Compliance, Vulnerability management

That’s Where the Lemons Go – SCW #45

This week, we welcome Liam Downward, CEO at CYRISMA, to talk about Data Centric Security! In our second segment, Jeff, Josh, Scott, John, and Liam discuss Vulnerability Management & the Art of Prioritization of Risk!

Visit https://securityweekly.com/cyrisma to learn more about them!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Segments

1. Data Centric Security – Liam Downward – SCW #45

Do we know where our sensitive data is located? Is the system that hosts this data free from vulnerabilities, and is it securely configured? How do we assign accountability through mitigation plans to meet compliance mandates?

This segment is sponsored by CYRISMA.

Visit https://securityweekly.com/cyrisma to learn more about them!

Sponsored By

CYRISMA

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Guest

Liam Downward
Liam Downward
CEO at CYRISMA

Liam started his career in 1998 in Dublin, Ireland and each year brought new challenges and with this where my passion of Information Security grew. In 2018, he saw that Cyber Security was becoming more complex and organizations would rather ignore risks as their budgets could not afford solutions to protect their data and CYRISMA was born.

Hosts

Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
John Snyder
John Snyder
CEO at AGNES Intelligence
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Scott Lyons
Scott Lyons
CEO at Red Lion

2. Vulnerability Management & the Art of Prioritization of Risk – SCW #45

There was a pretty extensive discussion on the Discord server during last week's show that we thought was appropriate to discuss on air.

Josh kicked off the discussion by asking, "Anybody know any vulnerability remediation timeline guidance? Formalized, scientifically based stuff?"

Josh further clarified, "just trying to find the science behind why and when I should give a crap about vulnerabilities".

He finally stated, "I am troubled by the lack of empirically based standards of remediation timing, remediation prioritization, remediation adjustment/offsets based on compensating controls."

This launched a multi-threaded conversation that touched on vulnerability management, how to pass various compliance audits/assessments, the many vendors that have latched on to "prioritization" of vulnerabilities, or simply "Risk-Based Vulnerability Management".

Of course, PCI became a focal point for much of the discussion because of the mention of vulnerability management, compensating controls, remediation timing, etc. - all of which is addressed within the PCI DSS (despite what Quadling thinks).

We're going to try to find consensus on the problem, possible solutions (based on recognized sources), and provide advice.

Announcements

  • It's official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly's 15th Anniversary. Visit securityweekly.com/unlocked to submit your presentation & register for free!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Liam Downward
Liam Downward
CEO at CYRISMA

Liam started his career in 1998 in Dublin, Ireland and each year brought new challenges and with this where my passion of Information Security grew. In 2018, he saw that Cyber Security was becoming more complex and organizations would rather ignore risks as their budgets could not afford solutions to protect their data and CYRISMA was born.

Hosts

Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
John Snyder
John Snyder
CEO at AGNES Intelligence
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Scott Lyons
Scott Lyons
CEO at Red Lion
prestitial ad