As discussed in a Part 1 of this series, the problem of vulnerability management can be seen as an application of general risk management ideas to aging, complex, and error-prone IT infrastructure maintenance. Simply put, it's an answer to the following question: what weaknesses can my organization afford to leave unattended and what effort am I willing to put into remediation?
With a continuous stream of IT vulnerabilities to deal with every day, the task of exactly computing the risk on every one of them becomes literally intractable. Remediation teams need a better actionable solution to mitigate the actual risk, given limited resources.
When faced with the task of fixing millions of vulnerabilities, the most important questions one should ask are: What do I fix next? What are my top priorities for today?
In this blog, we first argue that giving teams an ordered ranking of remediation priorities is the best available solution to reduce organizational risk. Moreover, we insist this ranking should be done according to context specific to the organization and in a fault-tolerant way.
This blog presents the contextual prioritization process, using artificial intelligence techniques drawn from machine learning and collective intelligence. It’s a ranking method that is:
Repeatable
Efficient
Granular
Fault-tolerant
Principled
We believe this ranking is a solid proxy value for the unrealistically hard task of perfect IT risk management.
Prioritization, Rank Aggregation, and Collective Intelligence
Prioritization
The problem of risk prioritization is a problem of total ordering on a set of objects. This is generally done using some kind of prioritization metric, a nu ..
Support the originator by clicking the read the rest link below.
