Actions Panel
ISSA Portland Holiday Party
When and where
Date and time
Location
Con-Way 2055 Northwest Savier Street Glenn Jackson Conference Room Portland, OR 97209
Map and directions
How to get there
Refund Policy
Description
Timing:
Doors open: 3:30PM
Presentation at 4:00PM
Upon adjournment we will move to McMenamins Taven & Pool located at 1716 NW 23rd - Portland, Or (503) 227-0929 for networking and holiday cheer which will include two drinks per attendee as well as appetizers.
Location:
Con-Way
2055 Northwest Savier Street
Portland, OR 97209
Then move to
McMenamins Tavern & Pool
1716 NW 23rd
Portland, Oregon
Networking, with drinks & hors d'oeuvres throughout.
Presentation:
Considerations of a Mature Vulnerability management Program
In this presentation, Jesika McEvoy with Rapid7 will address best practices for standing up an effective vulnerability management program. Key questions like the following will be answered:
- What are the roles/responsibilities that are needed to do vulnerability management?
- What kind of timelines are reasonable in terms of expectations for remediation of a vulnerability after a scanner finds it? Are there industry best practices?
- When a vulnerability is found that cannot be directly remediated via a patch or configuration change, what should a company do? Are there best practices for various types of mitigating controls that should be considered? What is the role for risk acceptance, and how should risk acceptance be documented and periodically reviewed?
- How can organizations take the results from traditional network vulnerability scanners, and manual penetration testing engagements from third parties, and static/dynamic application security testing (for example: Veracode) results and manage them all in a comprehensive vulnerability management program.
Who:
Jesika McEvoy, CISSP – Deployment and Training Consultant, Rapid7
Jesika has a unique background in the security space, with nearly 15 years of applied information security experience and a bachelors degree in Business Management. She followed a fairly typical path, moving from security operations into penetration testing and assessment consulting, but quickly became frustrated with returning year after year to the same clients only to find the same critical vulnerabilities and control gaps. She has spent the past four years consulting on security architecture and process development to help organizations drive security awareness and cross-functional workflow adoption.
CPEs:
ISSA meeting are appropriate for CPE credit. The chapter maintains proof of attendance for members but it is the members responsibility to ensure that these CPE's are credited to their respective accounts.