Edge Industry Review’s “Fireside Chats: Analyst Edition” series of video interviews takes a ‘cyber’ turn this week as we cover Log4j and other issues in an interview with Cynthia Brumfield, cybersecurity analyst, author, and President of DCT Associates in Washington, D.C.
The recent disclosure of Log4j vulnerability serves as the backdrop for our talk about cybersecurity and risk management. Log4j is a widely used open-source logging framework for Java that has been around since 1999.
A recently discovered vulnerability in this software means that an attacker could exploit it to execute arbitrary code on the server machine and take control of it. This type of attack, known as remote code execution (RCE), is one of the most serious threats facing businesses today.
The interview offers an overview of what cybersecurity risk management is, and how it relates to managing security issues such as Log4j.
Other topics covered include
The US response to this and other security issues
The role of the NIST in developing the cybersecurity framework
Some key actions for organizations to take in response to Log4j
The chat concludes with a discussion about the fundamental contradictions executives face in running their businesses while managing cybersecurity risk.