Cybersecurity Sense
64 episodes - English - Latest episode: 3 months ago - ★★★★★ - 12 ratingsCyberSecurity Sense is LBMC Information Security's podcast that provides insight and updates on such information security topics as: IPS Monitoring and Managed IDS Services, Security Information Event Management, Digital Forensic Analysis, Electronic Discovery and Litigation Support, Computer Security Incident Response, Penetration Testing, Risk Assessments, Security Program Planning, Web Application Security Assessments, ACAB LADMF Certification Assessments, CMS Information Security, FedRAMP, FISMA Compliance, HIPAA Compliance, HITRUST CSF Certifications, NIST 800-171 Certifications, PCI Data Security Standards, SOC Reporting and SOX Compliance.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
PCI Monthly Update: Gearing Up for Version 4.0, Mastering Requirement 9, and QSA Insights
January 30, 2024 11:17 - 29 minutes - 34.2 MBIn this January edition of the PCI Monthly Update, we’re on the brink of exciting changes with version 4.0 just around the corner! We start with a spotlight on the ongoing Request for Comments (RFC) period for PCI DSS v4.0, inviting insights from industry experts. Plus, we discuss the Global Content Library, showcasing insights from the 2023 Community Meetings. Our focus then shifts to Requirement 9, where we break down the critical protocols for restricting physical access to cardholder d...
PCI Monthly Update: December News, Deep Dive into Requirement 8, and QSA Q&A
January 11, 2024 10:55 - 35 minutes - 82.4 MBJoin us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment highlighting the PCI SSC's TRA Guidance. Next, we delve into Requirement 8 of the PCI DSS, dedicated to identifying users and authenticating access to system components. We'll explore the intricate details of this requirement, covering sub-requirements 8.1 to 8.6. These discussions will include processes for ...
PCI Monthly Update: October - New SAQ Review, Focused Look at Requirement 7, and Expert QSA Insights
November 07, 2023 11:30 - 29 minutes - 66.8 MBDive into the latest in the PCI landscape with our October update. We kick off with a news segment spotlighting the new SAQ SPOC (Software PIN Entry on COTS) which includes portions of PCI DSS Requirements 3, 8, 9, and 12. Transitioning to Requirement 7, we discuss restricting access to system components and cardholder data based on business necessity, delving into sub-requirements 7.1 to 7.3, and discussing the principles of 'need to know' and 'least privileges.' Our QSA Q&A segment add...
PCI Monthly Update: September Highlights & Requirement 6 Deep Dive
October 17, 2023 09:30 - 31 minutes - 72.1 MBCatch the latest news in our September "PCI Monthly Update" from Tuesday, September 26, 2023. We kick things off with key insights from the recent PCI Community Meeting. Next, we dive into Requirement 6, discussing the essence of secure software development, from processes to security vulnerabilities, web application protection, and change management. Our QSA Q&A segment addresses a vital question: What documentation should you expect from PCI DSS compliant service providers? Join u...
PCI Monthly Update: August Highlights & Requirement 5 Breakdown
September 05, 2023 10:30 - 24 minutes - 57.3 MBTune in to the August edition of our PCI Monthly Update. We kick off with a sneak peek into the upcoming PCI North America Community Meeting in Portland and introduce the newly launched PCI Community Job Board—a dedicated platform for security talent and job postings in the payment industry. Next, we delve into Requirement 5, shedding light on anti-malware solutions. We explore the criteria for system components which do not require anti-malware, delve into the specifics of anti-malware im...
PCI Monthly Update: July Insights & Innovations
August 08, 2023 10:09 - 24 minutes - 55.3 MBDive into the latest PCI news in our July PCI Update. This episode covers key PCI developments, an in-depth exploration of Requirement 4, and a helpful QSA Q&A. We kick off this episode by previewing the upcoming PCI Community Meeting in Portland and discuss our hosts' presentation on "Generative AI: Your New Secret Weapon or an Insider Threat?" We also talk about the INFI worksheet and the importance of Continuous Compliance. In the Requirement 4 segment, we focus on strong cryptography...
Worried about Ransomware?
May 23, 2023 10:18 - 15 minutes - 35.8 MBDo you know the average payout organizations are hit with for every attack? William Parks and Bill Dean discuss a service dedicated to helping your organization (big or small) withstand a ransomware attack. Bill and his team are ready to help you and your organization obtain peace of mind when it comes to these advanced threats. Questions for Bill? Find him here: [email protected]
Advance Guard Could Save You
April 11, 2023 10:30 - 17 minutes - 41.1 MBLBMC Shareholder Bill Dean and William Parks spend today’s episode discussing Advance Guard, a new service offering from LBMC's Security Technical Team. Learn how Advance Guard may help protect your organization's most valuable assets, save time on compliance audits, and give peace of mind about your current security stance. Want to see Bill’s “Prescription”? Check out the link below: https://www.lbmc.com/wp-content/uploads/2023/01/AdvanceGuard-Sample-Schedule.pdf Questions for Bill? ...
PCI Monthly Update: March News & Requirement 3
March 29, 2023 10:09 - 35 minutes - 82.2 MBStay up to date with the latest in PCI compliance. In this episode, William Parks, Andy Kerr, and Kyle Hinterberg discuss the latest in PCI news, new restrictions around PAN data, and how to master Requirement 3 while preparing for PCI 4.0. Don't miss our upcoming webinar: "How to Reduce Your PCI Scope: Tips & Technology Your Organization Needs to Know" on Thursday, April 13 at 11am CT. Register Now! For any questions, feel free to reach out to us here: Kyle Hinterberg: kyle.hint...
ChatGPT: What You Need to Know
March 21, 2023 10:20 - 56 minutes - 82.6 MBChatGPT is making headlines worldwide and its impact is making a lot of business owners uncomfortable. What is ChatGPT? How will this tool change how you do business? Is ChatGPT a security risk? What to expect from ChatGPT4? William Parks interviews LBMC's Data Insights team members to discuss this controversial topic, dive into facts your organization needs to know, and explore probable scenarios that could happen with this level of Artificial Intelligence. Want more insights? Contact LBM...
Interviewing a Real Hacker
February 16, 2023 22:01 - 17 minutes - 39.5 MBWilliam Parks takes this podcast to introduce a key member of LBMC Information Security’s Technical Services team, Daniel Nguyen. Daniel is a manager on the team with quite the insightful background. William and Daniel spend time discussing current steps to keep your organization successful in their journey to a healthier security posture. Questions for Daniel? Find him here: [email protected]
PCI Monthly Update: January News & Requirement 1
January 12, 2023 11:00 - 34 minutes - 87.2 MBStay up to date with the latest in PCI compliance. In this episode, William Parks, Andy Kerr, and Kyle Hinterberg discuss the latest in PCI news and how to master Requirement 1 while preparing for PCI 4.0. For any questions, feel free to reach out to us here: Kyle Hinterberg: [email protected] Andy Kerr: [email protected] William Parks: [email protected]
PCI Monthly Update: December News & FAQs
December 06, 2022 11:14 - 34 minutes - 85.9 MBWilliam Parks, Andy Kerr, and Kyle Hinterberg discuss the latest PCI news, share how to create and what should be covered in an executive summary for a PCI assessment, and answer a few questions from our listeners. If you’d like us to answer and address questions on our next episode, reach out to us here: Andy Kerr – [email protected] Kyle Hinterberg – [email protected] William Parks – [email protected]
PCI SSC Community Meeting Top Takeaways
November 08, 2022 10:05 - 28 minutes - 71.8 MBIn this podcast, Host William Parks discusses with LBMC Information Security Senior Managers Andy Kerr and Kyle Hinterberg some of the top takeaways at this year’s PCI SSC Community Meeting. Topics discussed during this episode include changes to the “In-Place with Remediation” reporting option which was added in PCI DSS v4.0, what to do if you miss an ASV Scan, new ways to interact with the PCI Council, SAQ updates, and much more!
Keeping Your Digital Identity Secure with Mark Burnette
October 13, 2022 10:34 - 47 minutes - 119 MBThe Internet provides access to lots of good data, useful websites, social media options, and entertainment, but unfortunately, it also poses some risks to the security and privacy of individuals. In this episode, William Parks and Mark Burnette will share some practical tips for how you can keep yourself and your family safe and secure online. You will learn how to keep your kids safe on social media, how to avoid having to remember hundreds of online passwords (and how to avoid having them...
All About HITRUST
September 29, 2022 10:30 - 13 minutes - 33.2 MBIn this episode, Host William Parks interviews LBMC Shareholder Robyn Barton about HITRUST, what it is, the relationship between HITRUST and HIPAA, and the new HITRUST i1, r2, and bC Assessments.
AIG Cyber Mercenary Group Raises Concern
August 23, 2022 10:04 - 12 minutes - 30.8 MBIn this episode, Host William Parks shares the latest on the new cyber mercenary group, Atlas Intelligence Group or AIG.
Ransomware Awareness
April 28, 2022 10:00 - 7 minutes - 17.7 MBIn this episode, Host William Parks shares ransomware awareness tips and cybersecurity best practices to keep your company safe from attacks.
Women in Cybersecurity
March 24, 2022 10:00 - 28 minutes - 39.7 MBTo celebrate Women's History Month, LBMC interviews a panel of our women cybersecurity experts on their unique career journeys, what advice they would give to women looking to work in the field, and goals for the future.
Hiring Perspectives
December 08, 2020 22:44 - 42 minutes - 98.5 MBIn this episode, the LBMC team gives listeners insight into what to expect when interviewing for a role in information security. Learn what qualities hiring managers are looking for as you prepare for your job interview.
Information Security Careers (Part 2)
November 10, 2020 20:47 - 21 minutes - 50.2 MBPart two of our Information Security Careers podcast series. Our panel of experts share their paths to their first infosec jobs and provide advice for pursuing a career in the field.
Information Security Careers
October 21, 2020 00:06 - 36 minutes - 83.5 MBLearn how a few members of the LBMC Information Security team got started in their careers, and what you should consider when going into the field.
What is the Cybersecurity Maturity Model Certification (CMMC)?
October 21, 2020 00:02 - 28 minutes - 66 MBIn this episode, Caryn Wooley joins us to discuss the Cybersecurity Maturity Model Certification (CMMC). Learn why the Department of Defense created the model to improve security for government contractors and subcontractors. Hear what you can do to start preparing for CMMC today.
HITRUST Guide
September 18, 2020 20:14 - 13 minutes - 11 MBNancy Spizzo, Senior Manager at LBMC Information Security, joins Bill Dean to talk about HITRUST and the new LBMC Information Security HITRUST Guide being released later this fall.
PCI Pen Testing
July 10, 2020 17:00 - 27 minutes - 62.4 MBIn this episode Bill Dean and Stewart Fey discuss penetration testing for PCI compliance. Learn about the differences between penetration testing and vulnerability assessments, and what is needed to meet requirements for PCI compliance.
The Return to a "New Normal"
May 20, 2020 20:22 - 21 minutes - 50.2 MBIn this episode Nancy Spizzo joins Bill Dean to discuss re-entry to the workplace. They'll discuss what items you should consider from a security and technology perspective as organizations plan to reopen their facilities.
The Impact of Remote Work on IT Audits
May 06, 2020 18:29 - 15 minutes - 36.4 MBIn this episode, Chelsea Smith talks with Bill Dean about the impact of remote work on IT audits during the COVID-19 pandemic.
Using Zoom Securely
April 22, 2020 17:52 - 21 minutes - 49.9 MBZoom is soaring in popularity as a large population of remote workers are using it for video conferencing. With it's surging popularity, the platform's loose security protocols made it an easy target for hackers to take advantage and disrupt calls. "Zoombombing" allowed anyone to login to unprotected links to intrude on the calls often sharing lewd photos and videos. Listen to our most recent podcast to hear what you can do to use Zoom securely.
Not All Phishing Assessments Are Equal
April 09, 2020 23:59 - 16 minutes - 37.7 MBIn this episode, LBMC's cybersecurity experts discuss the topic of social engineering via phishing. Learn the difference in using phishing software solutions versus penetration testing services for your cybersecurity program.
MFA is NOT a Silver Bullet
April 09, 2020 23:56 - 18 minutes - 42 MBLBMC Cybersecurity expert, Derek Rush, joins Bill Dean as they discuss the benefits and limitations of multi-factor authentication.
HITRUST Conference Overview
August 16, 2019 20:34 - 20 minutes - 47.8 MBThe LBMC Information Security team recaps the 2019 HITRUST conference that was held in Texas in May. The team talks about the latest news on third-party assurance, HITRUST CSF adoption and controls implementation, SOC 2 + HITRUST, and the latest initiatives in the quality sub committee.
Key Insights on PCI DSS Version 4.0
May 29, 2019 22:06 - 13 minutes - 15 MBIn this podcast, LBMC Information Security’s Mark Burnette offers a summary and perspective on the council’s insights—specifically addressing the three likely changes for the next version of the PCI DSS.
New Tools for PCI Compliance
May 15, 2019 16:41 - 15 minutes - 36 MBIn this podcast, LBMC Information Security’s Bill Dean and John Dorling discuss some of the new tools available to help merchants who are trying to achieve PCI compliance.
2018 Was Second-Most Active Year for Data Breaches
March 20, 2019 03:12 - 10 minutes - 24 MB2018 was one of the biggest years for data breaches to date, with more than 6,500 data breaches reported throughout the year. In this podcast, LBMC Information Security’s Bill Dean dives deeper into these recent data breach statistics and why it’s important to keep investing in the hard work involved with combating cyber-attacks to prevent data breaches in the days to come.
Targeted Attacks Compared to Opportunistic Attacks
October 03, 2018 20:51 - 8 minutes - 9.68 MBAll companies are subject to opportunistic attacks, but do you know if you are subject to a targeted attack based on the data you generate or maintain? In this podcast, LBMC Information Security’s Bill Dean addresses this question while diving deeper into the key differences between targeted attacks and opportunistic attacks.
Incident Response Should Be Common Sense
August 16, 2018 16:43 - 7 minutes - 8.44 MBSince incident response issues are no longer just an IT issue and can often involve legal issues, it is important for organizations to develop an incident response team, seek outside expertise, and have an overall action plan in the event of an incident. In this podcast, LBMC Information Security’s Bill Dean discusses how a complex situation like incident response can be purely based on common sense.
Attack Simulation
July 18, 2018 14:07 - 6 minutes - 7.39 MBIn a previous podcast, we discussed purple-teaming as it compares to a conventional penetration test. Let’s now build on that approach, starting with the differences between attack simulation and conventional penetration tests. The methodology of attack simulation is the assumption that the network or a system will become compromised and the current controls will not prevent the infection. So, how does attack simulation differ from purple-teaming? With purple-teaming, everyone know what co...
Purple-Teaming
July 10, 2018 15:24 - 6 minutes - 7.99 MBMost penetration testers are considered “red team,” while most defenders are considered “blue team.” Thus, the irony of a conventional penetration test is that these two groups are typically pitted against each other. When the red teams and blue teams are working together, you have what’s called a “purple team.” While purple-teaming has not always been a thing, it can be a win for both groups. Purple-teaming has now become somewhat of a buzzword. However, the effort behind it has great mer...
GDPR and Preparing for DSARs
May 08, 2018 20:03 - 15 minutes - 18.2 MBThe EU’s General Data Protection Regulation (GDPR) permits users certain rights (referred to as “data subject access rights” or “DSARs” in the documentation) that organizations will need to be prepared to accommodate if they must comply with GDPR. For organizations to be prepared to respond, it’s important to have a clear understanding of DSARs before you risk consuming too much time, money, and resources in efforts to remain compliant. In this podcast, LBMC Information Security’s Drew He...
GDPR—How to Prepare
May 08, 2018 19:50 - 16 minutes - 19.2 MBAs organizations determine whether the E.U.’s General Data Protection Regulation (GDPR) is applicable to them, there are several important things to consider when it comes to compliance. Among those things involves preparing for and responding to personal data breaches which is not just a requirement of the GDPR; it’s a good business practice in general), data consent, and how you are protecting our data (like data pseudonymisation). With GDPR, personal data is defined a bit differently...
Does GDPR Apply to Me?
May 08, 2018 19:33 - 14 minutes - 16.7 MBAs the May 25, 2018 GDPR enforcement date fast approaches, many organizations are asking, “How does the GDPR will apply to my organization?” As the GDPR extends to U.S. organizations that offer services to or monitor behaviors of E.U. citizens, it’s important to understand how to classify your organization’s data to determine GDPR applicability. While the GDPR presents new challenges for organizations storing or processing personal data, maintaining compliance with the proper guidance is...
Why Employees Are Your Number One Risk
April 19, 2018 16:47 - 9 minutes - 11 MBThe question is not, “Will your employees will get your company hacked?” but rather “When will your employees get your company hacked?” A recent article from HITECH Answers highlights this sad reality of human-error being the most common reason for a cyber intrusion and data compromise. So, while employee actions can circumvent most every security control you have invested in, security awareness training is critical to prevent your employees from being your number one risk. Users are often...
Phishing Emails with 100% Click Rate
April 10, 2018 19:53 - 6 minutes - 7.8 MBIn a recent report from Wombat Security Technologies based on data from millions of simulated phishing attacks, it was found that 76% of organizations said they experienced phishing attacks in 2017, and nearly half of information security professionals said that the rate of attacks increased from 2016 to 2017. F-Secure also recently released research data indicating that over one-third of security incidents start with phishing emails or malicious attachments sent to company employees. In...
IIA Knoxville—Implementing Cloud-Managed Security
April 10, 2018 19:38 - 7 minutes - 8.8 MBWhen cloud-managed security was first introduced, there was some concern about the levels of security as compared to the security of data on an organization’s premises. Today, security professionals have implemented the appropriate controls to help could-based data management be safe and effective. As many organizations are now embracing and migrating to the cloud, it is important to know the risks and proper controls associated with the movement. In this podcast from the Institute of Inte...
IIA Knoxville—Risky Business
March 19, 2018 17:51 - 7 minutes - 8.16 MBNo matter the industry—government, healthcare, financial, or even smaller, mom-and-pop businesses—each deal with some type of sensitive customer information, and each has decisions to make when it comes to managing risk. Most security and audit frameworks (HIPAA, ISO, PCI, NIST, SOC 2, etc.) have requirements for risk assessment, making them one of the first things auditors or regulators ask for. Many companies are still using spreadsheets when it comes to performing risk assessments, which ...
IIA Knoxville—Dear President Trump: How to Secure the United States & Demonstrate That Your Company Is
March 12, 2018 17:14 - 7 minutes - 8.68 MBIn the information security world, we all wish we had more access to senior executives. Following that logic, if you’re responsible for security at your organization, and you are lucky enough to ride on the same elevator with a senior executive from your company, you should be prepared with your “elevator pitch” on what to say about improving the cybersecurity posture of the organization. When asked, you want to have your message fine-tuned and be able to communicate it clearly and succinctl...
IIA Knoxville—SOC for Cybersecurity
March 05, 2018 17:51 - 5 minutes - 6.72 MBThe AICPA Cybersecurity Working Group brought to life a new type of cybersecurity examination report in 2017 known as SOC (System and Organization Control) for Cybersecurity. These reports are intended to provide a consistent approach for evaluating and reporting on an entity’s cybersecurity risk management program and give management the ability to consistently describe its cybersecurity risk management program. Additionally, the flexibility of the reports allows management to use any recog...
5 Reasons Why Organizations Don’t Detect a Cyber Breach
January 18, 2018 16:15 - 9 minutes - 10.9 MBIncident response consultants are often contacted by clients who are in complete shock that their systems or networks have been compromised. Many times, these clients are hoping our analysis will ultimately prove that the incident was just a “flesh wound” to their systems and that they didn’t experience an actual data breach. It’s quite common for organizations to assume that data breaches won’t happen to them, and consequently, they typically don’t have an incident response plan. Not only...
2017 Year-End Healthcare Breach Review
January 12, 2018 16:07 - 11 minutes - 12.8 MBIn comparison to previous years, 2017 was a good year as the number of healthcare records compromised was significantly down. As of December 30, there had been 341 breaches reported, affecting a little less than 5 million individuals. This compares to 327 breach reports in 2016 but with 16.6 million individuals affected. When this information is contrasted with 2015 statistics, fewer breaches (268) were reported, however more than 113 million patients were affected. So, why the significant...
Law Firms are Cybersecurity Targets
December 19, 2017 17:24 - 7 minutes - 8.86 MBA recent report from cybersecurity firm, FireEye revealed that Chinese hackers have been actively targeting a shortlist of multinational law firms since at least June of 2017. This was an apparent effort to spy on lawyers and steal confidential information, proving that not only are law firms targets of nation states, but attackers are also keeping up with current news, using well-designed phishing campaigns that contain references to pertinent, high-profile U.S. news stories. Although law f...