|
|
Vulnerability Management
Vulnerability management is the structured approach to maintaining an appropriate security state for an enterprise computing environment
Five steps for vulnerability management programs:
- Define Policy - Organizations must start out by determining what the desired security state for their environment is. This include determining desired device and service configurations and access control rules for users accessing resources.
- Baseline the Environment - Once a policy has been defined, the organization must assess the true security state of the environment and determine where instances of policy violations are occurring.
- Prioritize Vulnerabilities - Instances of policy violations are Vulnerability (computing). These vulnerabilities are then prioritized using risk and effort-based criteria. Shield - In the short term, the organization can take steps to minimize the damage that could be caused by the vulnerability by creating compensating controls.
- Mitigate Vulnerabilities - Ultimately, the root causes of vulnerabilities must be addressed. This is often done via patching vulnerable services, changing vulnerable configurations or making application updates to remove vulnerable code.
- Maintain and Monitor - Organizations' computing environments are dynamic and evolve over time, as do security policy requirements.
We work with the following brands that can help customers to establish the following tasks:
| Vendor Brand |
Source Code Reviewer |
Data, Content & Configuration Integrity |
Network Vulnerability Assessment |
Threat & Vulnerability Assessment |
| McAfee |
|
|
 |
|
| Security Innovations |
|
|
|
|
| Tripwire |
|
|
|
|
|
