Vulnerability management is a foundational cornerstone for reducing your organization’s cyber risk, but what are vulnerabilities and why is it important to create a strong vulnerability management program? The National Institute of Science and Technology ( NIST) defines a vulnerability as, “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” With hundreds of thousands of vulnerabilities that have been discovered, it is increasingly more important to get vulnerability management right and...
Author: Matthew Jerzewski
The Verizon 2024 Data Breach Investigations Report noted a 180% increase in exploited vulnerabilities over the previous year’s figures. The importance of keeping an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities cannot be understated. 1. Overview: Summary of Vulnerability Management Policy Taking the time to give a short summary of the policy and who and what it involves will help to better flesh out the policy the organization is trying to implement. Describing what types of devices, software, and networks are subject to vulnerability...
2023 Cost of a Data Breach: Key Takeaways It’s that time of year - IBM has released its “ Cost of a Data Breach Report .” This year’s report is jam-packed with some new research and findings that highlight how organizations are implementing security and risk mitigation techniques to help identify and contain data breaches. Key Takeaways The average total cost of a data breach has reached an all-time high in 2023 of $4.45 million. This is an increase of 2.3% from last year’s $4.35 million. Even with data breach costs rising, surveyed companies were split 49% to 51% on whether to increase...
I’m delighted to share that I will be speaking for the first time at SecTor this year. The talk will be in Theatre 1 at 1:15pm on October 5th. In the session Neither Pointless Nor Boring: Pop It And Lock It Down With CIS Controls, I will be discussing the latest version of CIS Controls. […]… Read More
The post Neither Pointless Nor Boring: Pop It and Lock It Down with CIS Controls appeared first on The State of Security.
Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has […]… Read More
The post CIS Control 18 Penetration Testing appeared first on The State of Security.
The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network […]… Read More
The post CIS Control 16 Application Software Security appeared first on The State of Security.