You are Jane, the new security director of a company that has 1,000+ servers. You have just been handed an Excel spreadsheet of a report showing you have 15,692 vulnerabilities across your environment.
We will discuss the impossible task of managing vulnerabilities. We will walk through the antiquated vulnerability management process that Jane and so many of us have to deal with: spreadsheets, outdated inventory, and no context to the vulnerabilities, assets or underlying business processes. We will explore key questions that challenge everything we know today about prioritization, centralization and automation with the hope of bringing sanity back to information security in our organizations.
Understand the challenges of current vulnerability management systems spreadsheets, outdated inventory, no context to the vulnerabilities, assets or underlying business processes, and how the current practices can be inefficient, ineffective and, sometimes, give a false assurance of security.
Understand the importance of prioritization, centralization and automation of the vulnerability systems and ask questions about their organizations business objectives, cybersecurity posture and approach to vulnerability management.
Come up with a rational, logical and practical approach to vulnerability management that can be incorporated with the overall organizational cybersecurity risk strategy and plan with understanding of the key limitations and execute it with tune-ups and updates.
PhD, CISSP, CISM, CIPP(US),
University Of Maryland Global Campus
Sr Manager Product Security,
Allstate Insurance Company
You must be logged in and own this session in order to