- CISO Series Newsletter
- Posts
- 10-06-20 - Whether It's Vulnerabilities or Children, We Like to Pick Favorites
10-06-20 - Whether It's Vulnerabilities or Children, We Like to Pick Favorites
Whether It's Vulnerabilities or Children, We Like to Pick Favorites
This week's episode of CISO/Security Vendor Relationship Podcast
Whether It's Vulnerabilities or Children, We Like to Pick Favorites
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our sponsored guest this week is Ben Sapiro, global CISO, Great-West LifeCo. All three of us discussed:
You can't love all of your vulnerabilities.
There are just too many of them. Some prioritization needs to go into effect. It's not what the manufacturer may claim is a critical vulnerability. It's what you realize introduces the most risk in your environment.
Best long term strategy is to protect assets than defend against threats.
We revisited the Cyber Defense Matrix and asked what if we changed the vertical axis from vectors we're protecting to the most common risks. That strategy may work today, but the vertical access of risks is every changing. For example, ransomware is a well known risk that really wasn't on anyone's radar six years ago. That vertical access is not consistent for every user and it would be ever changing.
Is security through obscurity costless and valuable?
In an effort to change Mike's mind, we asked if there was value to security through obscurity. The argument for was that it's often easy to implement and also costless. While no one argued that it provided good security, it does provide a secure layer. The argument against was that it wasn't costless at all even if it was easy to implement. The ripple effects to other areas of the business would create more work and complexity thus negating any benefit from the security through obscurity effort.
Special thanks to this week's podcast sponsor, Kenna Security.
With
, companies efficiently manage the right level of risk for their business. Our Modern Vulnerability Management model eliminates the friction between Security and IT teams about what to patch, providing clear prioritization based on real-time threat intelligence and guidance applied to each customer’s unique environment across infrastructure, applications and IoT.
Cyber Security Headlines
This week's sponsor of
Cyber Security Headlines
is Detectify.
THIS Friday [10-9-20] We're Hacking Vulnerability Management
Please join us on Friday, October 9th, 2020 for CISO Series Video Chat “Hacking Vulnerability Management: An hour of critical thinking about a risk-based approach to dealing with vulnerabilities”.Joining me in this discussion will be Ram Hegde, CISO, Genpact and Ed Bellis, CTO and co-founder, Kenna Security.Watch the preview video.
Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to our meetup where you get a chance to connect with fellow cybersecurity professionals.
Thanks to our sponsor Kenna Security
Subscribe to all our podcasts
Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!
