I am sure you have had either consultants, vendors, or heard at a conference that vulnerability management is foundational security control. While I agree that it is an essential control, I also understand that it is challenging to implement. Vulnerability management is not just to pick a tool, scan, and fix issues. Many components make it a complicated journey. This series will attempt to help break it down and give you ideas on how this complex service and be delivered effectively. Planning Objective When you start, I recommend creating a targeted objective and set of measures against your objective. Ensure that you keep in mind your organization’s culture, politics, and risk appetite as you are developing your objective. I have seen some target just “critical” systems for regulatory compliance, whereas others have targeted their entire enterprise. No matter your scope, keep in mind your team’s current resource...
InfoSec Made Easy breaks down information security and cybersecurity leadership topics into practical, real-world guidance for security professionals, leaders, and those breaking into the field.