Vulnerability management
Severine
Member Posts: 33 ■■■□□□□□□□
What is enterprise vulnerability management? Why is it important to renew a vulnerability management program for enterprises?
Comments
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□Well, it think that vulnerability management is one of the basic tool to protect you. It is important to keep thing updated.
-
JDMurray Admin Posts: 13,099 AdminStart by understanding the difference between a "threat" and a "vulnerability" and how "exploit" is related to both.
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Lame analogy coming in 3, 2, 1....
- Look at it this way. You have a house with a safe containing diamonds and gold. The house has a broken fence, broken cameras, opened windows, broken door locks, the safe is opened, safe is visible or accessible a few feet from the street, no camera system.
- Vulnerability management would first be for you to identify all these issues, because you probably don't even know you have all these problems. Second purpose of vulnerability management would be to plan on fixing these issues and continue to identify any future problems with these systems.
- I know I am forgetting this but I guess before you get to the vulnerability management you should understand your critical assets. Like do you know the diamonds and gold are valuable to you and you should take care of them?
I know its a simple analogy but hopefully will give you a simple idea of what vulnerability management.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□@chrisone it look lame, but it isnt. The analogy is fine and explain in nice detail what is the broader concept of vuln management.
-
chrisone Member Posts: 2,278 ■■■■■■■■■□Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
yoba222 Member Posts: 1,237 ■■■■■■■■□□Could you please provide some context as to why you're asking this question?A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
Severine Member Posts: 33 ■■■□□□□□□□
Thanks, Chrisone! for your reply
Hello yoda222, every day some new vulnerabilities or exploits are discovered, and cyber attackers try to exploit them, so when a vulnerability management program is built, there are several factors that are required to account for, that's why I wanted to know which factors are required to be considered while building vulnerability management programs? and how to renew it.