Posts by Bill Sharar

4 min Vulnerability Management

How Adaptive Security fits into your Vulnerability Management Program

Building an Application Vulnerability Management Program, found in the SANS Institute Reading Room ( ulnerability-management-program-35297), identifies vulnerability program management as a cyclical process involving the following steps: * Policy * Discovery and Baseline * Prioritization * Shielding and Mitigation * Eliminating the Root Cause * Monitoring While the use of Nexpose applies to several of these

2 min CIS Controls

Use DHCP Discovery to Implement Critical Security Control 1

The number one critical security control from the Center for Internet Security recommends actively managing all hardware devices on the network: CSC 1: Inventory of Authorized and Unauthorized Devices Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. Here a some of the reasons y

2 min

Understanding Security Control Grades

One of the most valuable features of ControlsInsight is its ability to prioritize security control improvement guidance as a sequence of next steps. It does this by grading each security control configuration and ordering the guidance for each configuration by grade. ControlsInsight calculates the grade for each security control configuration based upon the coverage of that configuration across all assessed assets and a weight assigned to that configuration. Coverage Coverage is the measure of