Explore practical vulnerability management strategies in this 25-minute conference talk from BSidesLV 2018. Gain insights from Eric Bryan's experience with a retail grocery client as he breaks down the three primary components of vulnerability management. Learn how to improve vulnerability discovery, understand industry scoring systems like CVSS, and interpret the PCI DSS Vulnerability Matrix. Discover the importance of creating risk acceptance plans and grasp key concepts for effective vulnerability management. Walk away with actionable recommendations to enhance your organization's security posture.
Vulnerability Management 101 - Practical Experience and Recommendations
Overview
Syllabus
Intro
Context: Retail Grocery Client
3 Primary Components of Vulnerability Management
Improve Vulnerability Discovery
Vulnerability Scoring Industry Scoring Common Vulnerability Scoring System (CVSS)
CVSS Dynamic Components
PCI DSS Vulnerability Matrix
Risk Acceptance Plans - Creation
Vulnerability Management - Recommendations
Vulnerability Management - Key Concept
Conclusion
Taught by
BSidesLV
