Implement Risk-Based Vulnerability Management
If you're already a member, click here to log in.
Major Business Pain Points
Recommendations
Key Points
Approach
Methodology and Tools
Executive Brief
Read our concise Executive Brief to find out why you should design and implement a vulnerability management program, review the methodology, and understand the four ways we can support you in completing this project.
1. Identify vulnerability sources
Begin the project by creating a vulnerability management team and determine how vulnerabilities will be identified through scanners, penetration tests, third-party sources, and incidents.
2. Triage vulnerabilities and assign priorities
Determine how vulnerabilities will be triaged and evaluated based on intrinsic qualities and how they may compromise business functions and data sensitivity.
Vulnerability Management Workflow (Visio)
3. Remediate vulnerabilities
Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available. Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.
4. Measure and formalize
Evolve the program continually by developing metrics and formalizing a policy.
All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.