Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Qualis how+to+reduce+business+risks+by+implementing+vulnerability+management+process+~20100413


Published on

Reducing Business Risks By Implementing A Vulnerability Management Process

  • Be the first to comment

  • Be the first to like this

Qualis how+to+reduce+business+risks+by+implementing+vulnerability+management+process+~20100413

  1. 1. How to reduce business risks by implementing VULNERABILITY MANAGEMENT process? Edvinas Pranculis MM, CISA, CISM Regional Account Manager – Eastern Europe & Central Asia
  2. 2. Agenda Risk Management Vulnerability Management QualysGuard & SaaS Model Q&A
  3. 3. Risk Management Process How to treat risk? Risk Treatment Techniques Risk Transference Risk Acceptance / Tolerance Risk Mitigation / Reduction Risk Avoidance Risk Containment * AS/NZS 4360:2004
  4. 4. Defining Risk & Risk Mitigation What is most effective way to reduce risk? Risk Mitigation Techniques Reduce Threats EFFECTIVENESS Reduce Vulnerabilities Reduce Asset Value Detect Recover Level of Risk = f (BI, LoT, LoV)
  5. 5. Need for Vulnerability Management Vulnerabilities on Sources of Vulnerabilities network are GOLD to cyber criminals: Programming errors Unintentional mistakes – Provide unauthorized entry to Intentional malware software networks Improper system configurations – Can expose confidential information, Remote users sidestepping fuel stolen identities, violate privacy perimeter security laws, or paralyze operations Rising attacks through viewing – Exposure is extreme for networks popular websites with vulnerable devices connected Flaws in algorithms by IP etc.
  6. 6. Key to Security? Fixing problems before bad guys find them… Hacking Linux Exposed “… the countermeasure that will protect you, should a hacker scan your machines with a scanner, is to scan your own systems first. Make sure to address any problems and then a scan by a hacker will give him no edge…”
  7. 7. Security + Compliance Lifecycle Workflow Under this new paradigm, a system is deemed out of compliance if it is: Vulnerable to attacks Improperly configured In violation of internal policies or external regulations
  8. 8. Security + Compliance Delivered as a Service Bringing Security and Compliance Audits in a Single Solution, Operationalising it and Delivering it as a Service NO SOFTWARE TO INSTALL AND MAINTAIN
  9. 9. Reporting Communicate and consult And Delivering it as a Service The Security + Compliance Conundrum Leveraging CobIT, ISO, ITIL and NIST Security & Compliance Frameworks
  10. 10. QualysGuard Global Infrastructure Security + Compliance End to End Security Annual Volume of Scans: 500+ millions IP audit scans with 7,000 scanner appliances in over 85 countries The world's largest VM enterprise deployment at a Forbes Global 50 with 220+ scanner appliances deployed in 52 countries scanning ~700 000 IPs
  11. 11. QualysGuard Adoption by Industry Verticals Page 2 of 2 Media Energy/Utilities Consumer Products Health Care Manufacturing Education Transportation Government
  12. 12. QualysGuard Adoption by Industry Verticals Page 1 of 2 Insurance Financial Services Financial Services Chemical Portals/Internet Retail Technology Consulting
  13. 13. Qualys Strategic Partners Global Partner Network Media
  14. 14. Benefits of Vulnerability Management Vulnerability management gives you control and visibility to manage your networks security effectively and document compliance Vulnerability management is PROACTIVE approach to security
  15. 15. Q&A Thank You Please visit for a 14-day FREE trial - NO SOFTWARE TO INSTALL OR MAINTAIN -