Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Similar to QPC Security - Breakfast Bytes
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Some Goodness is hosted by Richard Ellis, a seasoned sales leader passionate about inviting top business minds to share their wisdom. Each episode is only 15-20 minutes, perfect for your commute or workout.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Tom Merritt and the team help you stay up to date with an independent, authoritative and trustworthy tech news briefing. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Call them changemakers. Call them rule breakers. We call them Redefiners. And in this provocative podcast, we explore how daring leaders from across industries and around the globe are redefining their organizations—and themselves—to create extraordinary impact in today’s rapidly changing world. In each episode, Russell Reynolds Associates Leadership Advisor Hoda Tahoun and former CEO Clarke Murphy host engaging, purposeful conversations with leaders in and out of the business world who shar ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Zero trust fundamentals
Manage episode 365026653 series 2981977
Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Zero trust is not a product you buy.
The problem that most organizations have is that they are still not doing the fundamentals well.
CIS has a community defense model.
I did a detailed webinar on it where I covered a lot of these fundamentals.
https://www.qpcsecurity.com/2023/02/16/addressing-information-security-fundamentals-with-cis-and-community-defense-model/
Let's look at inventory management, asset management, change management, onboarding and offboarding.
You must have checks and balances. There must be practices codified in policy with a shared responsibility model which make it so that the issues that are created by mistakes in onboarding or offboarding are caught.
Fundamentally, the most effective thing in zero trust are the protections that are in an always on state.
Like for example the recent revelation about flaws in UEFI and SecureBoot.
These have prerequisites like TPM, BIOS configs, bios adm pwds, automated firmware updates, procurement policy alignment for supported hardware, onboarding configuration done properly on those endpoints, monitoring of the firmware updates, and of course, no admin access for end users!!!
FUNDAMENTALS MUST BE MASTERED
When an organization does not have a CISO that has policy and management authority over IT, you are guaranteed to have problems.
Forget CIO and CTO. I think those are old modes of thinking. Find a CISO that can be the leader of all IT strategy.
Procurement policy must include vetting and testing of cloud app integrations. Monitoring and technical controls must be in place to restrict or eliminate the ability of an end user to buy shadow IT and authorize it on their own. Azure AD has controls for this, but they are not on by default.
96 episodes
Share
Manage episode 365026653 series 2981977
Content provided by qpcsecurity. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by qpcsecurity or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Zero trust is not a product you buy.
The problem that most organizations have is that they are still not doing the fundamentals well.
CIS has a community defense model.
I did a detailed webinar on it where I covered a lot of these fundamentals.
https://www.qpcsecurity.com/2023/02/16/addressing-information-security-fundamentals-with-cis-and-community-defense-model/
Let's look at inventory management, asset management, change management, onboarding and offboarding.
You must have checks and balances. There must be practices codified in policy with a shared responsibility model which make it so that the issues that are created by mistakes in onboarding or offboarding are caught.
Fundamentally, the most effective thing in zero trust are the protections that are in an always on state.
Like for example the recent revelation about flaws in UEFI and SecureBoot.
These have prerequisites like TPM, BIOS configs, bios adm pwds, automated firmware updates, procurement policy alignment for supported hardware, onboarding configuration done properly on those endpoints, monitoring of the firmware updates, and of course, no admin access for end users!!!
FUNDAMENTALS MUST BE MASTERED
When an organization does not have a CISO that has policy and management authority over IT, you are guaranteed to have problems.
Forget CIO and CTO. I think those are old modes of thinking. Find a CISO that can be the leader of all IT strategy.
Procurement policy must include vetting and testing of cloud app integrations. Monitoring and technical controls must be in place to restrict or eliminate the ability of an end user to buy shadow IT and authorize it on their own. Azure AD has controls for this, but they are not on by default.
96 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to QPC Security - Breakfast Bytes
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Some Goodness is hosted by Richard Ellis, a seasoned sales leader passionate about inviting top business minds to share their wisdom. Each episode is only 15-20 minutes, perfect for your commute or workout.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Tom Merritt and the team help you stay up to date with an independent, authoritative and trustworthy tech news briefing. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Call them changemakers. Call them rule breakers. We call them Redefiners. And in this provocative podcast, we explore how daring leaders from across industries and around the globe are redefining their organizations—and themselves—to create extraordinary impact in today’s rapidly changing world. In each episode, Russell Reynolds Associates Leadership Advisor Hoda Tahoun and former CEO Clarke Murphy host engaging, purposeful conversations with leaders in and out of the business world who shar ...
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
