HO20110473 1 © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

David A. Brown Chief Information Security Officer State of Ohio
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Computer Security: Principles and Practice
Controls for Information Security
Stephen S. Yau CSE , Fall Security Strategies.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
Audit – Proof Information System Security Controls Wednesday, August 18, 2010 John R. Robles Tel:
Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.
SEC835 Database and Web application security Information Security Architecture.
Security Management prepared by Dean Hipwell, CISSP
HIPAA COMPLIANCE WITH DELL
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Continuous Monitoring: Diagnostics & Mitigation October 24, 2012.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Information Security tools for records managers Frank Rankin.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
CompTIA Security+ Certification Exam SY COMPTIA SECURITY+SY0-401 Q&A is a straight forward,efficient,and effective method of preparing for the new.
Kevin Watson and Ammar Ammar IT Asset Visibility.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
Common Network Penetration Testing Techniques Russel Van Tuyl.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Douglas DiJulio Director – Enterprise Operations Application Support Cyber Security.
Defining your requirements for a successful security (and compliance
Brian Ventura SANS Community Instructor
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Security Standard: “reasonable security”
Putting It All Together
Putting It All Together
Leverage What’s Out There
Cyber Protections: First Step, Risk Assessment
NYBA 2017 Technology, Compliance &
I have many checklists: how do I get started with cyber security?
Implementing and Auditing the Critical Controls
IT Development Initiative: Status and Next Steps
ISMS Information Security Management System
IS4680 Security Auditing for Compliance
National Cyber Security
Intrusion Prevention Systems
Cybersecurity Threat Assessment
November 30, 2017 By: Richard D. Condello NRECA Senior Director
6. Application Software Security
Presentation transcript:

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil Cirulli Prepared: April 14 th, 2014

HO © 2012 Fluor. All rights reserved. Agenda  The Need for Vulnerability Management  Clarifications on Vulnerability Management  SANS’ Top 20 Critical Controls  Master the Basics  Perform a Self Audit  Continuous Scanning & Remediation  Leverage Vulnerability Data in Incident Response  Metrics That Count  Secure Your ISP

HO © 2012 Fluor. All rights reserved. About Michael Holcomb  25+ years in Information Technology  15+ years dedicated to Information Security  Sr. Information Security Manager at Fluor  President of Upstate SC ISSA Chapter  CISSP, GCIH, GCIA, etc.

HO © 2012 Fluor. All rights reserved. The Need for Vulnerability Management  The quicker we stop an attacker, the less it costs the business  An attacker today will gain access to your resources and they are on your network now  Proper vulnerability management reduces the attack vectors an attacker can exploit for spreading control through the environment  Gives intrusion detection capabilities times to detect intruder and response to eject from network

HO © 2012 Fluor. All rights reserved. Clarifications on Vulnerability Management  Vulnerability assessments and vulnerability management are two different things  Vulnerability assessments and penetration testing are two different things  Soft skills are more important than technical skills in vulnerability management  Successful vulnerability management is required to help secure an environment; successful vulnerability scans help ensure compliance

HO © 2012 Fluor. All rights reserved. SANS’ Top 20 Critical Controls 1.Inventory of Authorized and Unauthorized Devices 2.Inventory of Authorized and Unauthorized Software 3.Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 4.Continuous Vulnerability Assessment and Remediation 5.Malware Defenses 6.Application Software Security 7.Wireless Access Control 8.Data Recovery Capability 9.Security Skills Assessment and Appropriate Training to Fill Gaps 10.Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 11.Limitation and Control of Network Ports, Protocols, and Services 12.Controlled Use of Administrative Privileges 13.Boundary Defense 14.Maintenance, Monitoring, and Analysis of Audit Logs 15.Controlled Access Based on the Need to Know 16.Account Monitoring and Control 17.Data Protection 18.Incident Response and Management 19.Secure Network Engineering 20.Penetration Tests and Red Team Exercises

HO © 2012 Fluor. All rights reserved. Master the Basics

HO © 2012 Fluor. All rights reserved. Perform a Self Audit  If you have no Vulnerability Management Program in place today, perform a self audit to discover what vulnerabilities you do have.  Before engaging an outside party to conduct a vulnerability assessment or penetration testing exercise, remediate as many issues as possible.

HO © 2012 Fluor. All rights reserved. Continuous Scanning & Remediation  Determine scanning schedule and “window threshold” based on your organization’s requirements –If a new vulnerability is introduced into your environment, how long would it take you to discover and understand the vulnerability?  Compliance requirements, rather than the quest for security, often drive scanning schedules  SEIM solutions now integrating vulnerability scanning management capabilities with host detection capabilities

HO © 2012 Fluor. All rights reserved. Leverage Vulnerability Data in Incident Response  Correlate most current vulnerability data to focus intrusion detection response efforts –Identify alerts that can be closed due to inapplicability –Escalate alerts for response based on actual risk for an attack against a specific existing vulnerability

HO © 2012 Fluor. All rights reserved. Metrics That Count  Metrics can be used to communicate to technical and non-technical parties the risks associated with existing vulnerabilities within the environment  Such metrics should measure items which can be controlled by the organization –Number of vulnerabilities by risk Critical, High, Medium/Severe, Low –Average risk (CVSS) score –Remediation time –False remediation

HO © 2012 Fluor. All rights reserved. Metrics That Count (cont.)  Sample metrics can be simple, but meaningful  Examples below* demonstrate that while, limited progress is being made for remediating “backlog” of vulnerabilities, processes for addressing new vulnerabilities and patch releases are highly successful

HO © 2012 Fluor. All rights reserved. Thank You!  If you have any questions, please don’t hesitate to contact me – –Phone:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.