Best Practices for Handling Compliance Obligations Related to Incident Response - Episode 213

Best Practices for Handling Compliance Obligations Related to Incident Response - Episode 213

Join Todd Coshow and Adam Goslin as they help listeners transform their compliance management during incident response chaos into a streamlined, proactive system. Discover how intelligent automation and continuous evidence collection can enhance compliance readiness and reduce audit risks. Learn to shift from reactive, paper-based tracking to a strategic advantage, turning compliance into a competitive asset. This episode of Compliance Unfiltered offers practical strategies for making compliance a strength, not a burden.


Episode Transcript:

Today, we're going to talk about better ways to manage your compliance obligations as related to incident response. Now, for everybody at home, how does a typical organization track and manage their incident response today?

Well, I mean, it depends on the organization and they're, you know, kind of the tooling that they've got, et cetera, you know, certainly some folks could be using some form of a system. But generally speaking, you know, a lot of incident response is kind of handled through, you know, handled through ticketing systems, you know, supported by a lot of, you know, manual tracking sheets and things along those lines.

So in some cases, it's exclusively, you know, a manual process. So there's a, you know, kind of a tracking sheet for the list of the incidents. For each of the incidents, you've got a, you know, a particular set of documentation that you have a form or a template that you go and you fill out for as you're going through your incident response so that you make sure you're filling out the right paperwork and all that fun stuff. But, you know, the vast majority of the time, it's just a, you know, kind of manually managed, primarily sometimes there's a little bit of systematic in the mix and far less frequently have I seen any form of real, you know, kind of a real systematic solution for it. It's generally a manual process.

Well, how does, well, I guess how can technology and automated intelligence help an organization to step up their overall compliance program, including IR?

Well, when you're going through compliance, there's obviously between hundreds and thousands of things that need to get tracked, managed, and all of that fun stuff. So certainly for the uninitiated leveraging, tooling like the Total Compliance Tracking's TCT portal is a far better way to organize your engagement.

Certainly the capabilities that exist within the compliance tooling will help with making sure that the organization is checking the various boxes that they've got. But in many cases, it's funny for the folks that are whitewashing it, if you will, they have this notion of, oh, do we have incident response? Yep, check, move on, mentally move along, right? Similar notion where they go in and they do that with active antivirus. It was the one I love to throw around every now and then, it's like, yeah, we got antivirus, sweep it under the rug, and meanwhile, there's whatever, there's dozens of line items that you need to validate, prove out, et cetera, against these various compliance topics. So especially for the folks that are kind of newer to the continuum, or maybe going through their, call it the annual compliance scramble, certainly they, it's kind of like Groundhog Day and a lot of whitewashing that goes over it, and then all of a sudden they figure out, oh, well, these are all the things we really need to do. And unfortunately, there's organizations that kind of find out those details too late, if you will, in the game, in that they are sitting there, sitting at their audit and realizing that the assessor's asking for stuff that they hadn't put together, organized and kind of contemplated prior to sitting right there in front of the assessor. So that makes things a little awkward.

No doubt.


Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(223)

Building AI Agents Securely - Episode 223

Building AI Agents Securely - Episode 223

AI agents are driving efficiency, but also introducing serious, often unseen security risks. As adoption accelerates, unvetted access, prompt injection, and poorly controlled environments can expose s...

2 Jul 24min

AI-Powered Attacks: Is Your Compliance Program Already Obsolete? - Episode 222

AI-Powered Attacks: Is Your Compliance Program Already Obsolete? - Episode 222

In an era of evolving AI-driven cyberattacks, traditional compliance programs are falling dangerously behind. Static controls create a false sense of security while attackers leverage AI to move faste...

25 Jun 18min

Compliance Theater: Are You Actually Secure or Just Checking Boxes? - Episode 221

Compliance Theater: Are You Actually Secure or Just Checking Boxes? - Episode 221

Most organizations are just performing compliance – ticking boxes, not building real security. What happens when the curtain is pulled back on these check-the-box programs? You might be under the illu...

18 Jun 20min

Audit Fatigue and How to Effectively Navigate It - Episode 220

Audit Fatigue and How to Effectively Navigate It - Episode 220

Caught in a cycle of audit requests, evidence chaos, and burnout? Discover a way out in this episode. Compliance Expert Adam Goslin joins Todd Coshow to reveal the hidden causes of audit fatigue and s...

11 Jun 21min

Identity is the New Perimeter (Zero Trust) - Episode 219

Identity is the New Perimeter (Zero Trust) - Episode 219

On this week's Compliance Unfiltered, discover why identity is the new perimeter in cybersecurity. This episode reveals how zero trust principles can protect your systems by continuously verifying use...

4 Jun 28min

Regulatory Explosion & Board-Level Accountability - Episode 218

Regulatory Explosion & Board-Level Accountability - Episode 218

Discover why compliance is now a boardroom priority, not just an IT task. In this episode, Todd Coshow and Adam Goslin reveal how outdated practices put organizations at risk. Learn about the shift to...

29 Mai 22min

Will Your Compliance Software Vendor Protect Your Data? - Episode 217

Will Your Compliance Software Vendor Protect Your Data? - Episode 217

Most companies overlook vendor vulnerabilities in compliance. On this episode, the CU Guys reveal hidden risks in vendor relationships, from breaches to vetting gaps. Discover tactics for evaluating v...

21 Mai 21min

Data Has Borders: The New Rules of Compliance - Episode 216

Data Has Borders: The New Rules of Compliance - Episode 216

Data compliance isn't just about protecting information anymore — it's about understanding where your data lives, how it moves, and how to stay compliant across borders. On this Episode of Compliance ...

14 Mai 20min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
shifter
rss-kunstig-intelligens-med-elisabeth-maren-og-morten
teknologi-og-mennesker
smart-forklart
rss-ai-forklart
rss-ki-praten
energi-og-klima
elektropodden
rss-alt-som-gar-pa-strom
hans-petter-og-co
kortslutning
fornybaren
rss-heis
rss-digitaliseringspadden
rss-vippserne
rss-bitcoinpolitisk-institutt-norge