CySA+ Domain #5: Vulnerability Management Process
Introduction
Vulnerability management is an essential aspect of cybersecurity analysis. After all, tracking down, identifying and resolving vulnerabilities is something that cybersecurity analysts do on a near-daily basis.
This article will detail the vulnerability management process that will appear on the CompTIA CySA+ certification exam. It will guide you through this relatively straightforward, albeit still important, domain of knowledge.
Vulnerability management process at a glance
The vulnerability management process, as reflected in CySA+ objective 2.1, is the following:
- Identification of requirements
- Establish scanning frequency
- Configure tools to perform scans according to specification
- Execute scanning
- Generate reports
- Remediation
- Ongoing scanning and continuous monitoring (Please note: As this step is basically a rehash of previous steps, it does not need to be covered in depth)
Identification of requirements
Regulatory environment
Knowing what your organization is trying to achieve is key to creating a vulnerability management process. Regulatory bodies are the first requirements looked at, and it is necessary to know which ones apply to your organization. You may need to consider:
- Health Insurance Portability and Accountability Act (HIPAA): This applies to organizations that deal with Protected Health Information, or PHI
- Payment Card Industry Data Security Standard (PCI-DSS): Protects credit card information and governs how it is exchanged between parties (merchants, processors and financial institutions)
- Sarbanes-Oxley (SOX): Establishes standards for maintaining accurate and secure financial records for publicly traded companies
Other factors affecting the identification of requirements are:
- Corporate policy: Can establish what vulnerabilities are acceptable, exceptions to general security posture and how different classification of data are handled
- Inventory of protected assets: Lays out which, if any, assets have different technical controls than others. More-critical assets have tighter controls than less-critical assets
Establish scanning frequency
Organizations must perform scans repeatedly. The frequency that scans must be run is determined (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/eXspennq74w/
