Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9051PUBLISHED: 2021-02-24** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2020-9052PUBLISHED: 2021-02-24** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2020-9053PUBLISHED: 2021-02-24** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2021-1231PUBLISHED: 2021-02-24
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to inc...
CVE-2021-1361PUBLISHED: 2021-02-24
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitr...
User Rank: Apprentice
5/3/2013 | 11:37:24 AM
Great question which reveals the root cause.
The root cause (and Ira has been sucked this mentality also) is that executives typically view business and security as 2 separate universes. The same CEO that constantly looks at business indicators like free cash flow doesn't even conceive of security indicators like the number of files leaked by employees this week to their Dropbox accounts.
Considering the current levels of breaches and data loss and business impact - this is an absurd view of the world.
To make security part of the business, we need to start with CEO-level commitment to security just like she's committed to the bottom line. A companyGÇÖs management controls should explicitly include security:
Soft controls: Values and behavior sensing
Direct controls: Good hiring and physical security
Indirect controls: Internal audit driving by real time monitoring
After you do that - you can graduate to enforcement. As Andy Grove once said "A little fear is not a bad thing in the workplace".
See my essay on the Psychology of data security originally written in 2004.
http://www.software.co.il/2010...