For many years, cars had analog indicators on the dashboard, including the infamous “idiot light” which, loosely translated, meant: “You ignored the oil pressure and water temperature gauges and now will have an expensive engine repair.” As microprocessors became common in automobile engine control systems, that glowing bulb was replaced by the dreaded “check engine” multi-indicator message, which largely meant: “You ignored the 27 little indicators of problems and now will have an expensive engine repair.” Great for the towing and repair industry; not so great for businesses and families with vehicles stuck on the side of the road.
Flash forward to now. After-action reports reveal that well-known vulnerabilities were exploited by attacks, causing millions of dollars worth of damage to businesses and their customers. The companies’ security programs had discovered those vulnerabilities and notified IT operations and corporate management, but the vulnerabilities had not been remediated or mitigated. The check engine light had been turned on, but no connection had been made to business criticality. Again, great for the incident response and security consulting services; bad for the businesses’ bottom lines.
Moving to a risk-based vulnerability program has helped many businesses avoid the check engine light trap. This paper provides SANS advice for actionable steps to enable security managers to reduce risk and demonstrate business value by increasing the maturity and effectiveness of their vulnerability management processes and controls. The main focus is on the key questions to ask of product and service providers to select the best approach for your organization.

By clicking 'Download Now' you agree to our Terms of Use. We take your privacy seriously. For more information please read our Privacy Policy. By registering with the Enterprise Guide you will automatically receive our weekly Product Update and Technology Insider eNewsletters.

Copyright 2021 Enterprise Guide. All Rights Reserved. Terms of Use | Privacy Policy