Software Engineering Institute (SEI) Podcast Series
426 episodes - English - Latest episode: 14 days ago - ★★★★★ - 18 ratingsThe SEI Podcast Series presents conversations in software engineering, cybersecurity, and future technologies.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Ensuring Continuity of Operations When Business Is Disrupted
November 10, 2009 17:00 - 21 minutes - 4.89 MBProviding critical services during times of stress depends on documented, tested business continuity plans. Related Course Introduction to CERT Resiliency Management Model Listen on Apple Podcasts.
Managing Relationships with Business Partners to Achieve Operational Resiliency
October 20, 2009 17:00 - 27 minutes - 6.21 MBA defined, managed process for third party relationships is essential, particularly when business is disrupted. Related Course Introduction to CERT Resiliency Management Model Listen on Apple Podcasts.
The Smart Grid: Managing Electrical Power Distribution and Use
September 29, 2009 17:00 - 20 minutes - 4.64 MBThe smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. Listen on Apple Podcasts.
Electronic Health Records: Challenges for Patient Privacy and Security
September 08, 2009 17:00 - 26 minutes - 5.96 MBElectronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. Listen on Apple Podcasts.
Mitigating Insider Threat: New and Improved Practices
August 18, 2009 17:00 - 36 minutes - 8.32 MBTwo hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat. Listen on Apple Podcasts.
Rethinking Risk Management
July 07, 2009 17:00 - 29 minutes - 6.78 MBBusiness leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. Related Courses Assessing Information Security Risk Using the OCTAVE Practical Risk Management: Framework and Methods Listen on Apple Podcasts.
The Upside and Downside of Security in the Cloud
June 16, 2009 17:00 - 27 minutes - 6.34 MBWhen considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. Listen on Apple Podcasts.
More Targeted, Sophisticated Attacks: Where to Pay Attention
May 26, 2009 17:00 - 20 minutes - 4.6 MBBusiness leaders need to take action to better mitigate sophisticated social engineering attacks. Listen on Apple Podcasts.
Is There Value in Identifying Software Security "Never Events?"
May 05, 2009 17:00 - 20 minutes - 4.66 MBNow may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. Listen on Apple Podcasts.
Cyber Security, Safety, and Ethics for the Net Generation
April 14, 2009 17:00 - 20 minutes - 4.63 MBCapitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Listen on Apple Podcasts.
An Experience-Based Maturity Model for Software Security
March 31, 2009 17:00 - 21 minutes - 4.99 MBObserved practice, represented as a maturity model, can serve as a basis for developing more secure software. Listen on Apple Podcasts.
Mainstreaming Secure Coding Practices
March 17, 2009 17:00 - 20 minutes - 4.59 MBRequiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.
Security: A Key Enabler of Business Innovation
March 03, 2009 17:00 - 23 minutes - 5.47 MBMaking security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. Related Courses Assessing Information Security Risk Using the OCTAVE Approach Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts.
Better Incident Response Through Scenario Based Training
February 17, 2009 17:00 - 22 minutes - 5.25 MBTeams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. Related Courses Advanced Incident Handling Advanced Information Security for Technical Staff Listen on Apple Podcasts.
An Alternative to Risk Management for Information and Software Security
February 03, 2009 17:00 - 25 minutes - 5.93 MBStandard, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. Related Course Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts.
Tackling Tough Challenges: Insights from CERT’s Director Rich Pethia
January 20, 2009 17:00 - 17 minutes - 4.02 MBRich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Listen on Apple Podcasts.
Climate Change: Implications for Information Technology and Security
December 09, 2008 17:00 - 23 minutes - 5.44 MBClimate change requires new strategies for dealing with traditional IT and information security risks. Listen on Apple Podcasts.
Using High Fidelity, Online Training to Stay Sharp
November 25, 2008 17:00 - 26 minutes - 6.1 MBVirtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. Related Courses Managing Enterprise Information Security Information Security for Technical Staff Listen on Apple Podcasts.
Integrating Security Incident Response and e-Discovery
November 11, 2008 17:00 - 25 minutes - 5.85 MBResponding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Related Course Managing Computer Security Incident Response Teams Listen on Apple Podcasts.
Concrete Steps for Implementing an Information Security Program
October 28, 2008 17:00 - 21 minutes - 4.92 MBA sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.
Virtual Communities: Risks and Opportunities
October 14, 2008 17:00 - 18 minutes - 4.14 MBWhen considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. Listen on Apple Podcasts.
Developing Secure Software: Universities as Supply Chain Partners
September 30, 2008 17:00 - 23 minutes - 5.35 MBIntegrating security into university curricula is one of the key solutions to developing more secure software. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.
Security Risk Assessment Using OCTAVE Allegro
September 16, 2008 17:00 - 18 minutes - 4.16 MBOCTAVE® Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. Related Course OCTAVE Listen on Apple Podcasts.
Getting to a Useful Set of Security Metrics
September 02, 2008 17:00 - 18 minutes - 4.31 MBWell-defined metrics are essential to determine which security practices are worth the investment. Listen on Apple Podcasts.
How to Start a Secure Software Development Program
August 20, 2008 17:00 - 20 minutes - 4.58 MBSoftware security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Listen on Apple Podcasts.
Managing Risk to Critical Infrastructures at the National Level
August 05, 2008 17:00 - 22 minutes - 5.08 MBProtecting critical infrastructures and the information they use are essential for preserving our way of life. Listen on Apple Podcasts.
Analyzing Internet Traffic for Better Cyber Situational Awareness
July 28, 2008 17:00 - 29 minutes - 6.77 MBAutomation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Related Courses Information Security for Technical Staff Advanced Information Security for Technical Staff Listen on Apple Podcasts.
Managing Security Vulnerabilities Based on What Matters Most
July 22, 2008 17:00 - 23 minutes - 5.37 MBDetermining which security vulnerabilities to address should be based on the importance of the information asset. Related Course Information Security for Technical Staff Listen on Apple Podcasts.
Identifying Software Security Requirements Early, Not After the Fact
July 08, 2008 17:00 - 22 minutes - 5.25 MBDuring requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.
Making Information Security Policy Happen
June 24, 2008 17:00 - 24 minutes - 5.56 MBTargeted, innovative communications and a robust life cycle are keys for security policy success. Related Course Managing Enterprise Information Security Listen on Apple Podcasts.
Becoming a Smart Buyer of Software
June 10, 2008 17:00 - 21 minutes - 4.85 MBManaging software that is developed by an outside organization can be more challenging than building it yourself. Related Course Software Acquisiton Survival Skills Course Listen on Apple Podcasts.
Building More Secure Software
May 27, 2008 17:00 - 16 minutes - 3.83 MBSoftware security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Related Course Secure Coding in C and C++ Listen on Apple Podcasts.
Connecting the Dots Between IT Operations and Security
May 13, 2008 17:00 - 24 minutes - 5.64 MBHigh performing organizations effectively integrate information security controls into mainstream IT operational processes. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.
Getting in Front of Social Engineering
April 29, 2008 17:00 - 23 minutes - 11 MBHelping your staff learn how to identify social engineering attempts is the first step in thwarting them. Listen on Apple Podcasts.
Using Benchmarks to Make Better Security Decisions
April 15, 2008 17:00 - 20 minutes - 4.61 MBBenchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Listen on Apple Podcasts.
Protecting Information Privacy - How To and Lessons Learned
April 01, 2008 17:00 - 22 minutes - 5.08 MBAligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Listen on Apple Podcasts.
Initiating a Security Metrics Program: Key Points to Consider
March 18, 2008 17:00 - 12 minutes - 2.77 MBA sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. Listen on Apple Podcasts.
Insider Threat and the Software Development Life Cycle
March 04, 2008 17:00 - 23 minutes - 5.39 MBSignificant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. Listen on Apple Podcasts.
Tackling the Growing Botnet Threat
February 19, 2008 17:00 - 20 minutes - 4.71 MBBusiness leaders need to understand the risks to their organizations caused by the proliferation of botnets. Listen on Apple Podcasts.
Building a Security Metrics Program
February 05, 2008 17:00 - 22 minutes - 5.17 MBSelecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Listen on Apple Podcasts.
Inadvertent Data Disclosure on Peer-to-Peer Networks
January 22, 2008 17:00 - 20 minutes - 9.26 MBPeer-to-peer networks are being used today to unintentionally disclose government, commercial, and personal information. Listen on Apple Podcasts.
Information Compliance: A Growing Challenge for Business Leaders
January 08, 2008 17:00 - 21 minutes - 5.01 MBDirectors and senior executives are personally accountable for protecting information entrusted to their care. Related Course Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Listen on Apple Podcasts.
Internal Audit's Role in Information Security: An Introduction
December 10, 2007 17:00 - 14 minutes - 3.3 MBInternal Audit can serve a key role in putting an effective information security program in place, and keeping it there. Listen on Apple Podcasts.
What Business Leaders Can Expect from Security Degree Programs
November 27, 2007 17:00 - 18 minutes - 4.23 MBInformation security degree programs are proliferating, but what do they really offer business leaders who are seeking knowledgeable employees? Listen on Apple Podcasts.
The Path from Information Security Risk Assessment to Compliance
November 13, 2007 17:00 - 26 minutes - 6.02 MBInformation security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome. Related Course Assessing Information Security Risk Using the OCTAVE Approach Listen on Apple Podcasts.
Computer Forensics for Business Leaders: Building Robust Policies and Processes
October 30, 2007 17:00 - 12 minutes - 2.83 MBBusiness leaders can play a key role in computer forensics by establishing strong policies and proactively testing to ensure those policies work in tough situations. Related Training Computer Forensics for Technical Staff Listen on Apple Podcasts.
Business Resilience: A More Compelling Argument for Information Security
October 16, 2007 17:00 - 24 minutes - 5.62 MBA business resilience argument can bridge the communication gap that often exists between information security officers and business leaders. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts.
Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity
October 15, 2007 17:00 - 18 minutes - 4.21 MBBy taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their organizations stand up to known and unknown threats. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts.
The Human Side of Security Trade-Offs
September 18, 2007 17:00 - 27 minutes - 6.24 MBIt's easy to think of security as a collection of technologies and tools - but people are the real key to any security effort. Listen on Apple Podcasts.
Dual Perspectives: A CIO's and CISO's Take on Security
September 04, 2007 17:00 - 26 minutes - 6.03 MBGiven that you can't secure everything, managing security risk to a "commercially reasonable degree" can lead to the best possible solution. Listen on Apple Podcasts.