Reporting on Risk to the Board - A CISO's Approach

...

Download In this article, we'll take a look at why the reporting on vulns closed--rather than taking a more strategic view of risk approach fails--and how it may be possible to swap out the "numbers game" with a more comprehensive view of risk. Ed explains conceptually how you can do that. Of course, he'll also talk about how Kenna can help, but his intention is to help inform your approach even if you have no interest in Kenna.

In many organizations, reporting on risk is actually all about volume: "We closed this many vulns last quarter, and last month, and this month/" Sometimes, the extra step has been taken of assigning CVSS or scanner scores to each vulnerability, with the hopes of demonstrating that the closed vulns represent a particular level of criticality.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    'Touch' Videos With Interactive MIT Tech

    Researchers are working on a new type of virtual reality—no headset required.MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) developed a way to "touch" objects you see in a video, which it calls Interactive Dynamic Video (IDV).
  • 5300c769af79e

    Shadow Warrior 2 (for PC)

    Set five years after the events featured in the Polish PC game Shadow Warrior, Shadow Warrior 2 is a melee-oriented, first-person shooter that lets you once again control modern-day ninja Lo Wang, defending the earthly realm from a horde of demonic abominations.Compare Similar ProductsCompare D4: Dark Dreams Don't Die (for PC) %displayPrice% Rocket League (for PC) %displayPrice% D4: Dark Dreams Don't Die (for PC) %displayPrice% Street Fighter V (for PC) %displayPrice% Mortal Kombat X (for PC) %displayPrice% The King of Fighters '98 Ultimate Match Final Edition (for PC) %displayPrice% Transformers: Devastation (for PC) %displayPrice% Metal Gear Rising: Revengeance (for PC) %displayPrice% Bringing a Sword to a Gun FightMelee skills in first-person shooters are generally relegated to close-range knife attacks or gun-butts; they are effective, but straightforward and highly situational.
  • 5300c769af79e

    Reduce Your Open Source Security Risk: Strategies, tactics, and tools

    Download Open source software is here to stay but that doesn't mean that developers can use it without considering the vulnerabilities and security issues they may introduce into their development projects.The fact is, there's no such thing as bulletproof, bug-free, automatically license compliant, and easily auditable software.
  • 5300c769af79e

    The Show: Episode 125 - We've Reviewed Pixels!

    On this episode of the Droid Life Show, we’re talking Google’s Pixels almost all show long.Because our Pixel and Pixel XL review is in, you probably own them, and well, what else do Android nerds want to talk about at the moment?