Threat-Informed Defense, CISA, CVEs and ATT&CK w/ MITRE Engenuity

The Cyber Ranch Podcast - En podcast af Allan Alford - Onsdage

Kategorier:

This week, Allan is joined by some serious heavy hitters in cyber. Richard Struse (Director for the Center for Threat-Informed Defense at MITRE Engenuity), Jonathan Baker (Director of Research & Development, Center for Threat-Informed Defense at MITRE Enginuity), and Jonathan Reiber (Sr. Director for Cybersecurity Strategy and Policy @ AttackIQ). The four are here to have a conversation about CISA's new BOD that outlines 290 key vulnerabilities that require focus, the coincidental mapping of the CVE database to MITRE ATT&ACK, and the implications for all of us.  Of special note is the fact that ATT&CK is already mapped to NIST SP 800-53, meaning that we now have an opportunity to move bi-directionally from a threat-informed defense or to start with a framework and back into vulnerabilities. The implications for our industry are huge. They also discuss briefly an overview of the bi-partisan work in both the Executive and Legislative branches to further cybersecurity interests and the release of CMMC v 2.0. This show is packed.   Key Takeaways: 01:58 Backgrounds 04:02 CISA – BOD 22-01, highlighting the key 290 known vulnerabilities 07:45 Helping organizations prioritize vulnerabilities 11:31 Starting with either framework or threats: Which is better? 14:18 Seeing through the politics - What is actually happening behind the scenes? 19:07 Developing the mapping 23:54 Since the invention of CVE 26:14 CMMC v 2.0 29:37 How do we change the game? 31:09 Getting a large organization to agree with vulnerability prioritization   Links: Follow Richard Struse on LinkedIn Keep up with Jon Baker on LinkedIn Follow Jonathan Reiber on LinkedIn & his website Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Attack IQ

Visit the podcast's native language site