PR.PS-02.244

Does your organization have a process to identify, uninstall, and remove unauthorized software and services that pose security risks?

Explanation

Unauthorized software and services can introduce significant security vulnerabilities into your environment, including malware, backdoors, or applications with known security flaws. A formal process to identify and remove such software helps maintain a secure and controlled IT environment by reducing the attack surface available to potential threats. Evidence could include a documented software approval process, regular software inventory reports showing authorized vs. unauthorized software, screenshots of software management tools (like Microsoft SCCM or similar), and logs or records of unauthorized software removal actions.

Implementation Example

Uninstall and remove unauthorized software and services that pose undue risks

ID: PR.PS-02.244

Context

Function
PR: PROTECT
Category
PR.PS: Platform Security
Sub-Category
Software is maintained, replaced, and removed commensurate with risk

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron