Enterprise Class Threat Management Like A Boss - Rockie Brockway Converge 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)
Enterprise Class Threat Management Like A Boss
Rockie Brockway
@rockiebrockway

Attribution is hard. And in most business cases unnecessary. Threat Management, like Vulnerability Management, is a core pillar in most Enterprise Security Architectures (ESA), yet is a very different beast with completely separate functions, processes and skillset requirements. Similar to my previous talk on Enterprise Class Vulnerability Management, this talk takes the framework of the OWASP ASVS 2014 framework and applies it to Enterprise Threat Management in an attempt to make a clearly complicated yet necessary part of your organization's ESA much more manageable, effective and efficient with feasible recommendations, based on your business' needs.

Rockie Brockway serves Black Box as Information Security and Business Risk Director and Senior Engineering Director. With over two decades of experience in InfoSec/Risk, he specializes in Information Security Risk Management and the inherent relationship between assets, systems, business process, and function. Rockie offers perspectives on how adversaries may find value in business data, highlights the business impact and ramifications of the theft, disruption, and/or destruction of that data, simulates the adversarial data breach/theft to gauge the organization's detection and reaction capabilities, and provides rational and reasonable business risk mitigation recommendations. He is a BSidesCLE organizer and recovering cynic, zero FUDs given.



Attribution is hard. And in most business cases unnecessary. Threat Management, like Vulnerability Management, is a core pillar in most Enterprise Security Architectures (ESA), yet is a very different beast with completely separate functions, processes and skillset requirements. Similar to my previous talk on Enterprise Class Vulnerability Management, this talk takes the framework of the OWASP ASVS 2014 framework and applies it to Enterprise Threat Management in an attempt to make a clearly complicated yet necessary part of your organization's ESA much more manageable, effective and efficient with feasible recommendations, based on your business' needs.

Back to Converge 2016 video list



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek