The book includes insights from the following experts:
- Nick Green, Senior Director Information Security for EMEA/APAC, Ticketmaster, In a Large Organization, Know the Risk Owners and Adapt to Their Needs >>
- Pieter VanIperen, Senior Architect, Automation, Advanced Integration, Security, TD Ameritrade, Risk Assessment and Prioritization is a Triage Process >>
- Jayesh Kalro, Security Architect, CA Technologies, To Manage Vulnerabilities Effectively, Define Business Priorities and Identify Critical Assets >>
- Juan Morales, Senior Director, Global Information Security – Cyber Security & Incident Response, Realogy Holdings Corp., Focus First on Assets That Keep The Business Running >>
- John Trujillo, Technology Leader and Information Security Officer, Pacific Life Insurance Company, You Must Understand the Business Function of Digital Assets >>
- Surinder Lall, Senior Director Information Security, Viacom / Paramount Pictures, The Key To Risk Prioritization is Risk Assessment >>
- Bobby Adams, Sr. Security Architect, Advanced Technology & Enterprise Architecture, TD Ameritrade, A Holistic, Enterprise-Wide Strategy is Essential >>
7 Experts on Threat and Vulnerability Management was generously sponsored by RiskSense.
One of the greatest challenges security teams face is identifying, assessing, and eliminating vulnerabilities before the bad guys find them. Sometimes it seems like the bad guys are winning.
Most major breaches in that past year have occurred through known vulnerabilities that for various reasons went unpatched until it was too late. Organizations know they have vulnerabilities in their systems. They are investing in new tools, yet industry surveys show that few are totally satisfied with their vulnerability-management practice.
Part of the challenge is that managing vulnerabilities requires balancing threats and asset criticality against known vulnerabilities, but these things are all constantly changing. To gain a clearer understanding of these challenges and how organizations are addressing them, we partnered with RiskSense. We approached 7 cyber risk experts with the following question:
What best-practice advice would you offer to help someone take a proactive, cutting-edge approach to cyber-risk management?
Of course, the answers depend on a lot of factors, but our experts had a number of useful and revealing things to say about assessing criticality, managing remediation, and applying next-generation tools to the problem. It’s interesting that although new technology is a key part of the puzzle, to get the most out of those tools there needs to be close collaboration with business operations. It’s essential to have good communications with business people who are not security professionals.
There are no simple answers, but the essays in this eBook contain many observations and valuable lessons from experts actively facing these challenges. I’m sure anyone interested in sharpening their vulnerability management practice will appreciate these insights.