#173 - Mastering Vulnerability Management

CISO Tradecraft®

Contenuto fornito da G Mark Hardy & Ross Young, G Mark Hardy, and Ross Young. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da G Mark Hardy & Ross Young, G Mark Hardy, and Ross Young o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.

2M ago 22:16

MP3•Pagina principale dell'episodio

In this episode of CISO Tradecraft, host G Mark Hardy delves into the critical subject of vulnerability management for cybersecurity leaders. The discussion begins with defining the scope and importance of vulnerability management, referencing Park Foreman's comprehensive approach beyond mere patching, to include identification, classification, prioritization, remediation, and mitigation of software vulnerabilities. Hardy emphasizes the necessity of a strategic vulnerability management program to prevent exploitations by bad actors, illustrating how vulnerabilities are exploited using tools like ExploitDB, Metasploit, and Shodan. He advises on deploying a variety of scanning tools to uncover different types of vulnerabilities across operating systems, middleware applications, and application libraries. Highlighting the importance of prioritization, Hardy suggests focusing on internet-facing and high-severity vulnerabilities first and discusses establishing service level agreements for timely patching. He also covers optimizing the patching process, the significance of accurate metrics in measuring program effectiveness, and the power of gamification and executive buy-in to enhance security culture. To augment the listener's knowledge and toolkit, Hardy recommends further resources, including OWASP TASM and books on effective vulnerability management.

Transcripts: https://docs.google.com/document/d/13P8KsbTOZ6b7A7HDngk9Ek9FcS1JpQij

OWASP Threat and Safeguard Matrix - https://owasp.org/www-project-threat-and-safeguard-matrix/

Effective Vulnerability Management - https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207

Chapters

00:00 Introduction
00:56 Understanding Vulnerability Management
02:15 How Bad Actors Exploit Vulnerabilities
04:26 Building a Comprehensive Vulnerability Management Program
08:10 Prioritizing and Remediation of Vulnerabilities
13:09 Optimizing the Patching Process
15:28 Measuring and Improving Vulnerability Management Effectiveness
18:28 Gamifying Vulnerability Management for Better Results
20:38 Securing Executive Buy-In for Enhanced Security
21:15 Conclusion and Further Resources

182 episodi

#Tech #G Mark Hardy & Ross Young #G Mark Hardy #Ross Young #MBA #Business #Careers #Mark Hardys