Insufficient vulnerability management is as likely a cause of a security incident as compromised credentials. While the highly publicized 2017 outbreaks of the WannaCry ransomware make it seem like this is a relatively new thing, it is not. Weak wireless encryption, a vulnerability that a robust vulnerability management program might have surfaced and remediated, led to a large breach at a major retailer in 2007, a breach of over 40 million credit card numbers and, at the time, the largest breach known. The session will look at vulnerability management (VM) and its relationships to other enterprise programs. VM is downstream from asset management and upstream from risk management. When seen as part of a holistic flow of detective and preventive controls, VM is at the center connecting Operations with Enterprise Risk Management.
David Sheidlower, CISO, Turner Construction
Larry Whiteside, Jr., Chief Information Security Officer, Greenway Health