It is important to methodically inventory and scan, evaluate web paths, test logs for keywords, patch, and be vigilant for variants.
Global IT association Isaca recommends a systematic approach to prevent problems. This includes the following key shifts:
– From Maginot Line-style controls to proactive management practices, such as those in the Cobit 5 framework.
– From after-the-exploit inventory to current dependency diagrams (valuable beyond security).
– From narrow risk registers or flat scenarios to dynamic, real world “what if?” scenarios, more like sports or a good film plot. These are vital to staying ahead of attackers.
– From figure-it-out after the common vulnerabilities and exposures (CVE) to train as a team to anticipate and act.
Security managers and CIOs can get ahead with these management practices. Scenario analysis is the heart of risk management and realistic scenarios are born in rigorous workshops.
More on Shellshock
Security Think Tank: Guidelines for dealing with Shellshock
Security Think Tank: Lessons from Shellshock
Security Think Tank: Shellshock – check, patch, monitor
Security Think Tank: Businesses cannot afford to be complacent about Shellshock
Brian Barnier is a risk advisor with Isaca and partner at ValueBridge Advisors
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK
This was first published in November 2014