Get Real With Auditors and Your Team About Risk
Set-in-stone SLA tables for remediation based on standard, CVSS-based vulnerability evaluation: we know they look beautiful on your SOP and auditors love it, but that’s not the real world of cybersecurity. The reality is that vulnerabilities come up at a speed that is impossible to keep up with by any fixed schedule. What we need is a process nimble enough to adapt to the fluid exploit landscape and that relies on dynamic risk-based prioritization to cut through the noise.
However, this transition is not always the easiest. It takes time, focused effort, and requires a paradigm shift from not just your internal teams, but your auditors as well.
In this webinar Marcia Main, Security Strategy Director at Rally Health, will join Kenna Security CTO and Co-Founder Ed Bellis to talk about her experience getting auditors and her team on-board with managing vulnerabilities based on risk, not just a fixed set of criteria and SLA tables.
Attend this webinar to learn:
- How to shift the thinking of your auditors (hint: you have more leverage than you think)
- Strategies to successfully partner with your auditors
- Why it’s okay for low-risk vulnerabilities to go unpatched for a bit
- How to get your teams used to a responsive, risk-based approach
- Ways of incentivizing, measuring, and recognizing remediation teams like gamifying, performance scoring and more