Posts Tagged ‘assessment’
With the proper extensions installed, you can hack from the comfort of your Firefox or Chrome browser. Within Firefox, add-ons are divided into three categories: extensions, appearance themes, and plugins. Extensions extend the functionality of Firefox past simple web browsing. Appearance themes change the way Firefox looks, and plugins are necessary for Firefox to display specialized non-HTML Web content such as Flash, Java script, multimedia, etc.
Google Chrome labels all add-ons as “extensions”. The Chrome website lists them in the same column as “Apps” and “Themes”.
If you, as an information security professional, are tasked with maintaining the cyber defenses of an information system (IS), this is a responsibility that you cannot carry out in a haphazard manner. Given the complexity of modern computer networks, a standardized approach to IT security is necessary to ensure that all facets of the IS are protected to the utmost. As with network connectivity troubleshooting, it is simply better to follow a plan of defined steps rather than attempt to achieve your goal in an unorganized way.
As you are aware, threats to the security posture of an IS come in many forms. Unpatched software, default software settings, unnecessary software installations, weak user account policies, porous physical access control, and the absence of effective emergency response plans can all be exploited by human attackers, malicious software (malware), or unfavorable (possibly disastrous) circumstances. All of these vulnerabilities (weaknesses which could be exploited by adversaries to compromise the security posture of an IS) are what you try to eliminate in the field of information security (also known as information assurance, or IA).
To help prevent occurrences of unauthorized IS access or data breach, a systematic methodology for identifying and remediating security weaknesses is required. Vulnerability management, when implemented in such a precise and thorough manner, becomes a vulnerability management program (VMP).
Benefits of a vulnerability management program
The main aim of any VMP is to ensure that current vulnerabilities within an IS are identified, evaluated, and resolved in a timely and cost-effective manner. This goal is achieved by successfully carrying out the following steps:
- Accurately identify vulnerabilities in the overall network infrastructure;
- Monitor and verify the remediation of the vulnerabilities;
- Examine the root causes of the vulnerabilities; and
- Modify standards, policies, and processes to fix those root causes to reduce the occurrence of future vulnerabilities.
A properly functioning VMP also brings about the following desirable results:
- Prevents the loss and/or unauthorized modification of sensitive data;
- Maintains client and partner confidence in the enterprise and upholds its reputation by preventing embarrassing incidents;
- Demonstrates compliance with legal regulations and industry best practices, and consequently enables the IS to better pass audits and certification & accreditation efforts.
As an effective VMP matures, it becomes increasingly efficient and streamlined while the quantity and severity of discovered issues decrease. In other words, the CIA operational standards are strengthened and the overall resiliency of the IT infrastructure is increased. “CIA” in the information security field stands for:
- Confidentiality – the prevention of unauthorized data access.
- Integrity – the maintenance of data in a trusted state.
- Availability – the ease of IS access and operation for authorized parties.