An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, when its output is tied back to the goals of the enterprise and when there is a reduction in the overall risk of the organization.Such vulnerability management technology can detect risk, but it requires a foundation of people and processes to ensure that the program is successful.There are four stages to a vulnerability management program:The process that determines the criticality of the asset, the owners of the assets and the frequency of scanning as well as establishes timelines for remediation;The discovery and inventory of assets on the network;The discovery of vulnerabilities on the discovered assets; andThe reporting and remediation of discovered vulnerabilities.The first stage focuses on building a process that is measurable and repeatable. Stages two through four focus on executing the process outlined in stage one with an emphasis on continuous improvement. We’ll examine these stages in more detail below.Stage One: The Vulnerability Scanning Process1. The first step in this stage is to identify the criticality of the assets in the organization.To build an effective risk management program, one must first determine what assets the organization needs to protect. This applies to computing systems, storage devices, networks, data types and third-party systems on the organization’s network. Assets should be classified and ranked based on their true and inherent risk to the ..
Support the originator by clicking the read the rest link below.
