Doug Vitale Tech Blog
Pages
Site search
Most popular
- Deprecated Linux networking commands and their replacements
- Reset Windows passwords with Offline NT Password & Registry Editor
- Layer 3 switches compared to routers
- Linux file permissions and chmod
- IPv6: how and why it enables Internet evolution
- Spoofing MAC addresses in Linux and Windows
- Troubleshooting faulty network connectivity, part 2: Essential network commands
Get networking gear
Categories
- Commentary (4)
- Computer Networking Techniques and Concepts (10)
- Computer Networking Tools (8)
- Info Security and/or Ethical Hacking Tools (25)
- Useful Applications (7)
- Useful Web-Based Tools (4)
- Useful Websites (3)
Browse tech books
RSS
Build a custom PC
↓ What’s new in Tech ↓
LXer Linux News
- Mageia 3 KDE Review: Simple, refined, elegant and fantastic!
- The Cheapskate's Corner (May 22nd - 29th) Linux games on sale
- How to use bc, the calculator tool
TechRepublic IT Security
- Keeping your corporate social media accounts secure
- Aaron Swartz legacy lives on with New Yorker's Strongbox: How it works
- Mission impossible: Data identification and prioritization
ZDNet Zero Day
- US urged to permit self-defense retaliation on hackers
- US utilities under daily, constant cyberattacks: report
- Chinese cyberattack on Google exposed spy data: US officials
TechRepublic Linux & Open Source
- Seven great features of OpenOffice and Libre Office that you probably ignore
- Best open source HRM and ERP solutions
- Arch-based Manjaro Linux touts user-friendliness
ZDNet Open Source
- The best new WIMP desktop today: Linux Mint 15 (Gallery)
- Mint 15: Today's best Linux desktop (Review)
- Debian Linux now Google Compute Engine's default OS
Linux Today
- A closer look at a recent privilege escalation bug in Linux (CVE-2013-2094)
- Ranking Linux distributions, and the decline of the traditional distros
- How to Keep SSH Connections Alive In Linux
Team Cymru News
- An error has occurred; the feed is probably down. Try again later.
EHacking News
- Twitter finally introduces Two-step authentication to prevent account hacks
- @1923Turkz hits Jharkhand police website
- Reckz0r identified POST SQL Injection vulnerability in Twitter
NetworkWorld Security
- SoftBank said to be in talks with US to allay national security fears
- Twitter aims to become safer with two-step sign-in
- Growing mobile malware threat swirls (mostly) around Android
NetworkWorld Open Source
- Being a Public Cloud Provider may not be all that
- Internet anonymity: Brought to you by open source systems
- Getting value out of internships, on both ends
Internet Society Deploy360
- Switzerland Edges Out Romania As Top In IPv6 Adoption (via Google)
- Watch LIVE Today – RIPE66 Panel On Routing Resiliency
- Watch LIVE Today – RIPE66 Talk On Best Current Operational Practices
ZDNet Networking
- Chrome 27: Talk to me
- Google Voice integrating into Google Hangouts
- The brighter, more colorful Google+ (Gallery)
Windows Networking
- Group Policy Administrative Mysteries: Solved!
- Avoiding storage failures
- Planning a Hybrid IT Infrastructure using Windows Azure Infrastructure Services (Part 1)
Windows Security
- Video: Windows Server 2008 R2 Dcpromo "Operating System Compatibility" Message
- Group Policy Changes: Windows Server 2012, Windows 8 and Window RT (Part 3)
- Why Bring Your Own Device (BYOD) needs your attention
(ISC)² Blog
- The evolution of support scamming
- Secure Software Development – Closing the Gap between Risk Awareness and Response
- Flight risk
NIST News
- NIST Posts Initial Analysis of RFI Comments on Cybersecurity Framework for Critical Infrastructure
- NIST Issues Major Revision of Core Computer Security Guide: SP 800-53
- Second Cybersecurity Infrastructure Framework Workshop Gathers May 29-31, 2013
Cisco Security Blog
- Design & Implementation Guide: What’s In a Name?
- If You Didn’t Care About HIPAA Before, You May Need to Now
- Network Threat Defense at Black Hat 2013
Microsoft TechNet
- Virtualization: The benefits of VDI
- IT Management: Capacity planning
- IIS: Enable IIS remote management
Internet Society
- ITU World Telecommunication Policy Forum Closes Focused on Continuing Open Dialogue
- Africa Domain Name System Forum to be held in Durban, South Africa, 12-13 July 2013
- Internet Society Encourages Constructive Dialogue on Issues Facing the Future of the Internet at the ITU World Telecommunication Policy Forum
CIO.com Security
- Google Engineer Bashes Microsoft's Handling of Security Researchers, Discloses Windows Zero-Day
- IT Security Vendors Seen as Clueless on Industrial Control Systems
- Nation's Power Grid Under Constant Cyberattack, but Congress Lax
CIO.com Network
- 9 Facts (?) Learned From Bob Metcalfe's Reddit Q&A
- The Whole Enchilada: Integrated Compute Platforms Steamroll Across IT
- Storms Test Red Cross' Tornado App
CERT’S Security for Business Leaders (MP3)
- Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity
- Securing Mobile Devices aka BYOD
- Mitigating Insider Threat - New and Improved Practices Fourth Edition
Create and implement a vulnerability management program
If you, as an information security professional, are tasked with maintaining the cyber defenses of an information system (IS), this is a responsibility that you cannot carry out in a haphazard manner. Given the complexity of modern computer networks, a standardized approach to IT security is necessary to ensure that all facets of the IS are protected to the utmost. As with network connectivity troubleshooting, it is simply better to follow a plan of defined steps rather than attempt to achieve your goal in an unorganized way.
As you are aware, threats to the security posture of an IS come in many forms. Unpatched software, default software settings, unnecessary software installations, weak user account policies, porous physical access control, and the absence of effective emergency response plans can all be exploited by human attackers, malicious software (malware), or unfavorable (possibly disastrous) circumstances. All of these vulnerabilities (weaknesses which could be exploited by adversaries to compromise the security posture of an IS) are what you try to eliminate in the field of information security (also known as information assurance, or IA).
To help prevent occurrences of unauthorized IS access or data breach, a systematic methodology for identifying and remediating security weaknesses is required. Vulnerability management, when implemented in such a precise and thorough manner, becomes a vulnerability management program (VMP).
Benefits of a vulnerability management program
The main aim of any VMP is to ensure that current vulnerabilities within an IS are identified, evaluated, and resolved in a timely and cost-effective manner. This goal is achieved by successfully carrying out the following steps:
Read the rest of this entry »
Share this on:
Like this:
Written by Doug Vitale
July 11, 2012 at 12:25 AM
Posted in Commentary
Tagged with assessment, management, plan, program, scan, scanner, scanning, vulnerability