Building an Effective Vulnerability & Remediation Management Program

SecTor 2015

Presented by: Dave Millier
Date: Tuesday October 20, 2015
Time: 13:25 - 14:25
Location: 803
Track: Security Fundamentals

Vulnerability scanning is like flossing, some do it regularly, some only when they have an issue or having their annual checkup, and some not at all. The challenge is that like bacteria the bad guys don’t sit back and wait for you to get around to it, and like teeth your IT systems are never static. Organizations need to move away from the annual “snapshot” vulnerability assessments and instead get into a regular routine of scanning their key systems for vulnerabilities and then fixing them. The challenge is how do you build a program that supports this on an ongoing, repeatable, dependable basis? Dave will walk you through building out a complete vulnerability and remediation management program. He’ll start by helping you understand how to determine what assets to scan and when, and how to classify your assets. Building schedules for regular vulnerability scanning will help determine how often results are being collected. Once the scanning is complete, the real work begins. Dave will explain different approaches to vulnerability remediation and tracking, and then feeding those results back into the next set of scans, enabling a complete vulnerability lifecycle management program.

Links

Dave Millier

Dave Millier is well-known in the Canadian High-Tech marketplace, where he’s been helping customers with their security and compliance needs for over 20 years. For the past 15 years Dave has focused on growing one of Canada’s most-recognized MSSPs Sentry Metrics, which he recently sold to The Herjavec Group, Canada’s largest independent Information Security Company. As the founder of Sentry Metrics, he created and brought to market the industry leading Security and Risk Compliance Dashboard theSentry. Dave is continuing the development of this award-winning platform in his new company, Uzado. Dave has presented at many network and security conferences including Network World, Comdex, InfoSecurity Canada, SC Congress and Sector, Canada’s preeminent Security Conference. Dave has written numerous articles for security and networking magazines, and is often quoted in the press and news stories. Dave was recognized as one of the top 8 security professionals you need to know in the GTA. Dave is a recognized leader in the field of governance and risk compliance, and has helped a number of Canada’s leading organizations build their corporate security strategies, align them with regulatory and corporate requirements, and then implement strategies to help them “attain and maintain” their overall compliance. When Dave’s not pursuing his plans for world domination, one client at a time, he’s an avid (amateur!) dual sport motorcycle rider, and loves to spend his spare time off-road motorcycling.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats