To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Entendido!
Artwork

Tech Government Kratos Compliance Cybersecurity Defense
Contenido proporcionado por Kratos. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Kratos o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !
Get it on App Store Get it on Google Play

Cyber Compliance & Beyond « »
4 - Vulnerability Management

52:18
 
Reproducir
Reproduciendo
Compartir
 

MP3Episodio en casa
Manage episode 426799857 series 3578204
Contenido proporcionado por Kratos. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Kratos o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.

Vulnerabilities are everywhere and on every IT asset within an organization. This makes vulnerability management one of the most important – if not the most important – risk mitigation activities an organization undertakes. But, the complexities inherent in many organizations combined with the sheer number of vulnerabilities leaves many not knowing where to even begin when it comes to vulnerability management. On today’s episode, we’ll demystify vulnerability management by defining some context, outlining an effective vulnerabilities management program, discussing potential challenges, tying it all to compliance, and decoupling vulnerability management from the inherent complexities.

Today’s guest is Andrew Overmyer, Security Assessor, subject matter expert, and general cybersecurity jack-of-all-trades at Kratos. During our conversation, we distill this often-nebulous concept into the concrete tenets necessary to build an effective program to drive vulnerability remediation efforts.

Resources:

· The Core Tenets of Vulnerability Management

o Asset Management: a tool or set of tools accompanied by a process that build and maintain an accurate asset inventory; an asset inventory must include but not be limited to network segments and IT assets across all types

o Patch Management: a tool or set of tools accompanied by a process that supports identifying and applying patches

o Vulnerability Scanning: a tool or set of tools accompanied by a process that support identifying vulnerabilities on IT assets; vulnerability scans must be run with credentials, to the greatest extent possible, to fully identify vulnerabilities present

o Compliance Scanning: a tool or set of tools accompanied by a process that support identifying misconfigurations on IT assets; misconfigurations are deviations from a defined baseline (e.g., Center for Internet Security benchmarks)

· Vulnerability Scanning Schedule

o Daily: Asset scans to identify assets on the network; these are not vulnerability scans, but rather simple scans to identify assets on the network

o Weekly: Vulnerability scans of all assets on the network

o Monthly: Compliance scans of all applicable assets on the network

· CVSS: Common Vulnerability Scoring System Version 4.0

· EPSS: Exploit Prediction Scoring System

· SSVC: Stakeholder-Specific Vulnerability Categorization

  continue reading

9 episodios

#Tech #Government #Kratos #Compliance #Cybersecurity #Defense
Artwork

4 - Vulnerability Management

Cyber Compliance & Beyond

published

Reproducir Reproduciendo
iconCompartir
 
MP3Episodio en casa
Manage episode 426799857 series 3578204
Contenido proporcionado por Kratos. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Kratos o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.

Vulnerabilities are everywhere and on every IT asset within an organization. This makes vulnerability management one of the most important – if not the most important – risk mitigation activities an organization undertakes. But, the complexities inherent in many organizations combined with the sheer number of vulnerabilities leaves many not knowing where to even begin when it comes to vulnerability management. On today’s episode, we’ll demystify vulnerability management by defining some context, outlining an effective vulnerabilities management program, discussing potential challenges, tying it all to compliance, and decoupling vulnerability management from the inherent complexities.

Today’s guest is Andrew Overmyer, Security Assessor, subject matter expert, and general cybersecurity jack-of-all-trades at Kratos. During our conversation, we distill this often-nebulous concept into the concrete tenets necessary to build an effective program to drive vulnerability remediation efforts.

Resources:

· The Core Tenets of Vulnerability Management

o Asset Management: a tool or set of tools accompanied by a process that build and maintain an accurate asset inventory; an asset inventory must include but not be limited to network segments and IT assets across all types

o Patch Management: a tool or set of tools accompanied by a process that supports identifying and applying patches

o Vulnerability Scanning: a tool or set of tools accompanied by a process that support identifying vulnerabilities on IT assets; vulnerability scans must be run with credentials, to the greatest extent possible, to fully identify vulnerabilities present

o Compliance Scanning: a tool or set of tools accompanied by a process that support identifying misconfigurations on IT assets; misconfigurations are deviations from a defined baseline (e.g., Center for Internet Security benchmarks)

· Vulnerability Scanning Schedule

o Daily: Asset scans to identify assets on the network; these are not vulnerability scans, but rather simple scans to identify assets on the network

o Weekly: Vulnerability scans of all assets on the network

o Monthly: Compliance scans of all applicable assets on the network

· CVSS: Common Vulnerability Scoring System Version 4.0

· EPSS: Exploit Prediction Scoring System

· SSVC: Stakeholder-Specific Vulnerability Categorization

  continue reading

9 episodios

#Tech #Government #Kratos #Compliance #Cybersecurity #Defense

Todos los episodios

×
 
Loading …

Bienvenido a Player FM!

Player FM está escaneando la web en busca de podcasts de alta calidad para que los disfrutes en este momento. Es la mejor aplicación de podcast y funciona en Android, iPhone y la web. Regístrate para sincronizar suscripciones a través de dispositivos.

 

Escucha más de 500 temas
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !
Get it on App Store Get it on Google Play

Guia de referencia rapida

Los mejores podcasts
El Larguero
Cronómetro
Deportes COPE
Libros para Emprendedores
Profesor Briceño
Nadie Sabe Nada
A Vivir Que Son Dos Días
Hora de cultura POP!
Economía directa
MarcianoCast
Contacto Sur
Hora 25
Aprendiendo GTD y productividad
Cienciaes.com
Hablando con Científicos - Cienciaes.com
La Tortulia Podcast: Episodios
Radio Ambulante
Dr. Muerte
Dr. Muerte (España)
Leyendas Legendarias
Player FM logo
Ayuda/Preguntas frecuentes | Mejorar | Anunciar
Arte|Finanzas|Comedia|Economía|Entretenimiento|Noticias|Política|Religión
Ciencias|Futbol|Deportes|Narración de historias|Tecnología|Crímenes reales
Copyright 2024 | Mapa del sitio | Política de privacidad | Términos de servicio | | Derechos de autor
Episode being played series thumbnail
icon icon
Velocidad
Ajustes de las series
1x
1x
Volume
100%
icon
icon icon
/

Ver Player FM en ...
Player FM
Browser
Chrome
Safari
Firefox