Print Page   |   Contact Us   |   Sign In   |   Register
Vulnerability Management Improvements
Tell a Friend About This EventTell a Friend

When: 12:30 PM
Where: United States

« Go to Upcoming Event List  

Program Content:

Meltdown and Spectre vulnerabilities have affected virtually every computer on the planet and have forced us to re-evaluate how we patch our systems. Granted these vulnerabilities weren’t as critical to our institutions as others, buying us time, but they have been complex to patch and have challenged our capabilities. Beyond this, there has been no shortage of vulnerabilities to address in our institutions. We have even created a larger attack surface fueled by IoT devices, new product and service offerings, and outsourcing/cloud solutions. This has left us in a risky position when considering the state of the art vulnerabilities leaked by government agencies, bug bounty programs, and successful cybercrime campaigns like NotPetya. More opportunities and greater cybercriminal capabilities, what can go wrong?

We will explore the current state of vulnerabilities in our environments and discuss examples of some of the riskiest ones. Additionally, we will discuss best practices to reduce the risks these vulnerabilities introduce. Patching processes are one of the best practices that need a significant update to address the growing number of software application patches, operating system patches, BIOS patches, hypervisor and hardware patches. Risks from these vulnerabilities span far beyond our networks and introduce risk for data and money stored in the hands of third party systems and customer networks.

This session will discuss the major risks that we face and outline a vulnerability management program that will strengthen the security in your institution.

Covered Topics:
       • CVSS vulnerability scoring system
       • Meltdown/Spectre
       • Ransomware enabled vulnerabilities
       • Patch Management best practices
       • Continuous Vulnerability Scanning
       • External Penetration Testing
       • Vendor Management concerns
       • Customer security issues
       • Risk reducing layered controls

Who Should Attend:
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, and Network Administrators looking to understand both stronger management programs and technical solutions to vulnerabilities.

Chad Knutson is a Senior Information Security Consultant and serves as President of the SBS CyberSecurity out of Madison, SD. SBS is a leader in information security consulting for the financial industry in the US. SBS works with more than 900 banks around the country on information security services such as the development of Information Security Programs, Policies, and Risk Assessments, along with performing IT Audits, Penetration Tests, Vulnerability Assessment and other security services. Chad is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Security Controls (CRISC), and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance with an emphasis in Banking and Finance Security from Dakota State University. Chad has been with SBS since 2004 and has consulted with many financial institutions during this time.


Membership Management Software Powered by YourMembership  ::  Legal