CISO Series Newsletter
Posts
Go Away! The Curse of Obsolete, Yet Critical, Old Tech

Go Away! The Curse of Obsolete, Yet Critical, Old Tech

May 23, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Managing Obsolete (Yet Business Critical) Systems

On this episode of Defense in Depth:

Co-host Allan Alford and our guest, Mitch Parker, executive director, InfoSec and compliance, Indiana University Health, discuss the following:

This issue appears to affect every security and IT person. At one time they've all had to deal with it.
Obsolete technology should not be treated like any new technology. It needs to be isolated.
Lots of great advice from the community with regard to containing the outdated technology through firewalls, air gapping, segmenting, virtual machines, and a jump box.
Constantly measure the risk of not just intrusion of the outdated technology, but the cost of keeping the thing running as you can't rely on outside support or updates.
As you're reporting the risk, constantly push for solutions to end reliance on this outdated technology.
The obsolete technology is often an expensive and critical piece of hardware that's difficult if not impossible to replace.
The UK National Cyber Security Center has some great guidance on what to do with obsolete platforms.

Special thanks to this week's Defense in Depth podcast sponsor, SecurityBridge.

Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation.

Mike Johnson on What’s Worse?! “Culture of No” or No Culture?

Participation and sponsorship opportunities with CISO Series

We've got lots of ways to get involved with the CISO Series.

Participation page with tips on segment ideas we love.
Record a question, comment, or even a "What's Worse?!" challenge.
Sponsor CISO/Security Vendor Relationship Podcast or Defense in Depth.
Sponsor one of our live recordings. We've got openings coming up in Las Vegas, New York City, Sydney, and Los Angeles.
Align your brand with a deluge of media all on one topic by sponsoring our "Topic Takeover" series. Here's an example of one we did on vulnerability management.

Got questions or requests about any of these programs? Just hit REPLY to this email or contact us via the site.

Greg Van Der Gaast on Defense in Depth: Cybersecurity Hiring

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.