As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year.

What Is Vulnerability Management?

Vulnerability assessments are useful for detecting security issues within your environment. By identifying potential security weaknesses, these assessments help us to reduce the risk of a digital criminal infiltrating its systems. These assessments also help us learn more about their assets in a meaningful way that allows them to improve our overall security posture.

Not all vulnerability assessments are the same, however. SearchSecurity notes that we might use network-based vulnerability assessments that scan the entire network for security weaknesses. However, we can also use more focused assessments to evaluate servers, workstations, applications and databases for potential security issues. It’s also important to note that vulnerability assessments may come with a penetration test in which ethical hackers receive our permission to probe our defenses.

Vulnerability management involves creating a security program that formalizes the cyclical application of this type of testing. To establish such a program, we need to evaluate the criticality of each asset, determine the owners of each asset, decide on the frequency of scanning and set a timeline for remediation. It’s then our responsibility to discover and inventory assets on the network, discover vulnerabilities on the assets and report/remediate discovered vulnerabilities.

Why?

You already know that vulnerability assessments are a good idea, but many organizations must perform recurring vulnerability assessments and penetration tests due to regulatory or standards-based requirements. For instance, the Payment Card Industry Data Security Standard (PCI DSS) requires that organizations execute semi-annual penetration and segmentation tests if they are to maintain compliance. Meanwhile, the Health Insurance Portability and (Read more...)