Posts by Bill Sharar

4 min Vulnerability Management

How Adaptive Security fits into your Vulnerability Management Program

Building an Application Vulnerability Management Program, found in the SANS Institute Reading Room ( https://www.sans.org/reading-room/whitepapers/application/building-application-v ulnerability-management-program-35297), identifies vulnerability program management as a cyclical process involving the following steps: * Policy * Discovery and Baseline * Prioritization * Shielding and Mitigation * Eliminating the Root Cause * Monitoring While the use of Nexpose applies to several of these

2 min CIS Controls

Use DHCP Discovery to Implement Critical Security Control 1

The number one critical security control from the Center for Internet Security recommends actively managing all hardware devices on the network: CSC 1: Inventory of Authorized and Unauthorized Devices Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. http://www.cisecurity.org/critical-controls.cfm Here a some of the reasons y

1 min

Measure, Analyze and Improve Your Server Controls Effectiveness with ControlsInsight 3.0

ControlsInsight 3.0 was released today adding coverage of security control effectiveness for Windows servers, which extends coverage of the attack surface to include servers, as well as, the desktop controls that have been supported since its initial release last year. According to the 2014 Verizon Data Breach Investigations Report ( http://www.verizonenterprise.com/DBIR/2014/), the rising number of breaches from servers already far exceeds the number of breaches from every other category of a

2 min

Understanding Security Control Grades

One of the most valuable features of ControlsInsight is its ability to prioritize security control improvement guidance as a sequence of next steps. It does this by grading each security control configuration and ordering the guidance for each configuration by grade. ControlsInsight calculates the grade for each security control configuration based upon the coverage of that configuration across all assessed assets and a weight assigned to that configuration. Coverage Coverage is the measure of