Reporting on Risk to the Board - A CISO's Approach

...

Download In this article, we'll take a look at why the reporting on vulns closed--rather than taking a more strategic view of risk approach fails--and how it may be possible to swap out the "numbers game" with a more comprehensive view of risk. Ed explains conceptually how you can do that. Of course, he'll also talk about how Kenna can help, but his intention is to help inform your approach even if you have no interest in Kenna.

In many organizations, reporting on risk is actually all about volume: "We closed this many vulns last quarter, and last month, and this month/" Sometimes, the extra step has been taken of assigning CVSS or scanner scores to each vulnerability, with the hopes of demonstrating that the closed vulns represent a particular level of criticality.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Uber App Update To Track Driver Behavior

    The update also adds notifications designed to promote better driving, like reminders to take breaks and to mount the phone used for the driver app on the dashboard rather than keeping it in-hand.The update coincides with the approach of the Fourth of July in the US, a holiday consistently marred by driving fatalities.
  • 5300c769af79e

    Facetune 2 (for iPhone)

    The company still offers the original Facetune app in the App Store for a $5.It's still a great app, but it lacks some of Facetune 2's coolest features, such as Relight and live face reshaping (more on these in bit).
  • 5300c769af79e

    Unlocked HTC 10 Now Working on Verizon, But There are Prerequisites

    We have attempted to throw an active Verizon SIM into the unlocked model of the HTC 10, but it doesn’t work.This really shouldn’t shock anyone, even though the device features the necessary radios to run on Big Red’s network.
  • 5300c769af79e

    Inside The NBA's Tech Training Revamp

    It hopes to accelerate the adoption of new technologies by educating workers in ways that work best for them.The new group contains a service desk, a desktop group for addressing user technology problems, and a training group.