2 hours 35 minutes
All right. Welcome to our final lesson. We're at less than 4.5, improving overall security. We're gonna tie together everything that we've learned in all of our different modules and lessons.
All right, so we're learning objectives. Why? Consolidating products can help improve vulnerability management. How to effectively prioritize vulnerability Management's. We've touched on that quite a bit. So we're just gonna kind of pull it all together,
building teams that are gonna communicate. They're gonna work together. They're gonna help improve the maturity of your vulnerability management.
Ah, model. And then some final takeaways for executive leadership and any management who are interested in learning more about vulnerability management.
All right, product consolidation. I've said it before. I'll say it again. Get rid of VOL. Software. If it's end of life, try to get rid of it. Encourage teams to find new solutions.
There's a lot of great new software out there, and a lot of companies who are building open source tools a lot of great things that you may be even be able to find a free tool to kind of help get rid of an end of life, um, solution, even if it's just an interim solution so you can have an updated product or product you know is gonna be updated,
um, to get rid of that end of life software,
virtualization or cloud can lower your risk profile. However, be aware that cloud just because it's in the cloud doesn't mean that you don't need to patch it. There's still plenty of, um, software and applications OS that need to still be patched. And depending on your
model that you're using in the cloud, you may be responsible for that. So just be aware of that, too.
when creating new I T product projects, consolidate old hardware and software, get rid of whatever you can, Um, if you're going to spend money on new products,
try to get rid of all that other stuff that maybe you're spending money on to. Maybe you can spend less money on one tool or a couple pieces of hardware and get rid of some old stuff.
Have a software specials, research, best solution. So this is where you could have a security specialist or an I T architect, someone who could come in and say, You know what, this one product we could get rid of three products if we use this one, so have someone really do the research before you decide? Teoh go forth and purchase new projects.
Vulnerability, Remediation. You know, I put that big question mark there because there's a lot of questions when we're talking about remediation. So it's important to say
what's critical to my businesses. That data is a P. I is applications that are customer facing. What's important? Um, identify identification. That is the one thing that you know should really be a big take away. Identify what vulnerabilities you have. That's gonna be the big thing on to help push you forward.
Conductor Risk assessment include everybody you know. Tell everybody what you're doing. Tell them Hey, you want to come to our weekly risk assessment meetings, you know, come bring to the table what you're working on, what you've got going on.
Ah, and then you can't fix everything if your big organization, maybe you can, but some smaller medium size my people harder. You can't really fix everything so focused on what's most critical first and then, you know, maybe prioritized from there, see what's go down the line and figure out what can kind of weight to remediate next.
Teamwork. I'm a big believer in having all the teams communicate. I t developers, administrative security teams have everybody communicate. You know, security is everyone's responsibility, and I think having some awareness off vulnerability management and patch management can be really crucial. It can really help people understand
why they're doing what they're doing or why you're doing what you're doing.
You know why your security team is hounding on you about vulnerabilities, you know, understanding why is really important
having a security liaison? I have seen that be really effective working together between 19 security development teams, you know, have someone who can kind of be able to talk to everybody. Have you know, you need someone who can kind of speak those languages and understand what those requirements are. But if you can have someone like that, they could really help improve efficiency
in the vulnerability management process.
Uh, and again, communication. I know it sounds easy. It's like, Oh, yeah, just everybody talked to each other, but it's really difficult to actually implement. So, you know, um,
adding opportunities for people to come to a weekly standing meeting, you know, identify a POC from, you know, one person from each group who can make that, you know, make that time available for them on then train employees.
You know, there's so much great material out there. There's lots of great stuff on cyber worry about vulnerability, management and different things within vulnerability. Management s O. You know, use training at your disposal. Teach people about why this is important and it could help reduce your risk profile.
Okay, so final take away is awareness. I think awareness is key to effective vulnerability management and really any security practice. Um, you're from an executive standpoint. Just being aware that there are, you know, what complications can come with us, what issues may arise and then how to solve them. Ah, higher vulnerability, Manager. An expert.
You know, I'm sure you can hire them on a contract basis if you can't hire full time. But you could have someone come in and do kind of a risk assessment for you and say, Listen, this is the most critical stuff you should focus on.
Ah, send everybody to security training or making available, you know? Say, hey, we've got the security training for you. We'd really like for you to take it. It could help you understand your wife security is so important
again. Improved communication about vulnerability. Specifically.
It's okay. We have vulnerabilities. That's okay. We need to know what they are, so we can fix them
on that. This is not a one time exercise
that we're not gonna do vulnerability management in a day and say, Okay, we're done. We need to have continuous monitoring in place. We need to have a constant research done. We need to always be looking out For what? That next big, uh,
you know, vulnerability or patch is gonna be what it's gonna mean to our system. So, um,
constantly be vigilant about security and vulnerability management.
Okay, so in today's video, we talked about how product consolidation can improve vulnerability management,
how we can effectively remediate those vulnerabilities.
How our team work on and improve involving all groups can really improve overall security, aligning those teams on, and then some of the main takeaways for executives so that you could really help in the vulnerability management process.
Ah, and that's it for me. This the last lesson? Thanks very much. Uh, and I'll see on the next one