PRO+ Premium Content/Information Security
Access your Pro+ Content below.
The vulnerability management process after Equifax
This article is part of the Information Security issue of November 2017, Vol. 19, No. 9
Managing software vulnerabilities is a universal problem. While unknown flaws in code or system design are part of the vulnerability management process, responsible disclosure policies and bug bounties have greatly reduced the prevalence of zero-day attacks. Unknown security holes that attackers exploit are usually at high-value targets, such as Fortune 500 companies, government agencies and critical infrastructures. NotPetya, WannaCry, Conficker and other well-publicized attacks took advantage of vulnerabilities that were publicly known and had available software patches. The use of known vulnerabilities is especially troubling for security professionals because these attacks can be prevented. Companies haven't embraced the ever-changing software environments that have become reality. While technology providers have begun configuring their software to perform automatic checks to identify and install patches, IT departments have gone to great lengths to control software patching and releases and disable these automatic updates. ...
Features in this issue
-
Are security operations centers doing enough?
SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead.
-
Transitioning to the role of CISO: Dr. Alissa Johnson
Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem."
Columns in this issue
-
Are companies with a SOC team less likely to get breached?
Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get.
-
From the White House to IBM Watson technology with Phyllis Schneck
The managing director at Promontory Financial Group, now part of IBM, talks about supercomputers, cryptography applications and her start in computer science.