![]() ![]() Without the appropriate asset discovery and network access control, these types of devices can provide an easy gateway for an attacker into the internal network. ![]() These could range from test servers, to misconfigured cloud systems hosting company data. There have been many cases where systems are deployed without informing the information security team. Ensuring that the information security team is aware of what is on the network allows them to better protect those systems and provide guidance to the owners of those systems to reduce the risks those assets pose. An accurate inventory of all authorized and unauthorized devices on the network, as well as all software installed on the assets on the organization’s network go hand-in-hand, as attackers are always trying to identify easily exploitable systems. After all, you cannot protect what you do not know about. Stage One: Asset Discovery and InventoryĪccording to the CIS Critical Security Controls, as well as all other authorities, asset discovery and inventory are the first step in any vulnerability management system. Of course, the aim is to create a managed, and optimized process for continuous improvement. The reporting of remediation of discovered vulnerabilities.Įach stage involves a measurable and repeatable process, as well as a phase of execution.timelines for remediation of discovered vulnerabilities.The discovery of vulnerabilities on the discovered assets.the process that determines the criticality of the asset:.Asset classification and task assignments:.The discovery and inventory of assets on the network. ![]() One way to approach a vulnerability management project is with a 4-staged approach, each containing its own set of subtasks: ![]() Existing vulnerability management technologies can detect risk, but they require a foundation of people and processes to ensure that the program is successful. These goals should address the information needs of all stakeholders, tie back to the business goals of the enterprise, and reduce the organization’s risk. An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |