Jeff Man — Rethinking Security Given the Spectre of a Meltdown — DEF CON 27 Packet Hacking Village

Дата: 22.11.2019. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

Have you ever noticed that much of the mission of cyber- and information security professionals seems to be focused on vulnerabilities? Have you ever heard of the risk equation? Perhaps you are familiar with one or more versions that help you derive the risk to your organization (sometimes referred to as residual risk). I have been wondering for a while how to suggest to our industry that there is perhaps TOO much focus on vulnerabilities and not enough attention or focus on the other elements that derive the standard risk equation. The recent disclosure of Meltdown/Spectre introduced a «perfect storm» scenario where the vulnerability wasn’t easy to patch or fix, and the solution seemed to be break things. This created a situation where the «security solution» wasn’t simply to apply the patch — and that left many organizations scrambling to figure out how to deal with this example of a persistent vulnerability. This is a great example of what I’ve wanted to discuss for a while — what else should we focus on in terms of security if/when the vulnerabilities still remain. Interested? Intrigued? Come join the discussion!

Jeff Man (Twitter: @MrJeffMan) is an infosec curmudgeon.


Об авторе CISOCLUB

Редакция CISO CLUB. Официальный аккаунт. CISO CLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован.