Vulnerabilities are everywhere and on every IT asset within an organization. This makes vulnerability management one of the most important – if not the most important – risk mitigation activities an organization undertakes. But, the complexities inherent in many organizations combined with the sheer number of vulnerabilities leaves many not knowing where to even begin when it comes to vulnerability management. On today’s episode, we’ll demystify vulnerability management by defining some context, outlining an effective vulnerabilities management program, discussing potential challenges, tying it all to compliance, and decoupling vulnerability management from the inherent complexities. Today’s guest is Andrew Overmyer, Security Assessor, subject matter expert, and general cybersecurity jack-of-all-trades at Kratos. During our conversation, we distill this often-nebulous concept into the concrete tenets necessary to build an effective program to drive vulnerability remediation efforts. Resources: · The Core Tenets of Vulnerability Management o Asset Management: a tool or set of tools accompanied by a process that build and maintain an accurate asset inventory; an asset inventory must include but not be limited to network segments and IT assets across all types o Patch Management: a tool or set of tools accompanied by a process that supports identifying and applying patches o Vulnerability Scanning: a tool or set of tools accompanied by a process that support identifying vulnerabilities on IT assets; vulnerability scans must be run with credentials, to the greatest extent possible, to fully identify vulnerabilities present o Compliance Scanning: a tool or set of tools accompanied by a process that support identifying misconfigurations on IT assets; misconfigurations are deviations from a defined baseline (e.g., Center for Internet Security benchmarks) ·<span st

Kratos

Welcome to “Cyber Compliance and Beyond,” a Kratos podcast that will bring clarity to compliance, helping put you in control of cybersecurity compliance in your organization. Kratos is a leading cybersecurity compliance advisory and assessment organization, providing services to both government and commercial clients across varying sectors including defense, space, satellite, financial services, and health care. Through "Cyber Compliance and Beyond," our cyber team of experts will share their insights on the latest compliance issues. We want to hear from you! What unanswered question would you like us to tackle? Is there a topic you’d like us to discuss? Or do you just have some feedback for us? Let us know on Linked and Twitter at Kratos Defense or by email at ccbeyond@kratosdefense.com.

13 - Cybercrime – Credential Theft – Part 2/4

cyber compliance & beyond

Cyber Compliance & Beyond

Vulnerabilities are everywhere and on every IT asset within an organization. This makes vulnerability management one of the most important – if not the most important – risk mitigation activities an organization undertakes. But, the complexities...

Episode Summary

Clips