A fluid and effective Vulnerability Management Framework, a core pillar in most Enterprise Security Architectures (ESA), remains a continual challenge to most organizations. Ask any of the major breach targets of the past several years. This talk applies the recent OWASP Application Security Verification Standard (ASVS) 2014 framework and applies it to Enterprise Vulnerability Management in an attempt to make a clearly complicated yet necessary part of your organization's ESA much more manageable, effective and efficient with feasible recommendations, based on your business' needs.

Bio: Rockie Brockway serves Black Box as Information Security and Business Risk Director and Senior Engineering Director.ÿ With over two decades of experience in InfoSec/Risk, he specializes in Information Security Risk Management and the inherent relationship between assets, systems, business process, and function.ÿ He offers perspectives on how adversaries may find value in business data, highlights the business impact and ramifications of the theft, disruption, and/or destruction of that data, simulates the adversarial data breach/theft to gauge the organization?s detection and reaction capabilities, and provides rational and reasonable business risk mitigation recommendations. He is a BSidesCLE organizer and recovering cynic, zero FUDs given.

Back to ShowMeCon 2015 video list