Podcasts busting out at CERT/CC

The long view of security strategies for your network.

The Computer Emergency Response Team Coordination Center (CERT/CC) has a phenomenal resource for everyone interested in changing attitudes about information assurance: the CERT Podcast Series. According to EDPACS Editor Dan Swanson, there have been over 1.5 million downloads of these extraordinary free lectures since their inception.

The categories and their numbers of podcasts are as follows:

* Governing for Enterprise Security (6)
* Privacy (2)
* Risk Management and Resilience (6)
* Security Education and Training (3)
* Threat (2)
* Trends and Lessons Learned (8)
* Tips from the Trenches: Areas of Practice (5)

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The Computer Emergency Response Team Coordination Center (CERT/CC) has a phenomenal resource for everyone interested in changing attitudes about information assurance: the CERT Podcast Series. According to EDPACS Editor Dan Swanson, there have been over 1.5 million downloads of these extraordinary free lectures since their inception.

The categories and their numbers of podcasts are as follows:

* Governing for Enterprise Security (6)
* Privacy (2)
* Risk Management and Resilience (6)
* Security Education and Training (3)
* Threat (2)
* Trends and Lessons Learned (8)
* Tips from the Trenches: Areas of Practice (5)

The newest topics are shown in a strip on the right hand side of the home page and include the following exciting contributions:

* The Path From Information Security Risk Assessment to Compliance
* Computer Forensics for Business Leaders
* Business Resilience: A More Compelling Argument for Information Security
* Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity
* The Human Side of Security Trade-Offs

The podcasts are generally 20 to 25 minutes long (and take about 0.25MB of disk space per minute). CERT/CC even provides segmentation so that you can dive into the specific section that most interests you. They include notes and transcripts (in PDF) that greatly increase the value of the sound files for training and awareness. CERT/CC allows you to download the files for uninterrupted playing.

The speakers being interviewed by CERT/CC staff are a distinguished group of academics and industry experts. Scrolling through their backgrounds and achievements left me salivating at the prospect of listening to all of their podcasts over a period of weeks.

To illustrate the depth of these talks, I picked one that reflects a particular interest of mine: "Computer Forensics for Business Leaders: Building Robust Policies and Processes," by Cal Waits speaking with Stephanie Losi. “Cal Waits is a member of the Forensic Team in the Networked Systems Survivability Program at the Software Engineering Institute. In addition to developing digital forensic training material for law enforcement and intelligence agencies, Cal's research focuses on emerging trends in the forensic field and tool development. Before joining the SEI, Mr. Waits worked for the National Security Agency. He holds a MS degree.”

The notes lay out the topics of the talk as follows (these are just the headings):

* Part 1: Why Policy is Key
- Proactive Preparation
- Using Rehearsals to Clarify Policy
* Part 2: The Complex Realities of Investigations
- Forensics as Fiduciary Duty
- Minimizing Investigation Impacts
- More Complex Investigations
- Preparing for the Unexpected
* Resources

I will be pointing to these resources in undergraduate and graduate courses and I encourage readers, including especially other teachers, to explore this garden of delights. Kudos to the CERT/CC and their collaborators!

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.