Archive for September, 2009

New Risk Analysis Webcast with SANS

Wednesday, September 9th, 2009

Want to learn more about risk management?  Don’t know where to start developing your own risk model? On October 20th, I will be presenting a free webcast hosted by SANS and sponsored by Rapid7:

Changing the Way We Manage Vulnerabilities & Patching

If you are a resource administrator, then you probably spend too much time responding to new vulnerability reports and patching systems. For the security folks, you probably spend too much of your time tracking down the status on remediation and trying to qualify new vulnerability notifications. So how can we manage this better? This session will focus on how to take vendor and industry reports of new vulnerabilities in software/hardware, and analyze the risk to your own organization. With limited time and resources, you can’t patch everything on day 1, so how do you determine which alerts are actually critical for your environment?

The answer is to develop a risk model that takes into account the particulars of your environment. We will demonstrate how to develop your own risk criteria for severity and likelihood by analyzing some recent vulnerability notifications. By the end of this session, attendees will know how to analyze a new vulnerability report for the distinguishing characteristics that would make it a critical weakness for some, but a moderate concern for you. Armed with this knowledge, you can better focus your administrators’ efforts.

Register here: