Managing risk and vulnerabilities in a business context

50 %
50 %
Information about Managing risk and vulnerabilities in a business context
Technology

Published on March 18, 2014

Author: AlgoSec

Source: slideshare.net

Description

Cyber attacks have a direct impact on the bottom line, yet most organizations lack the visibility and understanding to manage IT risk from the business perspective. This presentation is from a webcast where a panel of experts examined how to shift from viewing IT risk in bits and bytes to having an impact on critical applications in the data center.

- Learn why and how more organizations are beginning to move ownership of IT risk to the business
- Understand how to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers
- Learn about the integration between Qualys and AlgoSec that enables business stakeholders to “own the risk”

Managing Risk and Vulnerabilities in a Business Context

Corey Bodzin VP of Product Management Qualys Nimmy Reichenberg VP of Strategy AlgoSec Kevin Beaver CISSP Principle Logic, LLC

Tennyson would be impressed… • NVD 60,865 CVEs since 1999 • 7,322 published in 2013 alone • 385 Severity 5’s published by Qualys in 2013 • 4 iDefense Exclusive Zero-Day vulnerabilities in just February alone!

“Risk and the accountability for risk acceptance are — and should be — owned by the business units creating and managing those risks.” - Paul Proctor, VP, Distinguished Analyst

Severity Threat Path Analysis Asset Tagging CriƟcal ≠ Important Assume everything is “Hackable” VERY difficult to maintain with pace of change

By server/ device 22% By network segment 30% By business application 48% What is your ideal method for prioritizing network vulnerabilities? Source: Examining the Impact of Security Management on the Business, AlgoSec, Oct 2013

The Impact of the Cloud and SDN on IT Risk and Policy Management

Integration between Qualys and AlgoSec

QualysGuard Integrated Suite of Security & Compliance Solutions *In Beta Vulnerability Management Policy Compliance Customizable Questionnaires PCI DSS Web Application Scanning Malware Detection Web Application Firewall Web Application Log Analysis Continuous Monitoring * ** Asset Management * *

Qualys Drives Visibility VMware ESX and ESXi Physical Scanners Browser Plugins Mobile Agents Virtual Scanners Hypervisor IaaS/PaaS Perimeter Scanners

Analysis Drives Action Who is the owner? What business processes does it support? Are there regulatory requirements? Who is the last logged on user? Is there customer data present? What is the SLA for patching? Physical Scanners Mobile Agents

Firewall Analyzer Security Policy Analysis & Audit FireFlow Security Policy Change Automation BusinessFlow Business Application Connectivity MgmtBusiness Applications Security Infrastructure Application Owners AlgoSec Security Management Suite SecurityNetwork Operations AlgoSec Security Management Suite

Next Steps and Q&A Security Policy Management in the Data Center for Dummies: Available at www.algosec.com Read Kevin’s Books, blogs and columns at www.principlelogic.com/resources and blog.algosec.com/author/kbeaver Follow Kevin’s musings on Twittter at @kevinbeaver Request an Evaluation of the AlgoSec Suite: www.algosec.com/eval Visit us at www.qualys.com QualysGuard Free Trial www.qualys.com/trials For future webcasts visit us at www.qualys.com/webcasts

Managing Risk and Vulnerabilities in a Business Context

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Managing Risk and Vulnerabilities in a Business Context

This webcast, by Qualys and AlgoSec, covers the keys for viewing and prioritizing vulnerabilities from the perspective of critical applications in the data ...
Read more

Less risk, more reward: Managing vulnerabilities in a ...

... Managing vulnerabilities in a business ... for vulnerabilities, reviewing them and the risk to the ... vulnerabilities in a business context.
Read more

Managing Risk and Vulnerabilities in a Business Context ...

Cyber attacks have a direct impact on the bottom line, yet most organizations lack the visibility and understanding to manage IT risk in a business context.
Read more

Qualys Vulnerability Management (VM) Resources | Qualys, Inc.

Webcasts. Top 5 Vulnerability Management Mistakes; Managing Risk and Vulnerabilities in a Business Context; Avoid a Breach: Using Authenticated Scanning to ...
Read more

Watch the on-demand Webcast on Managing IT Risk in a ...

Watch to learn: Why and how more ... Risk and Vulnerabilities in a Business Context. ... lack the visibility and understanding to manage IT risk in a ...
Read more

IT risk management - Wikipedia, the free encyclopedia

3 Risk management methodology; 4 Context ... ERM should provide the context and business objectives to IT risk management. ... DRAFT Managing Risk from ...
Read more

Managing extreme weather and climate change in a business ...

Managing extreme weather and climate change in a business context ... Guide to managing climate risks 6.
Read more

Risk management, concepts and methods - CLUSIF

RISK MANAGEMENT - Concepts and Methods ... 2.2 Options for managing risks ... Starting or developing a business always requires taking risks.
Read more

Managing Accepted Vulnerabilities - SANS Institute

InfoSec Reading Room ... context for making risk -based decisions that help in determin ing the ... managing vulnerabilities
Read more