Page 97 - Cyber Warnings
P. 97
2. Minimize threats:
It’s impossible to eradicate a threat, but knowing is half the battle when it comes to
minimizing their effect on your end goal. One useful technique is to set some policies
and procedures and the regular cadence to review their success.
You can also employ the knowledge and valued opinion of a third-party assessor to see
if your risk evaluation is accurate and whether your policies and procedures do align with
the protection of your most coveted assets.
3. Embrace the pain points in your security:
No matter which stage you are at you will face growing pains. Identify them, face them,
and overcome them.
One thing to consider, when facing the virtual ban hammer of budget land, is that there are
plenty of open source tools available for use.
Many of these tools do great things, with the only investment needed being a little elbow grease
and perhaps some fractions of compute.
They can help offset budgets and fill gaps. Many of offer actionable insight that will enable you
to turn the tables on common objections you might face and allow you to further motivate
business leadership to invest in an information security strategy.
Identify:
o OpenVAS is a great open source vulnerability scanner that utilizes commercially
acceptable databases for vulnerability identification. A CVE based report will
show….what the vulnerability is and what patches can remediate it. The tools will
scan for devices live on the network (printers, servers) to get a result of the
vulnerabilities in the environment and steps you can take to mitigate those
vulnerabilities.
- Solve:
o From this assessment, create an actionable report. For someone who is new to
this process the reports often have little value in and of themselves, but by
working with a third party, outside of your organization you can find prioritize the
most critical vulnerabilities..
Keep in mind that you are always vulnerable: identify, protect, and detect
97 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
