Episode 15 is the 4th installment in the Security Simplified Incident Management Series. Over the course of dozens of years and 100s of incidents we've heard a lot of questions, and some are more common than others. When we're in the middle of an information security incident, just about every question is valid.Tune in to this episode to hear some of the most common questions incident response clients have asked us. We'll share our common responses too.At SecurityStudio, our mission is: "Simplify Information Security For ALL".#MissionBeforeMoney.

The 3rd installment in the Security Simplified Incident Management Series. In this episode, Ryan and Evan have a good discussion about the most common mistakes we've seen over the years with incident response/management. Maybe you're prone to one (or more) of these mistakes, or you've certainly heard about them. Regardless, these guys have already paid the "dumb tax". Learn how to avoid common mistakes and adopt the best plan for your organization!All this while staying true to our motto: "Simplify Information Security For ALL". It's our mission. #MissionBeforeMoney.

This is #2 of 9 in the Security Simplified Incident Management Series. In this episode (#13), Evan and Ryan bust the top incident response planning myths. This is a MUST LISTEN episode where the guys break it down using simple logic. Despite the fact that information security incidents are certain to happen, most organizations do NOT do proper planning.

The Security Simplified Podcast is back, and we're introducing the Incident Management Series! For the next nine episodes, Evan and Ryan will simplify Incident Management for the Security Simplified Podcast audience.We start the series with this episode (Episode 12), tackling how to build support for an Incident Management Program. Despite the fact that information security incidents are certain to happen, most organizations do NOT do proper planning. Maybe we (information security professionals) haven't done a good job communicating the importance of an incident management program. Maybe we don't know the importance ourselves. Whatever the reason, we MUST do better!#MissionBeforeMoney

The 5th installment in the Information Security Governance Simplified Series, "Guidelines, Standards, and Procedures".In case you haven't noticed yet, Evan and Ryan have taken you from top to bottom with governance. It's not nearly as complicated as we tend to make it! In episode 10, the topic of information security policies was covered, and our policies need some tactical support. This is where guidelines, standards, and procedures are used. - What is a "guideline"? - What is a "standard"? - What is a "procedure"? - The purpose for each document type. - Approvals for each document type.Next week, we wrap up the series with "Maintaining Effective Governance". Hope you enjoy!

The next installment in the Information Security Governance Simplified Series. After covering the definition of information security governance (Ep. 7), the importance of aligning governance with the organization's mission (Ep. 8), and information security roles and responsibilities (Ep. 9), Ryan and Evan tackle information security policies in this episode (Ep. 10). - What are policies used for? - Who approves policies and policy changes? - Who maintains policies? - Which policies are considered "standard" policies? - Policy status tracking.Information security policies are critical to the success of an information security program, BUT only if they're done and used properly.

Continuing the Information Security Governance Simplified series, Ryan and Evan discuss roles and responsibilities and their importance to effective information security governance.Without explicitly defined roles and responsibilities accountability suffers (or is completely non-existent).In this episode, the topics include:* The Board of Directors (if it exists). – FOUR THINGS* Executive management.* Who is “ultimately responsible” for information security?* Directors and managers.* Information security personnel.* All personnel.Formally defining roles and responsibilities is critical. Listen to this episode to learn simple tips and tricks that Ryan and Evan have learned over the years, saving you the headaches of repeating the same mistakes they did.

Evan and Ryan pick up the "Information Security Governance Simplified" series where they left off in Episode 7 - Define Information Security Governance. In this episode, they discuss: - The importance of aligning governance with the mission of the organization. - Defining the mission for the information program. - The importance of executive management buy-in, and how to get it. - Defining the information security charter document. - Determining initial communication protocols.Information security governance should NOT be painful, and when governance is in alignment with the organization's purpose, it's actually the opposite. Good, well thought-out governance, is harmonious and it is possible to get everyone on the same page.We hope you enjoy Episode 8 - Governance Alignment, and join us next week for Episode 9 - Roles and Responsibilities!

Ryan and Evan kick off a new series this week, "Information Security Governance Simplified".In the first installment in the series (Episode 7), the guys define information security governance and address some of VERY important fundamentals, such as: - What is information security governance? - Why does information security governance make people cringe? - Governance is not one size fits all. - A CISO (by title, or otherwise) has ONLY two jobs.Next week, Ryan and Evan will tackle Governance Alignment. Hope you enjoy!

The past few weeks, Evan and Ryan have been covering network basics. This week, the wrap up network basics (for now) by looking inside a network packet.For those who haven't capture packets before, DO NOT BE INTIMIDATED! It's much easier and simpler than it seems.In this episode, Evan and Ryan download Wireshark (https://wireshark.org), install it, capture some network traffic, and take a peak inside what they caught.Next week, we'll shift gears and begin a series covering information security governance. You won't want to miss it!