Page 98 - Cyber Warnings
P. 98
- Patch based remediation can only go so far:
o Typical remediation is accomplished through patch management which is the
basic assignment of tickets and ensuring those patches are deployed.
The push back and biggest hurdles often come with legacy systems that must be
replaced with modern infrastructure.
- Quantify the remainder:
o For the vulnerabilities that pose the greatest threat and take more than just a
patch to remediate the best method to motivate action is to quantify the potential
harm that this vulnerability may cause.
Do the math and use sound judgement to come up with good numbers based on
probability of occurrence and financial loss. The business tends to react swiftly
when it can relate to the potential monetary loss incurred by an exposure.
Building motivation for information security investment can be an uphill battle. Being proactive
about raising awareness about risk, threats, and vulnerabilities that your organization faces is
the best approach. Use what tools and skills you have available and build from there.
When facing objections from above always be sympathetic to needs of the business. The more
the business sees security as a restraint to its agility the tougher you are going to make the
battle for yourself. At this level, everything is a balancing act.
Money talks; when a business can see that its inaction will likely result in financial loss it is more
likely to take the steps necessary to protect itself.
About the Author
Corey Wilburn is the Security Practice Manager at DataEndure where he specializes in the
design of strategic solutions, aimed at delivering high-value operational intelligence, leveraging
best-in-class products as well as services built around current and emerging standards. He has
a passion for InfoSec Policies, Processes, and Procedures.
He loves working with clients to help them realize the potential of their security strategy;
maximizing ROI while reducing their attack surface, and helping them become more resilient in
the face of an ever-evolving threat landscape.
98 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
