Recently, as the VxWorks vulnerability surfaced, many organizations were not even aware of the fact that they had devices based on VxWorks.
To efficiently determine, how severe this vulnerability is to an organization, it needs to know if it is affected, how it is affected, and the magnitude of it all.
If organizations lack good inventory, it will quite possibly require substantial manual labour to obtain overview, and control.
On the other hand, assuming an inventory is in place, this provides best value, if it is kept up to date, reflecting any and all changes done to the devices. This is best achieved, by having a good change routine.
Hygiene has to do with both being prepared like having the tools and means to detect unwanted activities, but in this case, also to remove “test-things” once you are done with testing.
About Knut Erik Hauslo
Knut Erik Hauslo has been working for 15 years at the Norwegian Police University College, as IT operations manager, head of ICT, head of information security, and data protection officer. Since September 2019, he is working at Sopra Steria in Oslo, as a senior manager consultant for cyber security advisory.
Knut Erik Hauslo has a master’s degree in Forensic Computing and Cyber Crime Investigation, which he earned at University College Dublin.
When Knut Erik is not working with information security, he travels with his children to see they play ice hockey, watches pro teams play ice hockey, or even officiates an ice hockey game himself. It’s not all ice hockey, but that is pretty much the status from September to March.