All Episodes

Episode 119 — Obtain Authorized Risk Waivers With Proper Approval and Traceable Records

Episode 118 — Document Compliance Exceptions With Controls, Workarounds, and Risk Context

Episode 117 — Monitor and Validate Remediation Actions Until Risk Is Truly Reduced

Episode 116 — Evaluate and Validate Findings and Build Responses That Address Root Causes

Episode 115 — Coordinate Audit Activities and Maintain Evidence Readiness Year-Round

Episode 114 — Plan and Schedule Internal and External Audit Activities With Minimal Disruption

Episode 113 — Define and Monitor Compliance Metrics That Survive Audit Scrutiny

Episode 112 — Implement Compliance Frameworks Into Operations Without Creating Paper Security

Episode 111 — Evaluate and Select Compliance Frameworks That Fit Business and Regulation

Episode 110 — Inform and Advise Senior Management on Compliance Strategy and Tradeoffs

Episode 109 — Promote Organizational Ethics and Resolve Security Dilemmas Without Hand-Waving

Episode 108 — Promote the ISC2 Code of Ethics Through Practical Leadership Decisions

Episode 107 — Advise on Risks of Non-Compliance and Non-Conformity With Business Clarity

Episode 106 — Identify Intellectual Property Laws and Translate Them Into Security Controls

Episode 105 — Identify Applicable Security and Privacy Laws, Regulations, and Standards

Episode 104 — Identify Legal Jurisdictions and Trans-Border Data Flow Obligations

Episode 103 — Capture Lessons Learned and Turn Them Into Concrete Program Changes

Episode 102 — Restore Normal Operations While Protecting Integrity, Availability, and Trust

Episode 101 — Implement the Plan and Coordinate Response Without Operational Chaos

Episode 100 — Declare and Communicate a Disaster Clearly Across the Organization

Episode 99 — Manage the Plan Update Process So Contingency Plans Stay Current

Episode 98 — Determine Survivability and Resiliency Capabilities Without False Confidence

Episode 97 — Plan Testing, Evaluation, and Modification of COOP, BCP, and DRP

Episode 96 — Assign Recovery Roles and Responsibilities That Work During Real Disasters

Episode 95 — Identify Recovery Alternatives and Coordinate Practical Recovery Strategies

Episode 94 — Facilitate DRP Development With Time, Resource, and Verification Requirements

Episode 93 — Facilitate BCP Development With Time, Resource, Verification, and BIA Constraints

Episode 92 — Facilitate Resiliency Planning Inputs: COOP, External Factors, Laws, and BIA

Episode 91 — Conduct Root Cause Analysis That Drives Control Improvements and Prevention

Episode 90 — Quantify and Report Incident Impact to Stakeholders Without Speculation

Episode 89 — Establish Investigation Processes That Support Root Cause and Legal Needs

Episode 88 — Build Incident Handling Processes From Intake Through Containment and Recovery

Episode 87 — Apply Incident Management Methodologies That Scale Under Pressure

Episode 86 — Establish an Incident Response Team With Roles, Authority, and Coverage

Episode 85 — Build Incident Case Management Processes That Preserve Evidence and Momentum

Episode 84 — Establish Incident Program Documentation That Drives Consistent Response

Episode 83 — Define Actionable Alerts That Reduce Noise and Increase Analyst Confidence

Episode 82 — Correlate Security Events and Threat Data Into Coherent, Prioritized Cases

Episode 81 — Identify and Categorize Attacks to Improve Response Speed and Accuracy

Episode 80 — Conduct Threat Modeling to Anticipate Attacks and Strengthen Defenses

Episode 79 — Detect and Analyze Anomalous Behavior Patterns for Actionable Security Triage

Episode 78 — Baseline Network, Data, and User Behavior to Make Detection Credible

Episode 77 — Aggregate Threat Intelligence From Multiple Sources Into Usable Context

Episode 76 — Establish and Maintain a Security Operations Center With Essential Documentation

Episode 75 — Monitor and Report Control Effectiveness and Coverage for Decision-Makers

Episode 74 — Evaluate Control Coverage, Gaps, and Overlap Across the Control Portfolio

Episode 73 — Identify Risk Controls and Determine Control Effectiveness With Evidence

Episode 72 — Perform Risk Analysis With Repeatable Methods and Defensible Results

Episode 71 — Identify Risk Factors and Pick the Right Risk Assessment Approach

Episode 70 — Monitor and Review Supply Chain Risks as Dependencies and Threats Change

Episode 69 — Verify and Validate Supply Chain Controls and Confirm They Actually Work

Episode 68 — Integrate Third-Party Risks Into Enterprise Risk Management End to End

Episode 67 — Manage Supply Chain Risk Objectives Across Vendors, Suppliers, and Partners

Episode 66 — Test, Monitor, and Report Risks and Issues With Operational Follow-Through

Episode 65 — Document and Manage Agreed Risks, Issues, Treatments, and Accountability

Episode 64 — Choose Risk Treatment Options and Perform Cost-Benefit Analysis That Persuades

Episode 63 — Analyze Organizational Risks and Select Countermeasures and Compensating Controls

Episode 62 — Build and Verify Asset Inventory Inputs That Make Risk Analysis Reliable

Episode 61 — Identify Risk Tolerance and Appetite and Translate It Into Real Decisions

Episode 60 — Define Risk Program Objectives With Owners, Stakeholders, and Clear Scope

Episode 59 — Ensure Ongoing Policy Compliance Through Continuous Monitoring Practices

Episode 58 — Coordinate Stakeholders and Manage Change Documentation and Tracking Cleanly

Episode 57 — Conduct Security Impact Analysis That Prevents Change-Driven Incidents

Episode 56 — Integrate Security Requirements Into Change Control Without Slowing Delivery

Episode 55 — Monitor and Report Vulnerabilities With Actionable, Executive-Ready Signal

Episode 54 — Drive Mitigation and Remediation to Closure Without Endless Re-Openings

Episode 53 — Manage Security Testing Across Scanning, Pen Testing, and Threat Analysis

Episode 52 — Prioritize Threats and Vulnerabilities Based on Risk, Impact, and Likelihood

Episode 51 — Build Vulnerability Programs: Asset Criticality, Classification, and Prioritization

Episode 50 — Address How Organizational Initiatives Shift Security Posture and Risk

Episode 49 — Implement Core Security Principles Across Initiatives and Emerging Technology

Episode 48 — Oversee Security Configuration Management Processes That Prevent Drift

Episode 47 — Implement Security Controls Throughout the System Lifecycle With Traceability

Episode 46 — Integrate Security Decision Points and Requirements Across the System Lifecycle

Episode 45 — Analyze Project Scope, Timelines, Quality, and Budget Through a Security Lens

Episode 44 — Choose and Apply Agile, Waterfall, Lean, and Hybrid Methods With Security Fit

Episode 43 — Incorporate Security Throughout the Product Lifecycle From Concept to Retirement

Episode 42 — Integrate Security Controls Into Business Processes With Minimal Disruption

Episode 41 — Identify Communication Bottlenecks and Remove Barriers to Security Execution

Episode 40 — Resolve Conflicts Between Security and Stakeholders Without Losing Ground

Episode 39 — Build Cross-Functional Relationships That Keep Security Embedded and Trusted

Episode 38 — Create Team Accountability That Works in Real Organizational Friction

Episode 37 — Define Security Roles and Responsibilities Across Teams and Third Parties

Episode 36 — Manage and Report Financial Responsibilities With Credibility and Clarity

Episode 35 — Adjust Budget Requests as Risks and Threats Shift Mid-Year

Episode 34 — Prepare and Secure the Annual Security Budget Under Competing Priorities

Episode 33 — Use Metrics to Drive Security Program and Operations Improvements That Last

Episode 32 — Tie Security Metrics to Risk Posture and What Leadership Actually Cares About

Episode 31 — Identify KPI and KRI Metrics That Reflect Security Performance and Exposure

Episode 30 — Monitor, Evaluate, and Report Training Effectiveness With Meaningful Evidence

Episode 29 — Identify Training Needs and Implement Programs by Role and Target Segment

Episode 28 — Promote Security Programs to Stakeholders Using Their Language and Incentives

Episode 27 — Monitor and Enforce Contractual Security Commitments Without Creating Drag

Episode 26 — Embed Regulatory Compliance Requirements Into Contracts and Service Agreements

Episode 25 — Manage Security Impact of Mergers, Acquisitions, Outsourcing, and Reorgs

Episode 24 — Govern Managed Services and Cloud Services With Security Built In

Episode 23 — Evaluate Service Management Agreements for Risk, Cost, and Accountability

Episode 22 — Develop Procedures, Standards, Guidelines, and Baselines That Operate Together

Episode 21 — Advocate for Policy Adoption and Secure Organization-Wide Commitment

Episode 20 — Establish Internal Policies That Are Clear, Enforceable, and Auditable

Episode 19 — Determine Data Classification and Protection Requirements That Hold Up

Episode 18 — Determine Applicable External Standards, Laws, and Regulatory Obligations

Episode 17 — Review and Maintain Security Strategies as Risks and Threats Evolve

Episode 16 — Manage Implementation of Security Strategies Across People, Process, Technology

Episode 15 — Prescribe Security Architecture Direction That Enables Strategy Execution

Episode 14 — Evaluate Capability and Capacity to Execute Security Strategies Realistically

Episode 13 — Identify Security Requirements Driven by Organizational Initiatives and Change

Episode 12 — Advocate for Security Initiatives and Win Durable Executive Support

Episode 11 — Validate Sources and Boundaries of Authorization for Security Decisions

Episode 10 — Verify Key Stakeholder Roles and Responsibilities Without Guesswork

Episode 9 — Navigate Governance Structures and Place Security Authority in Context

Episode 8 — Explain How Organizational Culture Shapes Security Behavior and Outcomes

Episode 7 — Fit Security Into Enterprise Processes Without Becoming the “Department of No”

Episode 6 — Align Security With Organizational Goals, Objectives, and Stated Values

Episode 5 — Define the Information Security Program Vision, Mission, and Success Measures

Episode 4 — Establish Security’s Role in Culture, Vision, Mission, and Daily Decisions

Episode 3 — Master Exam Policies, Question Mechanics, and Confident Elimination Techniques

Episode 2 — Build a Spoken Study Plan That Tracks Every ISSMP Objective Precisely

Episode 1 — Decode the ISSMP Blueprint, Domain Weights, and Realistic Time-Management Tactics

Welcome to Certified: The ISC(2) ISSMP Audio Course