A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


What Are We Doing Here? Rethinking Security - Jeff Man GrrCON 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

What Are We Doing Here? Rethinking Security
Jeff Man
GrrCON 2019

Have you ever noticed that much of the mission of cyber- and information security professionals seems to be focused on vulnerabilities? Have you ever heard of the risk equation? Perhaps you are familiar with one or more versions that help you derive the risk to your organization (sometimes referred to as residual risk). I have been wondering for a while how to suggest to our industry that there is perhaps TOO much focus on vulnerabilities and not enough attention or focus on the other elements that derive the standard risk equation. Remember how the disclosure of Meltdown/Spectre introduced a ?perfect storm? scenario where the vulnerability wasn?t easy to patch or fix, and the solution seemed to be break things? This created a situation where the ?security solution? wasn?t simply to apply the patch - and that left many organizations scrambling to figure out how to deal with this example of a persistent vulnerability. This is a great example of what I?ve wanted to discuss for a while - what else should we focus on in terms of security if/when the vulnerabilities still remain. Interested? Intrigued? Come join the discussion

Back to GrrCON 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast