Understanding Cybersecurity Frameworks and Certifications with Scott Schlimmer, Trava

This is a podcast episode titled, Understanding Cybersecurity Frameworks and Certifications with Scott Schlimmer, Trava. The summary for this episode is: <p>“Find a compliance platform, it'll make life a lot easier. Then I would develop the policies and procedures, if you don't already have those, and then collect evidence to justify, to prove everything you're doing that's in the framework. It's going to be important for audits and just internal or external audits.” - Scott Schlimmer</p><p><br></p><p>In this episode, host Jara Rowe is once again joined by cyber risk specialist Scott Schlimmer with a deep dive into the world of compliance frameworks and certifications. Listen as we explain the challenges of compliance and non-compliance with certification programs in cybersecurity.&nbsp;</p><p><br></p><p>Learn which regulated industries must follow specific frameworks and how noncompliance can affect business opportunities and your bottom line. We also unravel Fedramp, CMMC, CCPA, and CPRA, offering a clearer understanding of their cybersecurity roles.&nbsp;</p><p><br></p><p>In this episode, you’ll learn:</p><p>&nbsp;</p><ul><li>How to follow a compliance framework without having the certification, though having the certification can demonstrate to partners and customers that your organization has strong cybersecurity measures.</li><li>The significance of certifications and the value of the NIST framework as a reliable source for general cybersecurity best practices.</li><li>What the legal and financial consequences of noncompliance for different industries may be, such as failing to follow frameworks like Fedramp or CMMC when working with the government.&nbsp;</li></ul><p><br></p><p>Things to listen for:</p><p>[00:47 - 01:27] The relationship between compliance frameworks and certification programs</p><p>[01:27 - 02:54] The difference between regulated and non-regulated industries</p><p>[02:54 - 04:40] Explanation of the NIST framework and insights into other compliance acronyms</p><p>[04:40 - 08:59] Multiple compliance frameworks, compliance audits, and non-compliance issues</p><p>[08:59 - 10:54] Improving cybersecurity posture, security assessment, and maturity models</p><p>[10:54 - 13:56] Preparation for compliance audits and the importance of a compliance platform</p><p>[13:56 - 14:31] How to become compliant or get certified and reasons for external assistance</p><p>[14:38 - 17:20] Jara’s receipts</p><p><br></p><p><strong>Connect with the Guest:</strong></p><p><a href="https://www.linkedin.com/in/scottschlimmer/" rel="noopener noreferrer" target="_blank">Scott Schlimmer's LinkedIn</a></p><p><br></p><p><strong>Connect with the host:</strong></p><p><a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe’s LinkedIn</a></p><p><br></p><p><strong>Connect with Trava:</strong></p><p>Website <a href="http://www.travasecurity.com/?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">www.travasecurity.com&nbsp;</a></p><p>Blog <a href="https://travasecurity.com/learn-with-trava/blog?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">www.travasecurity.com/blog</a></p><p>LinkedIn <a href="https://www.linkedin.com/company/travasecurity/?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity</a></p><p>YouTube <a href="https://www.youtube.com/@travasecurity?utm_source=casted&amp;utm_medium=podcast&amp;utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank">@travasecurity</a></p>