Kansas City June 2013 Meeting
Thurs, June 20, 2013
Johnson County Community College
Regnier Center Room 344.
Adding Risk Analysis and KPI Reporting to Your WebApp/Vuln Scanning
Discovering your enterprise vulnerabilities has become much easier with scanning tools. However, many organizations still struggle with handling the vulnerabilities that have been identified. Which ones should we fix first, and which ones can we ignore? Who should be responsible for the remediation task, and how can we hold them accountable? These questions and others common struggles for organizations large and not-so-large. In this presentation, we will look at:
Methods to consolidate and de-duplicate scanning results from leading security tools,
Automatically correlate results with assets, incidents, controls, policies, and other compliance/security data,
Conduct risk scoring of each vulnerability and calculate inherent/residual risk scores for the vulnerability, asset, system, facility, and other records,
Assign remediation workflow for vulnerabilities and hold owners accountable,
Correlate scanning results with industry feeds such as US-CERT's NVD and iDefense,
Report on Key Performance Indicators (KPIs) such as workflow performance, trends per webapp/platform/Business Unit/Facility, and other categories.
Larry Slobodzian is a Senior Solution Engineer at LockPath and an Adjunct Professor of Information Systems at Baker University. With over 16 years of networking, compliance, and security experience, Larry has broad experience with solving complex business problems leveraging technology. He is a Veteran Marine with an MBA and technical certifications, making him one of the most dangerous Doctor Who fans in Kansas City.
- Attendance at an OWASP chapter meeting is free and open to anyone interested in web application security
- No registration is required, although RSVPs to the chapter leader are appreciated
- Professionals with CISSPs, or other certifications, can earn CPE credits by attending
We meet at least once a quarter to discuss application security. If you have an interesting topic you'd like to present or discuss at future meetings, please send an email to caughron[at]gmail com. Or, get a discussion going by posting a message to our mailing list.