Is Your Firewall a “High Risk Entity”
Not trying to be overly snarky here, but I was reviewing some GRC product literature recently. And there was a screenshot of an application window showing how the software helps identify “high risk entities”. And in the screenshot, there were 5 of these entities listed, each with corresponding risk ratings (High/Medium/Low) and scores (really just non-measurement ordinal numbers). The screenshot showed that the riskiest entity of the five shown was a Checkpoint Firewall-an assertion backed up by the non-measurement “Risk Score”. The lowest risk scores were shared by a nameless Web Application and an entity called “Oracle App”.
My friend, I’m going to give you a hint. If your firewall is “high risk” and your actual business applications are “low risk” - you might be doing it wrong.
Myrcurial Aug 18
Much like one of my favourite Sesame Street segments…
Risk 1, Risk 2, Risk 3, Risk Cookie Monster, Risk 5…
Concur Alex, without an appropriate frame of reference (and the right translation from the perspective of the business about what constitutes high vs. low) most of the new crop of GRC related crap-ware is just so much expensive masturbation for an organization that can usually ill afford it.
And name names — what are you, some sort of responsible disclosure reviewer?