In a Large Organization, Know the Risk Owners and Adapt to Their Needs
- Before meaningful vulnerable management is possible, you must know what you are protecting. This means building an asset inventory that includes asset owners.
- If a business group does not agree with the security team’s risk rank and prioritization, it should be able to explain why.
“We use a well-known scanning tool, but we have to feed that tool with inventories from all kinds of sources.”
Nick Green, who is responsible for IT security at Live Nation Entertainment and Ticketmaster in all regions outside North America including Europe, Asia, Australasia, and Africa, is involved in pretty much every security issue facing all of Live Nation’s brands and business groups. This encompasses a huge global network handling very high transaction volumes. Managing vulnerabilities across business units and geographical regions is an enormous task that includes scanning, ranking and reporting risks, and remediation monitoring.