SlideShare una empresa de Scribd logo

Webinar: Vulnerability Management IT can fix it, but the business needs to own it

Iceberg Networks Corporation
Iceberg Networks Corporation

In this webinar, we share advice on how to evolve vulnerability management from an IT-only discussion to an IT & business collaboration, to drive better metrics, resourcing, and communication. The discussion includes a live demo showing examples of business-centric approaches that can improve the vulnerability metrics that IT organizations struggle with today. Led David White, lead consultant for Iceberg’s cyber risk practice. From March 2017.

Tecnología
1 de 13
Descargar para leer sin conexión
TODAY’S PRESENTER DAVID WHITE Senior GRC Consultant Iceberg dwhite@icebergnetworks.com
AGENDA Traditional Vulnerability Management What’s missing Risk-driven Vulnerability Management Adding business context Where do we start? Demo What’s next?
TRADITIONAL VULNERABILITY MANAGEMENT Scan Identify Analyze Remediate Reporting Risk
WHAT’S MISSING •  What business functions are impacted by these vulnerabilities? •  Is this a positive or negative report? •  What is the compliance status for SOX and PCI? •  What are the remediation plans and how will remediation effect the numbers on this report? •  Reports/dashboards, should provide decision makers with data to enable better decision making.
RISK-DRIVEN VULNERABILITY MANAGEMENT 43% Reduction in number of open vulnerabilities when executives or board for directors are held accountable for breaches 11% Acceleration in vulnerability remediation when executives or board for directors are held accountable for breaches 103 days On average, time a company takes to remediate a security vulnerability 6,449 Number of vulnerabilities reported in 2016 through the National Vulnerability Database Evolve vulnerability management to an IT & business collaboration, to drive better metrics, resourcing, and communication.
ADDING BUSINESS CONTEXT IT Asset Vulnerability Data IT Asset Properties CVSS Score Remediation IP Address Network Details Services Operating System Age
ADDING BUSINESS CONTEXT IT Asset Vulnerability Data Business Process Business Services Applications IT Asset Properties Location Owner CVSS Score Remediation Internal Services Client Facing Physical IT Owner Business Owner Virtual Country Data Center IP Address Network Details Services Operating System Supporting Software Client Software Corporate Process Department Process External Services Age Risk Register Exceptions Remediation Plans Metrics
WHERE TO START IT AssetBusiness ProcessesProduct & Services Vulnerability Business Hierarchy People Applications Locations Risk Register Reporting
DEMO
ARCHER USE CASE Threat Management § Consolidate threat data from trusted sources in a searchable, standards- compliant database § Analyze and react to vulnerability and malicious code warnings § Automatically notify responsible personnel so they can proactively address emerging threats § Report on threats by technology, severity, type, status and impact to your organizations business
ICEBERG - RISK INTELLIGENCE Risk Data Trusted Aggregated, Transparent Decisions Informed Confident Effective Business Leaders Board Executives Management “Trusted, aggregated and transparent risk data for business leaders, enabling organizations to make informed, confident and effective decisions.”
icebergnetworks.com/vulnerability/ info@icebergnetworks.com Twitter: @icebergnetworks

Recomendados

Digital Transformation
Digital Transformation Digital Transformation
Digital Transformation MichaelDreiling3
 
2011 SMB Disaster Preparedness Report
2011 SMB Disaster Preparedness Report2011 SMB Disaster Preparedness Report
2011 SMB Disaster Preparedness ReportSymantec APJ
 
Ron perris compliance-v-security - atlseccon2011
Ron perris compliance-v-security - atlseccon2011Ron perris compliance-v-security - atlseccon2011
Ron perris compliance-v-security - atlseccon2011Atlantic Security Conference
 
What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2IANS
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Virtualization Facts and Benefits
Virtualization Facts and BenefitsVirtualization Facts and Benefits
Virtualization Facts and BenefitsLefteris Karafilis
 
Jim Dean Marketing One Pager
Jim Dean Marketing One PagerJim Dean Marketing One Pager
Jim Dean Marketing One PagerJames Dean
 
Case analysis
Case analysisCase analysis
Case analysisamol_nale
 

Recomendados

Digital Transformation
Digital Transformation Digital Transformation
Digital Transformation MichaelDreiling3
 
2011 SMB Disaster Preparedness Report
2011 SMB Disaster Preparedness Report2011 SMB Disaster Preparedness Report
2011 SMB Disaster Preparedness ReportSymantec APJ
 
Ron perris compliance-v-security - atlseccon2011
Ron perris compliance-v-security - atlseccon2011Ron perris compliance-v-security - atlseccon2011
Ron perris compliance-v-security - atlseccon2011Atlantic Security Conference
 
What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2What is an IANS CISO Workshop? Factor 2
What is an IANS CISO Workshop? Factor 2IANS
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Virtualization Facts and Benefits
Virtualization Facts and BenefitsVirtualization Facts and Benefits
Virtualization Facts and BenefitsLefteris Karafilis
 
Jim Dean Marketing One Pager
Jim Dean Marketing One PagerJim Dean Marketing One Pager
Jim Dean Marketing One PagerJames Dean
 
Case analysis
Case analysisCase analysis
Case analysisamol_nale
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatKatherine Johnston, CFE
 
Risk Based Approach To Recovery And Continuity Management John P Morency
Risk Based Approach To Recovery And Continuity Management John P MorencyRisk Based Approach To Recovery And Continuity Management John P Morency
Risk Based Approach To Recovery And Continuity Management John P Morencyjmorency1952
 
What is an IANS CISO Impact Roundtable?
What is an IANS CISO Impact Roundtable?What is an IANS CISO Impact Roundtable?
What is an IANS CISO Impact Roundtable?IANS
 
Allgress Brochure
Allgress BrochureAllgress Brochure
Allgress Brochurelinkedinlion11
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
 
The Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALThe Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALJohn Baumgarten
 
V mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryV mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryVMware_EMEA
 
12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To Fail12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To FailFormaliti
 
System Professional Overview
System Professional OverviewSystem Professional Overview
System Professional Overviewwayne_emerson
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to COREResolver Inc.
 
Case Study: Increase the accuracy, compliance and timeliness of member commun...
Case Study: Increase the accuracy, compliance and timeliness of member commun...Case Study: Increase the accuracy, compliance and timeliness of member commun...
Case Study: Increase the accuracy, compliance and timeliness of member commun...Blue Relay - Providing complete visibility into document and process management
 
Andrew Vermes: Major Incident Management
Andrew Vermes: Major Incident ManagementAndrew Vermes: Major Incident Management
Andrew Vermes: Major Incident ManagementitSMF UK
 
Symantec Infographic
Symantec InfographicSymantec Infographic
Symantec InfographicSandra Augustin
 
Eliminating headaches from Global Safety Reporting
Eliminating headaches from Global Safety ReportingEliminating headaches from Global Safety Reporting
Eliminating headaches from Global Safety ReportingSteven Beales
 
Slideshow: For Private Equity Operations, Is the Sky the Limit?
Slideshow: For Private Equity Operations, Is the Sky the Limit?Slideshow: For Private Equity Operations, Is the Sky the Limit?
Slideshow: For Private Equity Operations, Is the Sky the Limit?FIS
 
Stephan Voigt - Innovation in Transformer Monitoring and Diagnostic
Stephan Voigt - Innovation in Transformer Monitoring and DiagnosticStephan Voigt - Innovation in Transformer Monitoring and Diagnostic
Stephan Voigt - Innovation in Transformer Monitoring and DiagnosticDutch Power
 
NEMEA Compliance center
NEMEA Compliance centerNEMEA Compliance center
NEMEA Compliance centerNEMEA Security Services
 
5 key insights_on_accounting_close
5 key insights_on_accounting_close5 key insights_on_accounting_close
5 key insights_on_accounting_closeScott Engler
 
Keith Fricke - CISO for an Hour
Keith Fricke - CISO for an HourKeith Fricke - CISO for an Hour
Keith Fricke - CISO for an Hourcentralohioissa
 
Direct to the future
Direct to the futureDirect to the future
Direct to the futureThe Futurist Institute
 
Business continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturingBusiness continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturingARC Advisory Group
 
LKNOG - BCMS
LKNOG - BCMSLKNOG - BCMS
LKNOG - BCMSLKNOG
 

Más contenido relacionado

La actualidad más candente

Risk Based Approach To Recovery And Continuity Management John P Morency
Risk Based Approach To Recovery And Continuity Management John P MorencyRisk Based Approach To Recovery And Continuity Management John P Morency
Risk Based Approach To Recovery And Continuity Management John P Morencyjmorency1952
 
What is an IANS CISO Impact Roundtable?
What is an IANS CISO Impact Roundtable?What is an IANS CISO Impact Roundtable?
What is an IANS CISO Impact Roundtable?IANS
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
 
The Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALThe Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALJohn Baumgarten
 
V mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryV mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryVMware_EMEA
 
12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To Fail12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To FailFormaliti
 
System Professional Overview
System Professional OverviewSystem Professional Overview
System Professional Overviewwayne_emerson
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to COREResolver Inc.
 
Andrew Vermes: Major Incident Management
Andrew Vermes: Major Incident ManagementAndrew Vermes: Major Incident Management
Andrew Vermes: Major Incident ManagementitSMF UK
 
Eliminating headaches from Global Safety Reporting
Eliminating headaches from Global Safety ReportingEliminating headaches from Global Safety Reporting
Eliminating headaches from Global Safety ReportingSteven Beales
 
Slideshow: For Private Equity Operations, Is the Sky the Limit?
Slideshow: For Private Equity Operations, Is the Sky the Limit?Slideshow: For Private Equity Operations, Is the Sky the Limit?
Slideshow: For Private Equity Operations, Is the Sky the Limit?FIS
 
Stephan Voigt - Innovation in Transformer Monitoring and Diagnostic
Stephan Voigt - Innovation in Transformer Monitoring and DiagnosticStephan Voigt - Innovation in Transformer Monitoring and Diagnostic
Stephan Voigt - Innovation in Transformer Monitoring and DiagnosticDutch Power
 
5 key insights_on_accounting_close
5 key insights_on_accounting_close5 key insights_on_accounting_close
5 key insights_on_accounting_closeScott Engler
 
Keith Fricke - CISO for an Hour
Keith Fricke - CISO for an HourKeith Fricke - CISO for an Hour
Keith Fricke - CISO for an Hourcentralohioissa
 

La actualidad más candente (20)

MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreat
 
Risk Based Approach To Recovery And Continuity Management John P Morency
Risk Based Approach To Recovery And Continuity Management John P MorencyRisk Based Approach To Recovery And Continuity Management John P Morency
Risk Based Approach To Recovery And Continuity Management John P Morency
 
What is an IANS CISO Impact Roundtable?
What is an IANS CISO Impact Roundtable?What is an IANS CISO Impact Roundtable?
What is an IANS CISO Impact Roundtable?
 
Allgress Brochure
Allgress BrochureAllgress Brochure
Allgress Brochure
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suite
 
The Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALThe Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINAL
 
V mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryV mware quick start guide to disaster recovery
V mware quick start guide to disaster recovery
 
12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To Fail12 Factors Causing Your E-Signature Project To Fail
12 Factors Causing Your E-Signature Project To Fail
 
System Professional Overview
System Professional OverviewSystem Professional Overview
System Professional Overview
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to CORE
 
Case Study: Increase the accuracy, compliance and timeliness of member commun...
Case Study: Increase the accuracy, compliance and timeliness of member commun...Case Study: Increase the accuracy, compliance and timeliness of member commun...
Case Study: Increase the accuracy, compliance and timeliness of member commun...
 
Andrew Vermes: Major Incident Management
Andrew Vermes: Major Incident ManagementAndrew Vermes: Major Incident Management
Andrew Vermes: Major Incident Management
 
Symantec Infographic
Symantec InfographicSymantec Infographic
Symantec Infographic
 
Eliminating headaches from Global Safety Reporting
Eliminating headaches from Global Safety ReportingEliminating headaches from Global Safety Reporting
Eliminating headaches from Global Safety Reporting
 
Slideshow: For Private Equity Operations, Is the Sky the Limit?
Slideshow: For Private Equity Operations, Is the Sky the Limit?Slideshow: For Private Equity Operations, Is the Sky the Limit?
Slideshow: For Private Equity Operations, Is the Sky the Limit?
 
Stephan Voigt - Innovation in Transformer Monitoring and Diagnostic
Stephan Voigt - Innovation in Transformer Monitoring and DiagnosticStephan Voigt - Innovation in Transformer Monitoring and Diagnostic
Stephan Voigt - Innovation in Transformer Monitoring and Diagnostic
 
NEMEA Compliance center
NEMEA Compliance centerNEMEA Compliance center
NEMEA Compliance center
 
5 key insights_on_accounting_close
5 key insights_on_accounting_close5 key insights_on_accounting_close
5 key insights_on_accounting_close
 
Keith Fricke - CISO for an Hour
Keith Fricke - CISO for an HourKeith Fricke - CISO for an Hour
Keith Fricke - CISO for an Hour
 
Direct to the future
Direct to the futureDirect to the future
Direct to the future
 

Similar a Webinar: Vulnerability Management IT can fix it, but the business needs to own it

Business continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturingBusiness continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturingARC Advisory Group
 
LKNOG - BCMS
LKNOG - BCMSLKNOG - BCMS
LKNOG - BCMSLKNOG
 
10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business Resilience10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business ResilienceMichael Bowers
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Skybox Security
 
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Security Compliance Tackled by Taylor Hersom
Security Compliance Tackled by Taylor HersomSecurity Compliance Tackled by Taylor Hersom
Security Compliance Tackled by Taylor HersomSaraPia5
 
Operational Resilience in FLNG
Operational Resilience in FLNGOperational Resilience in FLNG
Operational Resilience in FLNGAlex Lal
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and RemediationCarahsoft
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeGuy Pearce
 
Beijaflore inc. white paper IT compliance program v1.0
Beijaflore inc. white paper IT compliance program v1.0Beijaflore inc. white paper IT compliance program v1.0
Beijaflore inc. white paper IT compliance program v1.0Maxime de Jabrun
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
Introducing Puppet Remediate™
Introducing Puppet Remediate™Introducing Puppet Remediate™
Introducing Puppet Remediate™Puppet
 

Similar a Webinar: Vulnerability Management IT can fix it, but the business needs to own it (20)

Business continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturingBusiness continuity and recovery planning for manufacturing
Business continuity and recovery planning for manufacturing
 
LKNOG - BCMS
LKNOG - BCMSLKNOG - BCMS
LKNOG - BCMS
 
10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business Resilience10 Questions Every Company Should Be Asking Itself About its Business Resilience
10 Questions Every Company Should Be Asking Itself About its Business Resilience
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?Is Your Vulnerability Management Program Irrelevant?
Is Your Vulnerability Management Program Irrelevant?
 
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
Raleigh ISSA: "Optimize Your Data Protection Investment for Bottom Line Resul...
 
Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Security Compliance Tackled by Taylor Hersom
Security Compliance Tackled by Taylor HersomSecurity Compliance Tackled by Taylor Hersom
Security Compliance Tackled by Taylor Hersom
 
Operational Resilience in FLNG
Operational Resilience in FLNGOperational Resilience in FLNG
Operational Resilience in FLNG
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and Remediation
 
Lescinsky resume 6.1.2016
Lescinsky resume 6.1.2016Lescinsky resume 6.1.2016
Lescinsky resume 6.1.2016
 
Avoiding Data Breaches in 2016: What You Need to Kow
Avoiding Data Breaches in 2016: What You Need to Kow Avoiding Data Breaches in 2016: What You Need to Kow
Avoiding Data Breaches in 2016: What You Need to Kow
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperative
 
Beijaflore inc. white paper IT compliance program v1.0
Beijaflore inc. white paper IT compliance program v1.0Beijaflore inc. white paper IT compliance program v1.0
Beijaflore inc. white paper IT compliance program v1.0
 
LPC aswaaq 2012-13
LPC aswaaq 2012-13LPC aswaaq 2012-13
LPC aswaaq 2012-13
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
Lead Through Disruption Guide PDF
Lead Through Disruption Guide PDFLead Through Disruption Guide PDF
Lead Through Disruption Guide PDF
 
Introducing Puppet Remediate™
Introducing Puppet Remediate™Introducing Puppet Remediate™
Introducing Puppet Remediate™
 

Más de Iceberg Networks Corporation

Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!Iceberg Networks Corporation
 
How Archer users are leveraging Iceberg APS for a stronger GRC program
How Archer users are leveraging Iceberg APS for a stronger GRC programHow Archer users are leveraging Iceberg APS for a stronger GRC program
How Archer users are leveraging Iceberg APS for a stronger GRC programIceberg Networks Corporation
 
Transforming compliance and audit management with ServiceNow
Transforming compliance and audit management with ServiceNowTransforming compliance and audit management with ServiceNow
Transforming compliance and audit management with ServiceNowIceberg Networks Corporation
 
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNowWEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNowIceberg Networks Corporation
 
Iceberg Webinar: Adding relevant financial context to your BCM program
Iceberg Webinar: Adding relevant financial context to your BCM program Iceberg Webinar: Adding relevant financial context to your BCM program
Iceberg Webinar: Adding relevant financial context to your BCM program Iceberg Networks Corporation
 
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPRSolution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPRIceberg Networks Corporation
 
RSA-Iceberg Seminar: Building an effective supplier risk management program
RSA-Iceberg Seminar: Building an effective supplier risk management programRSA-Iceberg Seminar: Building an effective supplier risk management program
RSA-Iceberg Seminar: Building an effective supplier risk management programIceberg Networks Corporation
 
Solving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reportingSolving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reportingIceberg Networks Corporation
 

Más de Iceberg Networks Corporation (11)

Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!Yes, there is a better way to do vendor risk assessments!
Yes, there is a better way to do vendor risk assessments!
 
How Archer users are leveraging Iceberg APS for a stronger GRC program
How Archer users are leveraging Iceberg APS for a stronger GRC programHow Archer users are leveraging Iceberg APS for a stronger GRC program
How Archer users are leveraging Iceberg APS for a stronger GRC program
 
Transforming compliance and audit management with ServiceNow
Transforming compliance and audit management with ServiceNowTransforming compliance and audit management with ServiceNow
Transforming compliance and audit management with ServiceNow
 
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNowWEBINAR: Enhance your perspective of vendor risk with ServiceNow
WEBINAR: Enhance your perspective of vendor risk with ServiceNow
 
Iceberg Webinar: Adding relevant financial context to your BCM program
Iceberg Webinar: Adding relevant financial context to your BCM program Iceberg Webinar: Adding relevant financial context to your BCM program
Iceberg Webinar: Adding relevant financial context to your BCM program
 
Webinar: Evolve Beyond the Third Line
Webinar: Evolve Beyond the Third LineWebinar: Evolve Beyond the Third Line
Webinar: Evolve Beyond the Third Line
 
Webinar: Getting a grip on application risk
Webinar: Getting a grip on application riskWebinar: Getting a grip on application risk
Webinar: Getting a grip on application risk
 
Case study: Getting a grip on application risk
Case study: Getting a grip on application riskCase study: Getting a grip on application risk
Case study: Getting a grip on application risk
 
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPRSolution Brief: Helping prepare for risk & compliance challenges for GDPR
Solution Brief: Helping prepare for risk & compliance challenges for GDPR
 
RSA-Iceberg Seminar: Building an effective supplier risk management program
RSA-Iceberg Seminar: Building an effective supplier risk management programRSA-Iceberg Seminar: Building an effective supplier risk management program
RSA-Iceberg Seminar: Building an effective supplier risk management program
 
Solving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reportingSolving data publication challenges for even better rsa archer reporting
Solving data publication challenges for even better rsa archer reporting
 

Último

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Último (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Webinar: Vulnerability Management IT can fix it, but the business needs to own it

  • 1.
  • 2. TODAY’S PRESENTER DAVID WHITE Senior GRC Consultant Iceberg dwhite@icebergnetworks.com
  • 3. AGENDA Traditional Vulnerability Management What’s missing Risk-driven Vulnerability Management Adding business context Where do we start? Demo What’s next?
  • 4. TRADITIONAL VULNERABILITY MANAGEMENT Scan Identify Analyze Remediate Reporting Risk
  • 5. WHAT’S MISSING •  What business functions are impacted by these vulnerabilities? •  Is this a positive or negative report? •  What is the compliance status for SOX and PCI? •  What are the remediation plans and how will remediation effect the numbers on this report? •  Reports/dashboards, should provide decision makers with data to enable better decision making.
  • 6. RISK-DRIVEN VULNERABILITY MANAGEMENT 43% Reduction in number of open vulnerabilities when executives or board for directors are held accountable for breaches 11% Acceleration in vulnerability remediation when executives or board for directors are held accountable for breaches 103 days On average, time a company takes to remediate a security vulnerability 6,449 Number of vulnerabilities reported in 2016 through the National Vulnerability Database Evolve vulnerability management to an IT & business collaboration, to drive better metrics, resourcing, and communication.
  • 7. ADDING BUSINESS CONTEXT IT Asset Vulnerability Data IT Asset Properties CVSS Score Remediation IP Address Network Details Services Operating System Age
  • 8. ADDING BUSINESS CONTEXT IT Asset Vulnerability Data Business Process Business Services Applications IT Asset Properties Location Owner CVSS Score Remediation Internal Services Client Facing Physical IT Owner Business Owner Virtual Country Data Center IP Address Network Details Services Operating System Supporting Software Client Software Corporate Process Department Process External Services Age Risk Register Exceptions Remediation Plans Metrics
  • 9. WHERE TO START IT AssetBusiness ProcessesProduct & Services Vulnerability Business Hierarchy People Applications Locations Risk Register Reporting
  • 10. DEMO
  • 11. ARCHER USE CASE Threat Management § Consolidate threat data from trusted sources in a searchable, standards- compliant database § Analyze and react to vulnerability and malicious code warnings § Automatically notify responsible personnel so they can proactively address emerging threats § Report on threats by technology, severity, type, status and impact to your organizations business
  • 12. ICEBERG - RISK INTELLIGENCE Risk Data Trusted Aggregated, Transparent Decisions Informed Confident Effective Business Leaders Board Executives Management “Trusted, aggregated and transparent risk data for business leaders, enabling organizations to make informed, confident and effective decisions.”