CCT 296: Compliance and Contractual Requirements (Domain 1.4)

CISSP Cyber Training Podcast - CISSP Training Program

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

25d ago 37:43

MP3•에피소드 홈

Send us a text

Check us out at: https://www.cisspcybertraining.com/

Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout

Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv

A tiny payload hidden in a legitimate-looking NuGet package can sit inside an industrial network for years, then trigger cascading failures in minutes. That chilling scenario sets the stage for a hands-on tour of CISSP Domain 1.4, where we show how to turn high-level rules into clear, defensible security controls that protect real systems and pass tough audits. We connect the dots between contracts that demand fast breach notifications, laws with sector-specific obligations, and frameworks that teach you how to structure your program.
We break down the essentials: identify the data in scope, pick a backbone framework (ISO 27001 or NIST CSF), and map each requirement to specific controls and evidence. You’ll hear practical mappings for HIPAA, GLBA, COPPA, FERPA, NYDFS, DORA, SOX, FISMA, and PCI DSS, plus how to handle extraterritorial reach under GDPR and data localization that shapes your cloud strategy. We also highlight why contractual terms often outrun statutes and how to build a requirements register so operations knows exactly what to log, how fast to notify, and which controls must exist.
Then we get tactical. Learn how to create a regulatory register, assemble audit-ready proof (policies, procedures, configs, logs, training, attestations), and run incident tabletop exercises that include vendors and clarify when the notification clock starts. For industrial environments with rare patch windows, we offer pragmatic steps: maintain a software bill of materials, verify package sources, enforce code signing where possible, document every change, and compensate with monitoring and segmentation when upgrades are risky. By the end, you’ll have a blueprint to translate compliance into resilience—fast enough for 72-hour breach clocks, strong enough to handle delayed threats, and simple enough to sustain.
Subscribe for more CISSP-ready training, share this episode with your security team, and leave a review to help others find the show. What framework are you mapping to today?

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

챕터

1. Welcome And Episode Setup (00:00:00)

2. News: Industrial Time Bomb Malware (00:00:54)

3. Why Industrial Environments Are Vulnerable (00:05:01)

4. Detection Gaps And IR Prep (00:08:59)

5. Program Plug And Study Resources (00:12:41)

6. Domain 1.4 Overview: Compliance Basics (00:15:14)

7. Contracts, Laws, And Regulations (00:18:45)

8. Privacy, Jurisdiction, And Evidence (00:22:20)

9. Contract Artifacts And Obligations (00:26:28)

10. Due Care, Due Diligence, And Proof (00:31:10)

11. Key Sector Laws: HIPAA, GLBA, COPPA, FERPA (00:35:56)

306 에피소드

#CISSP #Cyber Security #Cybersecurity #Cyber Training #Cybersecurity Consultant #Shon Gerber #Cissp Course #Cissp Boot Camp #Cissp Exam #Cissp Practice Exam #Cissp Practice Test #Higher Education #Podcasting Education #CISSP Training