Tag Archives: risk management

Creating Risk Management Metrics that Matter

Ed Bellis    March 10, 2017

As a security team, you are what you measure. The problem is that too many security teams are tracking vulnerabilities, not measuring risk. This post examines how vital it is for security teams to establish risk-based metrics, offering examples of both the right and wrong measures to use. The paper then looks at the key steps to building risk management… Read more »

Moving from Vulnerability Remediation to Risk Measurement

Ed Bellis    June 6, 2016

Fighting security threats is hard enough, but it’s pretty much impossible if you’re fighting wrong battles. However, that’s what you’re doing if you’re focused on vulnerability remediation. I see it all the time: Security teams live by their spreadsheets. They have lists of vulnerabilities. They stack rank them by severity, start with the most critical, and commence to work through… Read more »

Must-Have Metrics for Vulnerability Management: Part 3

Ed Bellis    March 30, 2016

This is part 3 of a 3-part series on Must-Haves for Vulnerability Management. Read Part 1 here and Part 2 here. Must Have #4: Know Your Resources Once you have a good handle on your business, your assets, and what security risks are currently affecting your environment, you’ll need to understand your resources. What do you have at your disposal… Read more »

Enhanced Reporting Capabilities in Kenna: It’s All About Risk

Greg Howard    March 9, 2016

We’re thrilled to announce our new reporting capabilities today. Kenna has always been an unparalleled platform for vulnerability prioritization–enabling security teams to identify their most critical vulnerabilities and take the right actions to help remediate them. But with the introduction of our new reports, Kenna becomes something else: a security analytics platform that helps organizations measure, monitor, and track their… Read more »

Five Common Vulnerability Management Mistakes to Avoid

Ed Bellis    July 21, 2015

Vulnerability Management is often undersourced and undertooled, and yet stands at the epicenter of protecting the organization from a breach. Bringing to bear best practices can mean the difference between success and failure, but what does “best practices” mean and what evidence exists that supports them? In the trenches as former CISO of Orbitz as well as my work with… Read more »

Secret #1 of Vulnerability Scanning: CVSS Is Only Part of the Picture

Ed Bellis    January 8, 2015

This is the first post by Ed Bellis in a three-part series on Vulnerability Scanning. To view all five secrets and two common “gotchas” of vulnerability scanning, please click here. Information security can be a thankless job. I know, I’ve lived it first-hand. When I ran Security at Orbitz, it was absolutely critical that my team and I stayed on top of… Read more »

Mo’ Vulnerabilities, Mo’ Problems

Ryan Cunnane    September 19, 2014

*This originally appeared as a guest post in the Tripwire – The State of Security blog as Mo’ Vulnerabilities, Mo’ Problems…One Solution. Security practitioners juggle many tasks, with vulnerability management requiring the most time and effort to manage effectively. Prioritizing vulnerabilities, grouping those vulnerabilities and assets, and assigning them to the appropriate teams takes considerable time using current scanning technology…. Read more »

Announcing Our Latest Integration: Beyond Security

Ed Bellis    June 5, 2014

At Risk I/O, we’ve always made it our mission to integrate with the scanner tools used most. That’s why we’ve added integration with the BeyondSecurity AVDS web scanner to our vulnerability threat management platform. With the new BeyondSecurity AVDS connector, you can discover and eliminate your network’s most serious security weaknesses. Simply sync your scan data via our new connector and Risk I/O will… Read more »

Heartbleed Is Not A Big Deal?

Michael Roytman    April 17, 2014

As of this morning we have observed 224 breaches related to CVE-2014-0160, the Heartbleed vulnerability. More than enough has been said about the technical details of the vulnerability, and our own Ryan Huber covered the details a few days ago. I want to talk about the vulnerability management implications of Heartbleed, because they are both terrifying and telling. The Common Vulnerability… Read more »