Software whitelists, part of an organization's software policies, control which applications are permitted to be installed or executed on an organization's devices and network. In this post, I describe how whitelisting and real-time monitoring of log data can reduce the organization's exposure to cyber attack.
In line with its risk management program, an organization might decide to host unsupported applications on its supported or unsupported operating systems. In this post, I describe how organizations should upgrade, replace, or retire unsupported software assets, including operating systems.
Having a managed software asset inventory helps an organization ensure that its software is identified, authorized, managed, or retired before it can be exploited. In this post, I describe why your organization should establish a software inventory to manage its software.
Risk tolerance--the amount of risk an organization is willing to accept--should be part of your organization's comprehensive risk management program. In this post, I describe how your organization can define its risk tolerance.