Vulnerability Assessment Best Practices - How To Be One Step Ahead of Attackers (From Identification To Budget approval)

Vulnerability Assessment Best Practices - How To Be One Step Ahead of Attackers (From Identification To Budget approval)

Eli Migdal ???? Eli Migdal ????

Eli Migdal ????

Making Cyber Clear to the C-suite || zero bullsh*t approach || Self-Proclaimed Cyber Security Guru || vCISO || Investor (in real people without the VC crap)

发布日期: 2020年4月2日
+ 关注

The classic vulnerability assessment process doesn't work! It's just too slow.

By the time you've finished your patching and remediation 6 - 12 months have passed and you are again one step behind the bad guys.

I wanted to show you how you can make your vulnerability assessment process work. By being efficient and quick enough!

No alt text provided for this image

Phase 1: Streamline Your Processes

  • Identification
  • Analysis
  • Risk Assessment
  • Remediation
In order to be efficient and be quick enough, use technological platforms that streamline the entire process. When the process is clear and has a defined structure and roles, it will go much quicker without the usual delays.

At Boardish, we recommend using our business partners360inControl? for phase 1 of the process:

Phases 2: Planning Necessary Resources

This is where many companies get it wrong, the vulnerability assessment process MUST include the resources you need to resolve the issues you find. To be able to deliver the remediation part, in most cases you WILL find issues to solve and you must be ready with solutions, as part of your methodology and process.

  • Solutions - Software & Hardware
  • Expert Costs - The People you need to deploy and maintain your solutions
Then QUANTIFY the solutions and expert costs. This is what is currently missing from a lot of processes. It's not about risk score, that's no longer good enough. It's risk quantification!

Phases 3: Taking It To Decision-makers

Once you know which solutions you need and how many human resources are required - you can take the info to your decision-makers and get it approved (and then deployed.)

This is where the Boardish Methodology and algorithm does its magic - our Tool quantifies the information we gather from the vulnerability assessment process into financial figures which the decision-makers can ... make quick and efficient decisions with.

To sum it up:

  1. The classic way of doing vulnerability assessment does not work because it's too slow, too much time from process start to completion to actually be effective and responsive to real threats.
  2. Use technological tools, proven methodologies, and frameworks to make the process clear, efficient and quick.
  3. Quantify into clear financial figures to give your decision-makers all the info they need to make quick decisions.

Thank you,

Eli Migdal - the Founder of Boardish.








要查看或添加评论,请登录

Eli Migdal ????的更多文章

社区洞察

其他会员也浏览了