Vulnerability management

It is very important to note that many of the things that cause an all-hands-on-deck situation relate to how an enterprise information system is managed. If an enterprise information system is not regularly patched, then this leads to an all-hands-on-deck situation.

Vulnerability management is the process of:

• Identifying vulnerabilities that are applicable to your information system:
  • Vulnerabilities can be identified through the use of enterprise vulnerability management tools such as Nessus
  • Additionally, the information security professional should be reading information security blogs and should be subscribed to the security sites for the vendors that they use
• Triaging vulnerabilities that are applicable to your information system:
  • The information security professional must determine the risk that a given vulnerability presents to the organization and communicate that risk effectively
  • It must be clearly represented whether this is an all-hands-on-deck or a planned approach to the vulnerability mitigation exercise

• Researching, planning, and deploying mitigations to applicable vulnerabilities:
  • There may be multiple tasks that makeup vulnerability mitigation. The information security professional must fully understand these steps, effectively communicate these steps to stakeholders, and completely deploy the appropriate countermeasure to adequately mitigate the vulnerability.
• Monitoring the information systems to ensure that the vulnerabilities have been fully mitigated:
  • You must ensure that vulnerabilities have been fully mitigated within an information system
  • Utilizing a vulnerability assessment tool for this stage will allow you to continuously assess your information system during vulnerability mitigation to assess your progress and understand when you have met your goal