3:00 PM – 3:25 PM
Track: Management & strategy
Complexity: Intermediate
ITSEC security professionals have traditionally communicated risk in the language of vulnerabilities: how many CVEs a machine has, severity mix and so on. We have been spearheading the move away from static vulnerability scores to real-time cyber-exposure indices, weaving asset context, vulnerabilities, threat detection, configuration drift detection and attack path analysis into an integrated view that identifies true system exposure. By mapping this exposure approach into the higher level risk matrices used by executives (financial, safety, environmental and reputation risk) we can align IT and OT ITSEC data with C-level corporate language and initiatives to maximize our utility and drive further ITSEC investment.
Speaker: Dominic Storey – Tenable