Thursday, March 30, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Leveraging Generative AI for Cybersecurity: Introducing Flare’s AI Powered Assistant
  • Spera Unveils Platform for Finding and Tracking Identities
  • USENIX Security '22 - Bernd Prünster, Alexander Marsalek, Thomas Zefferer - ‘Total Eclipse Of The Heart – Disrupting The InterPlanetary File System’
  • USENIX Security '22 - Bernd Prünster, Alexander Marsalek, Thomas Zefferer - ‘Total Eclipse Of The Heart – Disrupting The InterPlanetary File System’
  • Do you trust AI to find app sec holes while you sleep?
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » 20 CIS Controls: Control 3 – Continuous Vulnerability Management

SBN

20 CIS Controls: Control 3 – Continuous Vulnerability Management

by Tyler Reguly on April 30, 2018

Today, I will be going over Control 3 from version 7 of the top 20 CIS Controls – Continuous Vulnerability Management. I will go through the seven requirements and offer my thoughts on what I’ve found.

TechStrong Con 2023Sponsorships Available

Key Takeaways for Control 3

  • Takeaway 1. A robust, vulnerability management program powered by the correct tools will empower your organization to take control of its own security and manage risks presented by both internal and external threats.
  • Takeaway 2. Utilizing remote and credentialed scans gives you a holistic view of your network that allows you to better understand threats before they become a problem. When you review and compare your results, you will quickly know what has changed and what risks those changes introduce.
  • Takeaway 3. Vulnerability management programs, when properly implemented, expose a plethora of faults and flaws in even the most secure enterprises networks. Don’t be alarmed; simply apply risk-ratings and break the work into smaller, more manageable portions.

Requirement Listing for Control 3

1. Run Automated Vulnerability Scanning Tools

Description: Utilize an up-to-date SCAP-compliant vulnerability scanning tool to automatically scan all systems on the network on a weekly or more frequent basis to identify all potential vulnerabilities on the organization’s systems.

Notes: Regular automated scanning is important to keep informed of new vulnerabilities and changes being introduced across networks. Weekly scans are adequate for less critical systems, but the more frequent the scans, the sooner issues can be noticed and resolved. Automated scans give valuable insight into the current status of all scanned systems to help prioritize which vulnerabilities are most compromising the security of the network.

2. Perform Authenticated Vulnerability Scanning

Description: Perform authenticated vulnerability scanning with agents running local on each system or with remote scanners that are configured with elevated rights on the system (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-3-vulnerability-management/

April 30, 2018April 30, 2018 Tyler Reguly IT Security and Data Protection, Security Controls
  • ← Most Organizations Lack Systems and Processes to Ensure GDPR Compliance, Survey Shows
  • Security Vulnerabilities in VingCard Electronic Locks →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

ChatGPT Less Convincing Than Human Social Engineers in Phishing Attacks
Business Email Compromise Threats Soar Past Phishing Risks
AI/ML’s Role in Software Supply Chain Security
Survey Surfaces Need to Change SecOps Priorities
Zoom Taps Okta to Bring Zero-Trust Cybersecurity to Videoconferences
USENIX Security ’22 – ‘QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore’
🧪 Lit + WebR + Observable Plot: Linking Lit’s Lightweight Web Components And WebR For Vanilla JS Reactivity & JS DataVis
Linking Lit’s Lightweight Web Components And WebR For Vanilla JS Reactivity
Privacy Compliance In 2023
SWG versus CASB: What’s the Difference?

Upcoming Webinars

Apr 04

Key Strategies for a Secure and Productive Hybrid Workforce

April 4 @ 1:00 pm - 2:00 pm
Apr 05

Securing Kubernetes With SentinelOne and AWS

April 5 @ 1:00 pm - 2:00 pm
Apr 05

From Vulnerable to Invincible: The Five-Step Journey to Complete Cloud Security

April 5 @ 3:00 pm - 4:00 pm
Apr 12

The State of Cloud-Native Security 2023

April 12 @ 1:00 pm - 2:00 pm
Apr 13

Case Study: Improving Code Security With Continuous Software Modernization

April 13 @ 11:00 am - 12:00 pm
Apr 20

Lessons From a Live Hack: Secure Your Cloud From the Inside

April 20 @ 3:00 pm - 4:00 pm
Apr 24

Securing Open Source

April 24 @ 1:00 pm - 2:00 pm
May 03

https://webinars.securityboulevard.com/ciso-panel-tips-for-optimizing-cloud-native-security-stack-in-2023?utm_campaign=2023.05.03_Aqua_Webinar_SB&utm_source=BMRegister

May 3 @ 3:00 pm - 4:00 pm
May 22

Ransomware

May 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?

March 17, 2023 Richi Jennings | Mar 17 0
White House to Regulate Cloud Security: Good Luck With That
Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

White House to Regulate Cloud Security: Good Luck With That

March 13, 2023 Richi Jennings | Mar 13 0
‘Extraordinary, Egregious’ Data Breach at House and Senate
Analytics & Intelligence API Security Application Security CISO Suite Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Extraordinary, Egregious’ Data Breach at House and Senate

March 10, 2023 Richi Jennings | Mar 10 0

Top Stories

Spera Unveils Platform for Finding and Tracking Identities
Cybersecurity Featured Identity & Access Network Security News Security Boulevard (Original) Spotlight 

Spera Unveils Platform for Finding and Tracking Identities

March 29, 2023 Michael Vizard | Yesterday 0
Skyhawk Security Taps ChatGPT to Augment Threat Detection
Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Skyhawk Security Taps ChatGPT to Augment Threat Detection

March 29, 2023 Michael Vizard | Yesterday 0
The Chasm Between Cybersecurity Confidence and Actual Ability
Cloud Security Cybersecurity Data Security Featured Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

The Chasm Between Cybersecurity Confidence and Actual Ability

March 28, 2023 Michael Vizard | 1 day ago 0

Security Humor

Randall Munroe’s XKCD ‘Effect Size’

Randall Munroe’s XKCD ‘Effect Size’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.