Does The Dullest Security Deliver the Best Protection?

Does The Dullest Security Deliver the Best Protection?

April 25, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Vulnerability Management

Defense in Depth: Vulnerability Management

 On this episode of Defense in Depth:

Does the dullest security (managing vulnerabilities) deliver the best protection? Co-host Allan Alford, CISO of Mitel, and our guest Justin Berman, CISO of Zenefits, discuss the following:

  • As the CIS 20 concurs, vulnerability management is the first security measure you should take right after asset inventory.

  • Vulnerability management needs to be everyone's issue and managed by all departments.

  • Lots of discussion around vulnerability management being driven by culture which is a very hard concept to define. To get a "vulnerability management culture" look to a combination of awareness and risk management.

  • Vulnerabilities don't get patched and managed without someone taking on ownership. Without that, people are just talking and not doing.

  • Increased visibility across the life cycle of a vulnerability will allow all departments to see the associated risk.

  • Who are the risk owners? Once you can answer that question you'll be able to assign accountability and responsibility.

Special thanks to this week's Defense in Depth podcast sponsor, Vulcan Cyber.

Vulcan Cyber

allows enterprises to automate their TVM programs. Vulcan integrates to existing IT DevOps and security tools to fuse enterprise data with propriety intelligence which allows to accurately and subjectively priorities and remediate vulnerabilities - either using a patch workaround or compensating control.

Mike Johnson on CISOs pointing out the risk

TOMORROW, Friday, 4/26: "What Every Security Practitioner Needs to Know about Security Sales"

It's happening tomorrow at 11 AM Pacific/ 2 PM Eastern - an open discussion on the trials of security sales. I'll be moderating a round table discussion where everyone is invited to participate.Please come prepared with questions, comments, and your webcam and microphone ready to go.

Tim Keeler, CEO, Remediant on privileged access management

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.