http://odeo.com/channels/2103648-CERT-s-Podcast-Series-Security-for-Business-Leaders no In this series of podcasts, CERT provides both general principles and specific starting points for business leaders who want to launch an enterprise-wide security effort or make sure their existing security program is as good as it can be. In this series of podcasts, CERT provides both general principles and specific starting points for business leaders who want to launch an enterprise-wide security effort or make sure their existing security program is as good as it can be. Fresh discussions on the importance of security within organizations en-us 40 Tue, 01 Dec 2009 06:42:22 -0800 Tue, 01 Dec 2009 06:42:22 -0800 Technology http://odeo.com/episodes/25470126-Using-the-Facts-to-Protect-Enterprise-Networks-CERT-s-NetSA-Team Network defenders and business leaders can use NetSA measures and evidence to better protect their networks. Network defenders and business leaders can use NetSA measures and evidence to better protect their networks. Network defenders and business leaders can use NetSA measures and evidence to better protect their networks. tag:odeo.com,2009-12-01,25470126 Tue, 01 Dec 2009 06:42:22 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25431109-Ensuring-Continuity-of-Operations-When-Business-Is-Disrupted Providing critical services during times of stress depends on documented, tested business continuity plans. Providing critical services during times of stress depends on documented, tested business continuity plans. Providing critical services during times of stress depends on documented, tested business continuity plans. tag:odeo.com,2009-11-10,25431109 Tue, 10 Nov 2009 07:17:41 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25319945-Managing-Relationships-with-Business-Partners-to-Achieve-Operational-Resiliency A defined, managed process for third party relationships is essential, particularly when business is disrupted. A defined, managed process for third party relationships is essential, particularly when business is disrupted. A defined, managed process for third party relationships is essential, particularly when business is disrupted. tag:odeo.com,2009-10-20,25319945 Tue, 20 Oct 2009 11:44:42 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25204170-The-Smart-Grid-Managing-Electrical-Power-Distribution-and-Use The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges. tag:odeo.com,2009-09-29,25204170 Tue, 29 Sep 2009 07:23:08 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25090538-Electronic-Health-Records-Challenges-for-Patient-Privacy-and-Security Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. Electronic health records (EHRs) are possibly the most complicated area of IT today, more difficult than defense. tag:odeo.com,2009-09-08,25090538 Tue, 08 Sep 2009 07:46:07 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24980990-Mitigating-Insider-Threat-New-and-Improved-Practices Preventing and detecting insider threat is greatly improved by implementing 16 best practices based on 282 cases. Preventing and detecting insider threat is greatly improved by implementing 16 best practices based on 282 cases. Preventing and detecting insider threat is greatly improved by implementing 16 best practices based on 282 cases. tag:odeo.com,2009-08-18,24980990 Tue, 18 Aug 2009 08:08:53 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24874205-Analyzing-Internet-Traffic-for-Better-Cyber-Situational-Awareness Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. Automation, innovation, reaction, and expansion are the foundation for obtaining meaningful network traffic intelligence in today's extended enterprise. tag:odeo.com,2009-07-28,24874205 Tue, 28 Jul 2009 06:51:58 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24766275-Rethinking-Risk-Management Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. Business leaders need new approaches to address multi-enterprise, systems of systems risks across the life cycle and supply chain. tag:odeo.com,2009-07-07,24766275 Tue, 07 Jul 2009 09:23:43 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24713444-The-Upside-and-Downside-of-Security-in-the-Cloud When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. When considering cloud services, business leaders need to weigh the economic benefits against the security and privacy risks. tag:odeo.com,2009-06-16,24713444 Tue, 16 Jun 2009 07:31:19 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24609408-More-Targeted-Sophisticated-Attacks-Where-to-Pay-Attention Business leaders need to take action to better mitigate sophisticated social engineering attacks. Business leaders need to take action to better mitigate sophisticated social engineering attacks. Business leaders need to take action to better mitigate sophisticated social engineering attacks. tag:odeo.com,2009-05-26,24609408 Tue, 26 May 2009 07:16:34 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24540682-Is-There-Value-in-Identifying-Software-Security-Never-Events Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. Now may be the time to examine our responsibilities when developing software with known, preventable errors - along with some possible consequences. tag:odeo.com,2009-05-05,24540682 Tue, 05 May 2009 06:46:59 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25348342-Cyber-Security-Safety-and-Ethics-for-the-Net-Generation Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. tag:odeo.com,2009-04-14,25348342 Tue, 14 Apr 2009 06:24:12 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24491557-Cyber-Security-Safety-and-Ethics-for-the-Net-Generation Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. tag:odeo.com,2009-04-14,24491557 Tue, 14 Apr 2009 05:24:12 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24447714-Cyber-Security-Safety-and-Ethics-for-the-Net-Generation Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. Capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs. tag:odeo.com,2009-04-14,24447714 Tue, 14 Apr 2009 05:24:12 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25348343-An-Experienced-Based-Maturity-model-for-Software-Security Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. tag:odeo.com,2009-03-31,25348343 Tue, 31 Mar 2009 11:06:33 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24385675-An-Experience-Based-Maturity-Model-for-Software-Security Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. tag:odeo.com,2009-03-31,24385675 Tue, 31 Mar 2009 10:06:33 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24447715-An-Experienced-Based-Maturity-model-for-Software-Security Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. Observed practice, represented as a maturity model, can serve as a basis for developing more secure software. tag:odeo.com,2009-03-31,24447715 Tue, 31 Mar 2009 10:06:33 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25348344-Mainstreaming-Secure-Coding-Practices Requiring secure coding practices when building of Requiring secure coding practices when building of Requiring secure coding practices when building of tag:odeo.com,2009-03-17,25348344 Tue, 17 Mar 2009 07:38:38 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24318009-Mainstreaming-Secure-Coding-Practices Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. Requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities. tag:odeo.com,2009-03-17,24318009 Tue, 17 Mar 2009 06:38:38 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24242976-Security-A-Key-Enabler-of-Business-Innovation Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. Making security strategic to business innovation involves seven strategies and calculating risk-reward based on risk appetite. tag:odeo.com,2009-03-03,24242976 Tue, 03 Mar 2009 07:24:41 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24206187-Better-Incident-Response-Through-Scenario-Based-Training Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. Teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine. tag:odeo.com,2009-02-17,24206187 Tue, 17 Feb 2009 08:00:34 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/24025823-An-Alternative-to-Risk-Management-for-Information-and-Software-Security Standards, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. Standards, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. Standards, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security. tag:odeo.com,2009-02-03,24025823 Tue, 03 Feb 2009 07:58:03 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23926489-Tackling-Tough-Challenges-Insights-from-CERT-s-Director-Rich-Pethia Rich Pethia reflects on CERTs 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Rich Pethia reflects on CERTs 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Rich Pethia reflects on CERTs 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. tag:odeo.com,2009-01-20,23926489 Tue, 20 Jan 2009 07:44:14 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23841520-Leveraging-Security-Policies-and-Procedures-for-Electronic-Evidence-Discovery Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes. Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes. Being able to effectively respond to e-discovery requests depends on well-defined, enacted policies, procedures, and processes. tag:odeo.com,2009-01-06,23841520 Tue, 06 Jan 2009 08:22:14 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23727502-Climate-Change-Implications-for-Information-Technology-and-Security Climate change requires new strategies for dealing with traditional IT and information security risks. Climate change requires new strategies for dealing with traditional IT and information security risks. Climate change requires new strategies for dealing with traditional IT and information security risks. tag:odeo.com,2008-12-09,23727502 Tue, 09 Dec 2008 07:37:35 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23668782-Using-High-Fidelity-Online-Training-to-Stay-Sharp Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. Virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime. tag:odeo.com,2008-11-25,23668782 Tue, 25 Nov 2008 11:52:26 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23605283-Integrating-Security-Incident-Response-and-e-Discovery Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. tag:odeo.com,2008-11-11,23605283 Tue, 11 Nov 2008 07:05:05 -0800 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25348346-Concrete-Steps-for-Implementing-an-Information-Security-Program A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. tag:odeo.com,2008-10-28,25348346 Tue, 28 Oct 2008 09:08:48 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23542606-Concrete-Steps-for-Implementing-an-Information-Security-Program A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. A sustainable security program is based on business-aligned strategy, policy, awareness, implementation, monitoring, and remediation. tag:odeo.com,2008-10-28,23542606 Tue, 28 Oct 2008 08:08:48 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23487014-Virtual-Communities-Risks-and-Opportunities When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. When considering whether to conduct business in online, virtual communities, business leaders need to evaluate risks and opportunities. tag:odeo.com,2008-10-14,23487014 Tue, 14 Oct 2008 07:56:54 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23428879-Developing-Secure-Software-Universities-as-Supply-Chain-Partners Integrating security into university curricula is one of the key solutions to developing more secure software. Integrating security into university curricula is one of the key solutions to developing more secure software. Integrating security into university curricula is one of the key solutions to developing more secure software. tag:odeo.com,2008-09-30,23428879 Tue, 30 Sep 2008 12:20:45 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23356489-Security-Risk-Assessment-Using-OCTAVE-Allegro OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. OCTAVE Allegro provides a streamlined assessment method that focuses on risks to information used by critical business services. tag:odeo.com,2008-09-16,23356489 Tue, 16 Sep 2008 07:17:33 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23240669-Getting-to-a-Useful-Set-of-Security-Metrics Well-defined metrics are essential to determine which security practices are worth the investment. Well-defined metrics are essential to determine which security practices are worth the investment. Well-defined metrics are essential to determine which security practices are worth the investment. tag:odeo.com,2008-09-02,23240669 Tue, 02 Sep 2008 07:11:12 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23196878-How-to-Start-a-Secure-Software-Development-Program Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. tag:odeo.com,2008-08-20,23196878 Wed, 20 Aug 2008 06:48:58 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23240670-How-to-Start-a-Software-Development-Program Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. Software security is accomplished by thinking like an attacker and integrating security practices into your software development lifecycle. tag:odeo.com,2008-08-20,23240670 Wed, 20 Aug 2008 06:48:58 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23149015-Managing-Risk-to-Critical-Infrastructures-at-the-National-Level Protecting critical infrastructures and the information they use are essential for preserving our way of life. Protecting critical infrastructures and the information they use are essential for preserving our way of life. Protecting critical infrastructures and the information they use are essential for preserving our way of life. tag:odeo.com,2008-08-05,23149015 Tue, 05 Aug 2008 10:14:01 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23105043-Managing-Security-Vulnerabilites-Based-on-What-Matters-Most Determining which security vulnerabilities to address should be based on the importance of the information asset. Determining which security vulnerabilities to address should be based on the importance of the information asset. Determining which security vulnerabilities to address should be based on the importance of the information asset. tag:odeo.com,2008-07-22,23105043 Tue, 22 Jul 2008 08:37:06 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23106081-Managing-Security-Vulnerabilities-Based-on-What-Matters-Most Determining which security vulnerabilities to address should be based on the importance of the information asset. Determining which security vulnerabilities to address should be based on the importance of the information asset. Determining which security vulnerabilities to address should be based on the importance of the information asset. tag:odeo.com,2008-07-22,23106081 Tue, 22 Jul 2008 08:37:06 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23105044-Managing-Security-Vulnerabilities-Based-on-What-Matters-Most tag:odeo.com,2008-07-22,23105044 Tue, 22 Jul 2008 08:31:38 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23060148-Identifying-Software-Security-Requirements-Early-Not-After-the-Fact During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. tag:odeo.com,2008-07-08,23060148 Tue, 08 Jul 2008 07:49:09 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/23020794-Making-Information-Security-Policy-Happen Targeted, innovative communications and a robust life cycle are keys for security policy success. Targeted, innovative communications and a robust life cycle are keys for security policy success. Targeted, innovative communications and a robust life cycle are keys for security policy success. tag:odeo.com,2008-06-24,23020794 Tue, 24 Jun 2008 07:47:32 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/22599283-Becoming-a-Smart-Buyer-of-Software Managing software that is developed by an outside organization can be more challenging than building it yourself. Managing software that is developed by an outside organization can be more challenging than building it yourself. Managing software that is developed by an outside organization can be more challenging than building it yourself. tag:odeo.com,2008-06-10,22599283 Tue, 10 Jun 2008 08:12:49 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/22559129-Building-More-Secure-Software Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. tag:odeo.com,2008-05-27,22559129 Tue, 27 May 2008 08:47:16 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/22510916-Connecting-the-Dots-Between-IT-Operations-and-Security High performing organizations effectively integrate information security controls into mainstream IT operational processes. High performing organizations effectively integrate information security controls into mainstream IT operational processes. High performing organizations effectively integrate information security controls into mainstream IT operational processes. tag:odeo.com,2008-05-13,22510916 Tue, 13 May 2008 08:02:16 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/22467711-Getting-in-Front-of-Social-Engineering Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. tag:odeo.com,2008-04-29,22467711 Tue, 29 Apr 2008 11:27:50 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25348348-Using-Benchmarks-to-Make-Better-Security-Decisions Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. tag:odeo.com,2008-04-15,25348348 Tue, 15 Apr 2008 09:42:50 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/22428623-Using-Benchmarks-to-Make-Better-Security-Decisions Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. tag:odeo.com,2008-04-15,22428623 Tue, 15 Apr 2008 08:42:50 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25348349-Protecting-Information-Privacy-How-To-and-Lessons-Learned Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. tag:odeo.com,2008-04-01,25348349 Tue, 01 Apr 2008 09:35:48 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/22221936-Protecting-Information-Privacy-How-To-and-Lessons-Learned Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. tag:odeo.com,2008-04-01,22221936 Tue, 01 Apr 2008 08:35:48 -0700 no CERT's Podcast Series: Security for Business Leaders http://odeo.com/episodes/25348350-Initiating-a-Security-Metrics-Program-Key-Points-to-Consider A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. tag:odeo.com,2008-03-18,25348350 Tue, 18 Mar 2008 06:54:13 -0700 no CERT's Podcast Series: Security for Business Leaders