Get Started With Vulnerability Management

Here is a summary of what you need to know before starting a threat and vulnerability management program.

Regardless of the type or complexity of the cybersecurity control or program you are planning to implement or enhance, remember these three dimensions:

Process, People, Technology.

• Process: includes the processes the policies, processes, procedures, standards and documentation that will dictate the what/why/how/who/when/where related to your control.
• People: are the resources that will help you achieve your goals.
• Technology: are the tools that will facilitate the implementation l, the management of your controls but also the one ones that will provide the capabilities to me force the controls.

Gain visibility on your assets

The most important element in vulnerability management and security in general is asset management and information governance.

In this case, when working on a vulnerability management program, you need to have visibility on all the organizations’ assets, because you can’t protect what you’re not aware of.

Process

How to create a patch and vulnerability management program by NIST.

Link: https://www.nist.gov/publications/creating-patch-and-vulnerability-management-program

People

Have a RACI matrix that defines who should do what to help keep the asset owners accountable.

Technology

Check this great article about the “Top Vulnerability Management Tools” compiled by OWASP.

Link: https://owasp.org/www-community/Vulnerability_Scanning_Tools

Let me know if you find this helpful, and feel free to share any other topics you want me to write or demonstrate.