What are the most important steps in the vulnerability management process? What technologies are essential?
When you start the process of managing security vulnerabilities within your organization, there are a few essential steps to make it successful, including:
1. Discover your IT assets and determine the network boundaries.
2. Organize and categorize these assets according to your organization and by business risk, for example:
- Geography / Function / Technology groups
- Classified by business risk analysis
- Remote or centralize administration with multiple user accounts
- Business Units.
4. Generate reports and prioritize remediation plans communicated to the correct stakeholders, for example:
- Executive report with global/transversal metrics
- Differential reports to measure the improvements and progress of patching.
- Implement a patch management process/technology
- Change management process is needed for production systems
- Test patches before deploying in production
- Deploy secured configuration policies
- Update security policies regularly.
While all the steps mentioned are extremely important, to get an optimal outcome you will really want to focus attention on the prioritization and reporting aspects. Specifically:
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.