Vulnerability Management White Paper
Recently, I was asked to put together a white paper describing some work we’ve done related to supporting a vulnerability management program. The paper outlines what vulnerability management is and what a well-implemented vulnerability management program can bring to your organization. Regardless of size or sensitivity of data, managing your organizations vulnerabilities, and ultimately its risk, is an extremely important piece of the security puzzle. With that said, it is important to properly design and implement the various pieces of a vulnerability management program instead of jumping in first by buying a tool. A poorly designed or implemented process, or relying only on technology-based solutions and ignoring the process side of the problem can be detrimental to achieving your final goal.
The paper discusses some of these topics, lays out the basic tasks of the process, discusses different tools used, talks about some pitfalls, describes our specific experience, and ultimately shares some of our takeaways from the experience.