x

75% of people globally want unbiased news (Pew Research) but are concerned they're not getting that.

Get balanced coverage with Symby. See how stories are covered across diverse outlets and spot when one side covers a story the other skips.

PODCAST

Framework: The Center for Internet Security (CIS) Top 18 Controls

The **CIS Critical Security Controls Audio Course** is a comprehensive, audio-first training series that guides listeners through all eighteen **CIS Controls**, transforming one of the world’s most respected cybersecurity frameworks into clear, actionable learning. Designed for professionals, students, and auditors alike, this series explains each control in practical, plain language—focusing on how to implement, assess, and sustain them in real environments. With eighty-three structured episodes,

technology courses

All Episodes

10:21

Episode 43 — Safeguard 9.2 – Browser configuration...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 9.2 focuses on securing web browsers—the most widely used and simultaneously most exposed application within any organization. Because browsers connect directly to external content, they are frequent delivery channels for malware, malicious scripts, and credential theft. This safeguard mandates the use of fully supported browsers with current security updates and the implementation of configuration controls that reduce risk exposure. Examples include disabling or uninstalling

en

8:52

Episode 42 — Safeguard 9.1 – Spam and phishing defenses

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 9.1 requires organizations to ensure that only fully supported and up-to-date email clients are used and that layered spam and phishing defenses are in place. Attackers frequently exploit vulnerabilities in outdated email clients or manipulate users through convincing phishing campaigns that mimic trusted entities. To counter this, enterprises must combine technical controls with user awareness. Technical defenses include deploying spam filters that inspect message headers,

en

10:02

Episode 41 — Overview – Email and browser as attack...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Control 9—Email and Web Browser Protections—targets the entry points most frequently exploited by attackers: users’ inboxes and browsers. These applications are gateways between trusted internal systems and the untrusted external world. Malicious links, attachments, and scripts routinely bypass basic defenses by exploiting human behavior rather than technical vulnerabilities. Phishing remains the most common initial attack vector, with web browsing a close second due to drive-by downloads,

en

10:33

Episode 40 — Remaining safeguards summary (Control 8)

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

The remaining safeguards under Control 8 expand audit logging into a fully mature detection capability that supports real-time defense, forensic analysis, and compliance reporting. Safeguards 8.3 through 8.12 include maintaining adequate log storage, synchronizing system clocks, logging detailed user activities, and collecting specialized records such as DNS, URL, and command-line logs. They also call for periodic log reviews, retention policies, and collection of logs from service

en

10:28

Episode 39 — Safeguard 8.2 – Centralized log...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 8.2 builds upon basic log activation by requiring centralized log collection and correlation through Security Information and Event Management (SIEM) or equivalent platforms. Centralization solves one of the biggest challenges in security operations—fragmentation. When logs remain dispersed across servers, applications, and network devices, it is nearly impossible to detect complex attack chains that span multiple systems. SIEM platforms aggregate logs in real time, normalize them

en

10:13

Episode 38 — Safeguard 8.1 – Enable audit logging

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 8.1 requires organizations to establish and maintain a documented process for audit log management, defining the collection, review, and retention of event data across enterprise assets. This safeguard ensures that every system capable of generating logs has logging features enabled and configured according to policy. Logging should capture significant security events such as authentication attempts, privilege changes, configuration modifications, and data access. These records

en

9:51

Episode 37 — Overview – Logs as the backbone of...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Control 8—Audit Log Management—focuses on one of the most essential yet underutilized capabilities in cybersecurity: the power of audit logs. Logs are the digital footprints of system activity, recording events such as logins, file access, configuration changes, and network connections. When properly collected, analyzed, and retained, they provide the evidence needed to detect, investigate, and recover from security incidents. Unfortunately, many organizations generate massive volumes of

en

9:26

Episode 36 — Remaining safeguards summary (Control 7)

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

The remaining safeguards under Control 7 complete the vulnerability management cycle by ensuring that discovery, remediation, and verification operate as an ongoing, measurable process. Safeguards 7.4 through 7.7 require enterprises to automate both operating system and application patching, perform internal and external vulnerability scans, and validate remediation results. These steps close the feedback loop between detection and correction, ensuring that vulnerabilities are not just

en

10:26

Episode 35 — Safeguard 7.3 – Integration with patch...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 7.3 connects vulnerability management directly to patch management, ensuring that identified issues lead to timely, verifiable fixes. Vulnerability scanning without patching creates awareness but not improvement; patching without visibility risks misalignment and wasted effort. By integrating the two, enterprises establish a closed feedback loop where discovered vulnerabilities trigger automated patching workflows, and completed patches feed back into scanners for validation. This

en

10:09

Episode 34 — Safeguard 7.2 – Remediation timelines...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 7.2 establishes the requirement for formal remediation timelines, often codified as Service Level Agreements (SLAs), to ensure that identified vulnerabilities are addressed promptly and consistently. Without clear deadlines, patching and remediation can slip behind operational priorities, leaving systems exposed for extended periods. This safeguard mandates defining risk-based timeframes for remediation—such as fixing critical vulnerabilities within 15 days, high-severity issues

en

10:20

Episode 33 — Safeguard 7.1 – Vulnerability scanning...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 7.1 calls for organizations to establish and maintain a documented vulnerability management process supported by automated scanning tools. These tools form the technical backbone of the program, identifying security weaknesses across operating systems, applications, and network devices. Effective scanners leverage standardized frameworks like Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS) to evaluate risks objectively. Regular,

en

10:08

Episode 32 — Overview – Why vulnerability management...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Control 7—Continuous Vulnerability Management—recognizes that no system remains secure indefinitely. Software evolves, new exploits emerge, and configurations drift over time. This control establishes the need for ongoing assessment, remediation, and verification to identify and correct vulnerabilities before attackers can exploit them. Unlike one-time scans or periodic audits, continuous vulnerability management operates as an unending cycle of discovery, prioritization, and repair. It

en

11:00

Episode 31 — Remaining safeguards summary (Control 6)

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

The remaining safeguards under Control 6 complete the access control lifecycle by ensuring that privileges are continuously monitored, validated, and revoked when no longer required. These safeguards emphasize processes for deprovisioning accounts, enforcing Multi-Factor Authentication (MFA), and maintaining centralized authorization systems. Together, they ensure that identity and access management remain consistent across all enterprise environments—on-premises, cloud, and hybrid. For

en

10:15

Episode 30 — Safeguard 6.2 – Role-based access...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 6.2 formalizes the implementation of Role-Based Access Control, or RBAC, which assigns permissions to predefined roles rather than individual users. This model enforces consistency, scalability, and least privilege across the enterprise. In RBAC, roles correspond to job functions—such as “HR analyst,” “database administrator,” or “developer”—and each role carries a specific set of permissions aligned with that function. When a user joins, transfers, or leaves the organization,

en

9:09

Episode 29 — Safeguard 6.1 – Access authorization...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 6.1 requires organizations to establish standardized, auditable processes for granting access to enterprise assets. Each new user, contractor, or service account must go through a formal authorization workflow that verifies identity, validates need, and documents approval. This process ensures that access is not granted informally or through personal discretion, which can lead to privilege creep and inconsistent policy enforcement. By using automated identity governance systems,

en

11:07

Episode 28 — Overview – Principles of least privilege

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Control 6 introduces the principle of least privilege, a core tenet of cybersecurity that restricts user and system access to only the permissions necessary for performing assigned tasks. This control moves beyond account creation to govern how those accounts are authorized to interact with enterprise assets and data. Over-privileged accounts are one of the most common and dangerous weaknesses in modern networks. Attackers exploit them to move laterally, escalate privileges, or exfiltrate

en

10:38

Episode 27 — Remaining safeguards summary (Control 5)

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

The remaining safeguards in Control 5 complete the account management lifecycle by focusing on administrative segregation, service account oversight, and centralized control. Safeguard 5.4 mandates that administrative privileges be restricted to dedicated administrator accounts separate from normal user profiles. This prevents the compromise of personal credentials from granting excessive access. Safeguard 5.5 requires maintaining an inventory of service accounts—non-human identities used

en

10:36

Episode 26 — Safeguard 5.3 – Disable dormant accounts

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 5.3 requires organizations to detect and disable dormant accounts—user identities that have not been used for an extended period, typically forty-five days or more. Dormant accounts are among the most overlooked attack vectors in enterprise environments. When active but unused, they retain system access rights and credentials that can be exploited by adversaries without immediate detection. Attackers often target such accounts to establish persistence or escalate privileges

en

8:47

Episode 25 — Safeguard 5.2 – Centralized account...

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 5.2 emphasizes consolidating account administration through centralized identity services rather than isolated, system-specific credentials. Fragmented account management increases complexity, weakens control, and introduces inconsistencies in password enforcement and deactivation procedures. By centralizing authentication and authorization through a directory service or Identity and Access Management (IAM) platform, organizations create a single authoritative source for user

en

9:20

Episode 24 — Safeguard 5.1 – Inventory of accounts

Framework: The Center for Internet Security (CIS) Top... ·

2025/10/18

Safeguard 5.1 requires organizations to maintain a comprehensive, accurate inventory of all accounts managed within the enterprise, covering user, administrator, and service identities. Each entry in the inventory should document key details such as the account holder’s name, role, department, creation date, and status. This visibility enables quick identification of unauthorized or dormant accounts that may provide unmonitored access paths for attackers. Regular validation—ideally

en

83 results

Similar Podcasts

Lead With AI

Tamara Nall

Linux in the Ham Shack

Black Sparrow Media

Data Engineering Podcast

Tobias Macey

Eye On A.I.

Craig S. Smith

Reflections

Livewire Labs