Académique Documents
Professionnel Documents
Culture Documents
According to Park Foreman in his book, Vulnerability Management (Taylors & Francis Group, 2010 page 1), Vulnerability Management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. SANS Critical Security Controls #4 outlines continuous vulnerability assessment and remediation as an integral part of risk and governance programs.
Set guidelines for vulnerability management practices (from testing to remediation). Classify vulnerabilities by risk/threat and remediation effort. Determine how often scans will be performed and allocated remediation times. Define access control policy for all devices connected to company networks. Outline the consequences of noncompliance with vulnerability management policy.
Vulnerability Scan Checklist before starting the vulnerability scan: Get permission from the top management. Inform the system owners days before running the scan, publish your phone number. Keep the target selection small, scanning only one subnet at a time. Only do a scan when you are in the office and by the phone. Consideration for choosing a scanner tools
Product license. Flexibility of the product to handle companys growth. Operability of the product, such as it supports Common Vulnerabilities and Exposures (CVE) standard for cataloguing vulnerabilities.
Vulnerability Scan provides a quick high level view of some of the vulnerabilities. Beside this scan, it is important to supplement with manual assessment such as Attack and Penetration assessment, Web Application assessment. This is because the scanners do not have the ability to think as an attacker would. Vulnerability Remediation** Remediation Details. Vulnerability Prioritisation. False Positive Removal. Re-Scan** Verify vulnerabilities are remediated. Verify compensating control effectiveness. Verifiy remediation did not create new issues.