All Episodes
Displaying 101 - 120 of 147 in total
Episode 102 — Spotlight: Incident Reporting (IR-6)
Incident Reporting (IR-6) ensures that detected security incidents are promptly communicated to appropriate parties so that response and oversight occur without delay....
Episode 103 — Spotlight: Incident Response Plan (IR-8)
Incident Response Plan (IR-8) ensures that organizations maintain a documented, tested, and updated plan guiding all activities related to incident management. For exa...
Episode 104 — Spotlight: Information Spillage Response (IR-9)
Information Spillage Response (IR-9) focuses on detecting, containing, and remediating incidents where classified, controlled, or otherwise sensitive information is tr...
Episode 105 — Spotlight: Risk Assessment (RA-3)
Risk Assessment (RA-3) defines how organizations identify threats, vulnerabilities, and potential impacts to determine the likelihood and magnitude of adverse events. ...
Episode 106 — Spotlight: Vulnerability Monitoring and Scanning (RA-5)
Vulnerability Monitoring and Scanning (RA-5) ensures organizations continuously identify weaknesses in systems, applications, and configurations before adversaries do....
Episode 107 — Spotlight: Security Categorization (RA-2)
Security Categorization (RA-2) anchors the entire control selection process by determining the potential impact of a loss of confidentiality, integrity, or availabilit...
Episode 108 — Spotlight: Criticality Analysis (RA-9)
Criticality Analysis (RA-9) identifies the components, services, and data flows whose compromise would create disproportionate harm, enabling focused protection where ...
Episode 109 — Spotlight: Security and Privacy Engineering Principles (SA-8)
Security and Privacy Engineering Principles (SA-8) codify design tenets that make systems trustworthy by default rather than retrofitted after deployment. For exam pur...
Episode 110 — Spotlight: Developer Testing and Evaluation (SA-11)
Developer Testing and Evaluation (SA-11) requires that software be verified through systematic testing to uncover defects and security weaknesses before release. For t...
Episode 111 — Spotlight: External System Services (SA-9)
External System Services (SA-9) ensures that when organizations rely on external providers—such as cloud platforms, SaaS applications, or managed services—security and...
Episode 112 — Spotlight: Unsupported System Components (SA-22)
Unsupported System Components (SA-22) addresses the risk of operating hardware or software that vendors no longer support. For the exam, candidates must understand tha...
Episode 113 — Spotlight: Boundary Protection (SC-7)
Boundary Protection (SC-7) governs how networks, systems, and data flows are isolated and controlled to prevent unauthorized access or leakage. For exam purposes, SC-7...
Episode 114 — Spotlight: Transmission Confidentiality and Integrity (SC-8)
Transmission Confidentiality and Integrity (SC-8) safeguards information as it travels across networks by preventing unauthorized disclosure or modification. For the e...
Episode 115 — Spotlight: Cryptographic Key Establishment and Management (SC-12)
Cryptographic Key Establishment and Management (SC-12) ensures that encryption keys are generated, distributed, stored, and retired securely throughout their lifecycle...
Episode 116 — Spotlight: Cryptographic Protection (SC-13)
Cryptographic Protection (SC-13) requires organizations to protect the confidentiality and integrity of information through approved cryptographic mechanisms that are ...
Episode 117 — Spotlight: Protection of Information at Rest (SC-28)
Protection of Information at Rest (SC-28) mandates that stored data remain confidential and tamper-evident wherever it resides—primary storage, backups, snapshots, rem...
Episode 118 — Spotlight: Session Authenticity (SC-23)
Session Authenticity (SC-23) ensures that once a user or service is authenticated, the resulting session remains bound to that identity, protected from hijacking, repl...
Episode 119 — Spotlight: Public Key Infrastructure Certificates (SC-17)
Public Key Infrastructure Certificates (SC-17) governs the issuance, management, and validation of digital certificates that anchor trust for users, services, and devi...
Episode 120 — Spotlight: Denial-of-Service Protection (SC-5)
Denial-of-Service Protection (SC-5) requires organizations to anticipate and withstand attempts to degrade or exhaust system resources, whether through volumetric floo...
Episode 121 — Spotlight: Flaw Remediation (SI-2)
Flaw Remediation (SI-2) ensures that software and system vulnerabilities are identified, prioritized, and corrected in a timely and verifiable manner. For exam purpose...