Get Started With Vulnerability Management
Here is a summary of what you need to know before starting a threat and vulnerability management program.
Regardless of the type or complexity of the cybersecurity control or program you are planning to implement or enhance, remember these three dimensions:
Process, People, Technology.
- Process: includes the processes the policies, processes, procedures, standards and documentation that will dictate the what/why/how/who/when/where related to your control.
- People: are the resources that will help you achieve your goals.
- Technology: are the tools that will facilitate the implementation l, the management of your controls but also the one ones that will provide the capabilities to me force the controls.
Gain visibility on your assets
The most important element in vulnerability management and security in general is asset management and information governance.
In this case, when working on a vulnerability management program, you need to have visibility on all the organizations’ assets, because you can’t protect what you’re not aware of.
How to create a patch and vulnerability management program by NIST.
Have a RACI matrix that defines who should do what to help keep the asset owners accountable.
Check this great article about the “Top Vulnerability Management Tools” compiled by OWASP.
Let me know if you find this helpful, and feel free to share any other topics you want me to write or demonstrate.