Learning how to build your remediation capabilities according to CORE.
Introduction
Cost-effective Operational Reliable Efficient CORE Technology Security involves only what is required to manage technology risks specific to each organization, no more and no less. By emphasizing CORE, declare the objectives and build to those objectives. Regarding security, CORE enables organizations to have 100% accurate asset inventories, proactively manage vulnerabilities, detect threats to each technology, respond to exploits (accidental or otherwise), and maintain business operations while recovery activities are underway.
Organizations should emphasize efforts to complete CORE Remediate once technology inventories are 100% accurate. Spend second-round capital budgets on vulnerability management and solutions, where budgets are limited after inventories are complete, on targeted and sustainable remediation.
Part 1: Configuration specifications
Part 2: Software Vulnerability Management and Full CORE Remediation Automation Specs
Summary
Technology Security Operations, or TechSecOps, is an approach focusing on building a CORE technology security program that emphasizes security operations first and deploying automation when and wherever possible to simplify security. Additionally, this level-setting program emphasizes doing the bare minimum to meet security objectives. CORE is not a compliance process; if built correctly, it will be compliant.
In these remediation videos, I explain the objectives to building a CORE remediation management capability including the processes, tools, and services to deliver network architecture configuration, endpoint hardening, and software patching.
Comments