CyberSecurity's Vulnerability Management Strategy

5,230 views

Published on

CyberSecurity's Vulnerability Management Strategy

Published in: Business
6 Comments
6 Likes
Statistics
Notes
No Downloads
Views
Total views
5,230
On SlideShare
0
From Embeds
0
Number of Embeds
143
Actions
Shares
0
Downloads
100
Comments
6
Likes
6
Embeds 0
No embeds

No notes for slide

CyberSecurity's Vulnerability Management Strategy

  1. 1. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or mesbernard@gmail.com  Create an Inventory of assets in scope documenting hardware equipment, operating systems, and software applications used within the organization to be included in vulnerability management.  Monitor manufacturer’s for vulnerability announcements and patch releases.  Prioritize remediation using a risk management ranking system.  Create a registry of assets requiring remediation.  Test patches before deployment to ensure standardized configurations are unchanged.  Distribute patch installation and testing instructions to local administrators.  Perform automated deployment of patches where possible to remove potential human error.  Use automatic update of applications whenever possible and appropriate.  Verify and validate vulnerability remediation using infrastructure scanning tools.  Train local administrators on how to identify vulnerabilities and install /verify patches. This following CyberSecurity Briefing concerns the Vulnerability Management Strategy (VMS) created specifically for CyberSecurity but also used by PCI DSS hence the clause references. This VMS should be applied by all security professionals and every security program manager. If you manage a security program you need to be serious about addressing that 75% of known vulnerabilities currently published in the Common Vulnerability and Exposures database today. I have included a bullet-point list outlining the strategy steps accompanied by a schedule for added clarity and perspective to what is a fairly intense process. The VM process is also one of my 11 Essential CyberSecurity processes previously published. P = Planned

×