Last Thursday, I attended a very interesting event entirely dedicated to Vulnerability Management – open ISACA Moscow meetup. Me and my former colleague from Mail.Ru Group Dmitry Chernobaj presented there our joint report “Enterprise Vulnerability Management: fancy marketing brochures and the real-life troubles”.
The number of registered participants totaled 120. As I can tell looking at the photo below, there were about 80 people in the hall after the second presentation. For a highly focused local information security event, it’s a lot. According to the organizers, it was the largest ISACA Moscow meetup. Thanks to everyone who came!
I would like to mention a well-structured agenda. There were 4 presentations arranged in order: from the most theoretical / methodical to the most practical. And our presentation was the last one.
Oleg Boyko started the event. He was talking about the place of Vulnerability Management in COBIT 5 framework. I don’t know COBIT good enough to comment on this. The main thing I’ve noticed is that among the 37 COBIT 5 processes, there is no a process for managing the vulnerabilities, such as Manage Assets or Manage Configurations.
Continue reading