Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management

Vulnerability Management: Essential Components

Steve Yurich, CISO of Penn National Insurance, on the Need for Frequent Scanning
Steve Yurich, CISO at Penn National Insurance

Effective vulnerability management requires more frequent scanning of infrastructure, says Steve Yurich, CISO at Penn National Insurance.

See Also: Case Study: Global Pharma Expands OT Visibility and Strengthens Security

“A large number of breaches occur where vulnerabilities have existed for more than three months," he says. "We have a large internal network with a lot of devices. We set up an internal scanning of the infrastructure that we do on a monthly basis. We have also established a process to engage with different app teams for scanning.”

In a video interview with Information Security Media Group, Yurich also discusses:

  • His organization's vulnerability management process;
  • Why vulnerability management is far more than a one-time process;
  • Top recommendations for establishing an effective vulnerability management program.

Yurich, CISO at Penn National Insurance, has run cybersecurity programs for government and private entities. He is a Certified Information Systems Security Professional, or CISSP, and is Certified in Risk and Information Systems Control, or CRISC.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.