Optiv Blog

Maturing IR Capabilities into an Incident Management Program – Part 3 of 3

· By Jenn Black · 0 Comments

Incident response has become one of the most critical aspects of any overall security strategy, but a solid incident response program (IRP) is something many organizations – both large and small – either lack entirely or don’t take seriously enough.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #5 Personnel

· By Shawn Asmus · 0 Comments

t’s no secret that finding and retaining dependable, well-trained application security professionals is a serious challenge, and has been for years. Part of the problem is that the breadth and depth of AppSec knowledge is rather astronomical; one could argue that it’s exponentially wider than network security and grows at a much faster rate. Based on what I’ve seen, teams tend to be perpetually short-staffed and undertrained.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #4 Metrics

· By Shawn Asmus · 0 Comments

As the secure SDLC program matures, vulnerabilities should be caught and remediated earlier in the lifecycle. To know if the program is truly working, organizations must capture metrics. The specific metrics chosen should support and align with the organization’s business objectives and risk management program.

Continue reading 0 Shares

Maturing IR Capabilities into an Incident Management Program – Part 2 of 3

· By Jenn Black, Jeff Wichman, Case Barnes, Erik Schmidt, Curtis Fechner · 0 Comments

The capability to respond effectively to cyber incidents is one of the most critical components of an enterprise security program. However, many companies still lack a solid incident response program (IRP) entirely or don’t take incident response planning seriously enough.

Continue reading 0 Shares

Three Steps to Enhancing Your Third-Party Risk Program

· By Peter Gregory, James Robinson · 0 Comments

In the world of third-party and vendor risk management, many new practices are being adopted. Over the past few weeks, members of Optiv’s third-party risk team have initiated conversations with key industry leaders through a series of roundtable discussions. These thought leaders own or participate in their organizations’ third-party strategies. During these sessions, we shared leading practices and principles, and identified a number of common trends.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #3 Knowledge Management

· By Shawn Asmus · 0 Comments

The term “knowledge management” (KM) refers to using vulnerability mining to turn remediation into lessons learned. Essentially this involves taking knowledge from security remediation activities and placing it within a KM repository that developers, architects and other stakeholders can access. By sharing remediation information across teams, an organization can remove or reduce intelligence silos that contribute to recurring and familiar software bugs.

Continue reading 0 Shares

Is it Intelligent to Fully Automate, Taking Humans Out of the Equation?

· By Ken Dunham · 0 Comments

At a recent conference, I heard a speaker say, “Medical diagnoses will be done completely without a human doctor in the future – computers will be able to diagnose patients faster, and more accurately than humans.” Having served in this industry since 1989, I have to be careful not to spit up my coffee when I hear such global statements.

Continue reading 0 Shares

Maturing IR Capabilities into an Incident Management Program – Part 1 of 3

· By Jenn Black, Optiv Enterprise Incident Management Team · 0 Comments

We’ve all heard that it’s not a matter of “if,” but “when.” This statement, while becoming its own stale mantra of sorts, is still the impetus for the necessary and dramatic shift taking place across enterprise-level cyber security program strategy. Incident response has become one of the most critical aspects of any overall security strategy, but a solid incident response program (IRP) is something many organizations – both large and small – either lack entirely or don’t take seriously enough.

Continue reading 0 Shares

Secure SDLC Lessons Learned: #2 Assessment Toolchain

· By Shawn Asmus · 0 Comments

Most organizations would agree that maintaining a fast, predictable flow of planned work (e.g. projects, scheduled changes) that achieves business goals while minimizing the impact of unplanned work (e.g. bug fixes, outages) is the ultimate IT goal. Security assessment activities should be part of planned work, and to accomplish that, the right tools must be selected.

Continue reading 0 Shares

OCC Updated Guidance on Third-Party Risk

· By Peter Gregory · 0 Comments

Recently, the Office of the Comptroller of the Currency (OCC), released updated guidance for bank examiners as they scrutinize third-party risk programs in banks and other financial institutions.

Continue reading 0 Shares
(21 Results)