Cybersecurity Compliance Buzzwords with Marie Joseph and Christina Annechino, Trava

00:00

0.5
1
1.25
1.5
1.75
2

This is a podcast episode titled, Cybersecurity Compliance Buzzwords with Marie Joseph and Christina Annechino, Trava. The summary for this episode is: “It's hard to have privacy without security and to have effective security that requires strong protection of personal identifiable information, or PII. So security, privacy, and compliance really must go hand in hand. If one is prioritized over the other, it can have an adverse effect.” - Christina Annechino On this episode, we welcome back both Christina Annechino and Marie Joseph to bring us back to a little more 101 on Cybersecurity. With host Jara Rowe, the team breaks down terms and buzzwords that you need to know to keep you and your company’s data safe. Find out the difference between a breach and an incident, the nuances of security, privacy, and compliance, and gain insights into the crucial importance of cyber hygiene. We'll also explore the key differences between data security and data protection, understanding acronyms like GDPR, CCPA, HIPAA, and PIPEDA, and grasping the significance of maintaining asset inventories. In this episode, you’ll learn: <ul><li>The difference between a breach, when a threat actor gains unauthorized access, and an incident, where data is compromised, is crucial for proactive security measures.</li><li>Understand frameworks vs. standards: Frameworks provide an overview of requirements for compliance and certification, while standards outline specific criteria that must be met, forming the foundation of cybersecurity best practices.</li><li>The importance of cyber hygiene or the tools, processes, and policies you need to maintain a strong security posture, enabling constant improvement in cybersecurity health within organizations.</li></ul> Things to listen for:[00:24 - 02:47] Introduction to episode and compliance series[02:57 - 04:25] The difference between security and privacy and compliance[04:28 - 06:08] The challenges in balancing security, privacy and compliance[06:26 - 07:24]  The difference between risk and control[07:31 - 09:46] The difference between a breach and an incident[09:58 - 11:03] The difference between data security and protection[11:03 - 12:18] The most common data protection regulations[12:31 - 13:10] The difference between frameworks and standards[13:22 - 14:50] What is RBAC and how it relates to cybersecurity[14:50 - 16:45] The meaning of IoT and maintaining inventory assets[16:50 - 18:00] What does Cyber Hygiene mean[18:01 - 20:37] Jara’s receipts Connect with the Guest:<a href="https://www.linkedin.com/in/marie-joseph-a81394143/" rel="noopener noreferrer" target="_blank">Marie Joseph's LinkedIn</a><a href="https://www.linkedin.com/in/christina-annechino/" rel="noopener noreferrer" target="_blank">Christina Annechino's LinkedIn</a> Connect with the host:<a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">Jara Rowe’s LinkedIn</a> Connect with Trava:Website<a href="http://www.travasecurity.com/?utm_source=casted&utm_medium=podcast&utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank"> www.travasecurity.com </a>Blog<a href="https://travasecurity.com/learn-with-trava/blog?utm_source=casted&utm_medium=podcast&utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/blog</a>LinkedIn<a href="https://www.linkedin.com/company/travasecurity/?utm_source=casted&utm_medium=podcast&utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank"> @travasecurity</a>YouTube<a href="https://www.youtube.com/@travasecurity?utm_source=casted&utm_medium=podcast&utm_campaign=podcast_share" rel="noopener noreferrer" target="_blank"> @travasecurity</a>

Key Takeaways

The difference between security and privacy and compliance

01:30 MIN

The challenges in balancing security, privacy and compliance

01:42 MIN

The difference between risk and control

00:58 MIN

The difference between a breach and an incident

02:19 MIN

The difference between data security and protection

01:05 MIN

The most common data protection regulations

01:14 MIN

The difference between frameworks and standards

00:40 MIN

What is RBAC and how it relates to cybersecurity

01:29 MIN

The meaning of IoT and maintaining inventory assets

01:54 MIN

What does Cyber Hygiene mean

01:05 MIN

Jara's Receipts

02:10 MIN

DESCRIPTION

“It's hard to have privacy without security and to have effective security that requires strong protection of personal identifiable information, or PII. So security, privacy, and compliance really must go hand in hand. If one is prioritized over the other, it can have an adverse effect.” - Christina Annechino

On this episode, we welcome back both Christina Annechino and Marie Joseph to bring us back to a little more 101 on Cybersecurity. With host Jara Rowe, the team breaks down terms and buzzwords that you need to know to keep you and your company’s data safe.

Find out the difference between a breach and an incident, the nuances of security, privacy, and compliance, and gain insights into the crucial importance of cyber hygiene. We'll also explore the key differences between data security and data protection, understanding acronyms like GDPR, CCPA, HIPAA, and PIPEDA, and grasping the significance of maintaining asset inventories.

In this episode, you’ll learn:

The difference between a breach, when a threat actor gains unauthorized access, and an incident, where data is compromised, is crucial for proactive security measures.
Understand frameworks vs. standards: Frameworks provide an overview of requirements for compliance and certification, while standards outline specific criteria that must be met, forming the foundation of cybersecurity best practices.
The importance of cyber hygiene or the tools, processes, and policies you need to maintain a strong security posture, enabling constant improvement in cybersecurity health within organizations.

Things to listen for:

[00:24 - 02:47] Introduction to episode and compliance series

[02:57 - 04:25] The difference between security and privacy and compliance

[04:28 - 06:08] The challenges in balancing security, privacy and compliance

[06:26 - 07:24] The difference between risk and control

[07:31 - 09:46] The difference between a breach and an incident

[09:58 - 11:03] The difference between data security and protection

[11:03 - 12:18] The most common data protection regulations

[12:31 - 13:10] The difference between frameworks and standards

[13:22 - 14:50] What is RBAC and how it relates to cybersecurity

[14:50 - 16:45] The meaning of IoT and maintaining inventory assets

[16:50 - 18:00] What does Cyber Hygiene mean

[18:01 - 20:37] Jara’s receipts

Connect with the Guest:

Marie Joseph's LinkedIn

Christina Annechino's LinkedIn

Connect with the host:

Jara Rowe’s LinkedIn

Connect with Trava:

Website www.travasecurity.com

Blog www.travasecurity.com/blog

LinkedIn @travasecurity

YouTube @travasecurity

Today's Host

Jara Rowe

|Content Marketing Specialist

Today's Guests

Marie Joseph

|Sr. Security Solutions Engineer at Trava

Currently, as a Senior Security Solutions Engineer at Trava, I work on different compliance projects which include both security and privacy-driven frameworks with clients. I have helped with conducting annual risk assessments on clients and used that knowledge to help organizations towards different compliance certifications and attestations: SOC2, ISO27001, CCPA, GDPR, etc. In August 2020, I graduated from Indiana University, where I received a graduate degree of Master of Science in Cybersecurity Risk Management through the Kelley School of Business, Maurer School of Law, and Luddy School of Informatics, Computing, and Engineering. Through this program, I gained experience working with incident response plans, cybersecurity best practices, and analysis work through clinics and capstones with IU Health and Eli Lilly. In my undergrad career, I studied Law and Public Policy in the O'Neill School of Public and Environmental Affairs, along with receiving a minor in Human Resource Management. In my undergrad, I traveled abroad in London to learn about UK and US National Security, along with learning from leaders in the MI5, MI6, and the New Scotland Yard. Along with this, I have taken heavy course loads regarding national security, homeland security, law, and policy. In my high school and college experiences, I have developed leadership skills through my work as a nanny, tutor, photographer, and media internships. I have developed leadership skills through my chair position on Indiana University Dance Marathon (IUDM), being Director of Chapter History for my sorority Alpha Gamma Delta, and being Photography Editor for my nationally ranked high school yearbook. I have won multiple awards for my work in photography and photoshop, and was given the prestigious opportunity to attend Media Day for the Indianapolis 500 in 2014 to interview and photograph all the drivers.

Connect with Marie

Christina Annechino

|Cybersecurity Analyst at Trava

In May 2022, I graduated with a MS degree in Cybersecurity. With this degree I have acquired skills that have enhanced my knowledge and experience in network security, vulnerability assessment, and threat analysis. I have had one technical internship in web development where I reviewed GitLab CI/CD pipelines of medical websites to understand the architecture of jobs in each stage building components such as repositories, libraries, modules, and dependencies to enter testing and deployment. I have also had leadership roles at my university such as working in Career Services and as a board member for Pace Computing Society and PoPTV. I thrive when challenged and thoroughly enjoy learning new things, improving upon myself and my skills. I believe my strong educational background in tech displayed by my undergraduate and graduate degrees demonstrates my knowledge and dedication to becoming a valuable employee in any tech position I attain. A common component that can be seen on any standard company website is their mission statement. If I had to summarize my mission statement, derived from my experience and skills, it would be to contribute revolutionary ideas to the brightest minds working towards the advancement of technology, bettering the world.

Connect with Christina