Achieving a state of regulatory compliance and reducing vulnerability risks to the organization are not the necessarily the same thing as managing your organization’s attack surface, but those two endeavors certainly provide some achievable goals that materially reduce the overall risk profile.
While mitigating all possible vectors for preventing all attacks is of course unachievable, there are numerous efforts an organization can make to reduce the probability of being targeted by raising the threshold for network penetration to a level that it becomes a more daunting task for the assailants.
Understanding which are the critical assets and systems that need to be protected, identifying the potential risks those assets may be confronted with, and fine-tuning the security solutions in place to protect those critical assets will make the organization better able to detect threats, respond in real-time to prevent further compromise, and produce a robust state of resiliency that works to protect the organization’s interests.
In this video security experts Brian Honan, Steven Fox, Theresa Payton, Tim Erlin and Richard Rushing discuss strategies for best efforts to help reduce the risk of being the target of cyber-based attacks by minimizing opportunities for attackers and minimizing the potential impact attacks will have on the organization’s primary objectives.
Brian Honan (@BrianHonan) is currently the owner and Chief Executive Officer of BH Consulting. Honan is recognized internationally for his information security expertise across multiple industry segments and has worked with many private-sector and government departments in the Unites States and Europe. Honan also serves as an advisory board member for the Europol Cybercrime Centre (EC3) and SANS Institute. In addition, Honan is the author of the book “ISO 27001 in a Windows Environment” and co-authored the book “The Cloud Security Rules”.
Steven Fox (@SecureLexicon) is a Senior Security Architecture & Engineering Advisor at a federal agency. He is also a former Detroit ISSA Chapter Board Member, co-organizer for Security B-Sides Detroit, and a Distinguished Fellow at the Ponemon Institute, as well as having been a regular contributor to CSO Online for several years.
Theresa Payton (@FortaliceLLC) is the Chief Executive Officer and President at Fortalice, LLC, responsible for delivering security, risk and fraud consulting to private and public organizations. Previously, Payton served as the White House Chief Information Officer for the Bush Administration–the first woman to ever hold that position. During her service, her team worked to secure systems of more than 3,000 members of the Executive Office of the President. Payton has also led strategic planning teams, managed mergers and acquisitions and ran technology and operations units.
Tim Erlin (@terlin) is the Director of Product Management at Tripwire, and is responsible for the Suite360 product line, including Vulnerability Management, Configuration Auditing and Policy Compliance. Previously, in his nearly 10 year tenure at nCircle, he has also held the positions of Senior Sales Engineer and QA Engineer. Erlin’s career in information technology began with project management, customer service, as well as systems and network administration. Erlin is a member of ISSA and frequently hosts corporate webinars on various topics, including regulatory compliance.
Richard Rushing (@SecRich) currently serves as the Chief Information Security Officer at Motorola Mobility, responsible for leading the company’s security efforts. Prior to Motorola, Rushing held leadership roles at several global organizations, including AirDefense, VeriSign, SecureIT and Siemens. Rushing is also an international speaker, participating at security conferences and seminars around the world.
- Proactively Hardening Systems: Defining the Attack Surface
- Managing the Complexity of the Attack Surface
- Strategies for Actively Reducing the Attack Surface
- Continuous Security Monitoring: An Introduction
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock