A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Comparing Risks to Risks - Why Asset Management Is Broken and How to Fix It. - Michael Roytman - @mroytman (BSides Chicago 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Comparing Risks to Risks - Why Asset Management Is Broken and How to Fix It.
Michael Roytman
@mroytman

BSides Chicago 2014

Security risk stems from types of assets that are being analyzed (is this a vulnerable OS? a server? a database?) – yet often, our organizational concepts sidestep the issue and ask a security team to track risk for PCI assets, or assets w/in the DMZ. Often, a security team is stuck comparing a group of Windows assets to a group PCI assets, essentially telling management to compare narwhals to oranges. This talk will use live data from 20,000 organizations, 1 million assets and over 50 million live vulnerabilities to show how a properly structured asset management system based on real, live risk can allow a team to begin to think about their assets in terms of risk, not machinery. The data will be subsequently used to show how a team can use the same methodology to track progress over time, both of the team and of the relative security of asset groups.

Back to BSides Chicago 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast