Vulnerability researcher on layered security plan mistakes

Vulnerability researcher on layered security plan mistakes

Vulnerability researcher on layered security plan mistakes

Date: Sep 14, 2012

According to Roger Johnston, head of the Vulnerability Assessment Team at Argonne National Laboratory, when seeking out vulnerabilities, instead of thinking like bad guys, enterprise information security teams should think like vulnerability assessors.

In this video interview conducted at the 2012 (ISC)2 Security Congress in Philadelphia, the vulnerability researcher explains the difference, and offers tips for working successfully with third-party vulnerability assessors. Johnston also discusses layered security and the dangers of putting a layered security plan in place without an analysis of how each layer affects the other layers.

More on Vulnerability Risk Assessment

  • canderson

    How involved should execs be in software security programs?

    VIDEO - Video: Chris Wysopal of Veracode discusses how the role of security executives is evolving in application security and vendor management.
  • canderson

    The gaping hole in your vulnerability management program

    VIDEO - Authenticated vulnerability scanning may be just what your organization needs to complete its vulnerability management program. In this video, expert Kevin Beaver offers pointers for performing an authenticated vulnerability scan.
  • canderson

    How to make penetration test results matter

    VIDEO - Voodoo Security founder Dave Shackleford details how enterprises can make penetration test results more meaningful than a compliance exercise.
  • Cybersecurity risks masked by controversial vulnerability counts

    News - Experts have split opinions regarding the correct methodology for counting vulnerabilities, but all agree that focusing on numbers can mask real cybersecurity risks.

    ( Apr 13, 2015 )

  • How to conduct proper AWS vulnerability scanning

    Tip - Vulnerability management in the cloud can be complicated. Expert Rob Shapland explains how to perform vulnerability scans in AWS under the shared responsibility model.
  • attack surface analysis

    Definition - An organization's attack surface includes all the exploitable vulnerabilities in its hardware, software, connections and even its employees, in the form of social engineering. Attack surface analysis allows the organization to detect those vulnerabilities.
  • Is the RSA 2015 'booth babe' ban a win for women in security?

    News - News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play app vetting.

    ( Mar 27, 2015 )

  • Embedded systems security a growing concern amid rise of IoT

    News - As more devices become Internet-enabled, experts fear an embedded systems security worst-case scenario for enterprises, many of which are unaware of the risks or unable to mitigate them.

    ( Mar 23, 2015 )

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: