Vulnerability management

SeverineSeverine Member Posts: 33 ■■■□□□□□□□
What is enterprise vulnerability management? Why is it important to renew a vulnerability management program for enterprises?

Comments

  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    Well, it think that vulnerability management is one of the basic tool to protect you. It is important to keep thing updated. 
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    Start by understanding the difference between a "threat" and a "vulnerability" and how "exploit" is related to both. 
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Lame analogy coming in 3, 2, 1....

    1. Look at it this way. You have a house with a safe containing diamonds and gold. The house has a broken fence, broken cameras, opened windows, broken door locks, the safe is opened, safe is visible or accessible a few feet from the street, no camera system. 
    2. Vulnerability management would first be for you to identify all these issues, because you probably don't even know you have all these problems. Second purpose of vulnerability management would be to plan on fixing these issues and continue to identify any future problems with these systems. 
    3. I know I am forgetting this but I guess before you get to the vulnerability management you should understand your critical assets. Like do you know the diamonds and gold are valuable to you and you should take care of them? 

    I know its a simple analogy but hopefully will give you a simple idea of what vulnerability management.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    @chrisone it look lame, but it isnt.  The analogy is fine and explain in nice detail what is the broader concept of vuln management. 
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Thanks @SteveLavoie :smile:

    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Could you please provide some context as to why you're asking this question?
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • SeverineSeverine Member Posts: 33 ■■■□□□□□□□

    Thanks, Chrisone! for your reply  :)

    Hello yoda222, every day some new vulnerabilities or exploits are discovered, and cyber attackers try to exploit them, so when a vulnerability management program is built, there are several factors that are required to account for, that's why I wanted to know which factors are required to be considered while building vulnerability management programs? and how to renew it.

Sign In or Register to comment.