Page 46 - FULL MAGAZINE - KUSCCO.indd
P. 46
OPINION
4 things your CEO wants
to hear about security
breaches
CPA Derrick Majani
Member Internal Audit Subcommittee, ICPAK
s$5(:($75,6."S <HVZHDUHDZDUHRIWKLV :HNQRZKRZPDQ\
FULWLFDOYXOQHUDELOLW\ PDFKLQHVDUHYXOQHUDEOHLI
That’s a question that all IT professionals DQ\LQRXURUJDQL]DWLRQ
have heard at one time, whether you are an You cannot get ahead of the problem
(3@TCHSNQ@RDBTQHSXBNLOKH@MBDN?BDQNQ if you depend on the same source of An average of 38 new vulnerabilities
an IT operational manager. information as your CEO (e.g., the news @QDHCDMSH?DCDUDQXC@X
3GD
cycle). challenge is that you don’t know
It may come from your CIO, CTO, or even in advance how many of these
your CEO, but it’s always the same story. The solution? Get your data directly new security holes apply to your
A security breach is making the news and from the source, such as the United organization; it is likely that not all of
they want to know if your organization is States Computer Emergency Readiness those vulnerabilities will be relevant
exposed to that risk or any others. Team (US-CERT). You could simply sign to your systems.
up to their weekly email summary of
They expect YOU to have the answer. It’s all new vulnerabilities, sorted by risk To be sure, you will need to cross-
that chilling moment when strategic risk level. However, this means relying on reference the list of vulnerabilities
meets daily reality. someone reading this email diligently with your list of assets: for each
and having enough knowledge about vulnerability, check the full list
So, what will you say? your architecture to identify which ones of software installed across your
are relevant—not an ideal solution. organization. This easily results in
The answer is to own that moment and hundreds of millions of comparisons
be a super star. Here is what you need to A better way is to automatically retrieve to run!
respond with: that data from the web. ACL Analytics
N?DQRL@MXC@S@BNMMDBSNQRNTSNESGD Luckily, ACL has been a leader in data
Yes, we are aware of this critical box and can also connect to custom analysis for the past 30 years and
vulnerability. APIs. The result: a consolidated table can turn this daunting and seemingly
with all the vulnerabilities information impossible task into something that
We know how many machines you need, instantly retrieved from US- takes just minutes to handle:
are vulnerable (if any) in our CERT. And with ACL Analytics Exchange,
organization. you can schedule the import as often Use ACL powerful text analysis
as you want: every week, every day, or and fuzzy-matching functions
every hour. to match disparate data
The emergency patching has Summarize the data to reduce
already started. the volume and accelerate
treatment
Here is the progress so far.
+DUDQ@FDOQDUHNTR?MCHMFRSN
focus on what’s new and avoid
CTOKHB@SHMFD?NQSR
44| SACCO Star Magazine
