Incident response is a critical part of cybersecurity risk management and should be integrated across organizational operations. This episode explores the recommendations and considerations for incorporating cybersecurity incident response throughout an organization’s cybersecurity risk management activities, as described by the new NIST Special Publication (SP) 800-61 Revision 3. We'll discuss how NIST SP 800-61r3, a CSF 2.0 Community Profile, uses the NIST Cybersecurity Framework (CSF) 2.0 Functions to provide a common language and structure for these efforts. Learn how the Govern, Identify, and Protect functions support preparation activities, while the Detect, Respond, and Recover functions cover the incident response itself. We'll also highlight the crucial role of continuous improvement, feeding lessons learned back into the overall strategy. This guidance aims to help organizations prepare for incidents, reduce their number and impact, and improve the efficiency and effectiveness of detection, response, and recovery activities. This episode is intended for cybersecurity program leadership, cybersecurity personnel, and others responsible for handling cybersecurity incidents
 
www.compliancehub.wiki/beyond-reaction-integrating-incident-response-into-your-cybersecurity-risk-management-strategy-with-nist-sp-800-61r3
https://irmaturityassessment.com
https://cyberinsurancecalc.com
 

Achieving cyber resilience is a complex and dynamic journey with no one-size-fits-all solution. This episode explores how organizations can significantly improve their cyber resilience posture by leveraging the shared experiences, insights, and front-line practices of their peers and the wider ecosystem. Drawing on insights from the Cyber Resilience Compass initiative, we discuss why sharing what works in practice is essential for building collective knowledge in the field. You'll hear how participating in consultations and workshops, engaging in information-sharing networks like ISACs and CERTs, collaborating with external parties, and learning from real-world case studies can provide vital inspiration and direction. Discover how this collaborative approach helps organizations identify effective strategies, shape their resilience roadmaps, make well-informed decisions, and transition towards a more consistent and future-ready approach, ultimately enhancing the resilience of the entire ecosystem.
 
breached.company/navigating-the-digital-storm-why-shared-experiences-are-your-compass-to-cyber-resilience

Join us as we delve into the European Data Protection Board's (EDPB) 2024 Annual Report to understand how they championed data protection in a year marked by significant technological and regulatory shifts. This episode will cover the key milestones and priorities outlined in the EDPB's 2024-2027 Strategy, designed to strengthen, modernise, and harmonise data protection across Europe
 
www.compliancehub.wiki/edpb-2024-navigating-the-complexities-of-data-protection-in-a-rapidly-evolving-digital-landscape

Join us as we delve into the key findings of the FBI's 2024 Internet Crime Complaint Center (IC3) Annual Report. This year marks the 25th anniversary of IC3, which serves as the primary destination for the public to report cyber-enabled crime and fraud. The report reveals a staggering new record for losses reported to IC3, totaling $16.6 billion in 2024. This represents a 33 percent increase from 2023. We'll explore the most impactful crime types by reported loss, including Investment fraud ($6.57 billion), Business Email Compromise ($2.77 billion), and Tech Support scams ($1.46 billion), which are collectively responsible for the bulk of reported losses. A major factor contributing to these losses is the increasing use of cryptocurrency, which served as a descriptor in 149,686 complaints and was associated with $9.3 billion in losses in 2024, a 66% increase in losses. We'll also examine the significant impact on different age groups, noting that individuals over the age of 60 suffered the most losses ($4.885 billion) and submitted the most complaints (147,127). For this age group, Investment fraud ($1.834 billion) and Tech Support scams ($982 million) resulted in the highest reported losses, and cryptocurrency was referenced in 33,369 complaints with over $2.8 billion in losses. The episode will also touch upon the IC3's core functions including collection, analysis, public awareness, and referrals, its role in partnering with law enforcement and the private sector, and notable efforts like the IC3 Recovery Asset Team which assists in freezing funds for victims of fraudulent transactions, demonstrating a 66% success rate in 2024, and Operation Level Up, which successfully notified victims of cryptocurrency investment fraud, resulting in estimated savings
 
breached.company/the-2024-ic3-report-record-cybercrime-losses-highlight-escalating-digital-threats

Navigate the complex cybersecurity landscape of Q2 and Summer 2025 as we delve into the escalating convergence of AI-driven cyberattacks, the persistent vulnerabilities of the expanding Internet of Things (IoT), and the challenges of establishing robust security and governance frameworks. Based on recent Q1 2025 incident data and expert projections, this episode explores the weaponization of AI in phishing, malware, and social engineering, the continued exploitation of poorly secured IoT devices, and the evolving tactics of ransomware and state-sponsored actors. We'll also discuss the crucial need for proactive defense, AI-augmented security, and adaptation to a fragmenting global regulatory environment.
 
breached.company/strategic-cybersecurity-outlook-ai-iot-and-threat-actor-convergence-in-q2-summer-2025
 
 

The first four months of 2025 witnessed an alarming surge in global cybersecurity incidents, with ransomware attacks reaching unprecedented levels. Join us as we dissect the key trends, including the evolution of ransomware tactics like double extortion, the increasing sophistication of social engineering fueled by AI and deepfakes, and the persistent exploitation of software vulnerabilities. We'll delve into major incidents like the crippling attack on Change Healthcare and the record-breaking Bybit cryptocurrency theft, highlighting the most targeted sectors such as healthcare, education, government, and manufacturing. Finally, we'll examine how organizations, law enforcement, and the evolving global regulatory environment, with key legislation like the EU's NIS2 and DORA, are grappling with this escalating cyber threat.
 
breached.company/global-cybersecurity-incident-review-january-april-2025

This podcast delves into the NIST Privacy Framework 1.1, a voluntary tool developed to help organizations identify and manage privacy risk while fostering innovation and protecting individuals' privacy. We explore its three core components: Core, Organizational Profiles, and Tiers, and how they enable organizations to understand, assess, prioritize, and communicate their privacy activities. Learn how to use this framework to build customer trust, meet compliance obligations, and facilitate dialogue about privacy practices.
 
www.compliancehub.wiki/navigating-the-complex-world-of-privacy-with-the-nist-privacy-framework-1-1

Dive into the dynamic world of offensive cybersecurity with insights from leading experts and real-world scenarios. We explore the critical role of techniques like penetration testing, adversary simulation, and red team exercises in proactively identifying vulnerabilities and strengthening defenses against evolving cyber threats. Understand how adopting an adversarial mindset and employing continuous assessment methodologies are essential for navigating today's complex threat landscape and building a resilient security posture.
 
www.securitycareers.help/dont-just-scan-test-choosing-the-right-penetration-testing-partner
https://cisomarketplace.services
https://generatepolicy.com