Workflow system support by vulnerability management system providers is becoming more important as the need for proactive risk management and remediation grows, ... Integrating prioritized vulnerability and risk data with trouble ticketing systems enables enterprises to more effectively address the vulnerability management lifecycle from detection through remediation.
The CISO needs to be able to understand the business, and the potential returns on any security investment.
Ultimately the change has to come from the board down.
In some companies, operations and the business unit not only speak a different language, but have no way of talking about risks. Security people tend to think 'It's a risk, we can't have it,' whereas business people weigh risks and how they could affect the bottom line.
Anything that government and industry learn from hackers must be seen through the lens of their own risk management needs.
Large enterprise networks are typically exposed to hundreds of thousands of vulnerabilities and other security risks. The problem for IT teams is identifying the most critical high-priority risks and taking the necessary steps for remediation, ... Integrated vulnerability management and topology analysis should help organizations identify and appropriately prioritize remediation efforts.
The days of security being handled by the 'network person' who did security in their spare time are over and increasingly we are seeing seasoned professionals with real business experience and business school qualifications stepping into the security space.
Message for IT people — go get a business degree.
The ability to determine what constitutes risk, and the requirement to report that risk to executive decision makers, can be a highly political activity requiring excellent written and oral communication skills with a good knowledge of business. Generally, these skills have been lacking in traditional technically-oriented information security specialists.
Copyright © 2024 Electric Goat Media. All Rights Reserved.