Prioritise Critical Areas
Go Beyond Compliance
Incorporate Operations
Developing your Vulnerability Management Programs
 |
| Identifying Threat Vectors is Essential |
Most organisations have implemented a vulnerability program
but it is fair to say it is underutilised.
The purpose of this post is to help you workout where you are with your
vulnerability program and how you can improve it.
Remember, an organisation that can understand its
vulnerabilities are in a better position to protect critical assets.
How often do you scan for Vulnerabilities?
Scanning for vulnerabilities is a good and important part of
the process, but to make it work for you, you need to put in place workflows,
processes, and analytics to manage the system and protect critical data. If you are just scanning for vulnerabilities
and patching once per week, well you need to up your game.
This is why;
As the infrastructure expands the more critical systems
become exposed. A “patch Wednesday”
mentality is not adequate.
Start Prioritising
It is important that you start prioritising data in terms of
importance and focus on protecting it.
You should consider implementing penetration testing on the assets that
need the most protecting, and you should start to create metric reports. Moreover, you need to analyse the reports and
look for weak areas of your vulnerability management strategy.
Look Beyond Compliance
Once you have implemented good reporting systems and focused
on mission critical data, the chances are you’re doing enough to meet compliance
demands. This should now be taken to the
next level. Think about a strategy and
taking a risk based approach. Identify
areas which need improvement. This will
become increasingly important as the organisation grows. The need to prioritise mission critical
assets will increase.
Test each patch to try and expose vulnerabilities. This will help you devise better patch
updates and make you more aware of risks.
No comments:
Post a Comment