Vulnerability Scanning for Nonprofits with Johan Hammerstrom

Community IT Innovators Nonprofit Technology Topics

Community IT Innovators에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Community IT Innovators 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

4M ago 28:22

MP3•에피소드 홈

Most nonprofits will be asked about vulnerability scanning when they renew cybersecurity liability insurance or complete an annual audit. Do you know what it means and what you should do to comply?

The takeaways:

There is no one-size-fits-all vulnerability scanning app for your entire organization. You will need to do vulnerability scanning on various systems and the scanning will be different.
As part of your incident response planning you should have an inventory of your general vulnerabilities – website, any custom apps, any customized anything, and then other apps and tools. Check in with your IT team and stakeholders.
If you are being asked to check off a box on your cyberliability insurance or part of your annual financial audit, talk with the auditors or your insurance broker to get more clarity.
In addition to checking this necessary box, vulnerability scanning is an important layer of protection to have around your organization and your mission. Take it seriously, but realize that as a buzzy term, you may be approached by vendors overselling what you need.
A trusted IT partner – whether a board member, IT director, or outsourced IT provider – can help you wade through the options and choose the one that fits your budget, risk profile, and the specifics of your IT set up.

Vulnerability scanning is the process of using automated tools to scan for weaknesses in computer systems, apps, networks, and platforms. It is particularly necessary for websites, to avoid falling victim to hacks and ransom extortion. It is a proactive approach to finding these flaws and vulnerabilities before outsiders and hackers can. Doing vulnerability scanning will help your nonprofit learn where risks may hide, and allow you to take proactive steps to mitigate risks and correct errors in configuration. Vulnerability scanning providers will need access to your systems and will provide a comprehensive report on vulnerabilities found, often arranged by most immediate risks or risks most potentially damaging.
Many security regulations and standards require periodic vulnerability scanning. Nonprofits are being asked to complete vulnerability scanning as part of renewing cyberliability insurance or complying with enhanced annual audits as part of SAS145 guidelines. Vulnerability scanning helps prioritize remediation efforts by highlighting the most critical vulnerabilities, and should be a continual process renewed periodically to help improve nonprofits’ security posture.

Many providers will use the label “vulnerability scanning” so it is important to understand what is meant by this term and what the provider will do and report on. There is no one universal vulnerability scanner. Different systems must be scanned with their own automation.

If you have questions that aren’t answered by this podcast, talk to us! On our site we have free resources on basic cybersecurity and IT governance policies. You can use our downloadable Cybersecurity Playbook or other online resources, or schedule time with our Cybersecurity Expert Matthew Eshleman to ask your questions.

_______________________________
Start a conversation :)

Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
email Carolyn at [email protected]
on LinkedIn

Thanks for listening.

253 에피소드

#Tech #Community IT Innovators #Nonprofit #Nonprofit Technology #Nonprofit Management #Fundraising #Charity #Non-Profit #Business #Communities #Nonprofit Leadership #NGO #MSP #Managed IT Services #Outsourcing