SANS Vulnerability Management Maturity Model

Learn about two vulnerability management challenges that organizations have - prioritization and reporting - and how the new SANS Vulnerability Management Maturity Model provides a roadmap for managing these areas of concern. The SANS Vulnerability Management Maturity Model describes the characteristics of a comprehensive VM program, and emphasizes how you can advance each focus area. Leveraging the material in MGT516: Managing Security Vulnerabilities: Enterprise and Cloud course, the model provides both a guide for organizations to self-assess their program and a blueprint for how to progress your VM program. Come join MGT516 co-author Jonathan Risto as he walks through the model and corresponding poster, the background and thinking on the maturity model, and highlights key action items. Speaker Bio Jonathan Risto With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching. Currently, Jonathan works for the Canadian Government conducting cyber security research in the areas of vulnerability management and automated remediation. He is also an independent security consultant. Jonathan is a co-author and instructor for SANS MGT516: Managing Security Vulnerabilities – Enterprise and Cloud, and has been an instructor for both SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC440: Critical Security Controls: Planning, Implementing, and Auditing.