It’s that time of year again, when people start making personal resolutions to better themselves in the new year. We think that’s great, but why not make some resolutions to improve your organization’s vulnerability risk management (VRM), too?
Here are seven resolutions we think any security professional should be making this year:
1. Start tracking your patching system performance with SLAs
Service-level agreements (SLAs) show you how effective your security program truly is. SLAs also measure the health of your vulnerability risk management program against measurable KPIs and defined metrics. The Goals & SLAs feature in InsightVM, Rapid7’s vulnerability risk management solution, helps security teams define these metrics so you can set goals and track measurable progress, whether it’s for teams or individuals. Plus, the feature allows you to receive alerts when goals are achieved or missed. By enabling collaboration and influencing peers in IT and development, security professionals using InsightVM’s Goals & SLAs feature can achieve a more efficient vulnerability risk management process.
2. Stop relying on CVSS scores alone to prioritize risk
The Common Vulnerability Scoring System (CVSS) is a nice framework for assessing risk in your environment, but these scores don’t give you the full story. You should be using a risk score that factors in not just CVSS, but also malware and exploit exposure, vulnerability age, and exploitability. Each of these play a role in the likelihood of an attacker taking advantage of a vulnerability. Furthermore, you’ll want to factor in your unique business context. Not all assets in your environment are created equal. For instance, a server that hosts your organization’s customer data is probably ranked as more important than a single employee’s ..
Support the originator by clicking the read the rest link below.
