Security Weekly Podcast Network (Audio) Say Easy, Do Hard, Minimum Viable Security - Part 1 - Jon Fredrickson - BSW Vault
Dec 23, 2024
CISOs face tough choices with flat budgets affecting security programs. The debate on minimum viable security strategies highlights key areas like identity management. Challenges of applying best practices in legacy environments are discussed. Patch and asset management are underscored as essential for vulnerable security postures. The conversation also emphasizes integrating risk management into business culture, promoting stakeholder engagement and transparency while tackling evolving cyber threats.
AI Snips
Chapters
Transcript
Episode notes
Prioritize Asset Management
- Prioritize asset management as it's crucial for effective security.
- Include third-party providers in asset management for comprehensive tracking.
Asset Management is Foundational
- Asset management is foundational, encompassing hardware, software, people, and vendors.
- It enables protection by providing visibility into what needs securing.
Inferring Vulnerabilities
- Inferring vulnerability data from the NVD is possible with a good asset inventory.
- This eliminates the need for vulnerability scanning in certain cases.