CIS Control 6 - Access Control Management - sponsored by Appgate Artwork

The CyberCast

The CyberCast is purpose built for MSPs, MSSPs and IT Practitioners.In each episode you will learn about a new security control, how it maps to the different frameworks, the impact it has, building a policy around it, how the threat actors exploit it - via MITRE ATT&CK - what you can do to defend against it - MITRE Shield, common mistakes or oversights made when implementing into their tech stack and trends.Sponsors:Datto - CIS Control 3 - Data ProtectionNetwrix - CIS Control 3 - Data ProtectionDuo - CIS Control - Multifactor Authentication

All Episodes

The CyberCast

CIS Control 6 - Access Control Management - sponsored by Appgate

November 22, 2021 • Andrew Morgan

Abstract: It is easier for an external or internal threat actor to gain unauthorized access to assets or data through using valid user credentials than through "hacking" the environment. There are many ways to covertly obtain access to user accounts, including: week passwords, accounts still valid after a user leaves the organization, dormant or lingering test accounts, shared accounts that have not been changed in months or years, service accounts embedded in applications for scripts, a user having the same password as the one they use for an online account which was compromised in a public password dump. Listen as our hosts break down the people, process and technology to implement effective and secure account management.

Sponsor: Appgate interview with Tina Gravel, SVP Channels and Alliances at minute 37:20.
Learn more here: https://www.appgate.com/
Tina Gravel: https://www.linkedin.com/in/tinagravel/

Co-hosts:
Ryan Weeks: https://www.linkedin.com/in/ryanweeks/
Phyllis Lee: https://www.linkedin.com/in/phyllis-lee-21b58a1a4/
Wes Spencer: https://www.linkedin.com/in/wesspencer/