring or other techniques to correlate what attackers are seeing and acting upon? Do you have an understanding of how to improve risk mitigation in your third-part...
#42 - Third Party Risk Management (with Scott Fairbrother)
August 13, 2021 11:11 - 52 minutes - 72.1 MBSpecial Thanks to our podcast Sponsor, CyberGRX On today’s episode, we bring in Scott Fairbrother to help tackle key questions with Third Party Risk Management: How do you identify which vendors pose the highest risk to your business? How do you see which vendor’s security controls protect against threats? How do you validate their risk profiles by scanning, dark web monitoring or other techniques to correlate what attackers are seeing and acting upon? Do you have an understanding of ...
CISO Tradecraft: Got any Threat Intelligence?
August 06, 2021 10:46 - 41 minutes - 56.4 MBCyber Threat Intelligence is an important part of an effective CISO arsenal, but many security leaders don’t fully understand how to optimize it for their benefit. In this show, we examine why cyber threat intelligence is vital to fielding an effective defense, discuss the intelligence cycle, examine the four types of threat intelligence, and feature a special guest, Landon Winkelvoss of https://nisos.com, who has spent a career mastering this topic and shares a number of important insights...
#41 - Got any Threat Intelligence?
August 06, 2021 10:46 - 41 minutes - 56.4 MBCyber Threat Intelligence is an important part of an effective CISO arsenal, but many security leaders don’t fully understand how to optimize it for their benefit. In this show, we examine why cyber threat intelligence is vital to fielding an effective defense, discuss the intelligence cycle, examine the four types of threat intelligence, and feature a special guest, Landon Winkelvoss of https://nisos.com, who has spent a career mastering this topic and shares a number of important insights...
CISO Tradecraft: Risky Business
August 01, 2021 00:41 - 44 minutes - 60.6 MBIn this episode, we take a deep dive into that four-letter word RISK. Risk is measurable uncertainty. As a component of Governance, Risk, and Compliance (GRC), risk management is an important part of a security leader's responsibility. Risk assessment is conducted for a number of reasons, and measuring risk is an important component of effectively overseeing our IT investments. We'll look at NIST and ISO standards for risk, and define the different types of risk assessments. And, because the...