-
Discover Enterprise Assets
The first step is to prepare an inventory that lists all digital assets, such as computers, printers, routers, operating systems, software, and even third-party vendors and services that will be assessed for vulnerabilities. Shadow IT devices are digital assets that may not be known to the security team. They may contain vulnerabilities that could harm the organization if not included in the vulnerability management plan.
The goal of an in-depth asset inventory is to fully define the scope of your vulnerability management program and to ensure that you are prepared for the next step: vulnerability scans and tests.
-
Find and Assess Vulnerabilities
Once you have compiled an asset inventory, you can scan your system for vulnerabilities to find security gaps that may result in exploitation. A vulnerability management tool will uncover misconfigurations, encryption issues, authentication weaknesses, or coding flaws that can be used to compromise either an application or a system.
Once you have scanned and found your vulnerabilities, you can move on to the next step.
-
Prioritize
Not all vulnerabilities were created equal. Categorize vulnerabilities based on severity and likelihood of impact. You may choose to combine threat intelligence to add context to the discovered vulnerabilities. When you prioritize vulnerabilities, you can focus on the most important tasks first. Often, the most critical vulnerabilities are the ones that have been lying around undetected for some time, giving malicious actors plenty of time to infiltrate a system and establish a stealth presence on your system.
A scorecard or matrix can help you visualize and prioritize cyber risks facing your organization.
-
Remediate
Implement a patch management procedure to test and repair one vulnerability at a time. For each risk, you must determine a plan of action. The course you choose can be one of the following:
- Risk acceptance
Accepting the risk is used for non-critical vulnerabilities.
- Delayed remediation
Delaying remediation is a way of buying time while focusing on more critical aspects of security.
- Mitigate risk
Mitigating a security vulnerability will not completely remove the risk, but it will reduce the likelihood or minimize the severity. Sometimes, risk remediation is not an option, and mitigation will be the best you can do.
- Remediate the vulnerability
High-risk vulnerabilities should be prioritized for remediation as quickly as possible.
Verification and follow-up assessments are important to ensure the success of the mitigation and remediation efforts. Continuous monitoring tools are commonly used to perform these checks.
Please login or Register to submit your answer