• #173 - Mastering Vulnerability Management

  • Mar 18 2024
  • Durée: 22 min
  • Podcast
Page de couverture de #173 - Mastering Vulnerability Management

#173 - Mastering Vulnerability Management

Écouter gratuitement

Voir les détails du balado

  • Résumé

  • In this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere patching, to include identification, classification, prioritization, remediation, and mitigation of software vulnerabilities. Hardy emphasizes the necessity of a strategic vulnerability management program to prevent exploitations by bad actors, illustrating how vulnerabilities are exploited using tools like ExploitDB, Metasploit, and Shodan. He advises on deploying a variety of scanning tools to uncover different types of vulnerabilities across operating systems, middleware applications, and application libraries. Highlighting the importance of prioritization, Hardy suggests focusing on internet-facing and high-severity vulnerabilities first and discusses establishing service level agreements for timely patching. He also covers optimizing the patching process, the significance of accurate metrics in measuring program effectiveness, and the power of gamification and executive buy-in to enhance security culture. To augment the listener's knowledge and toolkit, Hardy recommends further resources, including OWASP TASM and books on effective vulnerability management.

    Transcripts: https://docs.google.com/document/d/13P8KsbTOZ6b7A7HDngk9Ek9FcS1JpQij

    OWASP Threat and Safeguard Matrix - https://owasp.org/www-project-threat-and-safeguard-matrix/

    Effective Vulnerability Management - https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207

    Chapters

    • 00:00 Introduction
    • 00:56 Understanding Vulnerability Management
    • 02:15 How Bad Actors Exploit Vulnerabilities
    • 04:26 Building a Comprehensive Vulnerability Management Program
    • 08:10 Prioritizing and Remediation of Vulnerabilities
    • 13:09 Optimizing the Patching Process
    • 15:28 Measuring and Improving Vulnerability Management Effectiveness
    • 18:28 Gamifying Vulnerability Management for Better Results
    • 20:38 Securing Executive Buy-In for Enhanced Security
    • 21:15 Conclusion and Further Resources
    Voir plus Voir moins
Développement commercial et entrepreneuriat Gestion et leadership Économie
Voir plus Voir moins

Ce que les auditeurs disent de #173 - Mastering Vulnerability Management

Moyenne des évaluations de clients

Évaluations – Cliquez sur les onglets pour changer la source des évaluations.

Évaluations sur Audible.ca

Évaluations sur Amazon.ca
Il n'y a pas encore de critiques pour ce titre.