Page 24 - CDM Cyber Warnings February 2014
P. 24
as a stand-alone discipline that does not apply risk-based
metrics for ranking and prioritizing of remediation efforts “Using an automated
approach,
may well be the Achilles heel of cyber security.
The biggest inhibitor of effective vulnerability assessments organizations can free
lies in the fact that the number of vulnerabilities in
up IT and security
organizations has grown exponentially over the past few
years. This is largely due to the increasing number of IT
personnel to focus on
assets under management, which are creating a big data
challenge.
critical tasks and turn
their security
technicians into risk
strategists.”
remediation that establishes bi-directional workflows with
IT operations. These systems drive operational efficiencies
by automating continuous monitoring and ticketing to
remediate only business critical risks. Using this automated
approach, organizations can free up IT and security
personnel to focus on critical tasks and turn their security
Many organizations have the data required to implement
technicians into risk strategists.
a more streamlined vulnerability management process.
Based on the increased risk posed by vulnerabilities in
However, sifting through all the data sets, normalizing and
third-party technology, organizations are also starting to
de-duplicating the information, filtering out false positives,
turn the table on their suppliers. Instead of using their own
aggregating it, and finally deriving business impact-driven
security operations teams to assess potential vulnerabilities,
remediation actions is a slow and labor-intensive process.
some companies are mandating that suppliers use
independent verification services (e.g., Veracode� s VAST
This explains why, according to the 2013 Verizon Data
program) to test software applications prior to
Breach Investigations Report, 69 percent of breaches in
procurement and deployment.
2012 were discovered by third parties rather than by
internal resources.
About the Author:
Torsten George is Vice President of Worldwide Marketing and Products at
The emergence of Integrated Risk Management systems is integrated risk management software vendor Agiliance. Torsten has more
than 20 years of global information security experience. He is a frequent
taking vulnerability management to the next level. They speaker on compliance and security risk management strategies worldwide
combine risk intelligence, using big data that is gathered and regularly provides commentary and byline articles for media outlets,
covering topics such as data breaches, incident response best practices, and
and correlated from security operations tools, with cyber security strategies. Torsten has held executive level positions with Ac-
automated tivIdentity (now part of HID® Global, an ASSA ABLOY™ Group brand), Dig-
ital Link, and Everdream Corporation (now part of Dell). He holds a
Doctorate in Economics and a Master of Business Administration degree in
B2B-Marketing and Business Strategy.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 24