CCT 266: Collect Security Process Data (CISSP Domain 6.3)

CISSP Cyber Training Podcast - CISSP Training Program

תוכן מסופק על ידי Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

2M ago 39:30

MP3•בית הפרקים

Send us a text

Check us out at: https://www.cisspcybertraining.com/

Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout

Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv

A shocking cybersecurity case recently hit the headlines—a 50-year-old IT contractor sentenced to over 8 years in prison for acting as a mule for North Korean hackers. What makes this story particularly alarming? Companies were unknowingly shipping laptops directly to her, providing legitimate access credentials that she then shared with foreign adversaries. This case serves as a powerful reminder of why third-party risk management isn't just a compliance exercise but a critical security function.
Diving into CISSP Domain 6.3, we explore the fundamental security processes that could prevent such compromises. User account lifecycle management forms the backbone of organizational security, from proper identity verification during onboarding to the principle of least privilege and role-based access controls. We examine the critical differences between disabling and deleting accounts during deprovisioning, and why service accounts deserve special attention as high-value targets for attackers.
Security assessments and audits provide the verification mechanisms needed to ensure your controls are both properly designed and effectively operating. Understanding the distinction between vulnerability assessments, penetration tests, and formal audits helps you build a comprehensive evaluation strategy. We clarify the differences between SOC Type 1 and Type 2 reports when evaluating service providers, and explain why metrics must be measurable, actionable, relevant, timely, and attributional (SMARTA) to drive meaningful security improvements.
Perhaps most critically, we address backup verification strategies—because discovering your backups are corrupted during a recovery situation is a career-limiting event. Through practical guidance on security training approaches, enforcement mechanisms, and measurement techniques, this episode provides both CISSP candidates and practicing security professionals with actionable insights to strengthen their security programs. Ready to transform your security posture? Listen now, then visit CISSPCyberTraining.com for more resources to accelerate your cybersecurity journey.

Support the show

Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

פרקים

1. Intro and IT Mule Case Study (00:00:00)

2. Third-Party Risk Management Concerns (00:05:26)

3. Domain 6.3: User Account Lifecycle (00:10:12)

4. Privileged Accounts and Service Accounts (00:17:03)

5. Security Assessments and Audits (00:24:02)

6. Metrics, KPIs, and KRIs (00:30:15)

7. Backup Verification Strategies (00:37:27)

288 פרקים

#CISSP #Cyber Security #Cybersecurity #Cyber Training #Cybersecurity Consultant #Shon Gerber #Cissp Course #Cissp Boot Camp #Cissp Exam #Cissp Practice Exam #Cissp Practice Test #Higher Education #Podcasting Education #CISSP Training