With ever increasing number of cyber attacks and rapidly changing threat landscape, role of CISO has been more critical for entire business operations and sustenance. CISOs face with constant challenges with what tools and infrastructure security solutions to procure to secure their IT assets. They have built layers of defensive security solutions but in spite of all measures, they often face with concerns with malicious hackers who find security vulnerabilities within their Application and often threaten them with some ransom.
CISOs are often not ready for these kind of challenges and don’t know how to handle with these hackers. Business reputation and continuity can be a huge stake in this situation. But there is something that CISOs can adapt to avoid this kind of unseen circumstances.The key is to handle such situation is two folds: 1. Creating a coordinated vulnerability disclosure policy and 2. Participate in Managed bug bounty program for continuous security testing of application to discover security vulnerabilities and get it fixed before it gets discovered by malicious hackers.
Coordinated Vulnerability disclosure Policy
For Vulnerability disclosure policy, organizations can follow ISO/IEC 29147:2014 which provides guidelines for the disclosure of potential vulnerabilities in products and online services.
It details the methods a vendor should use to address issues related to vulnerability disclosure. ISO/IEC 29147:2014
- provides guidelines for vendors on how to receive information about potential vulnerabilities in their products or online services,
- provides guidelines for vendors on how to disseminate resolution information about vulnerabilities in their products or online services,
- provides the information items that should be produced through the implementation of a vendor’s vulnerability disclosure process, and
- provides examples of content that should be included in the information items.
ISO/IEC 29147:2014 is applicable to vendors who respond to external reports of vulnerabilities in their products or online services.
Aligning Security with Organization’s business goals
The key concern of CISOs is how to align security with organization’s business goals. It is essential to identify and map critical business application & IT infrastructure with context to business objectives. These critical business application needs continuous security penetration testing to identify security vulnerabilities and fix it early one. At SafeHats, we help enterprise to create Vulnerability disclosure policy for their public facing digital assets and provide a platform for external security researchers to report any kind of security issues if they find while using any of the enterprise’s digital assets. This also helps to streamline security incident management process. The platform manages the communication coordination between external researchers and internal security team. CISO must adapt to proactive approach in identifying vulnerabilities and stay ahead in security of their business assets .
For more information, please contact us at firstname.lastname@example.org
Visit https://safehats.com for more information.