CCT 206: Assess Security Impact of Acquired Software (Domain 8.4)

CISSP Cyber Training Podcast - CISSP Training Program

Content provided by Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

4M ago 35:54

MP3•Episode home

Send us a text

Could you navigate the complexities of cybersecurity like a pro and walk confidently into the CISSP exam? Join us as Sean Gerber shares his expert insights on conquering common test pitfalls and emphasizes the crucial strategy of thinking like a manager. From mastering the art of pacing to trusting your instincts, you'll gain valuable knowledge on how to read questions methodically and manage your time effectively. Plus, we're not just examining theoretical knowledge—Sean breaks it down into practical applications, particularly when assessing the security risks associated with commercial off-the-shelf software.
In today's cloud-reliant world, understanding service evaluation best practices is essential. We explore the critical considerations in managing services like SaaS, IaaS, and PaaS. Learn which questions to prioritize when engaging with service providers, such as inquiring about their data protection strategies, encryption standards, and compliance with essential frameworks like SOC 2 and ISO 27017. Discover how the shared responsibility model for IaaS impacts your security measures, and unlock the secrets to secure API configurations. We also stress the importance of thorough risk assessment, threat modeling, and adhering to secure development standards like ISO 27034 and IEC 62443.
Software selection is a major decision, and due diligence can make all the difference. This episode unravels how to rigorously evaluate software vendors, focusing on credibility, security assessments, and compliance with industry standards. With Sean's guidance, you'll learn to conduct comprehensive code reviews, penetration tests, and evaluate vendor support. We also highlight strategic deployment planning, emphasizing API security, threat modeling, and a robust mitigation plan. Finally, we unveil the extensive cybersecurity services offered by Reduce Cyber Risk, paired with exciting news about an upcoming podcast designed to bolster your cybersecurity knowledge even further.

Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Chapters

1. CISSP Cyber Training (00:00:00)

2. Cloud Service Evaluation Best Practices (00:11:48)

3. Software Due Diligence and Security (00:21:49)

4. Software Security and Deployment Planning (00:28:04)

5. Reduced Cyber Risk Consulting Services (00:34:20)

241 episodes

#Tech #News #Tech News #CISSP #Cyber Security #Cybersecurity #Cyber Training #Cybersecurity Consultant #Shon Gerber #CISSP Training #Cissp Course #Cissp Boot Camp #Cissp Exam #Cissp Practice Exam #Cissp Practice Test