Go offline with the Player FM app!
Episode 95: Episode 203 - Evaluating Your Security Program: Threat Mapping
Archived series ("Inactive feed" status)
When? This feed was archived on October 02, 2020 00:10 (). Last successful fetch was on July 03, 2019 15:18 ()
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 197973508 series 12330
Show Notes
Episode 203 - Evaluating Your Security Program: Threat Mapping
- Why Evaluate Your Program
-
- Part of annual policy review
- If you don’t evaluate you will never improve
- Continual review will help protect your budget
- Awareness and Education is how most people in your org know the program
- Threat Mapping maps the outside threats to your inside controls & tech
- Communications is that final turn from the inside out
- Start At The Outside and Move Your Way In
- How is this different from threat modeling?
- Threat modeling is listing what could happen to you.
- Threat mapping is mapping the holes in your program.
- What is “Threat Mapping”?
- Must have a assessment management program
-
- you can’t protect what you don’t know about
- This isn’t “I have a CMDB”. It’s actually taking actions based on what you know about what you have
- Map assets to known threats
- industry
- entry points
- technology
- Online threat maps
- What are you doing to know this?
- What controls do you currently have in place to mitigate or reduce the risk?
- Understand what your “real” threats are
- Apps
- Infrastructure
- 3rd parties
- etc
- Scope and prioritize - break down into areas to tackle
- How To Get Started
- Scorecard (KRI)
-
- What is important and helpful
- Risk Registry
- How To Measure
- Use your risk registry or GRC tool to track progress and keep management updated. You need them onboard to improve.
- once you have some areas mapped don’t ignore them
- implement solid change control and change management processes
- keep risk scores updated so you aren’t focusing on unimportant things
- How To Improve/Modify
105 episodes
Archived series ("Inactive feed" status)
When? This feed was archived on October 02, 2020 00:10 (). Last successful fetch was on July 03, 2019 15:18 ()
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 197973508 series 12330
Show Notes
Episode 203 - Evaluating Your Security Program: Threat Mapping
- Why Evaluate Your Program
-
- Part of annual policy review
- If you don’t evaluate you will never improve
- Continual review will help protect your budget
- Awareness and Education is how most people in your org know the program
- Threat Mapping maps the outside threats to your inside controls & tech
- Communications is that final turn from the inside out
- Start At The Outside and Move Your Way In
- How is this different from threat modeling?
- Threat modeling is listing what could happen to you.
- Threat mapping is mapping the holes in your program.
- What is “Threat Mapping”?
- Must have a assessment management program
-
- you can’t protect what you don’t know about
- This isn’t “I have a CMDB”. It’s actually taking actions based on what you know about what you have
- Map assets to known threats
- industry
- entry points
- technology
- Online threat maps
- What are you doing to know this?
- What controls do you currently have in place to mitigate or reduce the risk?
- Understand what your “real” threats are
- Apps
- Infrastructure
- 3rd parties
- etc
- Scope and prioritize - break down into areas to tackle
- How To Get Started
- Scorecard (KRI)
-
- What is important and helpful
- Risk Registry
- How To Measure
- Use your risk registry or GRC tool to track progress and keep management updated. You need them onboard to improve.
- once you have some areas mapped don’t ignore them
- implement solid change control and change management processes
- keep risk scores updated so you aren’t focusing on unimportant things
- How To Improve/Modify
105 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.