| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Security risk stems from types of assets that are being analyzed (is this a vulnerable OS? a server? a database?) – yet often, our organizational concepts sidestep the issue and ask a security team to track risk for PCI assets, or assets w/in the DMZ. Often, a security team is stuck comparing a group of Windows assets to a group PCI assets, essentially telling management to compare narwhals to oranges. This talk will use live data from 20,000 organizations, 1 million assets and over 50 million live vulnerabilities to show how a properly structured asset management system based on real, live risk can allow a team to begin to think about their assets in terms of risk, not machinery. The data will be subsequently used to show how a team can use the same methodology to track progress over time, both of the team and of the relative security of asset groups.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast