Vulnerability Management

Contributed by Joseph Johann

With the proliferation of new attack vectors comes the need to be able to identify security vulnerabilities, rate them, and patch them as quickly as possible. This involves a systematic approach to managing this process. In this paper I will define the industry standards for vulnerability management. This includes the methods for identifying vulnerabilities and classifying their risks as well as the individuals involved in the process. I will also define the steps involved in performing a vulnerability assessment and some tools that can facilitate the process. Furthermore I will discuss sources of current vulnerability information and steps that can be taken to protect assets when a patch is not currently available. Finally I will discuss industry regulations that require organizations to have vulnerability assessments performed on a regular basis.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet