توضیحات
Building effective defenses for your assets is a dark art. Mark my words; it
is so much more than any regulation, standard, or policy. After 20 years
in the information technology and security industry, it is easy to say
implement a vulnerability management program. It is easy to say patch
your operating systems and applications. Compliancy standards from
PCI, HIPAA, ASD, and others all say do it. They tell you how you should
measure risk and when you must comply with getting systems patched.
In reality, it is difficult as hell to do. No one technology works, and no one
vendor has a solution to cover the enterprise and all of the platforms and
applications installed. Its a difficult task when you consider you need
to build an effective strategy to protect assets, applications, and data.
Vulnerability management is more than just running a scan, too. It is a
fundamental concept in building your strategy and the regulations tell you,
you must do it, but not how you can actually get it done. What problems,
pitfalls, and political pushback you may encounter stymies most teams.
Yes, there are team members that will actually resist doing the right thing
from vulnerability assessment scanning to deploying patches. We have
seen it many times, all over the world. It is a cyber security issue and it is
not naivety either. It is a simple fear of what you might discover, what it
will take to fix it, what will break if you do, and the resistance to change. All
human traits.
Protecting your assets is fundamental security hygiene. In a modern
enterprise, everything connected to the network from router, to printer,
and camera is a target. This is above and beyond traditional servers,
desktops, and applications. If it communicates on a LAN, WAN, or even
PAN, it can be targeted. If its wired or wireless, a threat actor does not care
xxii
either; it can be leveraged. Knowing if its brand new versus end of life and
no longer receiving patches helps evaluate the risk surface, but not even
knowing whats on your network makes it near impossible to prioritize
and take effective action. This is completely outside of modern threats that
are still your responsibility in the cloud and on mobile devices including
BYOD.
While I have painted a picture of doom and gloom, the reality is that
you are still responsible for protecting these resources. Being on the front
page of the newspaper is not an option. The regulations, contracts, and
security best practices clearly highlight the need to do it.
This book is dedicated to this dark art. How do you actually create an
asset protection strategy through vulnerability management (and a lesser
degree patch management) and accomplish these goals? We will explore
years of experience, mistakes, threat analysis, risk measurement, and the
regulations themselves to build an effective vulnerability management
program that actually works. In addition, we will cover guidance on how
to create a vulnerability management policy that has real-world service-
level agreements that a business can actually implement. The primary goal
is to rise above the threats and make something actually work, and work
well, that team members can live with. Vulnerability management needs
to be more than a check box for compliance. It should be a foundation
block for cyber security within your organization. Together, we can figure
out how to get there and how to improve even what you are doing today.
After all, without self-improvement in cyber security, we will be doomed
to another breach. Threat actors will always target the lowest hanging fruit.
An unpatched resource is an easy target. Our goal is to make it as difficult
as possible for an intruder to hack into our environment. If somebody has
to be on the front page of the newspaper due to a breach, we would rather
it be someone elses name and business, not ours.
Morey J.Haber
————————————————————–
ترجمه ماشینی :
ایجاد دفاعی موثر برای دارایی های شما یک هنر تاریک است. کلماتم را نمره گذاری کن؛ این بسیار بیشتر از هر مقررات، استاندارد یا سیاستی است. پس از 20 سال در صنعت فناوری اطلاعات و امنیت ، به راحتی می توان گفت برنامه مدیریت آسیب پذیری را پیاده سازی کرد. به راحتی می توانید سیستم عامل ها و برنامه های خود را وصله کنید. استانداردهای انطباق از PCI، HIPAA، ASD و دیگران همه میگویند این کار را انجام دهید. آنها به شما می گویند که چگونه باید ریسک را اندازه گیری کنید و چه زمانی باید از وصله سیستم ها پیروی کنید. در واقعیت، انجام آن به اندازه جهنم دشوار است. هیچ فناوری کار نمی کند و هیچ فروشنده ای راه حلی برای پوشش شرکت و همه پلتفرم ها و برنامه های کاربردی نصب شده ندارد. زمانی که فکر میکنید برای محافظت از داراییها، برنامهها و دادهها به یک استراتژی مؤثر نیاز دارید، کار دشواری است. مدیریت آسیب پذیری بیش از اجرای اسکن است. این یک مفهوم اساسی در ساختن استراتژی شما است و مقررات به شما می گوید، باید آن را انجام دهید، اما نه اینکه چگونه می توانید آن را واقعاً انجام دهید. چه مشکلاتی، دامها و فشارهای سیاسی ممکن است با اکثر تیمها مواجه شوید
tag : دانلود کتاب بردارهای حمله دارایی , Download بردارهای حمله دارایی , دانلود بردارهای حمله دارایی , Download Asset Attack Vectors Book , بردارهای حمله دارایی دانلود , buy بردارهای حمله دارایی , خرید کتاب بردارهای حمله دارایی , دانلود کتاب Asset Attack Vectors , کتاب Asset Attack Vectors , دانلود Asset Attack Vectors , خرید Asset Attack Vectors , خرید کتاب Asset Attack Vectors ,
نقد و بررسیها
هنوز بررسیای ثبت نشده است.