Monday, August 8, 2022
  • GitHub Zero-Day: From 35K Repos Compromised to False Alarm
  • Slack App Leaked Hashed User Passwords for 5 YEARS
  • Daniel Stori’s ‘Serverless Economic Impact’
  • Aspen Security Forum 2022 – Moderator: Peter Spiegel ‘Afghanistan: A Year On’
  • Balbix brings Snow and Ice to Vegas @ BlackHat 2022

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Turning Data into Metrics: A Vulnerability Management Story

SBN

Turning Data into Metrics: A Vulnerability Management Story

by Irfahn Khimji on March 29, 2019

One of the main issues I find across the information security industry is that we constantly need to justify our existence. Organizations have slowly realized they need to spend on IT to enable their businesses. Information security, on the other hand, is the team that is constantly preventing the business from freely doing as they please. IT is seen as a driver of success, and security can be, too. The security team just needs to learn how to enable the business.

DevOps Connect:DevSecOps @ RSAC 2022

What businesses do understand is risk. If they understand the risks that they associate with a certain action, they will likely think twice before freely gallivanting in the www (the wild wild web).

Cybersecurity Metrics in Business Context

As such, we as security professionals need to ensure we are providing data to the business, so they understand what it is we do and how it is we go about protecting them.

The question herein is: What metrics should we provide?

As technical folks, it’s easy for us to get caught up in the details. What we often forget is that executives and business-minded individuals have no idea what we’re talking about. They just smile and nod, but when it’s time to pull out the chequebook to fund an information security project, they won’t be able to justify the cost.

Next time you are building an executive metrics deck, keep this in mind: If they don’t understand how you are saving them money, they won’t give you money to fund your projects.

Vulnerability Management Metrics

One of the foundational areas for a security program is vulnerability management (VM). This blog post will focus on specific metrics that you should be looking at as part of the vulnerability management program.

When talking about VM, it’s very easy to get caught (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Irfahn Khimji. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/turning-data-metrics-vulnerability-story/

March 29, 2019March 29, 2019 Irfahn Khimji Featured Articles, remediation, security, Vulnerability Management
  • ← CyberX Raises $18M to Address Industrial Cybersecurity
  • Google Introduces New 2-Step Verification Options for G Suite Accounts →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW
Modern APIs Need a Different Security Approach
CHIPS for America Act Brings Big Bucks to Semiconductor Industry
Overcoming the Barriers to Zero-Trust
Upskilling is Critical to Closing Cybersecurity Skills Gaps
This Week in Malware—Typosquats in PyPI, dependency confusion packages
Aspen Security Forum 2022 – Moderator: David Ignatius, Secretary Frank Kendall USAF ‘Fireside Chat On Modernization And The Future Of Warfare’
Where Does Shared Responsibility Model for Security Breaks in the Real World?
GwisinLocker ransomware targets South Korean industrial and pharma firms
What You Need to Know About Ransomware in AWS

Upcoming Webinars

Wed 17

Code Tampering: Four Keys to Pipeline Integrity

August 17 @ 1:00 pm - 2:00 pm
Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Featured Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

MiCODUS Car Trackers are SUPER Vulnerable and Dangerous

July 21, 2022 Richi Jennings | Jul 21 0
How AI Secures the Future of Digital Payments
Application Security Cloud Security Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

How AI Secures the Future of Digital Payments

July 18, 2022 Natasha Lane | Jul 18 0
HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

June 17, 2022 Richi Jennings | Jun 17 Comments Off on HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

Top Stories

GitHub Zero-Day: From 35K Repos Compromised to False Alarm
Application Security Cybersecurity Featured Incident Response Malware News Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

GitHub Zero-Day: From 35K Repos Compromised to False Alarm

August 8, 2022 Gabriel Liechtman-Manor | 7 minutes ago 0
Slack App Leaked Hashed User Passwords for 5 YEARS
Analytics & Intelligence API Security Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Featured Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Slack App Leaked Hashed User Passwords for 5 YEARS

August 8, 2022 Richi Jennings | 2 hours ago 0
US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response IoT & ICS Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US Emergency Alert System Has ‘Huge Flaw’ — Broadcasters Must Patch NOW

August 5, 2022 Richi Jennings | 3 days ago 0

Security Humor

Daniel Stori's 'Serverless Economic Impact'

Daniel Stori’s ‘Serverless Economic Impact’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.