Preview

Vulnerability Management Paper

Good Essays
Open Document
Open Document
790 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Vulnerability Management Paper
What is vulnerability management? It is the practice of identifying, classifying, remediating, and mitigating vulnerabilities, especially in software and firmware (Wheeler, 2011). Vulnerability management is a continuous information security risk process that requires management oversight. There are four high level processes that encompass vulnerability management. They are Discovery, Reporting, Prioritization and Response. Each process and sub processes within it need to be part of a continuous cycle focused on improving security and reducing the risk profile of network assets. It is an integral to computer security and network security (Gallager, 2010). Discovery is the process by which network assets are found, categorized and assessed. …show more content…

Start with a small scope to prevent being overwhelmed by thousands of vulnerabilities. This can be done by starting out with a few systems, or by limiting the results to critical\high. This phase is the responsibility of the security officer. It is important to obtain an agreement which systems will be included or excluded from the vulnerability management process (Palmer, 2013). Once the preparation phase is complete, the initial vulnerability scans are performed. If any issues which occurs during the scans they should be recorded since it could happen again in future scans. Vulnerability scanning tools offer a wide range of reporting options. It is necessary to use them to create a various number of reports. the security officer will be interested in the risk the organization is currently facing, this risk includes number of vulnerabilities detected and the severity/risk rating of the identified vulnerabilities.
Once the initial scan is done, the next phase is defining remediating actions. This involves the asset owner, security officer, and the IT department. The security officer will analyze the vulnerabilities, determine the associated risks and will provide input on


You May Also Find These Documents Helpful

  • Satisfactory Essays

    The step, that I believe is the most important in the risk management process, is vulnerability identification. A vulnerability is a weakness in the infrastructure or environment of the network. Any weakness can be exposed (exploited) and threatened. If vulnerabilities are not identified, then how can the Security Administrator properly set security policies and guidelines in place to protect the network? If he/she doesn’t know of the vulnerabilities, then they will never put things in place until some threat occurs to the network. Network vulnerabilities come in many forms and fashions, and must be identified to be properly mitigated.…

    • 167 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    ACCT 301 Week2 Homework

    • 527 Words
    • 3 Pages

    b. Risk assessment: this just means they check there controls for weaknesses regularly and fix any discrepancies with stronger controls.…

    • 527 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Nayana Communications Risk Mitigation Policy 1.0 Purpose To empower the Nayana Communication Information Security policy a periodic Information Security Risk Mitigations (RMs) must be performed to determining areas of vulnerability, and to initiate appropriate remediation. 2.0 Scope Risk Mitigations can be conducted on any entity within Nayana Communications or any outside entity that has signed a Third Party Agreement with Nayana Communications. RM can be conducted on any information system, to include applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained. 3.0 Policy The execution, development and implementation of remediation programs are the joint responsibility of Information security and the department responsible for the systems areas being assessed. Employees are expected to cooperate fully with any RM being conducted on systems for which they are held accountable. Employees are further expected to work with the Information security Risk Mitigation Team in the development of a remediation plan. 4.0 Risk Mitigation Process For additional information, go to the Risk Assessment Process.…

    • 286 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    The employer should carry out suitable and sufficient risk assessments and put control measures in place. If need be, competent persons may be engaged to enable the employer implement these measures. Staff shall be provided information on risks and the employer shall see that employees ate trained and competent to carry out all…

    • 853 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    The organisation assess all risks and manages them risk assessments are completed for all things that have the potential to be a risk, these are cared out in the individual establishments.…

    • 1379 Words
    • 6 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Is 305 Lab 1

    • 538 Words
    • 3 Pages

    One of the most important first steps to risk management and implementing a risk mitigation strategy is to identify known risks, threats, and vulnerabilities and organize them. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. This lab requires students to identify risks, threats, and vulnerabilities and map them to the domain that these impact from a risk management perspective.…

    • 538 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    Week 5 Quiz

    • 531 Words
    • 3 Pages

    Develop incident response procedures Develop and write down how to respond to incidents. Investigate incidents Responding to incidents and fulfilling all requirements as outlined in the response procedures. Protect collected evidence Collect, store, and keep a chain of custody for any/all evidence collected during the investigation…

    • 531 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    | 1. Communication to areas needing help with risk management.2. Support through the process.3. Controlled risk activities with risk profiling.4.Give input and advice for the specific policy…

    • 289 Words
    • 2 Pages
    Satisfactory Essays
  • Best Essays

    Risk assessment is the process to identify areas of concern so an efficient response and an effective recovery plan can be placed if needed. In order to assess the potential risks a trial can face and to create a plan, six steps could be used: 1) Identify all the required Functions and Processes in the project; 2) Rank these identified functions and processes according to their “criticality”; 3) Determine the required time for recovery so the critical functions and processes can be maintained; 4) Identify those threats that could severely impact these critical functions and processes; 5) Determine the vulnerability of each critical project function and process; and 6) Identify and plan,…

    • 1542 Words
    • 7 Pages
    Best Essays
  • Good Essays

    Risk assessments are completed, recorded and regularly reviewed covering all processes and activities where a risk to health and safety exists. The significant of these assessments are then brought to the attention of employees who may be affected.…

    • 4689 Words
    • 19 Pages
    Good Essays
  • Better Essays

    Risks are a part of everyday living and each and every job no matter how big or small the organization or company. As petty as it sounds, when waking up in the morning there is a risk of tripping on a shoe or a pair of pants that were taken off the night before. When cooking breakfast there is a risk of burning the bacon, or forgetting to set the alarm before exiting the house. While at work there is a risk of saying something funny but may be deemed inappropriate to a co-worker. Every day individuals come in contact with minor situations that are often over looked until the…

    • 1570 Words
    • 7 Pages
    Better Essays
  • Good Essays

    Question 3. What approach to risk management will identify threats, vulnerabilities, and the critical assets that we must protect?…

    • 734 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Identify the triggers or signals that management will use to monitor if these risks are occurring or not.…

    • 713 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    • Identify potential problems or risks so that they can be resolved at an early stage.…

    • 4014 Words
    • 17 Pages
    Powerful Essays
  • Satisfactory Essays

    Risk assessment form included risk event, likelihood, impact, detection difficulty, and when it will be started.…

    • 3476 Words
    • 14 Pages
    Satisfactory Essays