Security Think Tank: Isaca guide on tackling Shellshock

What steps should businesses take to assess the true scope of their vulnerability to the Shellshock Bash bug?

It is important to methodically inventory and scan, evaluate web paths, test logs for keywords, patch, and be vigilant for variants.

Global IT association Isaca recommends a systematic approach to prevent problems. This includes the following key shifts:

- From Maginot Line-style controls to proactive management practices, such as those in the Cobit 5 framework.

- From after-the-exploit inventory to current dependency diagrams (valuable beyond security).

- From narrow risk registers or flat scenarios to dynamic, real world “what if?” scenarios, more like sports or a good film plot. These are vital to staying ahead of attackers.

- From figure-it-out after the common vulnerabilities and exposures (CVE) to train as a team to anticipate and act.

Security managers and CIOs can get ahead with these management practices. Scenario analysis is the heart of risk management and realistic scenarios are born in rigorous workshops.

More on Shellshock


Brian Barnier is a risk advisor with Isaca and partner at ValueBridge Advisors

This was last published in November 2014

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close